URL:

https://happymod.tube/#google_vignette

Full analysis: https://app.any.run/tasks/090ccf62-1b37-4e5e-9b0b-6373f7129eaf
Verdict: Malicious activity
Analysis date: May 28, 2026, 10:18:06
OS: Android 14
Tags:
bittorrent
Indicators:
MD5:

B61BF63DB907EDDE81EB4A6B2D736F05

SHA1:

438AF5271D840108110B37C9A63D7A43FB9C071F

SHA256:

261ABD6EFF44B14680AD5B25260E5BCBC7B0C93604165F049CAFD14973BB0CAE

SSDEEP:

3:N84UDm6JDAw:24Uaicw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Checks whether the screen is currently on

      • app_process64 (PID: 3172)

  • SUSPICIOUS

    • Collects data about the device's environment (JVM version)

      • app_process64 (PID: 3172)

    • Accesses system-level resources

      • app_process64 (PID: 3172)

    • Retrieves Android OS build information

      • app_process64 (PID: 3172)

    • Retrieves a list of running application processes

      • app_process64 (PID: 3172)

    • Updates data in the storage of application settings (SharedPreferences)

      • app_process64 (PID: 3172)

    • Accesses external device storage files

      • app_process64 (PID: 3172)

    • Retrieves the ISO country code of the current SIM card

      • app_process64 (PID: 3172)

    • Abuses foreground service for persistence

      • app_process64 (PID: 3172)

    • Launches a new activity

      • app_process64 (PID: 3172)

    • Establishing a connection

      • app_process64 (PID: 3172)

  • INFO

    • Loads a native library into the application

      • app_process64 (PID: 3172)

    • Dynamically inspects or modifies classes, methods, and fields at runtime

      • app_process64 (PID: 3172)

    • Returns elapsed time since boot

      • app_process64 (PID: 3172)

    • Gets file name without full path

      • app_process64 (PID: 3172)

    • Retrieves data from storage of application settings (SharedPreferences)

      • app_process64 (PID: 3172)

    • Detects if debugger is connected

      • app_process64 (PID: 3172)

    • Creates and writes local files

      • app_process64 (PID: 3172)

    • Gets the display metrics associated with the device's screen

      • app_process64 (PID: 3172)

    • Dynamically registers broadcast event listeners

      • app_process64 (PID: 3172)

    • Verifies whether the device is connected to the internet

      • app_process64 (PID: 3172)

    • Stores data using SQLite database

      • app_process64 (PID: 3172)

    • Dynamically loads a class in Java

      • app_process64 (PID: 3172)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
143
Monitored processes
18
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs dmesgd no specs toybox no specs artd no specs dex2oat32 no specs app_process64 toybox no specs app_process32 app_process32 no specs app_process32 toolbox no specs app_process64 no specs app_process64

Process information

PID
CMD
Path
Indicators
Parent process
2787org.chromium.chrome /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2839org.chromium.chrome_zygote /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2866org.chromium.chrome_zygote /system/bin/app_process64app_process64
User:
u0_a72
Integrity Level:
UNKNOWN
Exit code:
0
2883org.chromium.chrome:privileged_process0 /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2907com.android.adservices.api /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
3014com.android.providers.partnerbookmarks /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
3033org.chromium.chrome_zygote /system/bin/app_process64app_process64
User:
u0_a72
Integrity Level:
UNKNOWN
Exit code:
0
3129/system/bin/dmesgd/system/bin/dmesgdinit
User:
dmesgd
Integrity Level:
UNKNOWN
Exit code:
0
3130dmesg/system/bin/toyboxdmesgd
User:
dmesgd
Integrity Level:
UNKNOWN
Exit code:
0
3156/apex/com.android.art/bin/artd/apex/com.android.art/bin/artdinit
User:
artd
Integrity Level:
UNKNOWN
Exit code:
0
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
78
Text files
100
Unknown types
0

Dropped files

PID
Process
Filename
Type
3172app_process64/data/data/com.happymod.apk/.jiagu/libjiagu.sobinary
MD5:
SHA256:
3172app_process64/data/data/com.happymod.apk/.jiagu/libjiagu_64.sobinary
MD5:
SHA256:
3172app_process64/data/data/com.happymod.apk/files/.jglogs/.jg.ribinary
MD5:
SHA256:
3172app_process64/data/data/com.happymod.apk/files/.jglogs/.jg.store.report_pidtext
MD5:
SHA256:
3172app_process64/data/data/com.happymod.apk/files/jgobfpppppbinary
MD5:
SHA256:
3172app_process64/data/data/com.happymod.apk/.oabugaij/.fsgkeabinary
MD5:
SHA256:
3172app_process64/data/data/com.happymod.apk/files/.jglogs/.jg.store.report_cfbinary
MD5:
SHA256:
3172app_process64/data/data/com.happymod.apk/files/PersistedInstallation693886158187477870tmptext
MD5:
SHA256:
3172app_process64/data/data/com.happymod.apk/files/PersistedInstallation.W0RFRkFVTFRd+MTozNzk2MTMzODkxMTk6YW5kcm9pZDpkYTliN2UxMWRmODhhZTc2NzA3Mzhh.jsontext
MD5:
SHA256:
3172app_process64/data/data/com.happymod.apk/shared_prefs/com.google.android.gms.measurement.prefs.xmlxml
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
232
TCP/UDP connections
256
DNS requests
172
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2787
app_process64
OPTIONS
204
178.162.226.242:443
https://pbs.avads.live/rtb/bid
DE
unknown
822
app_process64
GET
204
142.251.153.119:443
https://www.google.com/generate_204
US
whitelisted
2787
app_process64
GET
200
178.162.226.242:443
https://pbs.avads.live/id/setuid?bidder=advergic&f=i
DE
unknown
2787
app_process64
GET
200
142.251.13.101:80
http://clients2.google.com/time/1/current?cup2key=9:i8XZhBQ-Q0evTXrXLfXPMSI8ZjgY4EVlB-Njr6eyeEA&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
105 b
whitelisted
2787
app_process64
POST
204
216.239.34.36:443
https://region1.google-analytics.com/g/collect?v=2&tid=G-938HPM0W9S&gtm=45je65q2v9249873107za200zd9249873107&_p=1779963500939&gcd=13l3l3l2l1l1&npa=1&dma_cps=a&dma=1&are=1&cid=1177606344.1779963508&frm=0&pscdl=&rcb=3&sr=1024x576&uaa=&uab=&uafvl=Chromium%3B137.0.7122.0%7CNot%252FA)Brand%3B24.0.0.0&uam=Galaxy_S9&uamb=1&uap=Android&uapv=14.0.0&uaw=0&ul=en-us&_s=1&tag_exp=0~115938466~115938468~119034493&sid=1779963508&sct=1&seg=0&dl=https%3A%2F%2Fhappymod.tube%2F&dt=HappyMod%20Pro%20-%20Download%20Apk%20v3.3.4%20Latest%20Version%202026&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=11209
US
whitelisted
2787
app_process64
POST
200
178.162.226.242:443
https://tap.avads.live/
DE
text
1.53 Kb
unknown
2787
app_process64
POST
200
178.162.226.242:443
https://pbs.avads.live/rtb/bid
DE
text
71 b
unknown
1756
app_process64
POST
200
142.251.127.81:443
https://staging-remoteprovisioning.sandbox.googleapis.com/v1:fetchEekChain
US
binary
778 b
whitelisted
1756
app_process64
POST
200
142.251.127.81:443
https://staging-remoteprovisioning.sandbox.googleapis.com/v1:signCertificates?challenge=AAABnm4XnWEBILStY7UX10TBxg-Ih2Ehje6_M8U=&request_id=fdcab59c-b708-4b0b-941e-cb2bdae5bed9
US
binary
11.8 Kb
whitelisted
2787
app_process64
GET
200
151.101.194.217:443
https://vjs.zencdn.net/7.16.0/video-js.min.css
US
text
39.7 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
443
mdnsd
224.0.0.251:5353
whitelisted
142.251.156.119:80
www.google.com
GOOGLE
US
whitelisted
142.251.13.94:80
GOOGLE
US
whitelisted
142.251.150.119:443
www.google.com
GOOGLE
US
whitelisted
2787
app_process64
142.251.13.101:80
clients2.google.com
GOOGLE
US
whitelisted
2787
app_process64
104.21.12.232:443
happymod.tube
CLOUDFLARENET
US
whitelisted
2787
app_process64
142.251.127.84:443
accounts.google.com
GOOGLE
US
whitelisted
2787
app_process64
142.251.150.119:443
www.google.com
GOOGLE
US
whitelisted
2787
app_process64
172.67.145.61:443
avads.live
CLOUDFLARENET
US
whitelisted
2787
app_process64
178.162.226.242:443
rack.avads.live
LEASEWEB-DE-FRA-10
DE
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.251.110.102
  • 142.251.110.113
  • 142.251.110.139
  • 142.251.110.138
  • 142.251.110.101
  • 142.251.110.100
whitelisted
clients2.google.com
  • 142.251.13.101
  • 142.251.13.100
  • 142.251.13.138
  • 142.251.13.139
  • 142.251.13.113
  • 142.251.13.102
whitelisted
happymod.tube
  • 104.21.12.232
  • 172.67.153.185
unknown
accounts.google.com
  • 142.251.127.84
whitelisted
www.google.com
  • 142.251.150.119
  • 142.251.152.119
  • 142.251.154.119
  • 142.251.153.119
  • 142.251.157.119
  • 142.251.156.119
  • 142.251.155.119
  • 142.251.151.119
whitelisted
avads.live
  • 172.67.145.61
  • 104.21.47.64
unknown
rack.avads.live
  • 178.162.226.242
unknown
pbs.avads.live
  • 178.162.226.242
unknown
tap.avads.live
  • 178.162.226.242
unknown
connectivitycheck.gstatic.com
  • 192.178.183.94
whitelisted

Threats

PID
Process
Class
Message
822
app_process64
Misc activity
ET INFO Android Device Connectivity Check
2787
app_process64
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2787
app_process64
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
3172
app_process64
Misc activity
INFO [ANY.RUN] P2P BitTorrent Protocol
2787
app_process64
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2787
app_process64
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
2787
app_process64
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://happymod.tube/#google_vignette