Analysis Overview
SHA256
8296297b30360163268908f4d6405285e708d2427239a09abc98cac8492aba1f
Threat Level: Likely benign
The file hackfreaks.zip was found to be: Likely benign.
Malicious Activity Summary
One or more HTTP URLs in qr code identified
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-14 13:42
Signatures
One or more HTTP URLs in qr code identified
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-14 13:42
Reported
2024-05-14 13:55
Platform
win10v2004-20240508-en
Max time kernel
599s
Max time network
449s
Command Line
Signatures
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\php_auto_file\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\php_auto_file\shell\edit\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\php_auto_file\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\php_auto_file\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\php_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.php | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Ȏ\ = "php_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.php\ = "php_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\php_auto_file\shell\edit | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\php_auto_file | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\瑴i敲eꖙᔀ耀\ = "php_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Ȏ | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\瑴i敲eꖙᔀ耀 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\php_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4248 wrote to memory of 1908 | N/A | C:\Windows\system32\OpenWith.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 4248 wrote to memory of 1908 | N/A | C:\Windows\system32\OpenWith.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 512 wrote to memory of 1864 | N/A | C:\Windows\system32\OpenWith.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 512 wrote to memory of 1864 | N/A | C:\Windows\system32\OpenWith.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\hackfreaks.zip
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\hackfreaks\" -spe -an -ai#7zMap31236:100:7zEvent17699
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\email.php
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\index.php
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\app\result\sendsms.php
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\app\step2.php
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Wallet Connect\telegram.php
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\American Express by CREW\Plain Text.txt
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\American Express by CREW\" -an -ai#7zMap1868:230:7zEvent31285
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\American Express by CREW\email.php
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| BE | 88.221.83.249:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.14.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\ebay 2023 scampage\ebay\robots.txt
| MD5 | bbbcde0b15cabd06aace1df82d335978 |
| SHA1 | 7a54e2d580b1ccecb62fe3fbb7b98fe569630744 |
| SHA256 | 133e4db054e73a10017a1f429c80c35cd5bfa9c3a1aba581b364ecc459c48a4b |
| SHA512 | 9d2e24f78ee75c05bc7be4a8c6050159709331c13b891df77c4eee30890e4b4bc7756f1443738474967b364e0f296ffdfd3d630248be77ecc11476682fd7c8a3 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Western Union\anti\anti4.php
| MD5 | c651311f855d5aa682a65385d411a294 |
| SHA1 | cb207e9830b09327898ab70e0a5699c28fe9ac05 |
| SHA256 | 9e3a24d30d0cb05947b2547d76dd04bb4b2abb3a212e1ec622fc25138daabd29 |
| SHA512 | 11d20ed6c8a088fdcbbc87ba00db68daa660b33d28c8fd8e2f90c08fbd5ee36274abdd1114b5844d18b9760bfd2bef4fd3eeae3daf23b7d49fabbaf8fb0caaa1 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Western Union\anti\anti5.php
| MD5 | 0b0239b0d3aadcfec877e84c6eb3350e |
| SHA1 | 209964d6ab011f725c2123a36f068a6c54df826e |
| SHA256 | 581576299454959fabfe9274c7e6e384f8749b6356781388485bc04f75631425 |
| SHA512 | 3683dc809661051665732fd67096bb01113ac1940f5beea9a5c0bfaef96e24bdd0131064fcc81dfa6118944218067c6cab18f0e6405c678a6853aebf7427b0ec |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Apple\Bots-fSOCIETY\anti8.php
| MD5 | 05e4cca41039847c80677dd89448eadf |
| SHA1 | e246849802f8c7f904b84cf7fe22b457f2df0e68 |
| SHA256 | 24356417d0530da1bf2c1b2b8477b821be3927cf6a680989fe7c179f6265f413 |
| SHA512 | a5a8c938c494bc8869bee799a1d77b0f7153c1f68d292aac031b12ba3a2616d2cf2f4fe7682c079bb3f01966885278486ec6133dfbd149e18bdc3538af67bd58 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Facebook Scama With Strong Anti Bots\anti\anti3.php
| MD5 | ea346b11acbcfcf48a52f05211b506e9 |
| SHA1 | 667623921bcfdd6e53cf79d363a5e10273d44571 |
| SHA256 | b9e9d2e08e2c44f02c21bee606776acbea2a94df7af715c3cab8beb7e6a1cb29 |
| SHA512 | 823cd1085f7307ea813a291ad47dbe8385d7a24cd8ac00b4ccbc722de7d277a1e6f04ed66c7c11b24435895bbfda6087bb572d7e1afbd87290968cdf34390ced |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Facebook Scama With Strong Anti Bots\anti\index.php
| MD5 | d4127a4b26b364f5b402d66d6bfa26c7 |
| SHA1 | e7f32978b8215262902b04ac5dc6ab301a763af9 |
| SHA256 | a914229aca51e1efbeeed17e2d0987875a4642df554b8b445724f7f272d5b0df |
| SHA512 | 7973552baaee7ffcd4f7b5d9129168e4ddebc1f460397c82092f72408edccdfb33539c41a4349e463df5ea0d2a5071f981a52b100798b42d38307bbb94596556 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Facebook Scama With Strong Anti Bots\anti\anti6.php
| MD5 | bccb29cfcad7540389ff4b1200555765 |
| SHA1 | 3ee21af4dc17e7e5afddab25ff4c8d1bcc232ab0 |
| SHA256 | c04f45739e078ac82f31e24dd591d2a7257f2849eae593cca0f6532c63aed53d |
| SHA512 | 68253f8f1e6b30a385dd0acccc3cd3611e51bf38364449958b4bb28f585882310621432bbd802b2aac5cf5856c4283134cf2f8f780984e2674a5fa049df2b004 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Facebook Scama With Strong Anti Bots\anti\anti2.php
| MD5 | ef66f2709aa2b68bb45cbf5b7837063d |
| SHA1 | c1d943ff154d0eed6b680fe0694126f9502ff4e4 |
| SHA256 | 44dacaa4b46367bddc7c242c622c79b49e8cba5a2dcc36624cc794ca475620cd |
| SHA512 | 7bef193ff84d054079c7679ec5f4a5559ed15683fe3d32f70d4d90f43dc03fa1a1acf3113065f21e21bdb3a483f69333a0c2e17132be9865d875462afc287320 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Facebook Scama With Strong Anti Bots\anti\anti1.php
| MD5 | d1e96bfaf9f96839bd166a9c4c7c79ae |
| SHA1 | 64f01468de0389d74a4440853a8c5057a304b861 |
| SHA256 | 688984823826476f1187ea56379d1ca9fcf3c8f14a07c649bfd147ca94c00720 |
| SHA512 | 135e6e4ca0957eb1cec4b1b32daa42c8b83315902fabeeb5c844f9d6ab18353c8966fa0c3cefebc8bae195d6aa3c3441eac3320ba155c83ee37d104d0901ad6d |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\AU-ETC (Australia Post Scamapage)\__MACOSX\AU_ETC\._config.py
| MD5 | 7caf3f00273907f3248e307a0a172272 |
| SHA1 | 748a2ea4b7c548cf5c56281a4e97dba318507d8d |
| SHA256 | 57da8a55828fd2d5dbe2dbb0805f4870db45ed2400d75293de0080d2769666dc |
| SHA512 | 79f1d5ee34e71c4a9a5274b250974ab5c441ca5bfd46e11d8ceb5ec89f71091e8a95ffe157b7b72329720cc868fa6abb789c76fea934d87b0e20285eb2a2cc29 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\CITI\citib\verify\identity.php
| MD5 | 7bd9c58e23271ec29af6ec47d761a26a |
| SHA1 | c722b386a112fb4d89e7149a51ac7f108df860cd |
| SHA256 | 88bd5ea9371b8a94394c110c97628819947fa124c2e6ed09240ce9d75ba2f24b |
| SHA512 | 5d6bbb563a6978dd67a946d62d2cfde09c6f450030221e43490c2586266a2baf062afb4ddfa584bcf7b3ff608a6b4f8ec87a76f019266132505d32d36a525c52 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\CITI\citib\Bots\.htaccess
| MD5 | 56667ca1f576b744baea11c80423f2fe |
| SHA1 | b62f47c5a835252a3e21f9f2f212283d605d2589 |
| SHA256 | 5d078e0d57318e8ad1b7a2ff0d4fb0c967e0e1cc9e83fe477066d41d0b65e56a |
| SHA512 | 40747ce4232718345fb7d88c792b78ff5a7e01f2f9419cd03c226bc92bffd8b5863098fd6641377d5b766db68ee25f71f08547f008444e6b5ab6de2457f3f1ea |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\ebay 2023 scampage\ebay 2022\ebay\fter.png
| MD5 | 804c5c64a57e56ca2c5644bd7688e4b1 |
| SHA1 | dcc383cf63d65031d4bd4be48eb4292f4f35688c |
| SHA256 | b8620f905e32d05bf362520e0e6e36610b535d4e1cde55ad7f28a27f9e42945c |
| SHA512 | 37e1e37806116718fa949c46894e5a82b688383710fd3ca594cb3c60a0769d439e481c0df653b7d9fa42f99ae24b0381b8d4089304e586f721c5895fe5238997 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\files\files2\jq.js.تنزيل
| MD5 | 3e4bb227fb55271bfe9c9d4a09147bd8 |
| SHA1 | 156837f75f6600ccb602b4efcbd393636c33f35e |
| SHA256 | ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127 |
| SHA512 | f7810ef9df875a7fdfa7228f7e2f95dd34e18b57f56a46383198ebcc591e32f633b0d73cc6b271fbc669347f7fdc114cce6a6b43681104b25084fe2a1e7bee49 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\app\files\files1\logo.png
| MD5 | 4f333eed834033c09d9c6eaa768ec36a |
| SHA1 | fd7130fc95ac9a466f9bae63f70ba433ac618809 |
| SHA256 | 7cff082fe3676f7e02428c7d1b72b5daf671c05eb60e4e53ddd10267080111f0 |
| SHA512 | 0cb12a02620cf2e6c884c66ee190e8d64f1a5f9bfa24407f8cd54daf5debffddee0d35d3b7148c358062be1ddd616ce2df51c4b1a7a1fa8ad556f9001bef1fd5 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\BCP INTERNET BANKING 2023 scampage\bcp\operacionesLinea\verifyingAccount_files\index.html
| MD5 | 2827c9d9dfc11ad071992194d9764657 |
| SHA1 | d2a6a99d0100aa0626ab2cac329650d60bb0e950 |
| SHA256 | e98fb7646b9cc3f66aac9dd2c7e486194dfcbde8bed9c2d62bf2eb0589b9cdfe |
| SHA512 | 2d604544d8e63a8ae4f68aa2d181fc0ff0131528b3e749ace848db14dc87e52a9be5bf82762d5e5aa4e65857c1b03b708a9040018159eade95e250b200ae21dd |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\AU-ETC (Australia Post Scamapage)\AU_ETC\static\css\662.38ef908b.css
| MD5 | 7f172ce0253f8ad1e75be4cf176ce971 |
| SHA1 | bde2098ea8e5445760002a1c637fccdf362f866d |
| SHA256 | 4e271af5315d8773865b7869d12999ac990c3e428c53cf67fe4a66ed4cbd86e1 |
| SHA512 | 1e6ad690b1f92ed10574f5abfceab68e1716ef5a53c0136364a85b4ec6e5e2c5c22bbb455700b9ecc9ca69f3e9771d2bee8a2fa9305b1273c88ca4a8a9882573 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\HSBC Modified\safe\reg\info\index.html
| MD5 | 26722779582e7689c3b170b5315451d3 |
| SHA1 | 40787ccaf412f066de6f50bdabae32e5bfd31df2 |
| SHA256 | 020c19d4c33d863315bd6da3c493f6436410bdfcfa12a5f5ff8bb8c396c97ddd |
| SHA512 | 973242a411da8093b19e2afff53fce1ec15c9d70879b55524c5e1e964c5349e65a52bd10ed7dc51e3c9c5c46a79af6c1b260a979c574286d2219486d17b5b037 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\HSBC Modified\safe\reg\info\Spinner32Dark-1.gif
| MD5 | a96c28f95093e79f70f61542b5b89b09 |
| SHA1 | f3a8152d1a98ef724380694be74dc67d087915b9 |
| SHA256 | 82de9ae5410d659ebd3e0c4c5bbee5fc59482ae44cf2479a9317a2880e99000f |
| SHA512 | 48930119b2d48c00988f68c55e758a05320b5f2e81b9cc02843beac371d43bb3993d27c439095ca6640e117ab70c02382a5e2ea2aecc74a2637c9bccc729fa6a |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Updated Version OF Chase With Strong anti bots\chasev3 2022\Login\Spox\Chase_Result\.htaccess
| MD5 | 170472cf3c8ef81e464da9b7c0bb2ec5 |
| SHA1 | 505289f5f30ecf33815e6f99a932547cc49e6279 |
| SHA256 | 1712a1d5c5f2623ec612909121dab03342e87d66b3777d45d11dba8f11a13635 |
| SHA512 | 6337375e4c973ed19ce5b2a260569d996a71730385853cb0f43edf856721e546e56cf75407ab726c8f8e8751800c8077eb157f5056d2d0e84bbbe6aa6812960f |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Updated Version OF Chase With Strong anti bots\chasev3 2022\Login\Spox\Mail\index.php
| MD5 | ed884aa9e9d1620132a96e80cd3961e7 |
| SHA1 | f765aa6d35775d2561142356ee5fad26a550d60e |
| SHA256 | 6a53528407646af47d602fc7486cef50265060615c690e93a977d78f7cbb71e3 |
| SHA512 | a3b70920d23ebaeb1b39c510f80d8448fc9f88f36b81902a5e3036e2a2694e33c5f1e88009c5c7632428801f006701fe22f3c16947478119c1289eaac9c0c6f4 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\BCP INTERNET BANKING 2023 scampage\bcp\operacionesLinea\verifyingAccount_files\verifyingProcessing_files\clock.png
| MD5 | 8036d3f50e838f58c894cb9dc9b672bd |
| SHA1 | 75fa948df6ca2d7f1e14ace184cdf280db29f2fe |
| SHA256 | 76bef96f65d77eae865801c54c09935793e768c4042cc68c2a9cb7d32bb5f02b |
| SHA512 | 7c0d9ecd7582d1b68b4675123cc0b3abc5fce2aa9da5b6685b65cf630b5c4c100ee2fe04efb87a5bcd2d151d9945ac2d64350de2fddebd56b3e1e71bae05aff4 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\BCP INTERNET BANKING 2023 scampage\bcp\operacionesLinea\verifyingAccount_files\verifyingProcessing_files\logo.png
| MD5 | e752724ec6aee374016b738468e1eb55 |
| SHA1 | 94813bb9681de6dd290ca0404dd2633f55df9a86 |
| SHA256 | 7ab638a8372ab5ef4366c200b9fbd7cfb81f45c02728718f57e2a51e58cf2c42 |
| SHA512 | 671596e1a8b854931330cce5b2a7fb22e82e4b6c9b7accdfb53b9d30eb359ce975068334a4dd36262a67d9293b3a6fc9da320177929003cfb34eb8bc78e4371e |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\BCP INTERNET BANKING 2023 scampage\bcp\operacionesLinea\verifyingAccount_files\verifyingProcessing_files\main.txt
| MD5 | 151a147297f80ec08be955385c960a59 |
| SHA1 | f31bd6ea36c2a3ba827b1e02147d85cfa96e4fe7 |
| SHA256 | 581c6d31b39818f09514b56c96e91e63d166104271c191f609215ed7d5185b70 |
| SHA512 | f84ff2f32820e829396508b4d29bf2a29cd2150614123161512aab72e93305b9e0650bcfe0e4d99968f45c66c3bef10dfc19cf79af9efd48c9a9a03a18ea0278 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\BCP INTERNET BANKING 2023 scampage\bcp\operacionesLinea\verifyingAccount_files\verifyingProcessing_files\cargando.gif
| MD5 | 233c69356e448361db22c27f63d587e0 |
| SHA1 | ae39e5081f2c27de4de8794adc27228dcca50a64 |
| SHA256 | 08bc728a8aaf9b6ea11dddaa38a32fb6cb5eb395e99e25b877c0365ab0635c65 |
| SHA512 | e4098314c1f09146b05140c309685a38bbe826de9385486aad58572329bd72d81aecfcd01ff4d0b40a1450b680af536565414d3b718995f012a9eaddfe87d1ee |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Updated Version OF Chase With Strong anti bots\chasev3 2022\Login\admin\files\admin\fonts\glyphicons-halflings-regulard41d.eot
| MD5 | f4769f9bdb7466be65088239c12046d1 |
| SHA1 | 86b6f62b7853e67d3e635f6512a5a5efc58ea3c3 |
| SHA256 | 13634da87d9e23f8c3ed9108ce1724d183a39ad072e73e1b3d8cbf646d2d0407 |
| SHA512 | efc910c96b9f5c58ea11a84577cf60ae995503b1ee670bb7e7d4a413b7403769920f82600b581f1bd4ee03d71c76c15255f0972ed66ad969487b5a4043f472c4 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\email.php
| MD5 | b9c189e5b106953136892df5be8eb3a5 |
| SHA1 | b776663fee4a41e654e2b67776e27b3813b4cb12 |
| SHA256 | da40a0f935703a57761db937638b7c511fe69f017b5779118a657f65c205f615 |
| SHA512 | b46b29d7478fa70025cc4ec00c48e115f5eb5d2d2aa4f76e55c36bc9024f925418372d6fe5e4caca2acc59a6a93a3befd01a1ce1bad22aca14338e9081f71efb |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\index.php
| MD5 | 1fe29eae51b2f493d11566dff6c90507 |
| SHA1 | 19d75947b4f28a90d3bb6558d595c139b1829925 |
| SHA256 | 5c5df2cfb90f2db597354821fe20a85381e71f217c2648c3bab15754f96a1295 |
| SHA512 | 900efd696d1c7534872322cbda5a5ab91274312a76de997f674ed37f1f8a9a9fcf17c30e45782b442291673edb1b1ee46d6f105f1ab24f9325b85c82676a7f30 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\app\result\sendsms.php
| MD5 | 1eae22a25ce519633d91dea29a5852a1 |
| SHA1 | 20064aa5c1a94970d875007ac065f973a19991c9 |
| SHA256 | 9d64e0967405da33ed3da59788bb5a5d39c9a2a30fe2c60a5a31d1688a800927 |
| SHA512 | c651b7ad79dd4937c22a33ee0433ad92dcb96507c7c97e81aec5109c4c2610bb7efec90a604bfd8c6cbe643e1a1c95fe7756ab245bfb3288c660f52c0b8b7e72 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\app\step2.php
| MD5 | a02f2241a0b7306a5ecf95fbfe160387 |
| SHA1 | d19b69fe8ba4054102def23b645e608be9ab2c4d |
| SHA256 | 1a2e67a32517ef1049a48bdb5a6c88636168aa39e52e7d4c839f83ff789c813f |
| SHA512 | d9ead449ad84a343dcb31d7753e89b607305431df418caf0e76721fab35db1a08ea52cbb3c7f7e37743093e139ce7a4331ae8f24a07b2ee88d05a87675b0b99d |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Wallet Connect\telegram.php
| MD5 | 8af3867d27654f1242f4fddb88fb8d40 |
| SHA1 | 6e478cfa6c910a2aa06e89592501de7bdbf56363 |
| SHA256 | aa95fff5c820ff4e4d40921d395cf1629ad0810f46bb2b507cbbffb89291eda3 |
| SHA512 | 11d3cb981d5de25be0524d1b682a3e4f970dc14a85cadbb97756c6313ec8c4395619e7af7a7465c53c0d1a9547790f4b94ec2d350e0f3cc944a4a56bf0bca16f |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\American Express by CREW\Plain Text.txt
| MD5 | 85bae12679f41283176ca8a04a890eac |
| SHA1 | 835cad45a42213c0cc0b41c1a9827e1cae6a6970 |
| SHA256 | 59efd6e660198eb3e2ea12120931f6e09209a08a136c2f8560a7d3ba98cda3e0 |
| SHA512 | 4eddbaf76252fe866f466492b44f69cb74e284663f97f2d4dc219276573ac06fb9f536a50dbd71686c04db2b005632c3739e91f393ae6ada392a2ccecfa379e7 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\American Express by CREW\americanexpress.zip
| MD5 | 8d7c47d75e8c4f9384c6e36671f12d98 |
| SHA1 | 36b9cbf79c64391de8a9a13e08fe42fd9750fd97 |
| SHA256 | 80ed019b0dac0acdc24ef4cde3d81615d043ecef0b3c9b791e369eb10f2eafcb |
| SHA512 | 1def5c070ce046037d4cf07612d1390897e039bc7c41606fec58d316c204470795bb328a5fbad0a5ae7ed262852874c80d2df242ea71f41c4056a0a11fce7639 |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\American Express by CREW\login.html
| MD5 | f72481b357bab4343102a494c4856fa1 |
| SHA1 | fe01f45806182b1cb5bc570d55a0579c202df850 |
| SHA256 | e4a76b264aeec56f91ece15a8870c57e9ff365878f6b439604f082dc2c926e3d |
| SHA512 | 2003ab2f89c6ff5da7a099119ee10624cd295a708a59bae24bfb5e91a9397705dbe2afb50d846b9717ef5bf2d58721c1f39fad386549f78743fb2761e4046a2d |
C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\American Express by CREW\email.php
| MD5 | 123aa170d0061546e2f8e6d503caa716 |
| SHA1 | 1d8a9ba6904b034540cfb9ddc8df9be0ce86ad36 |
| SHA256 | d12841f97d5ceeb91b8744686ec68650624137fadcde5dc27a957745eedf26ef |
| SHA512 | 5cc818b6865e0777be7a9bd4ae0b8cd328611f8ccf4206eff31bfd4aff1ce1f7e443bde1038174785bb82994f056003fcb2ec524337054d823f4204a743dedbe |