r/torrents

Fender Studio Pro 8 crack from RuTracker gave me a cryptominer + RAT

Downloaded Fender Studio Pro 8 crack from RuTracker (TEAM R2R release). Ran it. Nothing happened. Thought I was fine.

Next day, I noticed an unknown app in my startup menu that I had never seen before. That is when I started digging.

Here is exactly what I found and how you can check your own PC.

What the crack did

The crack executed several R2R tools on Day 1:

File Time
R2R System v1.3.1.exe 5:07 PM
Setup Sphere Manager v3.0.0.exe 5:14 PM
SphereManager.exe 5:52 PM
WitchConfig.exe 5:55 PM

Nothing seemed wrong at the time. But these tools were silently installing malware.

What the malware installed

Component Details
File RuntimeHost.exe (original name SimpleRunPE.exe) hidden in C:ProgramDataMicrosoftWindowsCachesD3F4E2A1
Attributes Hidden + System (+h +s) - invisible in File Explorer by default
Persistence 3 scheduled tasks named "Windows System Health", "Windows System Health Check", "Windows System Health Monitor"
Registry abWinSysCache key in HKCU...Run to run on every boot
Process hollowing Malware injected itself into legitimate InstallUtil.exe (PID 9048) to hide
Payload GMiner cryptominer configured to mine BeamHash to attacker's wallet via beam.2miners.com:5252

Attacker wallet: 39f1c115f278f33c79f2097fd300c92f627d9e5999f8d580c3736c499b29b8c3da7

The 24-hour delay trick

The crack installed everything on Day 1 but set the scheduled tasks to trigger on Day 2. This is deliberate. If the malware ran immediately, you would suspect the crack. By waiting a day, most people never make the connection.

How I traced it (brief technical steps)

  1. UserAssistView - Showed every executable the crack ran with exact timestamps
  2. File Explorer - Enabled "Show hidden files" and unchecked "Hide protected operating system files" to reveal the hidden malware folder
  3. VirusTotal - Uploaded RuntimeHost.exe, got 47/72 detections
  4. Hollows Hunter - Detected process hollowing with "replaced": 1 flag on PID 9048
  5. Task Scheduler - Found 3 malicious tasks with Author = my username (not Microsoft)
  6. Registry Editor - Found abWinSysCache Run key pointing to the malware
  7. schtasks command - Exported all tasks to CSV for analysis

How to check your own PC

  • Run UserAssistView to see recent executables
  • Check C:\ProgramData\Microsoft\Windows\Caches\ for random folders with hidden .exe files
  • Open Task Scheduler and look for tasks named "Windows System Health" with YOUR username as author
  • Open Regedit and check HKCU\Software\Microsoft\Windows\CurrentVersion\Run for abWinSysCache
  • Run Hollows Hunter as admin and look for "replaced": 1 in the output

Confirmation from security vendors

VirusTotal SHA-256: 02743f00223117c2c04fbfb8267ac7272be632a552b8182e943032d1c78a8bf5

Vendor Detection
Microsoft Trojan:Win32/Kepavll!rfn
Kaspersky HEUR:Trojan.Win32.Generic
Malwarebytes Trojan.CoinMiner
ESET MSIL/CoinMiner.BYG
BitDefender Gen:Variant.Zusy.605690

47 out of 72 security vendors flagged it as malicious. File is unsigned with fake Microsoft copyright.

What I did to clean it

taskkill /pid 9048 /f
schtasks /delete /tn "\Windows System Health" /f
schtasks /delete /tn "\Windows System Health Check" /f
schtasks /delete /tn "\Windows System Health Monitor" /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v abWinSysCache /f
rmdir /s /q "C:\ProgramData\Microsoft\Windows\Caches\D3F4E2A1"

Why I am posting this

I want to warn others about downloading cracks from RuTracker. This specific Fender Studio Pro 8 release (TEAM R2R) is malicious.

I am open to providing all evidence for anyone who wants to read it - full forensic trace with timestamps, screenshots, and analysis.

Stay safe

i.redd.it
u/ThisWasNeverTheEnd — 22 hours ago

umh,,, what should I do? is that the real torrent or what help

I downloaded it from the original site but it says that... what do I do?

u/Arrozconpollo__ — 19 hours ago

Pirate Bay

Dumb question but I can't find pirate Bay anymore through search or anything else like that? Is anyone else having this problem? I use it to download Nancy drew games

reddit.com
u/Born_Election_2731 — 13 hours ago

Baixar torrent em Wi-Fi público (trabalho) realmente protege minha identidade?

​

Tenho uma dúvida sobre privacidade e rastreamento em downloads via torrent.

Se eu baixar um jogo pirata usando torrent em um Wi-Fi público (por exemplo, o Wi-Fi de clientes no meu trabalho) usando meu celular:

Existe alguma forma de me rastrearem individualmente?

Mesmo não sendo meu Wi-Fi pessoal, ainda dá pra vincular o download a mim?

Exemplo:

Se eu fizer o download no Wi-Fi da empresa, terminar tudo lá, e depois voltar pra casa e conectar no meu Wi-Fi, ainda assim existe alguma chance de ligarem esse download ao meu endereço residencial?

E mais:

Se eu usar um celular separado, só pra usar o Wi-Fi do trabalho e baixar torrent, isso realmente aumenta o anonimato ou ainda existem formas de rastreamento?

Queria entender melhor como funciona esse tipo de identificação na prática.

reddit.com
u/gush_333 — 21 hours ago

Good Torrents To Seed

I have a powerful laptop computer and I like to "seed" files to help others because it really doesn't slow down my computer. They can be Linux distros or open source software or popular free software. I use "DistroWatch Page Hit Ranking" to find out the most popular Linux distros only to find out that they are not being downloaded very often because I can see how many times they are being downloaded from my qBittorrent. I'm going to be finding the most popular Linux distros now and start seeding them. I'm mostly interested in seeding other software suggestions.

So are there files or software or apps that are not easy for people to get to but could easily be downloaded by torrenting? I will not be seeding any copyrighted software. Any suggestions you can give me would be greatly appreciated. Thanks in advance.

reddit.com
u/Jefred2 — 1 day ago

Does anyone know why I cannot search in kickasstorrents.to anymore?

Everytime I search for something in kickasstorrents, even when copy-pasting the title from the recommendations in the front page, I always get a fake application which looks like a real application but it's not a real application.

u/Over_Dance_5068 — 2 days ago

kickasstorrent search query problem!

Hi there.
What is the matter with the search query on Kickasstorrent? It doesn't show any result for anything typed in. Only shows a page of a shadow content that has a name exactly like the one been used to search, but it's not a real result.

I have tried different mirrors, still all the same.

reddit.com
u/rayanspawn1 — 2 days ago

Torrent not working details below

I got a torrent of Toon Boom Harmony, followed install instructions but it keeps saying "files missing" any ideas what to do?

reddit.com
u/Sufficient_Wish4801 — 19 hours ago

how big are shows usually?

so like curious whats the average size of a show? since for example over the garden wall 10 episodes 11m per is already 25gb is that normal? and what do all the things in the titles mean?

i use ext

reddit.com
u/Visual-Fortune-4732 — 2 days ago

is there an app to manage pirated shows/movies

really getting into the whole tv show torrenting stuff and just locally downloading them (streaming usually caps at 1080p and horrid bitrate)

but is there an app that lets you manage your shows/movies and hell maybe even auto fidn pictures and title descriptiosn you get what i mean

also i will just play it on my pc or stream to chromecast if possible

reddit.com
u/Visual-Fortune-4732 — 2 days ago

Why won't it download

There's a torrent on ext.to that has 18 seeds and various numbers of leechers.it will not download on my pc for me. Nothing not a kick out of it. I've tried everything I can think of.( All other dl s are fine btw)

I try it on my phone and it works. But it's over 200gb so I can't do it on my phone.

Any ideas why that would be?

reddit.com
u/cacamilis22 — 2 days ago

Why do people use torrents even though there are almost close to no seeders and tons of leachers in the community?

And at the end, we can directly download stuff from a piracy website instead of going through all these magnets or files

Why do you use torrents?

reddit.com
u/Fancy-Mission-2661 — 2 days ago

What file format should I be looking for to download directly into AppleTV home videos?

I somehow got lucky with my first torrent ever that the file format was able to drag and drop directly into my AppleTV folder on my Mac so I could watch it on my Apple TV. Everything I've downloaded since has not been able to upload into the AppleTV library. I downloaded Handbrake and was able to convert the files into MP4 with their Fast 1080p30 preset but that extra step takes forever and makes everything so difficult. I went back and tried to look at all the torrent file names and descriptions and whatnot but Idk what exactly I'm looking for and everything else I've tried is not working. It seems most are coming as mkv which I understand is essentially the same thing except it's not because I can't play it with quicktime on my mac and it fails to import into AppleTV. I'm sure this is such a newb question and I know that VLC and Plex whatnot are a bunch of solutions to this problem but I really just want the native home sharing on my apple products to work.

reddit.com
u/Ok_Philosopher_8973 — 3 days ago

best place to find torrents for shows/movies?

setup jellyfin now just need the shows and movies

i know fmhy has a thread about it but there are so many so which one would you reccomend?

reddit.com
u/Visual-Fortune-4732 — 2 days ago

Why i cant seed?

I am new to torrenting overall , but this is my first time seeding seriously.

Can someone explain to me in simple terms why i cant seed ?

u/Latter-Confidence783 — 3 days ago

Any way of improving seeding without using VPN?

Hello! Not new to torrenting, but I recently started using it more from a home server and would like to seed more efficiently. I don't use a VPN (not from the US) so I'm a bit worried about using port forwarding without it, so I wanted to ask if there's any safe way of improving my abysmal upload speeds.

reddit.com
u/Mitrofang — 3 days ago

Keeping kids safe from inappropriate content.

Has anyone ever received content that was not the intended download that included nudity or profanity? Ie someone spliced nudity into Bluey.

I can’t possibly watch every minute of everything before letting kids watch it. Is this just a bad idea in general or how can I make sure this doesn’t happen?

reddit.com
u/Halfpipe_1 — 4 days ago