File name:

okayfreedom-vpn.exe

Full analysis: https://app.any.run/tasks/2966005f-e90a-4369-ae19-dbdca4f1392b
Verdict: Malicious activity
Analysis date: September 14, 2024, 19:41:36
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

933B1F49C4B0FDDF97EA27225A4AD1CC

SHA1:

6028539BC350B5639204A7FFE69C180D55D8246E

SHA256:

0B82DC0C1BDB222A96F2F4D191FDF4D8E93CA5C41F2C9AF2E92882E1C47263F5

SSDEEP:

393216:8w+/LcmvHrO8P1NLbIP3N+OkJkIUmQEZE:CjcmvLXfLbIP3ZRREZE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • okayfreedom-vpn.exe (PID: 2212)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • okayfreedom-vpn.exe (PID: 7004)
      • okayfreedom-vpn.exe (PID: 2212)

    • Reads security settings of Internet Explorer

      • okayfreedom-vpn.exe (PID: 7004)
      • SteganosInfo.exe (PID: 2024)
      • Updater.exe (PID: 6584)
      • OkayFreedomClient.exe (PID: 6356)

    • Executable content was dropped or overwritten

      • okayfreedom-vpn.exe (PID: 7004)
      • okayfreedom-vpn.exe (PID: 2212)

    • Application launched itself

      • okayfreedom-vpn.exe (PID: 7004)

    • Drops a system driver (possible attempt to evade defenses)

      • okayfreedom-vpn.exe (PID: 2212)

    • Executes as Windows Service

      • OkayFreedomService.exe (PID: 736)

    • Creates a software uninstall entry

      • okayfreedom-vpn.exe (PID: 2212)

    • Searches for installed software

      • SteganosInfo.exe (PID: 2024)

    • Reads Microsoft Outlook installation path

      • SteganosInfo.exe (PID: 2024)
      • OkayFreedomClient.exe (PID: 6356)

    • Checks Windows Trust Settings

      • SteganosInfo.exe (PID: 2024)
      • OkayFreedomClient.exe (PID: 6356)
      • Updater.exe (PID: 6584)

    • Reads Internet Explorer settings

      • SteganosInfo.exe (PID: 2024)
      • OkayFreedomClient.exe (PID: 6356)

    • Reads browser cookies

      • OkayFreedomClient.exe (PID: 6356)

  • INFO

    • Create files in a temporary directory

      • okayfreedom-vpn.exe (PID: 7004)
      • okayfreedom-vpn.exe (PID: 2212)
      • Updater.exe (PID: 6584)

    • Reads the computer name

      • okayfreedom-vpn.exe (PID: 7004)
      • okayfreedom-vpn.exe (PID: 2212)
      • OkayFreedomService.exe (PID: 736)
      • OkayFreedomClient.exe (PID: 6356)
      • SteganosInfo.exe (PID: 2024)
      • Updater.exe (PID: 6584)

    • Checks supported languages

      • okayfreedom-vpn.exe (PID: 7004)
      • okayfreedom-vpn.exe (PID: 2212)
      • OkayFreedomClient.exe (PID: 3036)
      • OkayFreedomService.exe (PID: 736)
      • ResetPendingMoves.exe (PID: 6928)
      • OkayFreedomClient.exe (PID: 6356)
      • Updater.exe (PID: 6584)
      • SteganosInfo.exe (PID: 2024)

    • Process checks computer location settings

      • okayfreedom-vpn.exe (PID: 7004)

    • Creates files in the program directory

      • okayfreedom-vpn.exe (PID: 2212)

    • The process uses the downloaded file

      • okayfreedom-vpn.exe (PID: 7004)
      • SteganosInfo.exe (PID: 2024)

    • Creates files or folders in the user directory

      • OkayFreedomClient.exe (PID: 3036)
      • okayfreedom-vpn.exe (PID: 2212)
      • Updater.exe (PID: 6584)
      • OkayFreedomClient.exe (PID: 6356)
      • SteganosInfo.exe (PID: 2024)

    • Sends debugging messages

      • OkayFreedomService.exe (PID: 736)
      • OkayFreedomClient.exe (PID: 6356)

    • Checks proxy server information

      • Updater.exe (PID: 6584)
      • SteganosInfo.exe (PID: 2024)
      • OkayFreedomClient.exe (PID: 6356)

    • Reads the software policy settings

      • SteganosInfo.exe (PID: 2024)
      • OkayFreedomClient.exe (PID: 6356)
      • Updater.exe (PID: 6584)

    • Reads the machine GUID from the registry

      • SteganosInfo.exe (PID: 2024)
      • OkayFreedomClient.exe (PID: 6356)
      • Updater.exe (PID: 6584)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:02 02:09:39+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x34fc
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.8.20.0
ProductVersionNumber: 1.8.20.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: German
CharacterSet: Unicode
Comments: -
CompanyName: Steganos Software GmbH
FileDescription: -
FileVersion: 1.8.20.0 Rev 13784
LegalCopyright: © 2023 Steganos Software GmbH
LegalTrademarks: -
ProductName: OkayFreedom
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
132
Monitored processes
8
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start okayfreedom-vpn.exe okayfreedom-vpn.exe okayfreedomclient.exe no specs okayfreedomservice.exe resetpendingmoves.exe no specs okayfreedomclient.exe updater.exe steganosinfo.exe

Process information

PID
CMD
Path
Indicators
Parent process
736"C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe"C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
services.exe
User:
SYSTEM
Company:
Steganos Software GmbH
Integrity Level:
SYSTEM
Description:
OkayFreedom
Version:
1.8.20.13784
Modules
Images
c:\program files (x86)\okayfreedom\okayfreedomservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2024"C:\Program Files (x86)\OkayFreedom\SteganosInfo.exe"C:\Program Files (x86)\OkayFreedom\SteganosInfo.exe
OkayFreedomClient.exe
User:
admin
Company:
Steganos Software GmbH
Integrity Level:
MEDIUM
Description:
Steganos Info App
Version:
1.8.20.13784
Modules
Images
c:\program files (x86)\okayfreedom\steganosinfo.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2212"C:\Users\admin\Desktop\okayfreedom-vpn.exe" /UAC:A028C /NCRC C:\Users\admin\Desktop\okayfreedom-vpn.exe
okayfreedom-vpn.exe
User:
admin
Company:
Steganos Software GmbH
Integrity Level:
HIGH
Exit code:
1223
Version:
1.8.20.0 Rev 13784
Modules
Images
c:\users\admin\desktop\okayfreedom-vpn.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3036"C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -installC:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exeokayfreedom-vpn.exe
User:
admin
Company:
Steganos Software GmbH
Integrity Level:
MEDIUM
Description:
OkayFreedom
Exit code:
4294967295
Version:
1.8.20.13784
Modules
Images
c:\program files (x86)\okayfreedom\okayfreedomclient.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6356"C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
okayfreedom-vpn.exe
User:
admin
Company:
Steganos Software GmbH
Integrity Level:
MEDIUM
Description:
OkayFreedom
Version:
1.8.20.13784
Modules
Images
c:\program files (x86)\okayfreedom\okayfreedomclient.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6584"C:\Program Files (x86)\OkayFreedom\Updater.exe" --verbosity silentC:\Program Files (x86)\OkayFreedom\Updater.exe
OkayFreedomClient.exe
User:
admin
Company:
Steganos Software GmbH
Integrity Level:
MEDIUM
Description:
Update Wizard
Exit code:
0
Version:
1.8.20.13784
Modules
Images
c:\program files (x86)\okayfreedom\updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6928"C:\Program Files (x86)\OkayFreedom\ResetPendingMoves.exe" "OkayFreedom"C:\Program Files (x86)\OkayFreedom\ResetPendingMoves.exeokayfreedom-vpn.exe
User:
admin
Integrity Level:
HIGH
Exit code:
2
Modules
Images
c:\program files (x86)\okayfreedom\resetpendingmoves.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
7004"C:\Users\admin\Desktop\okayfreedom-vpn.exe" C:\Users\admin\Desktop\okayfreedom-vpn.exe
explorer.exe
User:
admin
Company:
Steganos Software GmbH
Integrity Level:
MEDIUM
Exit code:
1223
Version:
1.8.20.0 Rev 13784
Modules
Images
c:\users\admin\desktop\okayfreedom-vpn.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
26 904
Read events
26 113
Write events
749
Delete events
42

Modification events

(PID) Process:(7004) okayfreedom-vpn.exeKey:HKEY_CURRENT_USER\SOFTWARE\Steganos\Products\OKAYFREEDOM
Operation:writeName:Activities
Value:
21|20240914194148
(PID) Process:(7004) okayfreedom-vpn.exeKey:HKEY_CURRENT_USER\SOFTWARE\Steganos\Products
Operation:writeName:Current
Value:
OKAYFREEDOM
(PID) Process:(2212) okayfreedom-vpn.exeKey:HKEY_CURRENT_USER\SOFTWARE\Steganos\Products\OKAYFREEDOM
Operation:writeName:Activities
Value:
21|20240914194149
(PID) Process:(2212) okayfreedom-vpn.exeKey:HKEY_CURRENT_USER\SOFTWARE\Steganos\Products
Operation:writeName:Current
Value:
OKAYFREEDOM
(PID) Process:(2212) okayfreedom-vpn.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Steganos\OKAYFREEDOM
Operation:writeName:SetDesktopShortcutsOnInstall
Value:
1
(PID) Process:(2212) okayfreedom-vpn.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Steganos\OKAYFREEDOM
Operation:writeName:SetQuicklaunchShortcutsOnInstall
Value:
1
(PID) Process:(2212) okayfreedom-vpn.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Steganos\OKAYFREEDOM
Operation:writeName:VPNPath
Value:
openvpn64
(PID) Process:(2212) okayfreedom-vpn.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Steganos\OKAYFREEDOM
Operation:writeName:AdapterID
Value:
tap0901
(PID) Process:(2212) okayfreedom-vpn.exeKey:HKEY_CURRENT_USER\SOFTWARE\Steganos\Products\OKAYFREEDOM
Operation:writeName:Activities
Value:
21|20240914194149,30|20240914194158
(PID) Process:(2212) okayfreedom-vpn.exeKey:HKEY_CURRENT_USER\SOFTWARE\Steganos\Products\OKAYFREEDOM
Operation:writeName:Activities
Value:
21|20240914194149,30|20240914194158,35|20240914194158
Executable files
64
Suspicious files
19
Text files
255
Unknown types
0

Dropped files

PID
Process
Filename
Type
7004okayfreedom-vpn.exeC:\Users\admin\AppData\Local\Temp\nsmB6F5.tmp\UAC.dllexecutable
MD5:ADB29E6B186DAA765DC750128649B63D
SHA256:2F7F8FC05DC4FD0D5CDA501B47E4433357E887BBFED7292C028D99C73B52DC08
7004okayfreedom-vpn.exeC:\Users\admin\AppData\Local\Temp\nsmB6F5.tmp\System.dllexecutable
MD5:4ADD245D4BA34B04F213409BFE504C07
SHA256:9111099EFE9D5C9B391DC132B2FAF0A3851A760D4106D5368E30AC744EB42706
2212okayfreedom-vpn.exeC:\Users\admin\AppData\Local\Temp\nstBA70.tmp\nsi_installer_banner168.bmpimage
MD5:C02584DF58DEA4D494D02DCF21E12577
SHA256:25FF27C9015BD38FDF097A26017848E5CD4561D51060A108693A03AE69F19938
2212okayfreedom-vpn.exeC:\Users\admin\AppData\Local\Temp\nstBA70.tmp\nsi_installer_banner192.bmpimage
MD5:58F33EC9597BC13FDEF32497E2CFB97A
SHA256:2260BA2B2C529B04C36CCB0D20C8F1DBEE90AAAACEFE327320E86A8ED0680CDC
2212okayfreedom-vpn.exeC:\Users\admin\AppData\Local\Temp\nstBA70.tmp\nsi_installer_banner216.bmpimage
MD5:8B3D95042C2FA65D7F9B6CA7C8994612
SHA256:CEC78DA1DB9D509D0319DEA8132C261AD2606351656F7FF0B0D92A24474F1064
2212okayfreedom-vpn.exeC:\Users\admin\AppData\Local\Temp\nstBA70.tmp\System.dllexecutable
MD5:4ADD245D4BA34B04F213409BFE504C07
SHA256:9111099EFE9D5C9B391DC132B2FAF0A3851A760D4106D5368E30AC744EB42706
2212okayfreedom-vpn.exeC:\Users\admin\AppData\Local\Temp\nstBA70.tmp\UAC.dllexecutable
MD5:ADB29E6B186DAA765DC750128649B63D
SHA256:2F7F8FC05DC4FD0D5CDA501B47E4433357E887BBFED7292C028D99C73B52DC08
2212okayfreedom-vpn.exeC:\Users\admin\AppData\Local\Temp\nstBA70.tmp\nsi_installer_banner120.bmpimage
MD5:8BE364BAC7BE1B1B629E59E61C143F26
SHA256:517F01C69CAA22F5DF281BF215CD79083419D2C53E4ED8627A4499504CD2D28B
2212okayfreedom-vpn.exeC:\Users\admin\AppData\Local\Temp\nstBA70.tmp\modern-wizard.bmpimage
MD5:A729C0FACAC8F33FAEE4830BE7C873BA
SHA256:DF145A9570DC4E570DC4764221C70F83079CA8ADA794A178CB94489E8E91020D
2212okayfreedom-vpn.exeC:\Users\admin\AppData\Local\Temp\nstBA70.tmp\modern-header.bmpimage
MD5:30C38DF865F57C574988307A2E54F681
SHA256:7B8AAB0756C44A685730B06BFE25296C69F9356A7E47006B7CBCA1584AD3BF2C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
37
TCP/UDP connections
59
DNS requests
33
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6516
RUXIMICS.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6612
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2120
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
301
194.147.131.26:443
https://backend.steganos.com/?area=updateinfo&updateinfoversion=2&version=1.8.20&product=OKAYFREEDOM&language=EN&channel=default&s=000-253-000-253-000&ic=04020000&uid=28C652A4-FA1B-4AD1-A556-5EB0C70994FE&mode=0&wkz=unknown&dl=0&installed=1&t=no&db=e
unknown
GET
302
194.147.131.26:443
https://backend.steganos.com/en/?area=updateinfo&updateinfoversion=2&version=1.8.20&product=OKAYFREEDOM&language=EN&channel=default&s=000-253-000-253-000&ic=04020000&uid=28C652A4-FA1B-4AD1-A556-5EB0C70994FE&mode=0&wkz=unknown&dl=0&installed=1&t=no&db=e
unknown
GET
200
194.147.131.26:443
https://vpn1.steganos.com/scripts/ip/
unknown
text
13 b
GET
200
194.147.131.20:443
https://backend.okayfreedom.com/scripts/products/okayfreedom/info/okf_license_3days_de.jpg
unknown
image
71.8 Kb
GET
200
194.147.131.26:443
https://backend.steganos.com/scripts/updateinfo/index2.php?area=updateinfo&updateinfoversion=2&version=1.8.20&product=OKAYFREEDOM&language=EN&channel=default&s=000-253-000-253-000&ic=04020000&uid=28C652A4-FA1B-4AD1-A556-5EB0C70994FE&mode=0&wkz=unknown&dl=0&installed=1&t=no&db=e
unknown
text
378 b
GET
200
194.147.131.20:443
https://vpn.okayfreedom.com/scripts/products/okayfreedom/info/okf_template_new.htm
unknown
html
12.5 Kb
GET
200
194.147.131.20:443
https://backend.okayfreedom.com/scripts/products/okayfreedom/info/okf_connect_jp.jpg
unknown
image
61.6 Kb
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6612
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6516
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6516
RUXIMICS.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6612
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2120
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
6612
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.142
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
backend.steganos.com
  • 194.147.131.26
unknown
api.steganos.com
  • 194.147.131.27
unknown
vpn1.steganos.com
  • 194.147.131.20
unknown
vpn2.steganos.com
  • 194.147.131.21
unknown
mail.arcor.de
  • 2.207.150.234
shared
mail.epost.de
  • 4.245.24.235
shared
mail.gmx.net
  • 212.227.17.168
  • 212.227.17.190
shared

Threats

PID
Process
Class
Message
Device Retrieving External IP Address Detected
SUSPICIOUS [ANY.RUN] An IP address was received from the server as a result of an HTTP request
Device Retrieving External IP Address Detected
SUSPICIOUS [ANY.RUN] An IP address was received from the server as a result of an HTTP request
Process
Message
OkayFreedomService.exe
+++ CheckDanglingOpenVPN()
OkayFreedomService.exe
g_nPWatcherTimerID: 1 g_bPCheckOnHold: 1 g_dwAutoOn: 0 g_dwRunning: 0
OkayFreedomClient.exe
*** Normal IP:
OkayFreedomClient.exe
169.224.4.143
OkayFreedomClient.exe
*** Anonymous IP (https):
OkayFreedomClient.exe
169.224.4.143
OkayFreedomService.exe
CMSETRUNNING: CMTRM:
OkayFreedomService.exe
CMSETRUNNING:
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
okayfreedom-vpn.exe