BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New Mimic ransomware exploits the code of a popular search utility


    The malware specifically disables system processes and encrypts user files.

    Trend Micro security researchers have discovered a new subtype of ransomware they call Mimic. The virus uses the APIs of a third-party Windows search program called "Everything".

    The malware was first noticed by experts back in June 2022. Apparently, it is aimed mainly at English-speaking and Russian-speaking users. And some of its code bears resemblance to the Conti ransomware.

    The Mimic attack begins with the victim receiving an executable, presumably via email. This file extracts four more files on the target system: the main payload, support files, and tools to disable Windows Defender.

    Mimic has the following features:

    Collection of system information;
    Bypass User Account Control (UAC);
    Disabling Windows Defender;
    Turn off Windows telemetry;
    Activation of protection measures against disabling and removing malware;
    Unmount virtual disks;
    Terminate processes and services;
    Disabling sleep mode and shutting down the system;
    Removing indicators;
    Preventing system restore.

    Such an extensive list of malicious activities is achieved by disabling certain Windows system processes. So the virus weakens the protection of the system and speeds up encryption.

    "Everything" is a popular Windows file search program developed by Voidtools. The utility is lightweight and fast, uses a minimum of system resources and allows you to almost instantly find files and folders by their names, sizes, dates, attributes, etc.

    The Mimic ransomware exploits the power of Everything through the "Everything32.dll" file extracted during the infection stage. The file is needed to determine the names and extensions of files on a compromised system.

    Everything helps Mimic find user files that can be encrypted while avoiding system files that, if locked, would prevent the system from starting after a computer reboot.


    Files encrypted with Mimic receive the ".QUIETPLACE" extension. The ransomware also places a ransom note file on the desktop, which reports all the requirements and information on how to recover data after paying a ransom to the crypto wallet.


    Thus, Mimic is a new subspecies of ransomware that uses the developments of Conti and the Everything API. This approach proves that its authors are competent software developers who clearly understand how they can achieve their goals.

    Author DeepWeb
    Unidentified hackers claim to have broken into Samsung's internal servers
    ChatGPT will help even an inexperienced hacker to create dangerous malware

    Comments 0

    Add comment