Alright, I've looked into it. You guys should know never to download files that are directly linked or are not approved yet. There's a reason we implement this stuff into the forum. Here is the VirusTotal result:
As you can see, there aren't many detections due to the fact that it's coded in AutoIt. I'm in the process of analysing the script. As ESET is the only vendor that detected the file and provides an online virus scanning service, please scan your computer using this: https://www.eset.com/us/online-scanner/
It can also pick up DarkComet and other RAT software so if you think you're computer has been compromised, please scan it immediately.
Here is the picture that was included with this so called hack:
EDIT - Alright, I've looked into the script. It seems to avoid AV detection because of the way it stores the malware and also insert over a million junk lines into the script (probably to try slow down my tools or something). For security's sake, I'm not going to try to extract or write this file to my computer to see what it is so yeah.
Perhaps you guys should check your Temporary directory for "run.exe". Also check your startup entries for the path to the fake hack.
REGWRITE("HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run", SCRIPTNAME,"REG_SZ", SCRIPTFULLPATH)
Also as a final note @poocheesey2 @MLG_ProTryhard Just because a connection is ESTABLISHED, does not mean you are hacked, don't give misleading information.
EDIT 2 - Turns out "run.exe" is harmless and is the fake hack seen in the screenshot above. When you click the buttons, it simply closes. The AutoIt script tries to delete all files/folders in drives from C to K. It also creates a readme.txt file which I'm still looking into. A connection is also made to an IP located in Germany, the same country where the RAR file was hosted. That's still being looked into too.
EDIT 3 - The AutoIt script also contains RAT/BOTNET code and will perform requests like SYN/HTTP/UDP flooding as well as play sounds and whatnot. Deleting the file should essentially render the whole thing useless as far as I know.
Thanks to @aIW|Convery for doing this for me.