The hack created URL’s on the client’s server that were being linked to by other scripts running on other hacked sites. Since these URL’s are now broken they are simply producing 404’s.
You can ignore them but you are getting false referrals / bot traffic. You would need to create a filter in GA to discount that traffic from your reports. That is something you should research via Google’s analytics documentation.
@Ron - Important to mention that the hack was not on Webflow, it was on a previously hosted site the client had BEFORE you implemented the new site on Webflow. Correct?