{
	"id": "3f8307e9-c57a-4db2-bff7-7557e81f9a72",
	"created_at": "2026-04-06T00:15:36.623042Z",
	"updated_at": "2026-04-10T13:12:54.265849Z",
	"deleted_at": null,
	"sha1_hash": "5307120354158234855fae3a3fbd999de1b78048",
	"title": "https://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2019-08-24-nemty-ransomware-notes.vk.raw",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 40580,
	"plain_text": "https://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2019-08-24-nemty-ransomware-notes.vk.raw\r\nArchived: 2026-04-05 23:14:14 UTC\r\nMD5: 0e0b7b238a06a2a37a4de06a5ab5e615\r\nBackup \u0026 Shadow Copy Removal:\r\ncmd.exe /c vssadmin.exe delete shadows /all /quiet \u0026 bcdedit /set {default} bootstatuspolicy ignoreal\r\nOddity:\r\nfuckav\r\nMutex:\r\nhate\r\nLink:\r\nhttps://pbs.twimg.com/media/Dn4vwaRW0AY-tUu.jpg:large\r\nURL:\r\nzjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion\r\nExtension Blacklist:\r\nnemty\r\nlog\r\nLOG\r\nCAB\r\ncab\r\nCMD\r\ncmd\r\nCOM\r\ncom\r\ncpl\r\nCPL\r\nexe\r\nEXE\r\nini\r\nINI\r\ndll\r\nDLL\r\nlnk\r\nLNK\r\nurl\r\nURL\r\nhttps://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2019-08-24-nemty-ransomware-notes.vk.raw\r\nPage 1 of 3\n\nttf\r\nTTF\r\nDECRYPT.txt\r\nFile/Folder Blacklist:\r\n$RECYCLE.BIN\r\nrsa\r\nNTDETECT.COM\r\nntldr\r\nMSDOS.SYS\r\nIO.SYS\r\nboot.ini\r\nAUTOEXEC.BAT\r\nntuser.dat\r\ndesktop.ini\r\nCONFIG.SYS\r\nRECYCLER\r\nBOOTSECT.BAK\r\nbootmgr\r\nprogramdata\r\nappdata\r\nwindows\r\nMicrosoft\r\nCommon Files\r\nisRu check:\r\nRussia\r\nBelarus\r\nKazakhstan\r\nTajikistan\r\nUkraine\r\n ---=== NEMTY PROJECT ===---\r\n[+] Whats Happen? [+]\r\nYour files are encrypted, and currently unavailable. You can check it: all files on you computer has\r\nBy the way, everything is possible to restore, but you need to follow our instructions. Otherwise, yo\r\n[+] What guarantees? [+]\r\nIt's just a business. We absolutely do not care about you and your deals, except getting benefits.\r\nIf we do not do our work and liabilities - nobody will not cooperate with us.\r\nIt's not in our interests.\r\nIf you will not cooperate with our service - for us, its does not matter. But you will lose your time\r\nhttps://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2019-08-24-nemty-ransomware-notes.vk.raw\r\nPage 2 of 3\n\nIn practise - time is much more valuable than money.\r\n[+] How to get access on website? [+]\r\n 1) Download and install TOR browser from this site: https://torproject.org/\r\n 2) Open our website: zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion/pay\r\nWhen you open our website, follow the instructions and you will get your files back.\r\n{\"General\": {\"IP\":\"[IP]\",\"Country\":\"[Country]\",\"ComputerName\":\"[ComputerName]\",\"Username\":\"[Username\r\nSource: https://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2019-08-24-nemty-ransomware-notes.vk.raw\r\nhttps://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2019-08-24-nemty-ransomware-notes.vk.raw\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2019-08-24-nemty-ransomware-notes.vk.raw"
	],
	"report_names": [
		"2019-08-24-nemty-ransomware-notes.vk.raw"
	],
	"threat_actors": [],
	"ts_created_at": 1775434536,
	"ts_updated_at": 1775826774,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5307120354158234855fae3a3fbd999de1b78048.pdf",
		"text": "https://archive.orkl.eu/5307120354158234855fae3a3fbd999de1b78048.txt",
		"img": "https://archive.orkl.eu/5307120354158234855fae3a3fbd999de1b78048.jpg"
	}
}