Malware analysis https://mxltv.app/download/ Malicious activity

Add for printing

URL:	https://mxltv.app/download/
Full analysis:	https://app.any.run/tasks/1f105a3d-e4fb-4f18-a0be-096c66bbd4d6
Verdict:	Malicious activity
Threats:	Spyware is a stealth form of malware whose primary objective is to gather sensitive information, such as personal data, login credentials, and financial details, by monitoring user activities and exploiting system vulnerabilities. Spyware operates secretly in the background, evading detection while transmitting collected data to cybercriminals, who can then use it for malicious purposes like identity theft, financial fraud, or espionage. Malware Trends Tracker >>>
Analysis date:	February 20, 2026, 15:08:24
OS:	Android 14
Tags:	promptspy spyware
Indicators:
MD5:	7BCAD54D654467CA91EFBB4273365FE7
SHA1:	9A0883A00F706114410BBF97405B3CEBCD46A24B
SHA256:	C60B3CD2D36BD98432B2F09A5288AA164501675F44A2BB11132B36B721F62FE7
SSDEEP:	3:N8yRkCD9kn:2yycC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: off
Network:: on

Software preset

android (14)
android.cuttlefish.overlay (14)
android.cuttlefish.phone.overlay (14)
android.ext.services (2019-09)
android.ext.shared (1)
com.android.adservices.api (14)
com.android.apps.tag (1.1)
com.android.backupconfirm (14)
com.android.bips (14)
com.android.bluetoothmidiservice (14)
com.android.bookmarkprovider (14)
com.android.calendar (14)
com.android.calllogbackup (14)
com.android.camera2 (2.0.002)
com.android.cameraextensions (14)
com.android.captiveportallogin (14)
com.android.carrierconfig (1.0.0)
com.android.carrierdefaultapp (14)
com.android.cellbroadcastreceiver (R-initial)
com.android.cellbroadcastreceiver.module (R-initial)
com.android.cellbroadcastservice (R-initial)
com.android.certinstaller (14)
com.android.companiondevicemanager (14)
com.android.compos.payload (14)
com.android.connectivity.resources (S-initial)
com.android.connectivity.resources.cuttlefish.overlay (14)
com.android.contacts (1.7.34)
com.android.credentialmanager (14)
com.android.cts.ctsshim (14-10093150)
com.android.cts.priv.ctsshim (14-10093150)
com.android.deskclock (14)
com.android.devicelockcontroller (14)
com.android.dialer (23.0)
com.android.documentsui (14)
com.android.dreams.basic (14)
com.android.dreams.phototable (14)
com.android.dynsystem (14)
com.android.egg (1.0)
com.android.emergency (14)
com.android.ext.adservices.api (14)
com.android.externalstorage (14)
com.android.federatedcompute.services (T-initial)
com.android.gallery3d (1.1.40030)
com.android.google.gce.gceservice (14)
com.android.health.connect.backuprestore (14)
com.android.healthconnect.controller (14)
com.android.hotspot2.osulogin (14)
com.android.htmlviewer (14)
com.android.imsserviceentitlement (14)
com.android.inputdevices (14)
com.android.inputmethod.latin (14)
com.android.intentresolver (2021-11)
com.android.internal.display.cutout.emulation.corner (1.0)
com.android.internal.display.cutout.emulation.double (1.0)
com.android.internal.display.cutout.emulation.hole (1.0)
com.android.internal.display.cutout.emulation.tall (1.0)
com.android.internal.display.cutout.emulation.waterfall (1.0)
com.android.internal.systemui.navbar.gestural (1.0)
com.android.internal.systemui.navbar.gestural_extra_wide_back (1.0)
com.android.internal.systemui.navbar.gestural_narrow_back (1.0)
com.android.internal.systemui.navbar.gestural_wide_back (1.0)
com.android.internal.systemui.navbar.threebutton (1.0)
com.android.internal.systemui.navbar.transparent (1.0)
com.android.keychain (14)
com.android.launcher3 (14)
com.android.localtransport (14)
com.android.location.fused (14)
com.android.managedprovisioning (14)
com.android.messaging (1.0.001)
com.android.microdroid.empty_payload (14)
com.android.mms.service (14)
com.android.modulemetadata (14)
com.android.mtp (14)
com.android.music (14)
com.android.musicfx (1.4)
com.android.nearby.halfsheet (14)
com.android.networkstack (14)
com.android.networkstack.tethering (14)
com.android.networkstack.tethering.cuttlefishoverlay (1.0)
com.android.nfc (14)
com.android.ondevicepersonalization.services (T-initial)
com.android.ons (14)
com.android.packageinstaller (14)
com.android.pacprocessor (14)
com.android.permissioncontroller (33 system image)
com.android.phone (14)
com.android.printservice.recommendation (1.3.0)
com.android.printspooler (14)
com.android.providers.blockednumber (14)
com.android.providers.calendar (14)
com.android.providers.contacts (14)
com.android.providers.downloads (14)
com.android.providers.downloads.ui (14)
com.android.providers.media (14)
com.android.providers.media.module (14)
com.android.providers.partnerbookmarks (14)
com.android.providers.settings (14)
com.android.providers.settings.cuttlefish.overlay (14)
com.android.providers.telephony (14)
com.android.providers.userdictionary (14)
com.android.provision (14)
com.android.proxyhandler (14)
com.android.quicksearchbox (14)
com.android.rkpdapp (14)
com.android.role.notes.enabled (1.0)
com.android.safetycenter.resources (33 system image)
com.android.sdksandbox (T-initial)
com.android.se (14)
com.android.server.telecom (14)
com.android.settings (14)
com.android.settings.intelligence (14)
com.android.sharedstoragebackup (14)
com.android.shell (14)
com.android.simappdialog (14)
com.android.soundpicker (14)
com.android.statementservice (1.0)
com.android.stk (14)
com.android.storagemanager (14)
com.android.systemui (14)
com.android.systemui.accessibility.accessibilitymenu (14)
com.android.telephony.qns (14)
com.android.theme.font.notoserifsource (1.0)
com.android.traceur (1.0)
com.android.uwb.resources (T-initial)
com.android.virtualmachine.res (14)
com.android.vpndialogs (14)
com.android.wallpaper.livepicker (14)
com.android.wallpaperbackup (14)
com.android.wallpapercropper (14)
com.android.wallpaperpicker (1.0)
com.android.webview (137.0.7122.0)
com.android.wifi.dialog (14)
com.android.wifi.resources (R-initial)
com.android.wifi.resources.cf (1.0)
com.google.android.telephony.satellite (14)
org.chromium.chrome (137.0.7122.0)

Add for printing

MALICIOUS
- PROMPTSPY has been detected
  - app_process64 (PID: 4902)
  - app_process64 (PID: 4973)
- Detects root access on device
  - app_process64 (PID: 4902)
- Executes system commands or scripts
  - app_process64 (PID: 4902)
SUSPICIOUS
- Collects data about the device's environment (JVM version)
  - app_process64 (PID: 4902)
  - app_process64 (PID: 4973)
  - app_process64 (PID: 5111)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5494)
  - app_process64 (PID: 5649)
  - app_process64 (PID: 5832)
  - app_process64 (PID: 5816)
  - app_process64 (PID: 5952)
  - app_process64 (PID: 6143)
  - app_process64 (PID: 6256)
  - app_process64 (PID: 6210)
- Accesses system-level resources
  - app_process64 (PID: 4902)
  - app_process64 (PID: 4973)
  - app_process64 (PID: 5111)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5494)
  - app_process64 (PID: 5816)
  - app_process64 (PID: 5832)
  - app_process64 (PID: 5952)
  - app_process64 (PID: 6143)
  - app_process64 (PID: 6210)
  - app_process64 (PID: 6256)
- Retrieves Android OS build information
  - app_process64 (PID: 4902)
  - app_process64 (PID: 4973)
  - app_process64 (PID: 5111)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5816)
  - app_process64 (PID: 6143)
- Retrieves a list of running application processes
  - app_process64 (PID: 4902)
  - app_process64 (PID: 4973)
  - app_process64 (PID: 5111)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5494)
  - app_process64 (PID: 5816)
  - app_process64 (PID: 5832)
  - app_process64 (PID: 5952)
  - app_process64 (PID: 6143)
  - app_process64 (PID: 6256)
  - app_process64 (PID: 6210)
- Establishing a connection
  - app_process64 (PID: 4902)
  - app_process64 (PID: 5816)
- Uses encryption API functions
  - app_process64 (PID: 4902)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5816)
  - app_process64 (PID: 6143)
- Toggles Wi-Fi connectivity settings
  - app_process64 (PID: 4902)
- Detects uninstallation of applications
  - app_process64 (PID: 4902)
- Retrieves installed applications on device
  - app_process64 (PID: 4902)
- Detects presence of QEMU emulator
  - app_process64 (PID: 4902)
- Reads device bootloader configuration
  - app_process64 (PID: 4902)
- Updates data in the storage of application settings (SharedPreferences)
  - app_process64 (PID: 4902)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5816)
  - app_process64 (PID: 6143)
- Checks if ADB is enabled
  - app_process64 (PID: 4902)
- Retrieves the MCC and MNC of the SIM card operator
  - app_process64 (PID: 4973)
  - app_process64 (PID: 5111)
  - app_process64 (PID: 5649)
  - app_process64 (PID: 5494)
  - app_process64 (PID: 5952)
  - app_process64 (PID: 6256)
- Retrieves the ISO country code of the current SIM card
  - app_process64 (PID: 4973)
  - app_process64 (PID: 5111)
  - app_process64 (PID: 5649)
  - app_process64 (PID: 5494)
  - app_process64 (PID: 5952)
  - app_process64 (PID: 6256)
- Reads device MAC address fingerprint
  - app_process64 (PID: 4902)
- Retrieves the file path to the APK
  - app_process64 (PID: 4902)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5816)
  - app_process64 (PID: 6143)
- Launches a new activity
  - app_process64 (PID: 4902)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 6143)
- Sets file permissions, owner, and group for a specified path
  - app_process64 (PID: 5649)
- Accesses external device storage files
  - app_process64 (PID: 5816)
- Retrieves a list of running services
  - app_process64 (PID: 5816)
INFO
- Loads a native library into the application
  - app_process64 (PID: 4902)
  - app_process64 (PID: 4973)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5494)
  - app_process64 (PID: 5816)
  - app_process64 (PID: 5832)
  - app_process64 (PID: 5952)
  - app_process64 (PID: 6143)
  - app_process64 (PID: 6256)
  - app_process64 (PID: 6210)
- Dynamically inspects or modifies classes, methods, and fields at runtime
  - app_process64 (PID: 4902)
  - app_process64 (PID: 4973)
  - app_process64 (PID: 5111)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5494)
  - app_process64 (PID: 5649)
  - app_process64 (PID: 5816)
  - app_process64 (PID: 5832)
  - app_process64 (PID: 5952)
  - app_process64 (PID: 6210)
  - app_process64 (PID: 6256)
  - app_process64 (PID: 6143)
- Stores data using SQLite database
  - app_process64 (PID: 4902)
  - app_process64 (PID: 4973)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5816)
- Returns elapsed time since boot
  - app_process64 (PID: 4902)
  - app_process64 (PID: 4973)
  - app_process64 (PID: 5111)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5494)
  - app_process64 (PID: 5816)
  - app_process64 (PID: 6143)
  - app_process64 (PID: 6210)
  - app_process64 (PID: 6256)
- Dynamically loads a class in Java
  - app_process64 (PID: 4902)
  - app_process64 (PID: 4973)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5494)
  - app_process64 (PID: 5816)
  - app_process64 (PID: 5832)
  - app_process64 (PID: 5952)
  - app_process64 (PID: 6143)
  - app_process64 (PID: 6210)
  - app_process64 (PID: 6256)
- Gets file name without full path
  - app_process64 (PID: 4902)
  - app_process64 (PID: 4973)
  - app_process64 (PID: 5111)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5494)
  - app_process64 (PID: 5649)
  - app_process64 (PID: 5816)
  - app_process64 (PID: 5832)
  - app_process64 (PID: 5952)
  - app_process64 (PID: 6143)
  - app_process64 (PID: 6210)
  - app_process64 (PID: 6256)
- Dynamically registers broadcast event listeners
  - app_process64 (PID: 4902)
  - app_process64 (PID: 5111)
  - app_process64 (PID: 4973)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5494)
  - app_process64 (PID: 5649)
  - app_process64 (PID: 5816)
  - app_process64 (PID: 5832)
  - app_process64 (PID: 5952)
  - app_process64 (PID: 6143)
  - app_process64 (PID: 6210)
  - app_process64 (PID: 6256)
- Verifies whether the device is connected to the internet
  - app_process64 (PID: 4902)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5816)
  - app_process64 (PID: 6143)
- Detects device power status
  - app_process64 (PID: 4902)
  - app_process64 (PID: 5816)
- Checks if Wi-Fi is enabled
  - app_process64 (PID: 4902)
- Gets the display metrics associated with the device's screen
  - app_process64 (PID: 4902)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5816)
  - app_process64 (PID: 6143)
- Retrieves data from storage of application settings (SharedPreferences)
  - app_process64 (PID: 4902)
  - app_process64 (PID: 5477)
  - app_process64 (PID: 5816)
  - app_process64 (PID: 6143)
- Listens for changes in sensors
  - app_process64 (PID: 5816)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

238

Monitored processes

110

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
3959	<pre-initialized>	/system/bin/app_process64		app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
4015	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
4036	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
4052	com.android.traceur	/system/bin/app_process64	—	app_process64
User: u0_a54 Integrity Level: UNKNOWN Exit code: 512
4060	org.chromium.chrome:privileged_process0	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
4082	com.android.adservices.api	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
4141	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
4167	com.android.providers.partnerbookmarks	/system/bin/app_process64	—	app_process64
User: root Integrity Level: UNKNOWN Exit code: 0
4231	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0
4251	org.chromium.chrome_zygote	/system/bin/app_process64	—	app_process64
User: u0_a72 Integrity Level: UNKNOWN Exit code: 0

Add for printing

Total events

Read events

Write events

Delete events

Modification events

No data

Add for printing

Executable files

Suspicious files

456

Text files

488

Unknown types

Dropped files

PID	Process	Filename		Type
4231	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.7xWo9H/list.pb		binary
		MD5:—	SHA256:—
4231	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.7xWo9H/manifest.json		text
		MD5:—	SHA256:—
4231	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.7xWo9H/LICENSE		binary
		MD5:—	SHA256:—
4231	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.7xWo9H/_metadata/verified_contents.json		text
		MD5:—	SHA256:—
4231	app_process64	/data/data/org.chromium.chrome/app_chrome/component_crx_cache/cab4d1f0a6a2a1afecae808a520f6690dd2b9d58bf54762877f2dc9715d55461		binary
		MD5:—	SHA256:—
4251	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.xzXInx/privacy-sandbox-attestations.dat		binary
		MD5:—	SHA256:—
4251	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.xzXInx/manifest.json		text
		MD5:—	SHA256:—
4251	app_process64	/data/data/org.chromium.chrome/app_chrome/component_crx_cache/38c89b12bb20a8f2751c9c7cd2e31c173a47af08c115e1ecccc2f5151a2cf2c6		binary
		MD5:—	SHA256:—
4251	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.xzXInx/_metadata/verified_contents.json		text
		MD5:—	SHA256:—
4270	app_process64	/data/data/org.chromium.chrome/cache/.org.chromium.Chromium.QCz9PA/decoded_xz		binary
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

486

TCP/UDP connections

211

DNS requests

271

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3959	app_process64	OPTIONS	200	35.190.80.1:443	https://a.nel.cloudflare.com/report/v4?s=YibVZnLLtolfpJkGwKKwQXTlEy8WGoO01JPORdLnrHskRkn88isZluHR4PKZuS4bsXHRILjjM5YGHXthH3em4MwXxh%2BvimmFEA%3D%3D	unknown	—	—	unknown
3959	app_process64	GET	403	172.240.253.132:443	https://pl28752009.effectivegatecpm.com/444578ef4081ce37a8c5fbee395a8776/invoke.js	unknown	—	—	unknown
1921	app_process64	GET	204	142.251.208.4:443	https://www.google.com/generate_204	unknown	—	—	whitelisted
3959	app_process64	GET	403	172.240.108.76:443	https://www.highperformanceformat.com/58294a8f74ea5a48faeee2c05252f03b/invoke.js	unknown	—	—	unknown
3959	app_process64	POST	204	216.239.32.36:443	https://region1.google-analytics.com/g/collect?v=2&tid=G-3DRC0B0VWW&gtm=45Pe62i1v9241798301za200zd9241798301&_p=1771600155503&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&gdid=dZTNiMT&cid=1533975148.1771600156&ul=en-us&sr=1024x576&uaa=&uab=&uafvl=Chromium%3B137.0.7122.0%7CNot%252FA)Brand%3B24.0.0.0&uamb=1&uam=Realme_X2_Pro&uap=Android&uapv=14.0.0&uaw=0&are=1&frm=0&pscdl=&_s=1&tag_exp=103116026~103200004~104527906~104528500~104684208~104684211~115938465~115938468~117455676~117455678&sid=1771600155&sct=1&seg=0&dl=https%3A%2F%2Fmxltv.app%2Fdownload%2F&dt=Descargar%20MXL%20TV%20APK%20Gratis%20-%20%C3%9Altima%20Versi%C3%B3n%203.1.1%20para%20Android%20(2026)&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=45218	unknown	—	—	unknown
3959	app_process64	POST	204	216.239.32.36:443	https://region1.google-analytics.com/g/collect?v=2&tid=G-3DRC0B0VWW&gtm=45Pe62i1v9241798301za200zd9241798301&_p=1771600155503&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&gdid=dZTNiMT&cid=1533975148.1771600156&ul=en-us&sr=1024x576&uaa=&uab=&uafvl=Chromium%3B137.0.7122.0%7CNot%252FA)Brand%3B24.0.0.0&uamb=1&uam=Realme_X2_Pro&uap=Android&uapv=14.0.0&uaw=0&are=1&frm=0&pscdl=&_eu=AAAAAAQ&_s=2&tag_exp=103116026~103200004~104527906~104528500~104684208~104684211~115938465~115938468~117455676~117455678&sid=1771600155&sct=1&seg=0&dl=https%3A%2F%2Fmxltv.app%2Fdownload%2F&dt=Descargar%20MXL%20TV%20APK%20Gratis%20-%20%C3%9Altima%20Versi%C3%B3n%203.1.1%20para%20Android%20(2026)&en=user_engagement&_et=5474&tfd=50732	unknown	—	—	unknown
—	—	GET	204	142.251.208.4:80	http://www.google.com/gen_204	unknown	—	—	whitelisted
3959	app_process64	GET	200	142.251.141.142:80	http://clients2.google.com/time/1/current?cup2key=9:J1b2pFTYHWZOSF4tTfBU3zyRaNf_B0r5DprNNv5rrIE&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855	unknown	—	—	whitelisted
3959	app_process64	POST	200	142.251.127.84:443	https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&laf=b64bin&json=standard	unknown	—	—	whitelisted
3959	app_process64	POST	200	35.190.80.1:443	https://a.nel.cloudflare.com/report/v4?s=YibVZnLLtolfpJkGwKKwQXTlEy8WGoO01JPORdLnrHskRkn88isZluHR4PKZuS4bsXHRILjjM5YGHXthH3em4MwXxh%2BvimmFEA%3D%3D	unknown	—	—	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	142.251.208.4:80	www.google.com	GOOGLE	US	whitelisted
452	mdnsd	224.0.0.251:5353	—	—	—	whitelisted
—	—	142.251.208.4:443	www.google.com	GOOGLE	US	whitelisted
—	—	142.250.186.67:80	connectivitycheck.gstatic.com	GOOGLE	US	whitelisted
3959	app_process64	142.251.141.142:80	clients2.google.com	GOOGLE	US	whitelisted
3959	app_process64	172.67.173.126:443	mxltv.app	CLOUDFLARENET	US	whitelisted
3959	app_process64	142.251.127.84:443	accounts.google.com	GOOGLE	US	whitelisted
3959	app_process64	142.251.208.4:443	www.google.com	GOOGLE	US	whitelisted
3959	app_process64	172.240.253.132:443	pl28752009.effectivegatecpm.com	SERVERS-COM	US	whitelisted
3959	app_process64	35.190.80.1:443	a.nel.cloudflare.com	GOOGLE-CLOUD-PLATFORM	US	whitelisted

DNS requests

Domain	IP	Reputation
www.google.com	142.251.208.4	whitelisted
clients2.google.com	142.251.141.142	whitelisted
mxltv.app	172.67.173.126 104.21.30.178	unknown
accounts.google.com	142.251.127.84	whitelisted
www.googletagmanager.com	142.251.141.72	whitelisted
fonts.googleapis.com	172.217.16.170 216.58.206.74	whitelisted
maps.googleapis.com	142.250.186.74 142.250.186.42 216.58.206.74 142.251.140.170 216.58.206.42 142.250.187.202 142.250.201.170 142.251.141.106 142.251.208.10 172.217.16.202 142.251.36.106 172.217.20.138 142.251.127.95 172.217.168.74 142.251.141.138 142.251.208.170	whitelisted
ws.sharethis.com	18.173.205.20 18.173.205.127 18.173.205.122 18.173.205.120	whitelisted
platform-api.sharethis.com	3.160.150.71 3.160.150.115 3.160.150.14 3.160.150.46	whitelisted
maps.google.com	142.251.141.142	whitelisted

Threats

PID	Process	Class	Message
3959	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
3959	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
3959	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] BootstrapCDN (maxcdn .bootstrapcdn .com)
3959	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
3959	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] BootstrapCDN (maxcdn .bootstrapcdn .com)
3959	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
3959	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
3959	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
3959	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] Microsoft Ajax CDN (ajax .aspnetcdn .com)
3959	app_process64	Not Suspicious Traffic	INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)

Add for printing

No debug info

General Info

https://mxltv.app/download/

7BCAD54D654467CA91EFBB4273365FE7

9A0883A00F706114410BBF97405B3CEBCD46A24B

C60B3CD2D36BD98432B2F09A5288AA164501675F44A2BB11132B36B721F62FE7

3:N8yRkCD9kn:2yycC

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

PROMPTSPY has been detected

Detects root access on device

Executes system commands or scripts

SUSPICIOUS

Collects data about the device's environment (JVM version)

Accesses system-level resources

Retrieves Android OS build information

Retrieves a list of running application processes

Establishing a connection

Uses encryption API functions

Toggles Wi-Fi connectivity settings

Detects uninstallation of applications

Retrieves installed applications on device

Detects presence of QEMU emulator

Reads device bootloader configuration

Updates data in the storage of application settings (SharedPreferences)

Checks if ADB is enabled

Retrieves the MCC and MNC of the SIM card operator

Retrieves the ISO country code of the current SIM card

Reads device MAC address fingerprint

Retrieves the file path to the APK

Launches a new activity

Sets file permissions, owner, and group for a specified path

Accesses external device storage files

Retrieves a list of running services

INFO

Loads a native library into the application

Dynamically inspects or modifies classes, methods, and fields at runtime

Stores data using SQLite database

Returns elapsed time since boot

Dynamically loads a class in Java

Gets file name without full path

Dynamically registers broadcast event listeners

Verifies whether the device is connected to the internet

Detects device power status

Checks if Wi-Fi is enabled

Gets the display metrics associated with the device's screen

Retrieves data from storage of application settings (SharedPreferences)

Listens for changes in sensors

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings