download:

/zedge-app.apk

Full analysis: https://app.any.run/tasks/1b903a49-1bc9-43b0-a82f-b6199bd4d08b
Verdict: Malicious activity
Analysis date: May 08, 2025, 20:37:54
OS: Android 14
MIME: application/vnd.android.package-archive
File info: Android package (APK), with gradle app-metadata.properties
MD5:

ED2229E971B65CCAF81706ECE4141577

SHA1:

2C1855CCF0D5BC5896AA1CECE4BE9C60209333DC

SHA256:

517E996B3A1D86DCB970DABD4D7CE6550A70C0A681B17D1CC2EEBB4ED7633F11

SSDEEP:

196608:WCESKfpQ0juh8qywxEe/sVcy2o1B2ZxYSm:Wdh89CcA5f

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Retrieves installed applications on device

      • app_process64 (PID: 2402)
      • app_process64 (PID: 2372)
      • app_process64 (PID: 2432)
      • app_process64 (PID: 2460)
      • app_process64 (PID: 2490)
      • app_process64 (PID: 2580)
      • app_process64 (PID: 2550)
      • app_process64 (PID: 2610)
      • app_process64 (PID: 2520)
      • app_process64 (PID: 2647)
      • app_process64 (PID: 2707)
      • app_process64 (PID: 2677)
      • app_process64 (PID: 2767)
      • app_process64 (PID: 2798)
      • app_process64 (PID: 2737)
      • app_process64 (PID: 2826)
      • app_process64 (PID: 2856)
      • app_process64 (PID: 2886)
      • app_process64 (PID: 2945)
      • app_process64 (PID: 2916)
      • app_process64 (PID: 2975)
      • app_process64 (PID: 3034)
      • app_process64 (PID: 3004)
      • app_process64 (PID: 3064)
      • app_process64 (PID: 3093)
      • app_process64 (PID: 3123)
      • app_process64 (PID: 3214)
      • app_process64 (PID: 3154)
      • app_process64 (PID: 3184)
      • app_process64 (PID: 3244)
      • app_process64 (PID: 3278)
      • app_process64 (PID: 3308)
      • app_process64 (PID: 3368)
      • app_process64 (PID: 3338)
      • app_process64 (PID: 3426)
      • app_process64 (PID: 3456)
      • app_process64 (PID: 3516)
      • app_process64 (PID: 3486)
      • app_process64 (PID: 3396)
      • app_process64 (PID: 3577)
      • app_process64 (PID: 3546)
      • app_process64 (PID: 3695)
      • app_process64 (PID: 3605)
      • app_process64 (PID: 3725)
      • app_process64 (PID: 3758)
      • app_process64 (PID: 3665)
      • app_process64 (PID: 3635)
      • app_process64 (PID: 3788)
      • app_process64 (PID: 3818)
      • app_process64 (PID: 3938)
      • app_process64 (PID: 3848)
      • app_process64 (PID: 3997)
      • app_process64 (PID: 4059)
      • app_process64 (PID: 3878)
      • app_process64 (PID: 3908)
      • app_process64 (PID: 4028)
      • app_process64 (PID: 4119)
      • app_process64 (PID: 3968)
      • app_process64 (PID: 4262)
      • app_process64 (PID: 4235)
      • app_process64 (PID: 4292)
      • app_process64 (PID: 4322)
      • app_process64 (PID: 4380)
      • app_process64 (PID: 4179)
      • app_process64 (PID: 4351)
      • app_process64 (PID: 4089)
      • app_process64 (PID: 4499)
      • app_process64 (PID: 4147)
      • app_process64 (PID: 4469)
      • app_process64 (PID: 4408)
      • app_process64 (PID: 4616)
      • app_process64 (PID: 4205)
      • app_process64 (PID: 4762)
      • app_process64 (PID: 4704)
      • app_process64 (PID: 4851)
      • app_process64 (PID: 4821)
      • app_process64 (PID: 4792)

    • Detects presence of QEMU emulator

      • app_process64 (PID: 2402)
      • app_process64 (PID: 2432)
      • app_process64 (PID: 2460)
      • app_process64 (PID: 2490)
      • app_process64 (PID: 2520)
      • app_process64 (PID: 2610)
      • app_process64 (PID: 2550)
      • app_process64 (PID: 2580)
      • app_process64 (PID: 2647)
      • app_process64 (PID: 2707)
      • app_process64 (PID: 2677)
      • app_process64 (PID: 2767)
      • app_process64 (PID: 2737)
      • app_process64 (PID: 2826)
      • app_process64 (PID: 2798)
      • app_process64 (PID: 2886)
      • app_process64 (PID: 2856)
      • app_process64 (PID: 2916)
      • app_process64 (PID: 2975)
      • app_process64 (PID: 2945)
      • app_process64 (PID: 3034)
      • app_process64 (PID: 3004)
      • app_process64 (PID: 3123)
      • app_process64 (PID: 3093)
      • app_process64 (PID: 3064)
      • app_process64 (PID: 3154)
      • app_process64 (PID: 3214)
      • app_process64 (PID: 3184)
      • app_process64 (PID: 3368)
      • app_process64 (PID: 3278)
      • app_process64 (PID: 3244)
      • app_process64 (PID: 3308)
      • app_process64 (PID: 3338)
      • app_process64 (PID: 3456)
      • app_process64 (PID: 3426)
      • app_process64 (PID: 3516)
      • app_process64 (PID: 3486)
      • app_process64 (PID: 3396)
      • app_process64 (PID: 3577)
      • app_process64 (PID: 3546)
      • app_process64 (PID: 3695)
      • app_process64 (PID: 3605)
      • app_process64 (PID: 3665)
      • app_process64 (PID: 3725)
      • app_process64 (PID: 3635)
      • app_process64 (PID: 3758)
      • app_process64 (PID: 3818)
      • app_process64 (PID: 3788)
      • app_process64 (PID: 3938)
      • app_process64 (PID: 3878)
      • app_process64 (PID: 4059)
      • app_process64 (PID: 3908)
      • app_process64 (PID: 3848)
      • app_process64 (PID: 3997)
      • app_process64 (PID: 4028)
      • app_process64 (PID: 4119)
      • app_process64 (PID: 4089)
      • app_process64 (PID: 3968)
      • app_process64 (PID: 4322)
      • app_process64 (PID: 4235)
      • app_process64 (PID: 4262)
      • app_process64 (PID: 4292)
      • app_process64 (PID: 4179)
      • app_process64 (PID: 4351)
      • app_process64 (PID: 4147)
      • app_process64 (PID: 4587)
      • app_process64 (PID: 4499)
      • app_process64 (PID: 4616)
      • app_process64 (PID: 4205)
      • app_process64 (PID: 4469)
      • app_process64 (PID: 4380)
      • app_process64 (PID: 4408)
      • app_process64 (PID: 4762)
      • app_process64 (PID: 4821)
      • app_process64 (PID: 4851)
      • app_process64 (PID: 4792)

    • Executes dynamic code using class loader

      • app_process64 (PID: 2402)
      • app_process64 (PID: 2460)
      • app_process64 (PID: 2432)
      • app_process64 (PID: 2520)
      • app_process64 (PID: 2490)
      • app_process64 (PID: 2610)
      • app_process64 (PID: 2550)
      • app_process64 (PID: 2580)
      • app_process64 (PID: 2647)
      • app_process64 (PID: 2677)
      • app_process64 (PID: 2707)
      • app_process64 (PID: 2767)
      • app_process64 (PID: 2737)
      • app_process64 (PID: 2826)
      • app_process64 (PID: 2798)
      • app_process64 (PID: 2856)
      • app_process64 (PID: 2886)
      • app_process64 (PID: 2975)
      • app_process64 (PID: 3004)
      • app_process64 (PID: 2945)
      • app_process64 (PID: 2916)
      • app_process64 (PID: 3034)
      • app_process64 (PID: 3093)
      • app_process64 (PID: 3064)
      • app_process64 (PID: 3123)
      • app_process64 (PID: 3154)
      • app_process64 (PID: 3214)
      • app_process64 (PID: 3184)
      • app_process64 (PID: 3244)
      • app_process64 (PID: 3308)
      • app_process64 (PID: 3338)
      • app_process64 (PID: 3278)
      • app_process64 (PID: 3368)
      • app_process64 (PID: 3426)
      • app_process64 (PID: 3396)
      • app_process64 (PID: 3577)
      • app_process64 (PID: 3486)
      • app_process64 (PID: 3546)
      • app_process64 (PID: 3456)
      • app_process64 (PID: 3516)
      • app_process64 (PID: 3695)
      • app_process64 (PID: 3635)
      • app_process64 (PID: 3665)
      • app_process64 (PID: 3605)
      • app_process64 (PID: 3725)
      • app_process64 (PID: 3758)
      • app_process64 (PID: 3788)
      • app_process64 (PID: 3908)
      • app_process64 (PID: 3818)
      • app_process64 (PID: 4028)
      • app_process64 (PID: 3848)
      • app_process64 (PID: 3938)
      • app_process64 (PID: 3878)
      • app_process64 (PID: 3997)
      • app_process64 (PID: 3968)
      • app_process64 (PID: 4179)
      • app_process64 (PID: 4205)
      • app_process64 (PID: 4059)
      • app_process64 (PID: 4089)
      • app_process64 (PID: 4235)
      • app_process64 (PID: 4119)
      • app_process64 (PID: 4147)
      • app_process64 (PID: 4292)
      • app_process64 (PID: 4734)
      • app_process64 (PID: 4262)
      • app_process64 (PID: 4469)
      • app_process64 (PID: 4408)
      • app_process64 (PID: 4616)
      • app_process64 (PID: 4351)
      • app_process64 (PID: 4499)
      • app_process64 (PID: 4380)
      • app_process64 (PID: 4762)
      • app_process64 (PID: 4587)
      • app_process64 (PID: 4675)
      • app_process64 (PID: 4439)
      • app_process64 (PID: 4322)
      • app_process64 (PID: 4821)
      • app_process64 (PID: 4559)

    • Collects data about the device's environment (JVM version)

      • app_process64 (PID: 2432)
      • app_process64 (PID: 2490)
      • app_process64 (PID: 2402)
      • app_process64 (PID: 2460)
      • app_process64 (PID: 2550)
      • app_process64 (PID: 2580)
      • app_process64 (PID: 2610)
      • app_process64 (PID: 2520)
      • app_process64 (PID: 2647)
      • app_process64 (PID: 2707)
      • app_process64 (PID: 2677)
      • app_process64 (PID: 2767)
      • app_process64 (PID: 2737)
      • app_process64 (PID: 2798)
      • app_process64 (PID: 2826)
      • app_process64 (PID: 2856)
      • app_process64 (PID: 2886)
      • app_process64 (PID: 2916)
      • app_process64 (PID: 2945)
      • app_process64 (PID: 3004)
      • app_process64 (PID: 3034)
      • app_process64 (PID: 2975)
      • app_process64 (PID: 3123)
      • app_process64 (PID: 3093)
      • app_process64 (PID: 3064)
      • app_process64 (PID: 3154)
      • app_process64 (PID: 3214)
      • app_process64 (PID: 3278)
      • app_process64 (PID: 3184)
      • app_process64 (PID: 3244)
      • app_process64 (PID: 3308)
      • app_process64 (PID: 3368)
      • app_process64 (PID: 3338)
      • app_process64 (PID: 3516)
      • app_process64 (PID: 3396)
      • app_process64 (PID: 3456)
      • app_process64 (PID: 3426)
      • app_process64 (PID: 3486)
      • app_process64 (PID: 3577)
      • app_process64 (PID: 3546)
      • app_process64 (PID: 3605)
      • app_process64 (PID: 3695)
      • app_process64 (PID: 3758)
      • app_process64 (PID: 3665)
      • app_process64 (PID: 3725)
      • app_process64 (PID: 3635)
      • app_process64 (PID: 3818)
      • app_process64 (PID: 3788)
      • app_process64 (PID: 3938)
      • app_process64 (PID: 4059)
      • app_process64 (PID: 3848)
      • app_process64 (PID: 3908)
      • app_process64 (PID: 3878)
      • app_process64 (PID: 3997)
      • app_process64 (PID: 4119)
      • app_process64 (PID: 4028)
      • app_process64 (PID: 3968)
      • app_process64 (PID: 4235)
      • app_process64 (PID: 4292)
      • app_process64 (PID: 4322)
      • app_process64 (PID: 4262)
      • app_process64 (PID: 4089)
      • app_process64 (PID: 4351)
      • app_process64 (PID: 4179)
      • app_process64 (PID: 4499)
      • app_process64 (PID: 4147)
      • app_process64 (PID: 4205)
      • app_process64 (PID: 4469)
      • app_process64 (PID: 4616)
      • app_process64 (PID: 4380)
      • app_process64 (PID: 4762)
      • app_process64 (PID: 4851)
      • app_process64 (PID: 4821)
      • app_process64 (PID: 4408)
      • app_process64 (PID: 4792)

  • INFO

    • Dynamically inspects or modifies classes, methods, and fields at runtime

      • app_process64 (PID: 2372)
      • app_process64 (PID: 2402)
      • app_process64 (PID: 2432)
      • app_process64 (PID: 2460)
      • app_process64 (PID: 2520)
      • app_process64 (PID: 2490)
      • app_process64 (PID: 2580)
      • app_process64 (PID: 2550)
      • app_process64 (PID: 2610)
      • app_process64 (PID: 2647)
      • app_process64 (PID: 2677)
      • app_process64 (PID: 2737)
      • app_process64 (PID: 2707)
      • app_process64 (PID: 2826)
      • app_process64 (PID: 2767)
      • app_process64 (PID: 2798)
      • app_process64 (PID: 2856)
      • app_process64 (PID: 2916)
      • app_process64 (PID: 2945)
      • app_process64 (PID: 2886)
      • app_process64 (PID: 2975)
      • app_process64 (PID: 3034)
      • app_process64 (PID: 3093)
      • app_process64 (PID: 3004)
      • app_process64 (PID: 3064)
      • app_process64 (PID: 3123)
      • app_process64 (PID: 3184)
      • app_process64 (PID: 3214)
      • app_process64 (PID: 3154)
      • app_process64 (PID: 3244)
      • app_process64 (PID: 3278)
      • app_process64 (PID: 3308)
      • app_process64 (PID: 3426)
      • app_process64 (PID: 3396)
      • app_process64 (PID: 3368)
      • app_process64 (PID: 3338)
      • app_process64 (PID: 3456)
      • app_process64 (PID: 3486)
      • app_process64 (PID: 3577)
      • app_process64 (PID: 3546)
      • app_process64 (PID: 3516)
      • app_process64 (PID: 3665)
      • app_process64 (PID: 3605)
      • app_process64 (PID: 3635)
      • app_process64 (PID: 3695)
      • app_process64 (PID: 3725)
      • app_process64 (PID: 3908)
      • app_process64 (PID: 3758)
      • app_process64 (PID: 3788)
      • app_process64 (PID: 3848)
      • app_process64 (PID: 3818)
      • app_process64 (PID: 4028)
      • app_process64 (PID: 3938)
      • app_process64 (PID: 3878)
      • app_process64 (PID: 3968)
      • app_process64 (PID: 4059)
      • app_process64 (PID: 4089)
      • app_process64 (PID: 3997)
      • app_process64 (PID: 4262)
      • app_process64 (PID: 4119)
      • app_process64 (PID: 4205)
      • app_process64 (PID: 4179)
      • app_process64 (PID: 4147)
      • app_process64 (PID: 4235)
      • app_process64 (PID: 4351)
      • app_process64 (PID: 4380)
      • app_process64 (PID: 4408)
      • app_process64 (PID: 4292)
      • app_process64 (PID: 4734)
      • app_process64 (PID: 4616)
      • app_process64 (PID: 4322)
      • app_process64 (PID: 4439)
      • app_process64 (PID: 4499)
      • app_process64 (PID: 4469)
      • app_process64 (PID: 4559)
      • app_process64 (PID: 4587)
      • app_process64 (PID: 4821)
      • app_process64 (PID: 4675)
      • app_process64 (PID: 4762)
      • app_process64 (PID: 4792)
      • app_process64 (PID: 4911)
      • app_process64 (PID: 4881)

    • Retrieves data from storage of application settings (SharedPreferences)

      • app_process64 (PID: 2372)
      • app_process64 (PID: 2432)
      • app_process64 (PID: 2402)
      • app_process64 (PID: 2460)
      • app_process64 (PID: 2490)
      • app_process64 (PID: 2520)
      • app_process64 (PID: 2550)
      • app_process64 (PID: 2580)
      • app_process64 (PID: 2647)
      • app_process64 (PID: 2677)
      • app_process64 (PID: 2610)
      • app_process64 (PID: 2737)
      • app_process64 (PID: 2707)
      • app_process64 (PID: 2798)
      • app_process64 (PID: 2767)
      • app_process64 (PID: 2856)
      • app_process64 (PID: 2826)
      • app_process64 (PID: 2886)
      • app_process64 (PID: 2916)
      • app_process64 (PID: 2975)
      • app_process64 (PID: 2945)
      • app_process64 (PID: 3034)
      • app_process64 (PID: 3004)
      • app_process64 (PID: 3064)
      • app_process64 (PID: 3123)
      • app_process64 (PID: 3093)
      • app_process64 (PID: 3214)
      • app_process64 (PID: 3184)
      • app_process64 (PID: 3154)
      • app_process64 (PID: 3244)
      • app_process64 (PID: 3278)
      • app_process64 (PID: 3308)
      • app_process64 (PID: 3338)
      • app_process64 (PID: 3396)
      • app_process64 (PID: 3368)
      • app_process64 (PID: 3486)
      • app_process64 (PID: 3426)
      • app_process64 (PID: 3456)
      • app_process64 (PID: 3605)
      • app_process64 (PID: 3516)
      • app_process64 (PID: 3546)
      • app_process64 (PID: 3577)
      • app_process64 (PID: 3665)
      • app_process64 (PID: 3695)
      • app_process64 (PID: 3635)
      • app_process64 (PID: 3725)
      • app_process64 (PID: 3758)
      • app_process64 (PID: 3788)
      • app_process64 (PID: 3818)
      • app_process64 (PID: 3848)
      • app_process64 (PID: 3938)
      • app_process64 (PID: 3878)
      • app_process64 (PID: 3908)
      • app_process64 (PID: 3968)
      • app_process64 (PID: 4028)
      • app_process64 (PID: 3997)
      • app_process64 (PID: 4119)
      • app_process64 (PID: 4089)
      • app_process64 (PID: 4059)
      • app_process64 (PID: 4262)
      • app_process64 (PID: 4147)
      • app_process64 (PID: 4235)
      • app_process64 (PID: 4322)
      • app_process64 (PID: 4205)
      • app_process64 (PID: 4351)
      • app_process64 (PID: 4292)
      • app_process64 (PID: 4380)
      • app_process64 (PID: 4179)
      • app_process64 (PID: 4408)
      • app_process64 (PID: 4587)
      • app_process64 (PID: 4499)
      • app_process64 (PID: 4616)
      • app_process64 (PID: 4734)
      • app_process64 (PID: 4469)
      • app_process64 (PID: 4821)
      • app_process64 (PID: 4762)
      • app_process64 (PID: 4675)
      • app_process64 (PID: 4792)
      • app_process64 (PID: 4881)
      • app_process64 (PID: 4911)

    • Normally terminates current Java virtual machine

      • app_process64 (PID: 2432)
      • app_process64 (PID: 2402)
      • app_process64 (PID: 2460)
      • app_process64 (PID: 2490)
      • app_process64 (PID: 2520)
      • app_process64 (PID: 2550)
      • app_process64 (PID: 2610)
      • app_process64 (PID: 2647)
      • app_process64 (PID: 2580)
      • app_process64 (PID: 2707)
      • app_process64 (PID: 2737)
      • app_process64 (PID: 2677)
      • app_process64 (PID: 2767)
      • app_process64 (PID: 2798)
      • app_process64 (PID: 2826)
      • app_process64 (PID: 2856)
      • app_process64 (PID: 2886)
      • app_process64 (PID: 2945)
      • app_process64 (PID: 2916)
      • app_process64 (PID: 2975)
      • app_process64 (PID: 3004)
      • app_process64 (PID: 3034)
      • app_process64 (PID: 3064)
      • app_process64 (PID: 3123)
      • app_process64 (PID: 3093)
      • app_process64 (PID: 3184)
      • app_process64 (PID: 3154)
      • app_process64 (PID: 3214)
      • app_process64 (PID: 3244)
      • app_process64 (PID: 3278)
      • app_process64 (PID: 3308)
      • app_process64 (PID: 3368)
      • app_process64 (PID: 3338)
      • app_process64 (PID: 3396)
      • app_process64 (PID: 3456)
      • app_process64 (PID: 3426)
      • app_process64 (PID: 3516)
      • app_process64 (PID: 3577)
      • app_process64 (PID: 3486)
      • app_process64 (PID: 3546)
      • app_process64 (PID: 3635)
      • app_process64 (PID: 3605)
      • app_process64 (PID: 3695)
      • app_process64 (PID: 3788)
      • app_process64 (PID: 3725)
      • app_process64 (PID: 3665)
      • app_process64 (PID: 3758)
      • app_process64 (PID: 3878)
      • app_process64 (PID: 3908)
      • app_process64 (PID: 3968)
      • app_process64 (PID: 4059)
      • app_process64 (PID: 3818)
      • app_process64 (PID: 4028)
      • app_process64 (PID: 4089)
      • app_process64 (PID: 3997)
      • app_process64 (PID: 3938)
      • app_process64 (PID: 4147)
      • app_process64 (PID: 4119)
      • app_process64 (PID: 4351)
      • app_process64 (PID: 4262)
      • app_process64 (PID: 4179)
      • app_process64 (PID: 4322)
      • app_process64 (PID: 4380)
      • app_process64 (PID: 4408)
      • app_process64 (PID: 4499)
      • app_process64 (PID: 4469)
      • app_process64 (PID: 4704)
      • app_process64 (PID: 4235)
      • app_process64 (PID: 4292)
      • app_process64 (PID: 4616)
      • app_process64 (PID: 4205)
      • app_process64 (PID: 4646)
      • app_process64 (PID: 4762)
      • app_process64 (PID: 4734)
      • app_process64 (PID: 4969)
      • app_process64 (PID: 4851)
      • app_process64 (PID: 4439)
      • app_process64 (PID: 4529)
      • app_process64 (PID: 4881)
      • app_process64 (PID: 5057)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.apk | Android Package (43.5)
.spe | SPSS Extension (24.8)
.jar | Java Archive (12)
.vym | VYM Mind Map (10.3)

EXIF

ZIP

ZipRequiredVersion: -
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 1981:01:01 01:01:02
ZipCRC: 0x2b084705
ZipCompressedSize: 52
ZipUncompressedSize: 56
ZipFileName: META-INF/com/android/build/gradle/app-metadata.properties
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
219
Monitored processes
95
Malicious processes
73
Suspicious processes
7

Behavior graph

Click at the process to see the details
start app_process64 no specs app_process64 app_process64 netd app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 no specs app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 no specs app_process64 app_process64 no specs app_process64 app_process64 app_process64 no specs app_process64 no specs app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 no specs app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 app_process64 no specs app_process64 app_process64 app_process64 app_process64

Process information

PID
CMD
Path
Indicators
Parent process
341/system/bin/netd/system/bin/netd
init
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2278iuu.osyjpkj.olnl /system/bin/app_process64app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2310iuu.osyjpkj.olnl /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2342iuu.osyjpkj.olnl /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2372iuu.osyjpkj.olnl /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2402iuu.osyjpkj.olnl /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2432iuu.osyjpkj.olnl /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2460iuu.osyjpkj.olnl /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2490iuu.osyjpkj.olnl /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
2520iuu.osyjpkj.olnl /system/bin/app_process64
app_process64
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
3
Text files
0
Unknown types
3

Dropped files

PID
Process
Filename
Type
2278app_process64/data/data/iuu.osyjpkj.olnl/cache/basedex
MD5:
SHA256:
2310app_process64/data/data/iuu.osyjpkj.olnl/cache/basedex
MD5:
SHA256:
2342app_process64/data/data/iuu.osyjpkj.olnl/cache/basedex
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
66
TCP/UDP connections
89
DNS requests
6
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2342
app_process64
GET
199.247.6.61:80
http://mskisdakw.top/
unknown
malicious
2310
app_process64
GET
199.247.6.61:80
http://mskisdakw.top/
unknown
malicious
GET
204
142.250.186.35:80
http://connectivitycheck.gstatic.com/generate_204
unknown
whitelisted
2372
app_process64
GET
199.247.6.61:80
http://mskisdakw.top/
unknown
malicious
2402
app_process64
GET
199.247.6.61:80
http://mskisdakw.top/
unknown
malicious
2490
app_process64
GET
199.247.6.61:80
http://mskisdakw.top/
unknown
malicious
2460
app_process64
GET
199.247.6.61:80
http://mskisdakw.top/
unknown
malicious
2520
app_process64
GET
199.247.6.61:80
http://mskisdakw.top/
unknown
malicious
2550
app_process64
GET
200
199.247.6.61:80
http://mskisdakw.top/
unknown
malicious
2677
app_process64
GET
199.247.6.61:80
http://mskisdakw.top/
unknown
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
445
mdnsd
224.0.0.251:5353
unknown
216.239.35.0:123
time.android.com
whitelisted
216.58.212.132:443
www.google.com
GOOGLE
US
whitelisted
142.250.186.35:80
connectivitycheck.gstatic.com
GOOGLE
US
whitelisted
108.177.15.81:443
staging-remoteprovisioning.sandbox.googleapis.com
GOOGLE
US
whitelisted
2310
app_process64
199.247.6.61:80
mskisdakw.top
AS-CHOOPA
DE
malicious
2342
app_process64
199.247.6.61:80
mskisdakw.top
AS-CHOOPA
DE
malicious
2372
app_process64
199.247.6.61:80
mskisdakw.top
AS-CHOOPA
DE
malicious
2402
app_process64
199.247.6.61:80
mskisdakw.top
AS-CHOOPA
DE
malicious
2432
app_process64
199.247.6.61:80
mskisdakw.top
AS-CHOOPA
DE
malicious

DNS requests

Domain
IP
Reputation
www.google.com
  • 216.58.212.132
whitelisted
connectivitycheck.gstatic.com
  • 142.250.186.35
whitelisted
time.android.com
  • 216.239.35.0
  • 216.239.35.8
  • 216.239.35.12
  • 216.239.35.4
whitelisted
staging-remoteprovisioning.sandbox.googleapis.com
  • 108.177.15.81
whitelisted
google.com
  • 172.217.23.110
whitelisted
mskisdakw.top
  • 199.247.6.61
malicious

Threats

PID
Process
Class
Message
Misc activity
ET INFO Android Device Connectivity Check
341
netd
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
2310
app_process64
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
3426
app_process64
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
4616
app_process64
Potentially Bad Traffic
ET INFO HTTP Request to a *.top domain
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/zedge-app.apk