"cmd.exe" wrote 8 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\RarSFX0\AMIDE2W.EXE" (Handle: 232) "cmd.exe" wrote 4 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\RarSFX0\AMIDE2W.EXE" (Handle: 232) "cmd.exe" wrote 1500 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\RarSFX0\AMIDE2W.EXE" (Handle: 232) "cmd.exe" wrote 52 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\RarSFX0\Rw.exe" (Handle: 224) "cmd.exe" wrote 32 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\RarSFX0\Rw.exe" (Handle: 224) "cmd.exe" wrote 8 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\RarSFX0\Rw.exe" (Handle: 224) "cmd.exe" wrote 4 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\RarSFX0\Rw.exe" (Handle: 224) "cmd.exe" wrote 1500 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\RarSFX0\Rw.exe" (Handle: 224) "cmd.exe" wrote 52 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\RarSFX0\m1.exe" (Handle: 224) "cmd.exe" wrote 32 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\RarSFX0\m1.exe" (Handle: 224) "cmd.exe" wrote 8 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\RarSFX0\m1.exe" (Handle: 224) "cmd.exe" wrote 4 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\RarSFX0\m1.exe" (Handle: 224) "cmd.exe" wrote 1500 bytes to a remote process "%TEMP%\RarSFX0\m1.exe" (Handle: 224) "cmd.exe" wrote 52 bytes to a remote process "C:\Windows\SysWOW64\" (Handle: 232) "cmd.exe" wrote 32 bytes to a remote process "C:\Windows\SysWOW64\" (Handle: 232) "cmd.exe" wrote 8 bytes to a remote process "C:\Windows\SysWOW64\" (Handle: 232) "cmd.exe" wrote 4 bytes to a remote process "C:\Windows\SysWOW64\" (Handle: 232) "cmd.exe" wrote 1500 bytes to a remote process "C:\Windows\SysWOW64\" (Handle: 232) utm_source=otx&utm_campaign=threat_feeds#!/results/file/21B8016EC36F944EA641B455FE3EA2EEEC498258/hash/analysisĮxternal User Tags #adware #android #autorun #backdoor #blackhole #bundle #crack #crypt #cve-2013-2465 #doc #downloader #dropper #exploit #fake #hack #hidelink #hijacker #html #iframe #injector #java #joke #js #keylogger #malware #msword #osx #p2p #packed #pdf #phish #php #proxy #ransom #redirector #riskware #rootkit #script #sms #spy #stealer #toolbar #trojan #vbscripts #virus #win #worm Indicators utm_source=otx&utm_campaign=threat_feeds#!/results/file/DD7BCE141ACEBDF4ADD45A377A3D85A06C6E2169/hash/analysis