Hive ransomware generates 10MiB of ran-
dom data, and uses it as an master key. For each file to be encrypted,
1MiB and 1KiB of data are extracted from a specific offset of the mas-
ter key and used as a keystream. The offset used at this time is stored
in the encrypted file name of each file. Using the offset of the keystream
stored in the filename, it is possible to extract the keystream used for
encryption
