hive | 12389b8af28307fd09fe080fd89802b4e616ed4c961f464f95fdb4b3f0aaf185

Resubmissions

03-03-2024 12:53

240303-p4l89sbc38 10

03-03-2024 12:52

240303-p34f6aag4v 10

Analysis

max time kernel
25s
max time network
24s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240221-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
03-03-2024 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

linux_hive.elf
Size

2.3MB
MD5

56075e7c63b3f9f612cde6187d4a7877
SHA1

1bcfa979b7b9044ba5ce5c006bd26b0bdbeb8464
SHA256

12389b8af28307fd09fe080fd89802b4e616ed4c961f464f95fdb4b3f0aaf185
SHA512

7df68e37b3c2e7ce197f0d8736d06adf808343fe2d638bcd3e0f285968e1365c06b33157c6e5816b9fa9362e6adc262d3d2da45d3d1a38efb7e2ce980fce8b80
SSDEEP

49152:TzVcrxrb/TGvO90dL3BmAFd4A64nsfJbJ5PhTZDknzImQXNqw0Xfgg778lwQJKTS:TcbP/kB30JKT

Score

10^/10

hive evasion persistence ransomware

Malware Config

Extracted

Path

/FVUV_HOW_TO_DECRYPT.txt

Family

hive

Ransom Note

Your network has been breached and all data were encrypted. Personal data, financial reports and important documents are ready to disclose. To decrypt all the data and to prevent exfiltrated files to be disclosed at http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/ you will need to purchase our decryption software. Please contact our sales department at: http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/ Login: FqRAvHSSJR6Z Password: fWqzu3Kqd31FWKUvb5rq To get an access to .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) Follow the guidelines below to avoid losing your data: - Do not modify, rename or delete *.key.mrvk3 files. Your data will be undecryptable. - Do not modify or rename encrypted files. You will lose them. - Do not report to the Police, FBI, etc. They don't care about your business. They simply won't allow you to pay. As a result you will lose everything. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. - Do not reject to purchase. Exfiltrated files will be publicly disclosed.

URLs

http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/

http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/

Signatures

Hive
A ransomware written in Golang first seen in June 2021.
ransomware hive
Deletes itself 1 IoCs

Processes:

linux_hive.elf

pid process

1475 linux_hive.elf
Deletes journal logs 1 TTPs 1 IoCs
Deletes systemd journal logs. Likely to evade detection.
evasion

Indicator Removal
T1070

Processes:

description ioc

File truncated /var/log/journal/4816dd152e8c48ff97e9117d197c13d8/FVUV_HOW_TO_DECRYPT.txt

pid	process
1475	linux_hive.elf

description	ioc
File truncated	/var/log/journal/4816dd152e8c48ff97e9117d197c13d8/FVUV_HOW_TO_DECRYPT.txt

Creates/modifies Cron job 1 TTPs 2 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

persistence

Scheduled Task/Job

T1053

Processes:

description	ioc
File opened for modification	/var/spool/cron/atjobs/.SEQ.rfvV41WlcD8IlkpyQwV_g7lHdYfo0xNJM5hWbHI_KAz_Lbx8HNRm5oQ0.mrvk3
File opened for modification	/var/spool/cron/atjobs/FVUV_HOW_TO_DECRYPT.txt

Deletes log files 1 TTPs 7 IoCs

Deletes log files on the system.

Indicator Removal

T1070

Processes:

description	ioc
File truncated	/var/log/cups/FVUV_HOW_TO_DECRYPT.txt
File truncated	/var/log/installer/cdebconf/FVUV_HOW_TO_DECRYPT.txt
File truncated	/var/log/installer/FVUV_HOW_TO_DECRYPT.txt
File truncated	/var/log/unattended-upgrades/FVUV_HOW_TO_DECRYPT.txt
File truncated	/var/log/FVUV_HOW_TO_DECRYPT.txt
File truncated	/var/log/apt/FVUV_HOW_TO_DECRYPT.txt
File truncated	/var/log/audit/FVUV_HOW_TO_DECRYPT.txt

Enumerates running processes
Discovers information about currently running processes on the system

Reads CPU attributes 1 TTPs 15 IoCs

System Information Discovery

T1082

Processes:

description	ioc
File opened for reading	/sys/devices/system/cpu/cpu0
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index0
File opened for reading	/sys/devices/system/cpu/cpu0/cache
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3
File opened for reading	/sys/devices/system/cpu/smt
File opened for reading	/sys/devices/system/cpu/cpufreq
File opened for reading	/sys/devices/system/cpu/cpuidle
File opened for reading	/sys/devices/system/cpu/hotplug
File opened for reading	/sys/devices/system/cpu/power
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2
File opened for reading	/sys/devices/system/cpu/cpu0/hotplug
File opened for reading	/sys/devices/system/cpu/cpu0/power
File opened for reading	/sys/devices/system/cpu/cpu0/topology
File opened for reading	/sys/devices/system/cpu/vulnerabilities
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index1

Reads hardware information 1 TTPs 1 IoCs
Accesses system info like serial numbers, manufacturer names etc.

System Information Discovery
T1082

Processes:

description ioc

File opened for reading /sys/devices/virtual/dmi/id/power

description	ioc
File opened for reading	/sys/devices/virtual/dmi/id/power

Reads network interface configuration 2 TTPs 12 IoCs

Fetches information about one or more active network interfaces.

System Network Configuration Discovery

T1016

System Network Connections Discovery

T1049

Processes:

description	ioc
File opened for reading	/sys/devices/pci0000:00/0000:00:03.0/net/ens3/queues/tx-0/byte_queue_limits
File opened for reading	/sys/devices/pci0000:00/0000:00:03.0/net/ens3/statistics
File opened for reading	/sys/devices/virtual/net/lo/queues
File opened for reading	/sys/devices/virtual/net/lo/queues/rx-0
File opened for reading	/sys/devices/pci0000:00/0000:00:03.0/net/ens3/power
File opened for reading	/sys/devices/pci0000:00/0000:00:03.0/net/ens3/queues/rx-0
File opened for reading	/sys/devices/pci0000:00/0000:00:03.0/net/ens3/queues/tx-0
File opened for reading	/sys/devices/virtual/net/lo/power
File opened for reading	/sys/devices/virtual/net/lo/queues/tx-0
File opened for reading	/sys/devices/virtual/net/lo/queues/tx-0/byte_queue_limits
File opened for reading	/sys/devices/virtual/net/lo/statistics
File opened for reading	/sys/devices/pci0000:00/0000:00:03.0/net/ens3/queues

Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

description	ioc
File opened for reading	/sys/devices/system/container/power
File opened for reading	/sys/kernel/tracing/events/ext4/ext4_request_inode
File opened for reading	/sys/kernel/tracing/events/power/clock_disable
File opened for reading	/sys/kernel/tracing/events/regmap/regmap_async_complete_done
File opened for reading	/sys/kernel/tracing/events/syscalls/sys_enter_sched_getparam
File opened for reading	/sys/devices/platform/serial8250/tty/ttyS29/power
File opened for reading	/sys/bus/serio/drivers/psmouse
File opened for reading	/sys/kernel/debug/tracing/events/rtc
File opened for reading	/sys/kernel/debug/tracing/events/syscalls/sys_exit_sched_get_priority_min
File opened for reading	/sys/kernel/slab/:A-0000256/cgroup/filp(1187:rsyslog.service)
File opened for reading	/sys/kernel/slab/dentry/cgroup/dentry(465:e2scrub_reap.service)
File opened for reading	/sys/bus/pci/slots/11
File opened for reading	/sys/kernel/debug/tracing/events/vmscan/mm_vmscan_lru_isolate
File opened for reading	/sys/kernel/slab/kmalloc-1k/cgroup/kmalloc-1k(1377:systemd-localed.service)
File opened for reading	/sys/devices/virtual/vc/vcsa1
File opened for reading	/sys/kernel/debug/tracing/events/syscalls/sys_enter_sched_getattr
File opened for reading	/sys/kernel/slab/radix_tree_node/cgroup/radix_tree_node(441:dbus.service)
File opened for reading	/sys/kernel/slab/sock_inode_cache/cgroup/sock_inode_cache(59:dev-hugepages.mount)
File opened for reading	/sys/firmware/acpi/tables
File opened for reading	/sys/devices/pnp0/00:04/tty/ttyS0
File opened for reading	/sys/kernel/tracing/events/drm/drm_vblank_event
File opened for reading	/sys/kernel/tracing/events/syscalls/sys_enter_getsockopt
File opened for reading	/sys/kernel/tracing/events/syscalls/sys_exit_mq_timedreceive
File opened for reading	/sys/kernel/tracing/events/workqueue
File opened for reading	/sys/module/glue_helper/holders
File opened for reading	/sys/kernel/slab/radix_tree_node/cgroup/radix_tree_node(625:systemd-hostnamed.service)
File opened for reading	/sys/kernel/debug/tracing/events/syscalls/sys_exit_time
File opened for reading	/sys/devices/pci0000:00/0000:00:04.0/ata8/host7/scsi_host/host7/power
File opened for reading	/sys/devices/virtual/tty/tty8
File opened for reading	/sys/kernel/slab/:A-0000128/cgroup
File opened for reading	/sys/kernel/slab/dentry/cgroup/dentry(505:ondemand.service)
File opened for reading	/sys/kernel/tracing/events/alarmtimer/alarmtimer_cancel
File opened for reading	/sys/devices/pci0000:00/0000:00:04.0/ata4/link4/dev4.0/ata_device/dev4.0/power
File opened for reading	/sys/kernel/debug/block/loop0
File opened for reading	/sys/kernel/tracing/events/syscalls/sys_enter_keyctl
File opened for reading	/sys/module/fb/parameters
File opened for reading	/sys/devices/virtual/misc/snapshot
File opened for reading	/sys/kernel/debug/tracing/events/clk/clk_set_phase
File opened for reading	/sys/kernel/slab/:0000208/cgroup
File opened for reading	/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:03/wakeup
File opened for reading	/sys/kernel/slab/:0000080/cgroup
File opened for reading	/sys/kernel/slab/dentry/cgroup/dentry(289:boot-efi.mount)
File opened for reading	/sys/kernel/slab/kmalloc-rcl-64/cgroup
File opened for reading	/sys/kernel/debug/tracing/events/syscalls/sys_enter_execveat
File opened for reading	/sys/kernel/tracing/events/ext4/ext4_da_write_pages
File opened for reading	/sys/kernel/tracing/events/syscalls/sys_exit_getrlimit
File opened for reading	/sys/module/libahci/notes
File opened for reading	/sys/kernel/slab/dentry/cgroup/dentry(1393:packagekit.service)
File opened for reading	/sys/kernel/slab/kmalloc-1k/cgroup/kmalloc-1k(1217:systemd-logind.service)
File opened for reading	/sys/kernel/security/apparmor/features
File opened for reading	/sys/kernel/slab/radix_tree_node/cgroup/radix_tree_node(345:systemd-update-utmp.service)
File opened for reading	/sys/kernel/tracing/events/syscalls/sys_enter_truncate
File opened for reading	/sys/kernel/tracing/events/syscalls/sys_exit_preadv2
File opened for reading	/sys/kernel/debug/tracing/events/syscalls/sys_enter_timer_delete
File opened for reading	/sys/kernel/slab/:A-0000192/cgroup/cred_jar(617:ssh.service)
File opened for reading	/sys/kernel/tracing/events/syscalls/sys_exit_personality
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/virtio0/graphics/fb0
File opened for reading	/sys/kernel/debug/tracing/events/syscalls/sys_enter_pread64
File opened for reading	/sys/kernel/debug/tracing/events/syscalls/sys_exit_sigaltstack
File opened for reading	/sys/kernel/debug/tracing/events/xhci-hcd/xhci_get_port_status
File opened for reading	/sys/kernel/debug/tracing/events/irq_vectors/call_function_single_entry
File opened for reading	/sys/kernel/tracing/events/syscalls/sys_enter_syncfs
File opened for reading	/sys/kernel/debug/tracing/events/syscalls/sys_enter_accept4
File opened for reading	/sys/devices/platform/serial8250/tty/ttyS20/power

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

linux_hive.elf

description	ioc	process
File opened for reading	/proc/1418/attr/smack	linux_hive.elf
File opened for reading	/proc/1475/task/1956/attr
File opened for reading	/proc/1757/task/1757/attr/apparmor
File opened for reading	/proc/2097/task/2141/fd
File opened for reading	/proc/23/attr/apparmor	linux_hive.elf
File opened for reading	/proc/780/task/782/fd	linux_hive.elf
File opened for reading	/proc/992/task/994/fd	linux_hive.elf
File opened for reading	/proc/1475/task/1867/fd
File opened for reading	/proc/1475/task/1889/net/dev_snmp6
File opened for reading	/proc/1480/net/netfilter
File opened for reading	/proc/1590/task/1591/attr/apparmor
File opened for reading	/proc/72/task/72/attr	linux_hive.elf
File opened for reading	/proc/1475/task/1976/fd
File opened for reading	/proc/1480/task/1482/ns
File opened for reading	/proc/1475/task/1913
File opened for reading	/proc/960/net/stat
File opened for reading	/proc/73/task/73/attr/smack	linux_hive.elf
File opened for reading	/proc/1850/task/1850
File opened for reading	/proc/1415/task/1415/attr/smack
File opened for reading	/proc/1475/task/1967/net/stat
File opened for reading	/proc/173/net/stat
File opened for reading	/proc/301/net/netfilter
File opened for reading	/proc/12/net/dev_snmp6	linux_hive.elf
File opened for reading	/proc/960/task/961	linux_hive.elf
File opened for reading	/proc/1475/task/1917/net/netfilter
File opened for reading	/proc/1475/task/1987/ns
File opened for reading	/proc/242/task/242/net
File opened for reading	/proc/75/task/75
File opened for reading	/proc/1645/task/1747/attr/smack
File opened for reading	/proc/2093/net/netfilter
File opened for reading	/proc/614/fd
File opened for reading	/proc/1041/task/1042/net/dev_snmp6	linux_hive.elf
File opened for reading	/proc/2081/task/2150/ns
File opened for reading	/proc/2089/task/2160
File opened for reading	/proc/1475/task/1892/net/netfilter
File opened for reading	/proc/1560/fd
File opened for reading	/proc/85/task/85/fd
File opened for reading	/proc/201/task/201/attr	linux_hive.elf
File opened for reading	/proc/1033/task/1033/attr/apparmor
File opened for reading	/proc/1475/task/1994/net
File opened for reading	/proc/785	linux_hive.elf
File opened for reading	/proc/1475/task/1952
File opened for reading	/proc/1475/task/2041/attr/apparmor
File opened for reading	/proc/1413/attr/apparmor
File opened for reading	/proc/1708/task/1708/net/stat
File opened for reading	/proc/2102/task/2137/attr/apparmor
File opened for reading	/proc/74/task/74	linux_hive.elf
File opened for reading	/proc/1594/task/1597/attr/apparmor
File opened for reading	/proc/1475/task/1983/net/dev_snmp6
File opened for reading	/proc/1475/task/1987/net
File opened for reading	/proc/1475/task/2015/ns
File opened for reading	/proc/1645/task/1750/attr/smack
File opened for reading	/proc/1846
File opened for reading	/proc/301/net
File opened for reading	/proc/77/task/77/attr/apparmor
File opened for reading	/proc/118/attr/apparmor
File opened for reading	/proc/15/task/15/attr/apparmor	linux_hive.elf
File opened for reading	/proc/242/task/242/net/dev_snmp6	linux_hive.elf
File opened for reading	/proc/1716/task/1716/attr
File opened for reading	/proc/79/task/79/net/netfilter	linux_hive.elf
File opened for reading	/proc/11/attr
File opened for reading	/proc/1475/task/1935/net
File opened for reading	/proc/16/net/stat
File opened for reading	/proc/86/net

Writes file to shm directory 1 IoCs
Malware can drop malicious files in the shm directory which will run directly from RAM.

Processes:

description ioc

File opened for modification /dev/shm/temp1.swap.mrvk3

description	ioc
File opened for modification	/dev/shm/temp1.swap.mrvk3

Writes file to tmp directory 2 IoCs

Malware often drops required files in the /tmp directory.

Processes:

description	ioc
File opened for modification	/tmp/config-err-9BSDzf.rfvV41WlcD8IlkpyQwV_g7lHdYfo0xNJM5hWbHI_KAz_TIjQsx_o1Kw0.mrvk3
File opened for modification	/tmp/FVUV_HOW_TO_DECRYPT.txt

/tmp/linux_hive.elf
/tmp/linux_hive.elf
1⤵
- Deletes itself
- Reads runtime system information
PID:1475

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Indicator Removal

T1070

Credential Access

Discovery

System Information Discovery

T1082

System Network Configuration Discovery

T1016

System Network Connections Discovery

T1049

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/FVUV_HOW_TO_DECRYPT.txt

Filesize
1KB

MD5
88cb43b9893d9559fcd7c2ff92198346

SHA1
10f5b6704bf62d54b6928456dfd5127fcb16a936

SHA256
36b00b82b942515e84d145a88bc7bbe9f59773bd8e3c4d9639dd2e3ffc4bb2e6

SHA512
48f7b52fa640ac38a8a0e2216c0cfd848ef704c23cd59723b7fb0f5e83da455ff75701a40e8ede99156cdfc8aef0ec6246de0d4afd7fdbe21051bef1eed63224

Download Submit
/boot/efi/temp1.swap.mrvk3

Filesize
75.0MB

MD5
7ec1f6f05777fa2d63cfe264b7b79017

SHA1
26751b8150ab993a98a9282c14a8cbe6cce7b99d

SHA256
0fd3bd9a18469b1b45a5d5f89503ebdf1a9db3a5bc3317a5d322f58a968fba14

SHA512
ca839f952e39e6603021959072358ce9a261a3f69294dcc418b39d9113a374f9fa6f12af2297e070f179d38cdfd922ca75cd51721591efd60ba0d3d429d93e5f

Download Submit
/dev/shm/temp1.swap.mrvk3

Filesize
345.0MB

MD5
fc32c65f5278f3b073aa39006c68a35e

SHA1
846ec1ef1e3cb218007f30119b36fac4d256cf28

SHA256
e03b3bd2c242797549ea9996729d024376dad2ce42c47f8efe3f5e393e3f4361

SHA512
cc378f21389423c07ab78ba1ecbc98ee095b9842142e0ddeef45e4dbc4f4f8cc8151c5e8db116f287e43839828bacd6673a13de20f679704121cd2c29600f1be

Download Submit
/etc/motd

Filesize
1KB

MD5
b492b14845d83f7a8d43b13a3adb9a7c

SHA1
65c273544d3ef5326a74bfc1e8a282909338851b

SHA256
efe04a8a7d831a65c2f1ff8b0e3e382fc44c2e874ec9fda1c1c6dde675934112

SHA512
9f6d2e2e9457d06d14c09541ace5e47216baf88476cf2dda412841580d571495313912dc202805b90f8416511ead42f19621713c194c5581452553f870623a1b

Download Submit
/rfvV41WlcD8IlkpyQwV_g7lHdYfo0xNJM5hWbHI_KAz_.key.mrvk3

Filesize
1.2MB

MD5
c44c0a5fff813585dc610461db7df836

SHA1
9ff90b2233aa71d0c8203be538acf59bcddee39e

SHA256
428d90e2ea179ccdc15ce03ba0649f50ddb9f25e663db47aac7ad692d2e5cbca

SHA512
16df97fa20c84006f9c4bba2a62c73e7d60d140cf3764ba5916a4904c7a3444cdacb2e944c57ebd2ccad5f2ea57e2aa37544a221e32b3d25722bb0c2a42b8344

Download Submit
/run/lock/temp1.swap.mrvk3

Filesize
4.0MB

MD5
e76491b1a3333e70e56c460ad862852d

SHA1
fa17be978cd83032f2e023877e829f6c0c840222

SHA256
f1fc4a498ae9ff76c9fa1bcbbfee12172818284da51db458dc0a3e2d7d135ea7

SHA512
d4d02bfe519d9151730fbbc586e4ecea397ffd68c2b21ce5220f49215317a9a4d11c20eb5da8aea8dc436ad6871202cf69f780b417db905c53d4581b9887cab7

Download Submit
/run/temp1.swap.mrvk3

Filesize
1024KB

MD5
333ddc4c91b7bef1f97463a527ce8924

SHA1
e78f07d9637fa7c2cd1c49dd0cc8101545e51d06

SHA256
ff19976ea801e6cf0efff2cc17a440d4cc5dfd69e86bb4edc6545e241c4c2b60

SHA512
216a8ff92ed09c163471c8394dd59756cf25f6121c9aff9f77f30e8780c1c17036c94c95b40d497b71e705463c73a9d34cbeda9d46866dff46d4157be9729803

Download Submit
/run/user/126/temp1.swap.mrvk3

Filesize
21.0MB

MD5
0cc1122c0445785d3f548fd0f27a545c

SHA1
8488590a17db7e02429975d0a0176a747c3dbfa2

SHA256
ac8c9f8eeddb3e373d8d779f019096c338fb413d751e5fe5a0a6493d6351ba88

SHA512
22b5f1d9c1c5cbc9ebe5448b55c99a97fe91ecec96dfb3f7bfd70e5d87d3d79a85dcef0b0f445350034616fc4bb0d128fbd9e1aeff718a73c08731d4aebf8f98

Download Submit
/temp1.swap.mrvk3

Filesize
490.0MB

MD5
9479d4971f59b156fd6ac4ca9ad8f5c9

SHA1
eebaf31f0e05bf73a55ee3d6141a2839d8520cf6

SHA256
e8b041c2cf08366bc343335ed0ff3fde4c51e572c9ae3b97997e965e5d89ca3c

SHA512
f57a644e9bb42d5ddde7d10f19200aba501d3b4a349275f80ab80fe4935eafe7478c8a39cbaa60f7d702c679839965b82b17cd6194148fc9c591e890231f5487

Download Submit
/temp2.swap.mrvk3

Filesize
1007.0MB

MD5
da389542b88f7b8e642440bf0745b1da

SHA1
b9356e1d08115b0614afde904da235ccdc3cafad

SHA256
250968df4a346c00525ffc482acee7f26e2bc694d8d3b6f655db679352e2f611

SHA512
fdb89233485d696a373a0efad7c5f3aef4030e3e7a180498e7bd7328b411b11687fbb1e4a24544cef6bec0b4d9cdc8b5bb57629eb419328e7f692f6d8cdf4cdb

Download Submit
/temp3.swap.mrvk3

Filesize
1014.0MB

MD5
68f1c45fcb462f10b173d00337c1eb12

SHA1
d5b49ab20fba23e7e5991f91aecc2b9028a97d4f

SHA256
6220ffbb780f536e118ab55a271827fcef271b63159cb734a274b8c1edba8fe5

SHA512
7753118948b4dd8238a1272b03e746c67718b0e4a40071b3eb05399c5d5a6f7db77485b4532e1a5039e7f49407c3bd298f5da30dc24f711d1ae4c312d2a8525c

Download Submit
/temp4.swap.mrvk3

Filesize
892.7MB

MD5
f13a698ba3dc1bc65cb18ab6652ddb1e

SHA1
c744ca5066c53b0d2c50ee6e83a09ffbfe34616e

SHA256
f261da4e0ddcba59b8c9b157f755a3e1c0b8b05a4f2a7b0108fd9d433c5932be

SHA512
5db3911864b67d07aab872f277b012bd6a79b908cd430604c9b66f39a7a633727a254f5379f8220e9868125d41d97bc734bd94ecabe30a31fb2936ff2188f7a4

Download Submit