URL:

https://res.supertws.com/apk/dubokutv_c32_v7-3-2.apk

Full analysis: https://app.any.run/tasks/2474cee5-5286-42e2-98d3-6197d4260cf4
Verdict: Malicious activity
Analysis date: April 24, 2026, 03:05:38
OS: Android 14
Indicators:
MD5:

F7B31123646117003C8E09C544A0108D

SHA1:

A67F7E82BE6B66F05630F8AAC3DB0A930AC05257

SHA256:

4ABCE2CA235F718D0CA93E70F837B856D9955BFC4151602767A26D977B92A400

SSDEEP:

3:N8FA/EDGE2y7PXwkn:2WM92ykk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Retrieves a list of running application processes

      • app_process64 (PID: 4294)

    • Retrieves Android OS build information

      • app_process64 (PID: 4294)

    • Collects data about the device's environment (JVM version)

      • app_process64 (PID: 4294)

    • Establishing a connection

      • app_process64 (PID: 4294)

    • Accesses system-level resources

      • app_process64 (PID: 4294)

    • Retrieves the MCC and MNC of the SIM card operator

      • app_process64 (PID: 4294)

    • Updates data in the storage of application settings (SharedPreferences)

      • app_process64 (PID: 4294)

  • INFO

    • Dynamically inspects or modifies classes, methods, and fields at runtime

      • app_process64 (PID: 4294)

    • Loads a native library into the application

      • app_process64 (PID: 4294)

    • Retrieves data from storage of application settings (SharedPreferences)

      • app_process64 (PID: 4294)

    • Returns elapsed time since boot

      • app_process64 (PID: 4294)

    • Stores data using SQLite database

      • app_process64 (PID: 4294)

    • Verifies whether the device is connected to the internet

      • app_process64 (PID: 4294)

    • Gets the display metrics associated with the device's screen

      • app_process64 (PID: 4294)

    • Dynamically loads a class in Java

      • app_process64 (PID: 4294)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
11
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs app_process64 no specs dex2oat32 no specs app_process64 app_process32 app_process32 no specs app_process32 app_process64

Process information

PID
CMD
Path
Indicators
Parent process
3961<pre-initialized> /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
4016org.chromium.chrome_zygote /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
4035org.chromium.chrome_zygote /system/bin/app_process64app_process64
User:
u0_a72
Integrity Level:
UNKNOWN
Exit code:
0
4055org.chromium.chrome:privileged_process0 /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
4078com.android.adservices.api /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
4125org.chromium.chrome_zygote /system/bin/app_process64app_process64
User:
u0_a72
Integrity Level:
UNKNOWN
Exit code:
0
4281/apex/com.android.art/bin/dex2oat32 --zip-fd=6 --zip-location=/data/app/~~gtX7MSinvOA7zBlhiVejjQ==/com.supertws.dubokutv--Kx4Z0H_Z2xIlMpyBqBKOw==/base.apk --oat-fd=7 --oat-location=/data/app/~~gtX7MSinvOA7zBlhiVejjQ==/com.supertws.dubokutv--Kx4Z0H_Z2xIlMpyBqBKOw==/oat/arm64/base.odex --output-vdex-fd=8 --swap-fd=9 --class-loader-context=PCL[] --classpath-dir=/data/app/~~gtX7MSinvOA7zBlhiVejjQ==/com.supertws.dubokutv--Kx4Z0H_Z2xIlMpyBqBKOw== --instruction-set=arm64 --instruction-set-features=default --instruction-set-variant=cortex-a53 --compiler-filter=verify --compilation-reason=install --compact-dex-level=none --max-image-block-size=524288 --resolve-startup-const-strings=true --generate-mini-debug-info --runtime-arg -Xtarget-sdk-version:34 --runtime-arg -Xhidden-api-policy:enabled --runtime-arg -Xms64m --runtime-arg -Xmx512m --comments=app-version-name:7.3.2,app-version-code:32,art-version:340090000/apex/com.android.art/bin/dex2oat32artd
User:
artd
Integrity Level:
UNKNOWN
Exit code:
0
4294<pre-initialized> /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
4376com.android.webview:webview_service /system/bin/app_process32
app_process32
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
4397webview_zygote /system/bin/app_process32app_process32
User:
webview_zygote
Integrity Level:
UNKNOWN
Exit code:
0
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
47
Text files
96
Unknown types
0

Dropped files

PID
Process
Filename
Type
4294app_process64/data/data/com.supertws.dubokutv/files/datastore/firebaseSessions/sessionDataStore.data.versionbinary
MD5:
SHA256:
4294app_process64/data/data/com.supertws.dubokutv/files/datastore/firebaseSessions/sessionConfigsDataStore.data.versionbinary
MD5:
SHA256:
4294app_process64/data/data/com.supertws.dubokutv/files/PersistedInstallation723006821380641658tmptext
MD5:
SHA256:
4294app_process64/data/data/com.supertws.dubokutv/no_backup/PersistedInstallation.W0RFRkFVTFRd+MToyNTM1MTg2NjM0ODI6YW5kcm9pZDo0ZjExMjM0MjE3ZmZkMzg2MzEwYTAz.jsontext
MD5:
SHA256:
4294app_process64/data/data/com.supertws.dubokutv/shared_prefs/com.google.android.gms.measurement.prefs.xmlxml
MD5:
SHA256:
4294app_process64/data/data/com.supertws.dubokutv/shared_prefs/com.google.firebase.crashlytics.xmlxml
MD5:
SHA256:
4294app_process64/data/data/com.supertws.dubokutv/no_backup/androidx.work.workdb-journalbinary
MD5:
SHA256:
4294app_process64/data/data/com.supertws.dubokutv/files/.crashlytics.v3/com.supertws.dubokutv/open-sessions/69EADE21001D000110C648BCC1C72F2A/reporttext
MD5:
SHA256:
4294app_process64/data/data/com.supertws.dubokutv/files/datastore/FirebaseHeartBeatW0RFRkFVTFRd+MToyNTM1MTg2NjM0ODI6YW5kcm9pZDo0ZjExMjM0MjE3ZmZkMzg2MzEwYTAz.preferences_pb.tmpbinary
MD5:
SHA256:
4294app_process64/data/data/com.supertws.dubokutv/shared_prefs/WebViewChromiumPrefs.xmlxml
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
61
TCP/UDP connections
44
DNS requests
34
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3961
app_process64
OPTIONS
200
35.190.80.1:443
https://a.nel.cloudflare.com/report/v4?s=Pp4aPfNZttI4bXrqc3gSk4kkygRWVefi%2FGgM7cCVgeN3B5EICzDv2%2FjkJaYSDl3Jd0bOAJcCDFLHGNWtqHg5f8YHOfpZ8pP02H8c7WgKHmzB0SJTVcLPqFfRU9wKNPcBn8ER
US
unknown
1921
app_process64
GET
204
142.251.151.119:443
https://www.google.com/generate_204
US
whitelisted
3961
app_process64
POST
200
142.251.127.84:443
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&laf=b64bin&json=standard
US
whitelisted
1921
app_process64
GET
204
142.251.110.94:80
http://connectivitycheck.gstatic.com/generate_204
US
whitelisted
3961
app_process64
POST
200
35.190.80.1:443
https://a.nel.cloudflare.com/report/v4?s=Pp4aPfNZttI4bXrqc3gSk4kkygRWVefi%2FGgM7cCVgeN3B5EICzDv2%2FjkJaYSDl3Jd0bOAJcCDFLHGNWtqHg5f8YHOfpZ8pP02H8c7WgKHmzB0SJTVcLPqFfRU9wKNPcBn8ER
US
unknown
3961
app_process64
POST
400
142.250.154.95:443
https://androidchromeprotect.pa.googleapis.com/v1/download
US
text
586 b
whitelisted
2931
app_process64
POST
200
142.251.127.81:443
https://staging-remoteprovisioning.sandbox.googleapis.com/v1:fetchEekChain
US
binary
778 b
whitelisted
2931
app_process64
POST
200
142.251.127.81:443
https://staging-remoteprovisioning.sandbox.googleapis.com/v1:signCertificates?challenge=AAABnb1zgr8BILStY2oTsAxlvYFDMNZaww-vv_k=&request_id=0fed3eda-af17-4184-a5b0-5508cf13abc3
US
binary
11.8 Kb
whitelisted
4294
app_process64
GET
200
142.251.110.94:443
https://firebase-settings.crashlytics.com/spi/v2/platforms/android/gmp/1:253518663482:android:4f11234217ffd386310a03/settings?instance=fbe4e336e827608232c5cc9168276778efa3fb15&build_version=32&display_version=7.3.2&source=4
US
text
747 b
unknown
4294
app_process64
POST
200
142.251.14.138:443
https://fundingchoicesmessages.google.com/a/consent
US
text
1.42 Mb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
142.251.154.119:80
www.google.com
GOOGLE
US
whitelisted
452
mdnsd
224.0.0.251:5353
whitelisted
142.251.110.94:80
connectivitycheck.gstatic.com
GOOGLE
US
whitelisted
142.251.157.119:443
www.google.com
GOOGLE
US
whitelisted
3961
app_process64
142.251.14.101:80
clients2.google.com
GOOGLE
US
whitelisted
3961
app_process64
188.114.96.3:443
res.supertws.com
CLOUDFLARENET
US
whitelisted
3961
app_process64
142.251.127.84:443
accounts.google.com
GOOGLE
US
whitelisted
3961
app_process64
142.251.157.119:443
www.google.com
GOOGLE
US
whitelisted
3961
app_process64
35.190.80.1:443
a.nel.cloudflare.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
3961
app_process64
142.250.154.95:443
androidchromeprotect.pa.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 192.178.183.138
  • 192.178.183.113
  • 192.178.183.139
  • 192.178.183.102
  • 192.178.183.101
  • 192.178.183.100
whitelisted
clients2.google.com
  • 142.251.14.101
  • 142.251.14.138
  • 142.251.14.100
  • 142.251.14.102
  • 142.251.14.139
  • 142.251.14.113
whitelisted
res.supertws.com
  • 188.114.96.3
  • 188.114.97.3
unknown
accounts.google.com
  • 142.251.127.84
whitelisted
www.google.com
  • 142.251.157.119
  • 142.251.153.119
  • 142.251.150.119
  • 142.251.152.119
  • 142.251.154.119
  • 142.251.156.119
  • 142.251.155.119
  • 142.251.151.119
whitelisted
a.nel.cloudflare.com
  • 35.190.80.1
whitelisted
androidchromeprotect.pa.googleapis.com
  • 142.250.154.95
whitelisted
connectivitycheck.gstatic.com
  • 142.251.110.94
whitelisted
time.android.com
  • 216.239.35.8
  • 216.239.35.0
  • 216.239.35.4
  • 216.239.35.12
whitelisted
staging-remoteprovisioning.sandbox.googleapis.com
  • 142.251.127.81
whitelisted

Threats

PID
Process
Class
Message
3961
app_process64
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
3961
app_process64
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
1921
app_process64
Misc activity
ET INFO Android Device Connectivity Check
4294
app_process64
A Network Trojan was detected
ET HUNTING Suspicious Fake Windows User-Agent in HTTP Header
4294
app_process64
A Network Trojan was detected
ET HUNTING Suspicious Fake Windows User-Agent in HTTP Header
4294
app_process64
A Network Trojan was detected
ET HUNTING Suspicious Fake Windows User-Agent in HTTP Header
4294
app_process64
A Network Trojan was detected
ET HUNTING Suspicious Fake Windows User-Agent in HTTP Header
4294
app_process64
A Network Trojan was detected
ET HUNTING Suspicious Fake Windows User-Agent in HTTP Header
4294
app_process64
A Network Trojan was detected
ET HUNTING Suspicious Fake Windows User-Agent in HTTP Header
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://res.supertws.com/apk/dubokutv_c32_v7-3-2.apk