Malware Analysis Report

2024-09-23 15:08

Sample ID 240514-qzrtmahg24
Target hackfreaks.zip
SHA256 8296297b30360163268908f4d6405285e708d2427239a09abc98cac8492aba1f
Tags
qr link
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

8296297b30360163268908f4d6405285e708d2427239a09abc98cac8492aba1f

Threat Level: Likely benign

The file hackfreaks.zip was found to be: Likely benign.

Malicious Activity Summary

qr link

One or more HTTP URLs in qr code identified

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-14 13:42

Signatures

One or more HTTP URLs in qr code identified

qr link

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-14 13:42

Reported

2024-05-14 13:55

Platform

win10v2004-20240508-en

Max time kernel

599s

Max time network

449s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\hackfreaks.zip

Signatures

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\php_auto_file\shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\php_auto_file\shell\edit\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\php_auto_file\shell\open C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\php_auto_file\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\php_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.php C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Ȏ\ = "php_auto_file" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.php\ = "php_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\php_auto_file\shell\edit C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\php_auto_file C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\瑴i敲e຋ꖙᔀ耀\ = "php_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Ȏ C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\瑴i敲e຋ꖙᔀ耀 C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\php_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4248 wrote to memory of 1908 N/A C:\Windows\system32\OpenWith.exe C:\Windows\system32\NOTEPAD.EXE
PID 4248 wrote to memory of 1908 N/A C:\Windows\system32\OpenWith.exe C:\Windows\system32\NOTEPAD.EXE
PID 512 wrote to memory of 1864 N/A C:\Windows\system32\OpenWith.exe C:\Windows\system32\NOTEPAD.EXE
PID 512 wrote to memory of 1864 N/A C:\Windows\system32\OpenWith.exe C:\Windows\system32\NOTEPAD.EXE

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\hackfreaks.zip

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\hackfreaks\" -spe -an -ai#7zMap31236:100:7zEvent17699

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\email.php

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\index.php

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\app\result\sendsms.php

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\app\step2.php

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Wallet Connect\telegram.php

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\American Express by CREW\Plain Text.txt

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\American Express by CREW\" -an -ai#7zMap1868:230:7zEvent31285

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\American Express by CREW\email.php

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
BE 88.221.83.249:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 249.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 25.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\ebay 2023 scampage\ebay\robots.txt

MD5 bbbcde0b15cabd06aace1df82d335978
SHA1 7a54e2d580b1ccecb62fe3fbb7b98fe569630744
SHA256 133e4db054e73a10017a1f429c80c35cd5bfa9c3a1aba581b364ecc459c48a4b
SHA512 9d2e24f78ee75c05bc7be4a8c6050159709331c13b891df77c4eee30890e4b4bc7756f1443738474967b364e0f296ffdfd3d630248be77ecc11476682fd7c8a3

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Western Union\anti\anti4.php

MD5 c651311f855d5aa682a65385d411a294
SHA1 cb207e9830b09327898ab70e0a5699c28fe9ac05
SHA256 9e3a24d30d0cb05947b2547d76dd04bb4b2abb3a212e1ec622fc25138daabd29
SHA512 11d20ed6c8a088fdcbbc87ba00db68daa660b33d28c8fd8e2f90c08fbd5ee36274abdd1114b5844d18b9760bfd2bef4fd3eeae3daf23b7d49fabbaf8fb0caaa1

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Western Union\anti\anti5.php

MD5 0b0239b0d3aadcfec877e84c6eb3350e
SHA1 209964d6ab011f725c2123a36f068a6c54df826e
SHA256 581576299454959fabfe9274c7e6e384f8749b6356781388485bc04f75631425
SHA512 3683dc809661051665732fd67096bb01113ac1940f5beea9a5c0bfaef96e24bdd0131064fcc81dfa6118944218067c6cab18f0e6405c678a6853aebf7427b0ec

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Apple\Bots-fSOCIETY\anti8.php

MD5 05e4cca41039847c80677dd89448eadf
SHA1 e246849802f8c7f904b84cf7fe22b457f2df0e68
SHA256 24356417d0530da1bf2c1b2b8477b821be3927cf6a680989fe7c179f6265f413
SHA512 a5a8c938c494bc8869bee799a1d77b0f7153c1f68d292aac031b12ba3a2616d2cf2f4fe7682c079bb3f01966885278486ec6133dfbd149e18bdc3538af67bd58

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Facebook Scama With Strong Anti Bots\anti\anti3.php

MD5 ea346b11acbcfcf48a52f05211b506e9
SHA1 667623921bcfdd6e53cf79d363a5e10273d44571
SHA256 b9e9d2e08e2c44f02c21bee606776acbea2a94df7af715c3cab8beb7e6a1cb29
SHA512 823cd1085f7307ea813a291ad47dbe8385d7a24cd8ac00b4ccbc722de7d277a1e6f04ed66c7c11b24435895bbfda6087bb572d7e1afbd87290968cdf34390ced

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Facebook Scama With Strong Anti Bots\anti\index.php

MD5 d4127a4b26b364f5b402d66d6bfa26c7
SHA1 e7f32978b8215262902b04ac5dc6ab301a763af9
SHA256 a914229aca51e1efbeeed17e2d0987875a4642df554b8b445724f7f272d5b0df
SHA512 7973552baaee7ffcd4f7b5d9129168e4ddebc1f460397c82092f72408edccdfb33539c41a4349e463df5ea0d2a5071f981a52b100798b42d38307bbb94596556

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Facebook Scama With Strong Anti Bots\anti\anti6.php

MD5 bccb29cfcad7540389ff4b1200555765
SHA1 3ee21af4dc17e7e5afddab25ff4c8d1bcc232ab0
SHA256 c04f45739e078ac82f31e24dd591d2a7257f2849eae593cca0f6532c63aed53d
SHA512 68253f8f1e6b30a385dd0acccc3cd3611e51bf38364449958b4bb28f585882310621432bbd802b2aac5cf5856c4283134cf2f8f780984e2674a5fa049df2b004

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Facebook Scama With Strong Anti Bots\anti\anti2.php

MD5 ef66f2709aa2b68bb45cbf5b7837063d
SHA1 c1d943ff154d0eed6b680fe0694126f9502ff4e4
SHA256 44dacaa4b46367bddc7c242c622c79b49e8cba5a2dcc36624cc794ca475620cd
SHA512 7bef193ff84d054079c7679ec5f4a5559ed15683fe3d32f70d4d90f43dc03fa1a1acf3113065f21e21bdb3a483f69333a0c2e17132be9865d875462afc287320

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Facebook Scama With Strong Anti Bots\anti\anti1.php

MD5 d1e96bfaf9f96839bd166a9c4c7c79ae
SHA1 64f01468de0389d74a4440853a8c5057a304b861
SHA256 688984823826476f1187ea56379d1ca9fcf3c8f14a07c649bfd147ca94c00720
SHA512 135e6e4ca0957eb1cec4b1b32daa42c8b83315902fabeeb5c844f9d6ab18353c8966fa0c3cefebc8bae195d6aa3c3441eac3320ba155c83ee37d104d0901ad6d

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\AU-ETC (Australia Post Scamapage)\__MACOSX\AU_ETC\._config.py

MD5 7caf3f00273907f3248e307a0a172272
SHA1 748a2ea4b7c548cf5c56281a4e97dba318507d8d
SHA256 57da8a55828fd2d5dbe2dbb0805f4870db45ed2400d75293de0080d2769666dc
SHA512 79f1d5ee34e71c4a9a5274b250974ab5c441ca5bfd46e11d8ceb5ec89f71091e8a95ffe157b7b72329720cc868fa6abb789c76fea934d87b0e20285eb2a2cc29

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\CITI\citib\verify\identity.php

MD5 7bd9c58e23271ec29af6ec47d761a26a
SHA1 c722b386a112fb4d89e7149a51ac7f108df860cd
SHA256 88bd5ea9371b8a94394c110c97628819947fa124c2e6ed09240ce9d75ba2f24b
SHA512 5d6bbb563a6978dd67a946d62d2cfde09c6f450030221e43490c2586266a2baf062afb4ddfa584bcf7b3ff608a6b4f8ec87a76f019266132505d32d36a525c52

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\CITI\citib\Bots\.htaccess

MD5 56667ca1f576b744baea11c80423f2fe
SHA1 b62f47c5a835252a3e21f9f2f212283d605d2589
SHA256 5d078e0d57318e8ad1b7a2ff0d4fb0c967e0e1cc9e83fe477066d41d0b65e56a
SHA512 40747ce4232718345fb7d88c792b78ff5a7e01f2f9419cd03c226bc92bffd8b5863098fd6641377d5b766db68ee25f71f08547f008444e6b5ab6de2457f3f1ea

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\ebay 2023 scampage\ebay 2022\ebay\fter.png

MD5 804c5c64a57e56ca2c5644bd7688e4b1
SHA1 dcc383cf63d65031d4bd4be48eb4292f4f35688c
SHA256 b8620f905e32d05bf362520e0e6e36610b535d4e1cde55ad7f28a27f9e42945c
SHA512 37e1e37806116718fa949c46894e5a82b688383710fd3ca594cb3c60a0769d439e481c0df653b7d9fa42f99ae24b0381b8d4089304e586f721c5895fe5238997

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\files\files2\jq.js.تنزيل

MD5 3e4bb227fb55271bfe9c9d4a09147bd8
SHA1 156837f75f6600ccb602b4efcbd393636c33f35e
SHA256 ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127
SHA512 f7810ef9df875a7fdfa7228f7e2f95dd34e18b57f56a46383198ebcc591e32f633b0d73cc6b271fbc669347f7fdc114cce6a6b43681104b25084fe2a1e7bee49

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\app\files\files1\logo.png

MD5 4f333eed834033c09d9c6eaa768ec36a
SHA1 fd7130fc95ac9a466f9bae63f70ba433ac618809
SHA256 7cff082fe3676f7e02428c7d1b72b5daf671c05eb60e4e53ddd10267080111f0
SHA512 0cb12a02620cf2e6c884c66ee190e8d64f1a5f9bfa24407f8cd54daf5debffddee0d35d3b7148c358062be1ddd616ce2df51c4b1a7a1fa8ad556f9001bef1fd5

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\BCP INTERNET BANKING 2023 scampage\bcp\operacionesLinea\verifyingAccount_files\index.html

MD5 2827c9d9dfc11ad071992194d9764657
SHA1 d2a6a99d0100aa0626ab2cac329650d60bb0e950
SHA256 e98fb7646b9cc3f66aac9dd2c7e486194dfcbde8bed9c2d62bf2eb0589b9cdfe
SHA512 2d604544d8e63a8ae4f68aa2d181fc0ff0131528b3e749ace848db14dc87e52a9be5bf82762d5e5aa4e65857c1b03b708a9040018159eade95e250b200ae21dd

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\AU-ETC (Australia Post Scamapage)\AU_ETC\static\css\662.38ef908b.css

MD5 7f172ce0253f8ad1e75be4cf176ce971
SHA1 bde2098ea8e5445760002a1c637fccdf362f866d
SHA256 4e271af5315d8773865b7869d12999ac990c3e428c53cf67fe4a66ed4cbd86e1
SHA512 1e6ad690b1f92ed10574f5abfceab68e1716ef5a53c0136364a85b4ec6e5e2c5c22bbb455700b9ecc9ca69f3e9771d2bee8a2fa9305b1273c88ca4a8a9882573

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\HSBC Modified\safe\reg\info\index.html

MD5 26722779582e7689c3b170b5315451d3
SHA1 40787ccaf412f066de6f50bdabae32e5bfd31df2
SHA256 020c19d4c33d863315bd6da3c493f6436410bdfcfa12a5f5ff8bb8c396c97ddd
SHA512 973242a411da8093b19e2afff53fce1ec15c9d70879b55524c5e1e964c5349e65a52bd10ed7dc51e3c9c5c46a79af6c1b260a979c574286d2219486d17b5b037

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\HSBC Modified\safe\reg\info\Spinner32Dark-1.gif

MD5 a96c28f95093e79f70f61542b5b89b09
SHA1 f3a8152d1a98ef724380694be74dc67d087915b9
SHA256 82de9ae5410d659ebd3e0c4c5bbee5fc59482ae44cf2479a9317a2880e99000f
SHA512 48930119b2d48c00988f68c55e758a05320b5f2e81b9cc02843beac371d43bb3993d27c439095ca6640e117ab70c02382a5e2ea2aecc74a2637c9bccc729fa6a

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Updated Version OF Chase With Strong anti bots\chasev3 2022\Login\Spox\Chase_Result\.htaccess

MD5 170472cf3c8ef81e464da9b7c0bb2ec5
SHA1 505289f5f30ecf33815e6f99a932547cc49e6279
SHA256 1712a1d5c5f2623ec612909121dab03342e87d66b3777d45d11dba8f11a13635
SHA512 6337375e4c973ed19ce5b2a260569d996a71730385853cb0f43edf856721e546e56cf75407ab726c8f8e8751800c8077eb157f5056d2d0e84bbbe6aa6812960f

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Updated Version OF Chase With Strong anti bots\chasev3 2022\Login\Spox\Mail\index.php

MD5 ed884aa9e9d1620132a96e80cd3961e7
SHA1 f765aa6d35775d2561142356ee5fad26a550d60e
SHA256 6a53528407646af47d602fc7486cef50265060615c690e93a977d78f7cbb71e3
SHA512 a3b70920d23ebaeb1b39c510f80d8448fc9f88f36b81902a5e3036e2a2694e33c5f1e88009c5c7632428801f006701fe22f3c16947478119c1289eaac9c0c6f4

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\BCP INTERNET BANKING 2023 scampage\bcp\operacionesLinea\verifyingAccount_files\verifyingProcessing_files\clock.png

MD5 8036d3f50e838f58c894cb9dc9b672bd
SHA1 75fa948df6ca2d7f1e14ace184cdf280db29f2fe
SHA256 76bef96f65d77eae865801c54c09935793e768c4042cc68c2a9cb7d32bb5f02b
SHA512 7c0d9ecd7582d1b68b4675123cc0b3abc5fce2aa9da5b6685b65cf630b5c4c100ee2fe04efb87a5bcd2d151d9945ac2d64350de2fddebd56b3e1e71bae05aff4

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\BCP INTERNET BANKING 2023 scampage\bcp\operacionesLinea\verifyingAccount_files\verifyingProcessing_files\logo.png

MD5 e752724ec6aee374016b738468e1eb55
SHA1 94813bb9681de6dd290ca0404dd2633f55df9a86
SHA256 7ab638a8372ab5ef4366c200b9fbd7cfb81f45c02728718f57e2a51e58cf2c42
SHA512 671596e1a8b854931330cce5b2a7fb22e82e4b6c9b7accdfb53b9d30eb359ce975068334a4dd36262a67d9293b3a6fc9da320177929003cfb34eb8bc78e4371e

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\BCP INTERNET BANKING 2023 scampage\bcp\operacionesLinea\verifyingAccount_files\verifyingProcessing_files\main.txt

MD5 151a147297f80ec08be955385c960a59
SHA1 f31bd6ea36c2a3ba827b1e02147d85cfa96e4fe7
SHA256 581c6d31b39818f09514b56c96e91e63d166104271c191f609215ed7d5185b70
SHA512 f84ff2f32820e829396508b4d29bf2a29cd2150614123161512aab72e93305b9e0650bcfe0e4d99968f45c66c3bef10dfc19cf79af9efd48c9a9a03a18ea0278

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\BCP INTERNET BANKING 2023 scampage\bcp\operacionesLinea\verifyingAccount_files\verifyingProcessing_files\cargando.gif

MD5 233c69356e448361db22c27f63d587e0
SHA1 ae39e5081f2c27de4de8794adc27228dcca50a64
SHA256 08bc728a8aaf9b6ea11dddaa38a32fb6cb5eb395e99e25b877c0365ab0635c65
SHA512 e4098314c1f09146b05140c309685a38bbe826de9385486aad58572329bd72d81aecfcd01ff4d0b40a1450b680af536565414d3b718995f012a9eaddfe87d1ee

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Updated Version OF Chase With Strong anti bots\chasev3 2022\Login\admin\files\admin\fonts\glyphicons-halflings-regulard41d.eot

MD5 f4769f9bdb7466be65088239c12046d1
SHA1 86b6f62b7853e67d3e635f6512a5a5efc58ea3c3
SHA256 13634da87d9e23f8c3ed9108ce1724d183a39ad072e73e1b3d8cbf646d2d0407
SHA512 efc910c96b9f5c58ea11a84577cf60ae995503b1ee670bb7e7d4a413b7403769920f82600b581f1bd4ee03d71c76c15255f0972ed66ad969487b5a4043f472c4

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\email.php

MD5 b9c189e5b106953136892df5be8eb3a5
SHA1 b776663fee4a41e654e2b67776e27b3813b4cb12
SHA256 da40a0f935703a57761db937638b7c511fe69f017b5779118a657f65c205f615
SHA512 b46b29d7478fa70025cc4ec00c48e115f5eb5d2d2aa4f76e55c36bc9024f925418372d6fe5e4caca2acc59a6a93a3befd01a1ce1bad22aca14338e9081f71efb

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\index.php

MD5 1fe29eae51b2f493d11566dff6c90507
SHA1 19d75947b4f28a90d3bb6558d595c139b1829925
SHA256 5c5df2cfb90f2db597354821fe20a85381e71f217c2648c3bab15754f96a1295
SHA512 900efd696d1c7534872322cbda5a5ab91274312a76de997f674ed37f1f8a9a9fcf17c30e45782b442291673edb1b1ee46d6f105f1ab24f9325b85c82676a7f30

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\app\result\sendsms.php

MD5 1eae22a25ce519633d91dea29a5852a1
SHA1 20064aa5c1a94970d875007ac065f973a19991c9
SHA256 9d64e0967405da33ed3da59788bb5a5d39c9a2a30fe2c60a5a31d1688a800927
SHA512 c651b7ad79dd4937c22a33ee0433ad92dcb96507c7c97e81aec5109c4c2610bb7efec90a604bfd8c6cbe643e1a1c95fe7756ab245bfb3288c660f52c0b8b7e72

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\israelpost\app\step2.php

MD5 a02f2241a0b7306a5ecf95fbfe160387
SHA1 d19b69fe8ba4054102def23b645e608be9ab2c4d
SHA256 1a2e67a32517ef1049a48bdb5a6c88636168aa39e52e7d4c839f83ff789c813f
SHA512 d9ead449ad84a343dcb31d7753e89b607305431df418caf0e76721fab35db1a08ea52cbb3c7f7e37743093e139ce7a4331ae8f24a07b2ee88d05a87675b0b99d

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\Wallet Connect\telegram.php

MD5 8af3867d27654f1242f4fddb88fb8d40
SHA1 6e478cfa6c910a2aa06e89592501de7bdbf56363
SHA256 aa95fff5c820ff4e4d40921d395cf1629ad0810f46bb2b507cbbffb89291eda3
SHA512 11d3cb981d5de25be0524d1b682a3e4f970dc14a85cadbb97756c6313ec8c4395619e7af7a7465c53c0d1a9547790f4b94ec2d350e0f3cc944a4a56bf0bca16f

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\American Express by CREW\Plain Text.txt

MD5 85bae12679f41283176ca8a04a890eac
SHA1 835cad45a42213c0cc0b41c1a9827e1cae6a6970
SHA256 59efd6e660198eb3e2ea12120931f6e09209a08a136c2f8560a7d3ba98cda3e0
SHA512 4eddbaf76252fe866f466492b44f69cb74e284663f97f2d4dc219276573ac06fb9f536a50dbd71686c04db2b005632c3739e91f393ae6ada392a2ccecfa379e7

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\American Express by CREW\americanexpress.zip

MD5 8d7c47d75e8c4f9384c6e36671f12d98
SHA1 36b9cbf79c64391de8a9a13e08fe42fd9750fd97
SHA256 80ed019b0dac0acdc24ef4cde3d81615d043ecef0b3c9b791e369eb10f2eafcb
SHA512 1def5c070ce046037d4cf07612d1390897e039bc7c41606fec58d316c204470795bb328a5fbad0a5ae7ed262852874c80d2df242ea71f41c4056a0a11fce7639

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\American Express by CREW\login.html

MD5 f72481b357bab4343102a494c4856fa1
SHA1 fe01f45806182b1cb5bc570d55a0579c202df850
SHA256 e4a76b264aeec56f91ece15a8870c57e9ff365878f6b439604f082dc2c926e3d
SHA512 2003ab2f89c6ff5da7a099119ee10624cd295a708a59bae24bfb5e91a9397705dbe2afb50d846b9717ef5bf2d58721c1f39fad386549f78743fb2761e4046a2d

C:\Users\Admin\AppData\Local\Temp\hackfreaks\ScamPAge2023@Hackfreaks\American Express by CREW\email.php

MD5 123aa170d0061546e2f8e6d503caa716
SHA1 1d8a9ba6904b034540cfb9ddc8df9be0ce86ad36
SHA256 d12841f97d5ceeb91b8744686ec68650624137fadcde5dc27a957745eedf26ef
SHA512 5cc818b6865e0777be7a9bd4ae0b8cd328611f8ccf4206eff31bfd4aff1ce1f7e443bde1038174785bb82994f056003fcb2ec524337054d823f4204a743dedbe