344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a

Analysis

max time kernel
101s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
24/07/2024, 03:39 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WaveInstaller Official.exe
Size

1.5MB
MD5

c822ab5332b11c9185765b157d0b6e17
SHA1

7fe909d73a24ddd87171896079cceb8b03663ad4
SHA256

344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a
SHA512

a8612836fb4714b939d03f7fe08391bbc635ca83ab853fc677159e5db6b00f76b9b586bdae9c19d2406d9a2713d1caf614132cb6c14e1dddc6ac45e47f7e5a5d
SSDEEP

24576:9viinbT3ipyqwPx4x3RyFoBkkAd04wJAAh/jV1gJcPNZI6fntX3HOt2pbs81ind2:EinbT3ipTD0anywJAaD/3U2pb7indT

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	WaveBootstrapper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	Bloxstrap.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	WaveInstaller Official.exe

Executes dropped EXE 4 IoCs

pid	Process
3052	WaveBootstrapper.exe
1364	WaveWindows.exe
3076	node.exe
3748	Bloxstrap.exe

Checks for any installed AV software in registry 1 TTPs 4 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Software\KasperskyLab	WaveWindows.exe
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Software\KasperskyLab	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\KasperskyLab\LastUsername	WaveWindows.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\KasperskyLab\Session	WaveWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
49	raw.githubusercontent.com
50	raw.githubusercontent.com
71	raw.githubusercontent.com
72	raw.githubusercontent.com
73	raw.githubusercontent.com
74	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveBootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveWindows.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller Official.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1364	WaveWindows.exe
1364	WaveWindows.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3316	WaveInstaller Official.exe
Token: SeDebugPrivilege	3052	WaveBootstrapper.exe
Token: SeDebugPrivilege	1364	WaveWindows.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3316 wrote to memory of 3052	3316	WaveInstaller Official.exe	101
PID 3316 wrote to memory of 3052	3316	WaveInstaller Official.exe	101
PID 3316 wrote to memory of 3052	3316	WaveInstaller Official.exe	101
PID 3052 wrote to memory of 1364	3052	WaveBootstrapper.exe	102
PID 3052 wrote to memory of 1364	3052	WaveBootstrapper.exe	102
PID 3052 wrote to memory of 1364	3052	WaveBootstrapper.exe	102
PID 1364 wrote to memory of 3076	1364	WaveWindows.exe	103
PID 1364 wrote to memory of 3076	1364	WaveWindows.exe	103
PID 1364 wrote to memory of 3748	1364	WaveWindows.exe	105
PID 1364 wrote to memory of 3748	1364	WaveWindows.exe	105

C:\Users\Admin\AppData\Local\Temp\WaveInstaller Official.exe
"C:\Users\Admin\AppData\Local\Temp\WaveInstaller Official.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3316
- C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
  "C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
    "C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Checks for any installed AV software in registry
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1364
  - - C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
      "C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=1364
      4⤵
      Executes dropped EXE
      PID:3076
  - - C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
      "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:3748

Network

DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

73.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.31.126.40.in-addr.arpa

IN PTR

Response
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

www.nuget.org

WaveInstaller Official.exe

Remote address:

8.8.8.8:53

Request

www.nuget.org

IN A

Response

www.nuget.org

IN CNAME

nugetprodusnc.azure-api.net

nugetprodusnc.azure-api.net

IN CNAME

apimgmttm3csrht7lvztprufrqlzasbgohlgs9virtv24ewckt.trafficmanager.net

apimgmttm3csrht7lvztprufrqlzasbgohlgs9virtv24ewckt.trafficmanager.net

IN CNAME

nugetprodusnc-northcentralus-01.regional.azure-api.net

nugetprodusnc-northcentralus-01.regional.azure-api.net

IN CNAME

apimgmthskpop34uvs7ufuzdiq0mjfe3lnuqclimpbqtgnvr1k.cloudapp.net

apimgmthskpop34uvs7ufuzdiq0mjfe3lnuqclimpbqtgnvr1k.cloudapp.net

IN A

52.240.159.111
GET

https://www.nuget.org/api/v2/package/chromiumembeddedframework.runtime.win-x86/124.3.8

WaveInstaller Official.exe

Remote address:

52.240.159.111:443

Request

GET /api/v2/package/chromiumembeddedframework.runtime.win-x86/124.3.8 HTTP/1.1
Host: www.nuget.org
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Location: https://globalcdn.nuget.org/packages/chromiumembeddedframework.runtime.win-x86.124.3.8.nupkg
Access-Control-Expose-Headers: Request-Context
Set-Cookie: ARRAffinity=0aa69915266871205a67096b40953eafb333722c9d662666b4ee1cbd3af96c28;Path=/;HttpOnly;Secure;Domain=www.nuget.org
Set-Cookie: ARRAffinitySameSite=0aa69915266871205a67096b40953eafb333722c9d662666b4ee1cbd3af96c28;Path=/;HttpOnly;SameSite=None;Secure;Domain=www.nuget.org
Strict-Transport-Security: max-age=31536000; includeSubDomains
Request-Context: appId=cid-v1:338f6804-b1a9-4fe3-bba7-c93064e7ae7b
Content-Security-Policy: frame-ancestors 'none'
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Date: Wed, 24 Jul 2024 03:39:53 GMT
DNS

globalcdn.nuget.org

WaveInstaller Official.exe

Remote address:

8.8.8.8:53

Request

globalcdn.nuget.org

IN A

Response

globalcdn.nuget.org

IN CNAME

az320820.vo.msecnd.net

az320820.vo.msecnd.net

IN CNAME

cs2.wpc.gammacdn.net

cs2.wpc.gammacdn.net

IN A

152.199.23.209
GET

https://globalcdn.nuget.org/packages/chromiumembeddedframework.runtime.win-x86.124.3.8.nupkg

WaveInstaller Official.exe

Remote address:

152.199.23.209:443

Request

GET /packages/chromiumembeddedframework.runtime.win-x86.124.3.8.nupkg HTTP/1.1
Host: globalcdn.nuget.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
Age: 14044
Cache-Control: max-age=86400
Content-MD5: KtMo6XNVk1jXW6zzlHiruA==
Content-Type: application/octet-stream
Date: Wed, 24 Jul 2024 03:39:53 GMT
Etag: 0x8DC7653580CCF21
Expires: Thu, 25 Jul 2024 03:39:53 GMT
Last-Modified: Fri, 17 May 2024 09:25:51 GMT
Server: ECAcc (lhd/35A6)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: HIT
X-CDN-Rewrite: Root path in dist
X-Content-Type-Options: nosniff
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-meta-da7b2905_0f3c_4262_921c_b1593d1336f1_ESRP_RequestId: d0971dc0-4d5d-4a03-a180-e061db2270eb
x-ms-meta-SHA512: Q+wLiBuT/W+pkvPNrrBlP8bPbUjZwFOsj5NjScgSshxqOAoadBQ73VFqahVJMqogAsQB2wPenWlYFMVzMWn00g==
x-ms-request-id: 6f3e35d2-001e-004f-4c5a-ddcca3000000
x-ms-version: 2009-09-19
Content-Length: 120386931
DNS

111.159.240.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

111.159.240.52.in-addr.arpa

IN PTR

Response
DNS

209.23.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.23.199.152.in-addr.arpa

IN PTR

Response
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

github.com

WaveWindows.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
GET

https://github.com/dxgi/wave-binaries/raw/main/CefSharp.Common.124.3.8.rar

WaveInstaller Official.exe

Remote address:

20.26.156.215:443

Request

GET /dxgi/wave-binaries/raw/main/CefSharp.Common.124.3.8.rar HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 24 Jul 2024 03:40:43 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/dxgi/wave-binaries/main/CefSharp.Common.124.3.8.rar
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: F21D:2F8188:393528:411810:66A077BB
GET

https://github.com/dxgi/wave-binaries/raw/main/CefSharp.Wpf.124.3.8.rar

WaveInstaller Official.exe

Remote address:

20.26.156.215:443

Request

GET /dxgi/wave-binaries/raw/main/CefSharp.Wpf.124.3.8.rar HTTP/1.1
Host: github.com

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 24 Jul 2024 03:40:44 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/dxgi/wave-binaries/main/CefSharp.Wpf.124.3.8.rar
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: F21D:2F8188:393554:411841:66A077BB
GET

https://github.com/dxgi/wave-binaries/raw/main/Luau-x64.rar

WaveInstaller Official.exe

Remote address:

20.26.156.215:443

Request

GET /dxgi/wave-binaries/raw/main/Luau-x64.rar HTTP/1.1
Host: github.com

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 24 Jul 2024 03:40:44 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/dxgi/wave-binaries/main/Luau-x64.rar
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: F21D:2F8188:393562:411851:66A077BC
GET

https://github.com/dxgi/wave-binaries/raw/main/Wave-x64.rar

WaveInstaller Official.exe

Remote address:

20.26.156.215:443

Request

GET /dxgi/wave-binaries/raw/main/Wave-x64.rar HTTP/1.1
Host: github.com

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 24 Jul 2024 03:40:48 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/dxgi/wave-binaries/main/Wave-x64.rar
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: F21D:2F8188:393696:4119B0:66A077BC
DNS

raw.githubusercontent.com

WaveWindows.exe

Remote address:

8.8.8.8:53

Request

raw.githubusercontent.com

IN A

Response

raw.githubusercontent.com

IN A

185.199.110.133

raw.githubusercontent.com

IN A

185.199.109.133

raw.githubusercontent.com

IN A

185.199.108.133

raw.githubusercontent.com

IN A

185.199.111.133
GET

https://raw.githubusercontent.com/dxgi/wave-binaries/main/CefSharp.Common.124.3.8.rar

WaveInstaller Official.exe

Remote address:

185.199.110.133:443

Request

GET /dxgi/wave-binaries/main/CefSharp.Common.124.3.8.rar HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 760158
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "b5b5925d370099303c7da325d8c205f9d4b513f363e88b3e6cafa39b5d3639f0"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 9BCE:08E0:309BE:43F75:669F4AF9
Accept-Ranges: bytes
Date: Wed, 24 Jul 2024 03:40:43 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420138-LON
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1721792444.767134,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 29f19cc1564eed8e8f0225ac905ce6ecb28ae863
Expires: Wed, 24 Jul 2024 03:45:43 GMT
Source-Age: 222
GET

https://raw.githubusercontent.com/dxgi/wave-binaries/main/CefSharp.Wpf.124.3.8.rar

WaveInstaller Official.exe

Remote address:

185.199.110.133:443

Request

GET /dxgi/wave-binaries/main/CefSharp.Wpf.124.3.8.rar HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 46855
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "263bd8e3ed39147ea71bd9ae9db91417c8cef8a784c52072c3b22b84d724a1c7"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: C409:2D79A5:5A6F4B:7089B8:669B7039
Accept-Ranges: bytes
Date: Wed, 24 Jul 2024 03:40:44 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420138-LON
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1721792444.210679,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: f5930bc149a01fc1c4f9eb7b450a5786919cb204
Expires: Wed, 24 Jul 2024 03:45:44 GMT
Source-Age: 222
GET

https://raw.githubusercontent.com/dxgi/wave-binaries/main/Luau-x64.rar

WaveInstaller Official.exe

Remote address:

185.199.110.133:443

Request

GET /dxgi/wave-binaries/main/Luau-x64.rar HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 23272440
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "081175a38d76b2092a09a9f6da79d15f2eea603c2e532841fe91f08abbbd6d75"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: B474:2D79A5:5A6F4D:7089B9:669B7038
Accept-Ranges: bytes
Date: Wed, 24 Jul 2024 03:40:44 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420138-LON
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1721792444.420789,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: adc099f3404f4553890613ff8ebd01ae5754b0ff
Expires: Wed, 24 Jul 2024 03:45:44 GMT
Source-Age: 222
GET

https://raw.githubusercontent.com/dxgi/wave-binaries/main/Wave-x64.rar

WaveInstaller Official.exe

Remote address:

185.199.110.133:443

Request

GET /dxgi/wave-binaries/main/Wave-x64.rar HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 4354420
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "ebc903828006c0719cfe57b2f681026910d60f2428d2506160600bf2d37319df"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 26EE:08D2:30C7E7:3CF7B6:669B7035
Accept-Ranges: bytes
Date: Wed, 24 Jul 2024 03:40:48 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420138-LON
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1721792449.811030,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 3c8e3e1b60979ea46a41d7009c2c94c653fc45a2
Expires: Wed, 24 Jul 2024 03:45:48 GMT
Source-Age: 213
DNS

215.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.156.26.20.in-addr.arpa

IN PTR

Response
DNS

133.110.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.110.199.185.in-addr.arpa

IN PTR

Response

133.110.199.185.in-addr.arpa

IN PTR

cdn-185-199-110-133githubcom
DNS

cdn.getwave.gg

WaveBootstrapper.exe

Remote address:

8.8.8.8:53

Request

cdn.getwave.gg

IN A

Response

cdn.getwave.gg

IN A

104.26.3.170

cdn.getwave.gg

IN A

104.26.2.170

cdn.getwave.gg

IN A

172.67.73.56
GET

https://cdn.getwave.gg/WaveWindows.exe

WaveInstaller Official.exe

Remote address:

104.26.3.170:443

Request

GET /WaveWindows.exe HTTP/1.1
Host: cdn.getwave.gg
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Wed, 24 Jul 2024 03:40:49 GMT
Content-Type: application/octet-stream
Content-Length: 8371200
Connection: keep-alive
CF-Ray: 8a80e41afa72413c-LHR
CF-Cache-Status: HIT
Accept-Ranges: bytes
Age: 6865
Cache-Control: public, max-age=3600
ETag: "b8631bbd78d3935042e47b672c19ccc3"
Last-Modified: Tue, 09 Jul 2024 03:08:32 GMT
Vary: Accept-Encoding
x-amz-id-2: CPVMwQZfuWiMbXZh9JV54HDKNLw+uCoUOLcKwFJAmDoNLhS8KNa9Saq8MsOWXtr5TH2krKmqW4U=
x-amz-request-id: H5K4PHPT71AGGPAG
x-amz-version-id: UegwlSbLluulh.MwgPGligSaLYowrGNE
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ffIqkrhSP2agwLM5Qmb9yMkVa8oK9MqM30TlYUgkKZgjbS7xQAv9tyCfF%2F0xBMxw%2BqQAci6uCtu0pZT0SJY0NgDGO12fTJoqdUvFQ%2B9ZE9mizMsfa8peqJLuhxV%2BCCPT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
DNS

170.3.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

170.3.26.104.in-addr.arpa

IN PTR

Response
DNS

170.3.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

170.3.26.104.in-addr.arpa

IN PTR
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

clientsettingscdn.roblox.com

WaveBootstrapper.exe

Remote address:

8.8.8.8:53

Request

clientsettingscdn.roblox.com

IN A

Response

clientsettingscdn.roblox.com

IN CNAME

d2v57ias1m20gl.cloudfront.net

d2v57ias1m20gl.cloudfront.net

IN A

18.165.242.53

d2v57ias1m20gl.cloudfront.net

IN A

18.165.242.41

d2v57ias1m20gl.cloudfront.net

IN A

18.165.242.119

d2v57ias1m20gl.cloudfront.net

IN A

18.165.242.74
GET

https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer

WaveBootstrapper.exe

Remote address:

18.165.242.53:443

Request

GET /v2/client-version/WindowsPlayer HTTP/1.1
Host: clientsettingscdn.roblox.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/json; charset=utf-8
Content-Length: 119
Connection: keep-alive
Date: Wed, 24 Jul 2024 03:40:39 GMT
Server: Kestrel
Cache-Control: public, must-revalidate, max-age=30
strict-transport-security: max-age=3600
x-frame-options: SAMEORIGIN
roblox-machine-id: d3fb142c-598f-2d37-330d-b6639a277f53
x-roblox-region: us-central
x-roblox-edge: fra4
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
X-Cache: Hit from cloudfront
Via: 1.1 c1274bb2b40e2443167979b444e759a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P6
X-Amz-Cf-Id: 8mbBtOm_nJ4Tw4au3KGiuotX6BmW4aL54Kjcg6Y3NaF33s_cJXp7UA==
Age: 19
Rbx-Cdn-Provider: aws
Timing-Allow-Origin: *
Vary: Origin
DNS

53.242.165.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.242.165.18.in-addr.arpa

IN PTR

Response

53.242.165.18.in-addr.arpa

IN PTR

server-18-165-242-53lhr61r cloudfrontnet
HEAD

https://cdn.getwave.gg/WaveWindows.exe

WaveBootstrapper.exe

Remote address:

104.26.3.170:443

Request

HEAD /WaveWindows.exe HTTP/1.1
Host: cdn.getwave.gg
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Wed, 24 Jul 2024 03:41:00 GMT
Content-Type: application/octet-stream
Content-Length: 8371200
Connection: keep-alive
CF-Ray: 8a80e45e9e7c94d8-LHR
CF-Cache-Status: HIT
Accept-Ranges: bytes
Age: 6876
Cache-Control: public, max-age=3600
ETag: "b8631bbd78d3935042e47b672c19ccc3"
Last-Modified: Tue, 09 Jul 2024 03:08:32 GMT
Vary: Accept-Encoding
x-amz-id-2: CPVMwQZfuWiMbXZh9JV54HDKNLw+uCoUOLcKwFJAmDoNLhS8KNa9Saq8MsOWXtr5TH2krKmqW4U=
x-amz-request-id: H5K4PHPT71AGGPAG
x-amz-version-id: UegwlSbLluulh.MwgPGligSaLYowrGNE
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kzIHA47B0n%2FL%2BTnCUGAvRPCw5gyiCimbPRCVyfbT4xRy7EpEGpxsuOZ4PiPQyo6K%2FwvRHh2J5ljElYiJ5RrykHviJkyg1IrP8sbU4%2BPgOUyj3BCgMTZxwSmZ%2BsP%2BeBVU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
GET

https://github.com/dxgi/wave-binaries/raw/main/bloxstrap-setup/Bloxstrap.dll

WaveWindows.exe

Remote address:

20.26.156.215:443

Request

GET /dxgi/wave-binaries/raw/main/bloxstrap-setup/Bloxstrap.dll HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 24 Jul 2024 03:41:03 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/dxgi/wave-binaries/main/bloxstrap-setup/Bloxstrap.dll
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: F320:2F2188:37B8C6:3F9D6D:66A077CE
GET

https://github.com/dxgi/wave-binaries/raw/main/bloxstrap-setup/Bloxstrap.exe

WaveWindows.exe

Remote address:

20.26.156.215:443

Request

GET /dxgi/wave-binaries/raw/main/bloxstrap-setup/Bloxstrap.exe HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 24 Jul 2024 03:41:03 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/dxgi/wave-binaries/main/bloxstrap-setup/Bloxstrap.exe
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: F31F:57E18:38F17A:40D65C:66A077CE
GET

https://github.com/dxgi/wave-binaries/raw/main/bloxstrap-setup/Wave-Blue.ico

WaveWindows.exe

Remote address:

20.26.156.215:443

Request

GET /dxgi/wave-binaries/raw/main/bloxstrap-setup/Wave-Blue.ico HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 24 Jul 2024 03:41:03 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/dxgi/wave-binaries/main/bloxstrap-setup/Wave-Blue.ico
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: F321:587F8:3865F3:404AAE:66A077CE
GET

https://github.com/dxgi/wave-binaries/raw/main/bloxstrap-setup/Bloxstrap.runtimeconfig.json

WaveWindows.exe

Remote address:

20.26.156.215:443

Request

GET /dxgi/wave-binaries/raw/main/bloxstrap-setup/Bloxstrap.runtimeconfig.json HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 24 Jul 2024 03:41:03 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/dxgi/wave-binaries/main/bloxstrap-setup/Bloxstrap.runtimeconfig.json
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: F322:5BC3B:3809A7:3FED5B:66A077CE
GET

https://raw.githubusercontent.com/dxgi/wave-binaries/main/bloxstrap-setup/Wave-Blue.ico

WaveWindows.exe

Remote address:

185.199.110.133:443

Request

GET /dxgi/wave-binaries/main/bloxstrap-setup/Wave-Blue.ico HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 205373
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: image/vnd.microsoft.icon
ETag: "3a1201d51fea41334a97309f007a97c9bbe33a0ffc2c30b7b566be58c1b37cfc"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6080:160D77:372ADE:450360:669FA45C
Accept-Ranges: bytes
Date: Wed, 24 Jul 2024 03:41:03 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4283-LON
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1721792463.177012,VS0,VE111
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 6754f7f6b27b90a5f6475ad57f973494854fc799
Expires: Wed, 24 Jul 2024 03:46:03 GMT
Source-Age: 0
GET

https://raw.githubusercontent.com/dxgi/wave-binaries/main/bloxstrap-setup/Bloxstrap.runtimeconfig.json

WaveWindows.exe

Remote address:

185.199.110.133:443

Request

GET /dxgi/wave-binaries/main/bloxstrap-setup/Bloxstrap.runtimeconfig.json HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 372
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: text/plain; charset=utf-8
ETag: "8a1a37999724d03ae7fd03ad1df6e92a8d3e5948322c549c75a624997a797ab6"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 1890:2F9158:69A9B:8731C:66A077CE
Accept-Ranges: bytes
Date: Wed, 24 Jul 2024 03:41:03 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600026-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1721792464.604446,VS0,VE120
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 12e6503099c2fd5054d0b26d150966eaad879eb9
Expires: Wed, 24 Jul 2024 03:46:03 GMT
Source-Age: 0
GET

https://raw.githubusercontent.com/dxgi/wave-binaries/main/bloxstrap-setup/Bloxstrap.exe

WaveWindows.exe

Remote address:

185.199.110.133:443

Request

GET /dxgi/wave-binaries/main/bloxstrap-setup/Bloxstrap.exe HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 254976
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "041539f95c93a975ea5ef31d39fec4d93c706988d2c4085d113d63ef4dda6b83"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: D22C:58B44:6DEF5:8B783:66A077CB
Accept-Ranges: bytes
Date: Wed, 24 Jul 2024 03:41:03 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600065-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1721792463.369229,VS0,VE169
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 588e59743739cb21a9f3a68e008dbf625181c5bc
Expires: Wed, 24 Jul 2024 03:46:03 GMT
Source-Age: 0
GET

https://raw.githubusercontent.com/dxgi/wave-binaries/main/bloxstrap-setup/Bloxstrap.dll

WaveWindows.exe

Remote address:

185.199.110.133:443

Request

GET /dxgi/wave-binaries/main/bloxstrap-setup/Bloxstrap.dll HTTP/1.1
Host: raw.githubusercontent.com

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 4532736
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/octet-stream
ETag: "44dc5be3d82a9c35f7828aee36f79de45a195783e9ef6da5da60ea029f94a70a"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: CB28:08E0:3FF4F:5729E:669F5DA5
Accept-Ranges: bytes
Date: Wed, 24 Jul 2024 03:41:03 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420108-LON
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1721792464.779822,VS0,VE164
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: c5ed28f4adb04359e601fd4be77c1dba975a836b
Expires: Wed, 24 Jul 2024 03:46:03 GMT
Source-Age: 0
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301647_1WPCMGQFUBMCD0PLY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301647_1WPCMGQFUBMCD0PLY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 327794
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7F08501092F34969BA7FA37E7E87D5A1 Ref B: LON04EDGE0721 Ref C: 2024-07-24T03:41:30Z
date: Wed, 24 Jul 2024 03:41:29 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301506_1F0FLOT3FW11VH0B0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301506_1F0FLOT3FW11VH0B0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 755035
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 47BA28B130A745EEBF9E03768729C04E Ref B: LON04EDGE0721 Ref C: 2024-07-24T03:41:30Z
date: Wed, 24 Jul 2024 03:41:29 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 550329
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DD71E0B27C2B4B3CA5007D1CB60C6D01 Ref B: LON04EDGE0721 Ref C: 2024-07-24T03:41:30Z
date: Wed, 24 Jul 2024 03:41:29 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301073_18LC40ETNMF8SEVBD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301073_18LC40ETNMF8SEVBD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 857486
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6DC42000B3424C91B1E90CB5780943FE Ref B: LON04EDGE0721 Ref C: 2024-07-24T03:41:30Z
date: Wed, 24 Jul 2024 03:41:29 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301238_1VXAUBNO1JRUV536J&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301238_1VXAUBNO1JRUV536J&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

52.240.159.111:443

https://www.nuget.org/api/v2/package/chromiumembeddedframework.runtime.win-x86/124.3.8

tls, http

WaveInstaller Official.exe

937 B
5.9kB
10
9

HTTP Request

GET https://www.nuget.org/api/v2/package/chromiumembeddedframework.runtime.win-x86/124.3.8

HTTP Response

302
152.199.23.209:443

https://globalcdn.nuget.org/packages/chromiumembeddedframework.runtime.win-x86.124.3.8.nupkg

tls, http

WaveInstaller Official.exe

2.1MB
121.9MB
45328
87245

HTTP Request

GET https://globalcdn.nuget.org/packages/chromiumembeddedframework.runtime.win-x86.124.3.8.nupkg

HTTP Response

200
20.26.156.215:443

https://github.com/dxgi/wave-binaries/raw/main/Wave-x64.rar

tls, http

WaveInstaller Official.exe

1.6kB
19.3kB
19
23

HTTP Request

GET https://github.com/dxgi/wave-binaries/raw/main/CefSharp.Common.124.3.8.rar

HTTP Response

302

HTTP Request

GET https://github.com/dxgi/wave-binaries/raw/main/CefSharp.Wpf.124.3.8.rar

HTTP Response

302

HTTP Request

GET https://github.com/dxgi/wave-binaries/raw/main/Luau-x64.rar

HTTP Response

302

HTTP Request

GET https://github.com/dxgi/wave-binaries/raw/main/Wave-x64.rar

HTTP Response

302
185.199.110.133:443

https://raw.githubusercontent.com/dxgi/wave-binaries/main/Wave-x64.rar

tls, http

WaveInstaller Official.exe

515.5kB
29.3MB
10963
21015

HTTP Request

GET https://raw.githubusercontent.com/dxgi/wave-binaries/main/CefSharp.Common.124.3.8.rar

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/dxgi/wave-binaries/main/CefSharp.Wpf.124.3.8.rar

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/dxgi/wave-binaries/main/Luau-x64.rar

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/dxgi/wave-binaries/main/Wave-x64.rar

HTTP Response

200
104.26.3.170:443

https://cdn.getwave.gg/WaveWindows.exe

tls, http

WaveInstaller Official.exe

218.0kB
8.6MB
4069
6200

HTTP Request

GET https://cdn.getwave.gg/WaveWindows.exe

HTTP Response

200
18.165.242.53:443

https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer

tls, http

WaveBootstrapper.exe

823 B
7.0kB
9
9

HTTP Request

GET https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer

HTTP Response

200
104.26.3.170:443

https://cdn.getwave.gg/WaveWindows.exe

tls, http

WaveBootstrapper.exe

786 B
5.2kB
9
8

HTTP Request

HEAD https://cdn.getwave.gg/WaveWindows.exe

HTTP Response

200
20.26.156.215:443

https://github.com/dxgi/wave-binaries/raw/main/bloxstrap-setup/Bloxstrap.dll

tls, http

WaveWindows.exe

905 B
7.6kB
11
11

HTTP Request

GET https://github.com/dxgi/wave-binaries/raw/main/bloxstrap-setup/Bloxstrap.dll

HTTP Response

302
20.26.156.215:443

https://github.com/dxgi/wave-binaries/raw/main/bloxstrap-setup/Bloxstrap.exe

tls, http

WaveWindows.exe

1.1kB
8.7kB
13
12

HTTP Request

GET https://github.com/dxgi/wave-binaries/raw/main/bloxstrap-setup/Bloxstrap.exe

HTTP Response

302
20.26.156.215:443

https://github.com/dxgi/wave-binaries/raw/main/bloxstrap-setup/Wave-Blue.ico

tls, http

WaveWindows.exe

905 B
7.6kB
11
11

HTTP Request

GET https://github.com/dxgi/wave-binaries/raw/main/bloxstrap-setup/Wave-Blue.ico

HTTP Response

302
20.26.156.215:443

https://github.com/dxgi/wave-binaries/raw/main/bloxstrap-setup/Bloxstrap.runtimeconfig.json

tls, http

WaveWindows.exe

920 B
7.6kB
11
11

HTTP Request

GET https://github.com/dxgi/wave-binaries/raw/main/bloxstrap-setup/Bloxstrap.runtimeconfig.json

HTTP Response

302
185.199.110.133:443

https://raw.githubusercontent.com/dxgi/wave-binaries/main/bloxstrap-setup/Wave-Blue.ico

tls, http

WaveWindows.exe

4.3kB
217.0kB
85
163

HTTP Request

GET https://raw.githubusercontent.com/dxgi/wave-binaries/main/bloxstrap-setup/Wave-Blue.ico

HTTP Response

200
185.199.110.133:443

https://raw.githubusercontent.com/dxgi/wave-binaries/main/bloxstrap-setup/Bloxstrap.runtimeconfig.json

tls, http

WaveWindows.exe

1.2kB
2.0kB
10
10

HTTP Request

GET https://raw.githubusercontent.com/dxgi/wave-binaries/main/bloxstrap-setup/Bloxstrap.runtimeconfig.json

HTTP Response

200
185.199.110.133:443

https://raw.githubusercontent.com/dxgi/wave-binaries/main/bloxstrap-setup/Bloxstrap.exe

tls, http

WaveWindows.exe

5.2kB
265.7kB
102
198

HTTP Request

GET https://raw.githubusercontent.com/dxgi/wave-binaries/main/bloxstrap-setup/Bloxstrap.exe

HTTP Response

200
185.199.110.133:443

https://raw.githubusercontent.com/dxgi/wave-binaries/main/bloxstrap-setup/Bloxstrap.dll

tls, http

WaveWindows.exe

83.2kB
4.7MB
1771
3358

HTTP Request

GET https://raw.githubusercontent.com/dxgi/wave-binaries/main/bloxstrap-setup/Bloxstrap.dll

HTTP Response

200
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.1kB
7.7kB
14
12
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.1kB
7.7kB
14
11
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.1kB
7.7kB
14
12
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
7.7kB
15
12
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

60.8kB
1.8MB
1289
1287

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301647_1WPCMGQFUBMCD0PLY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301506_1F0FLOT3FW11VH0B0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301073_18LC40ETNMF8SEVBD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301238_1VXAUBNO1JRUV536J&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

73.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

73.31.126.40.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

www.nuget.org

dns

WaveInstaller Official.exe

59 B
325 B
1
1

DNS Request

www.nuget.org

DNS Response

52.240.159.111
8.8.8.8:53

globalcdn.nuget.org

dns

WaveInstaller Official.exe

65 B
148 B
1
1

DNS Request

globalcdn.nuget.org

DNS Response

152.199.23.209
8.8.8.8:53

111.159.240.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

111.159.240.52.in-addr.arpa
8.8.8.8:53

209.23.199.152.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

209.23.199.152.in-addr.arpa
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

github.com

dns

WaveWindows.exe

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

raw.githubusercontent.com

dns

WaveWindows.exe

71 B
135 B
1
1

DNS Request

raw.githubusercontent.com

DNS Response

185.199.110.133

185.199.109.133

185.199.108.133

185.199.111.133
8.8.8.8:53

215.156.26.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

215.156.26.20.in-addr.arpa
8.8.8.8:53

133.110.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.110.199.185.in-addr.arpa
8.8.8.8:53

cdn.getwave.gg

dns

WaveBootstrapper.exe

60 B
108 B
1
1

DNS Request

cdn.getwave.gg

DNS Response

104.26.3.170

104.26.2.170

172.67.73.56
8.8.8.8:53

170.3.26.104.in-addr.arpa

dns

142 B
133 B
2
1

DNS Request

170.3.26.104.in-addr.arpa

DNS Request

170.3.26.104.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

clientsettingscdn.roblox.com

dns

WaveBootstrapper.exe

74 B
181 B
1
1

DNS Request

clientsettingscdn.roblox.com

DNS Response

18.165.242.53

18.165.242.41

18.165.242.119

18.165.242.74
8.8.8.8:53

53.242.165.18.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

53.242.165.18.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.dll

Filesize
4.3MB

MD5
6546ceb273f079342df5e828a60f551b

SHA1
ede41c27df51c39cd731797c340fcb8feda51ea3

SHA256
e440da74de73212d80da3f27661fcb9436d03d9e8dbbb44c9c148aaf38071ca5

SHA512
f0ea83bf836e93ff7b58582329a05ba183a25c92705fab36f576ec0c20cf687ce16a68e483698bda4215d441dec5916ffbdfa1763fb357e14ab5e0f1ffcaf824

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

Filesize
249KB

MD5
772c9fecbd0397f6cfb3d866cf3a5d7d

SHA1
6de3355d866d0627a756d0d4e29318e67650dacf

SHA256
2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f

SHA512
82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.runtimeconfig.json

Filesize
372B

MD5
d94cf983fba9ab1bb8a6cb3ad4a48f50

SHA1
04855d8b7a76b7ec74633043ef9986d4500ca63c

SHA256
1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

SHA512
09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

Download Submit
C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js

Filesize
6.1MB

MD5
6b1cad741d0b6374435f7e1faa93b5e7

SHA1
7b1957e63c10f4422421245e4dc64074455fd62a

SHA256
6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f

SHA512
a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

Filesize
949KB

MD5
8fb51b92d496c6765f7ba44e6d4a8990

SHA1
d3e5a8465622cd5adae05babeb7e34b2b5c777d7

SHA256
ab49d6166a285b747e5f279620ab9cea12f33f7656d732aa75900fcb981a5394

SHA512
20de93a52fff7b092cb9d77bd26944abed5f5cb67146e6d2d70be6a431283b6de52eb37a0e13dc8bc57dcf8be2d5a95b9c11b3b030a3e2f03dd6e4efc23527a6

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

Filesize
8.0MB

MD5
b8631bbd78d3935042e47b672c19ccc3

SHA1
cd0ea137f1544a31d2a62aaed157486dce3ecebe

SHA256
9cfda541d595dc20a55df5422001dfb58debd401df3abff21b1eee8ede28451c

SHA512
0c51d6247e39f7851538a5916b24972e845abfe429f0abdc7b532f654b4afe73dc6e1936f1b062da63bfc90273d3cbc297bf6c802e615f3711d0f180c070aa26

Download Submit
memory/1364-259-0x0000000009C70000-0x0000000009D22000-memory.dmp

Filesize
712KB

Download
memory/1364-264-0x0000000009050000-0x0000000009072000-memory.dmp

Filesize
136KB

Download
memory/1364-254-0x0000000005240000-0x0000000005248000-memory.dmp

Filesize
32KB

Download
memory/1364-253-0x0000000005340000-0x00000000053E0000-memory.dmp

Filesize
640KB

Download
memory/1364-252-0x0000000005290000-0x0000000005342000-memory.dmp

Filesize
712KB

Download
memory/1364-251-0x00000000000A0000-0x00000000008A2000-memory.dmp

Filesize
8.0MB

Download
memory/1364-265-0x000000000B550000-0x000000000B8A4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-238-0x0000000000720000-0x0000000000812000-memory.dmp

Filesize
968KB

Download
memory/3052-243-0x0000000009BD0000-0x0000000009BE6000-memory.dmp

Filesize
88KB

Download
memory/3052-250-0x0000000074CD0000-0x0000000075480000-memory.dmp

Filesize
7.7MB

Download
memory/3052-246-0x0000000009CB0000-0x0000000009CCE000-memory.dmp

Filesize
120KB

Download
memory/3052-237-0x0000000074CD0000-0x0000000075480000-memory.dmp

Filesize
7.7MB

Download
memory/3052-245-0x0000000009C50000-0x0000000009C58000-memory.dmp

Filesize
32KB

Download
memory/3052-244-0x0000000009C10000-0x0000000009C1A000-memory.dmp

Filesize
40KB

Download
memory/3052-240-0x0000000074CD0000-0x0000000075480000-memory.dmp

Filesize
7.7MB

Download
memory/3052-242-0x0000000008EA0000-0x0000000008FA4000-memory.dmp

Filesize
1.0MB

Download
memory/3316-18-0x0000000001470000-0x0000000001478000-memory.dmp

Filesize
32KB

Download
memory/3316-8-0x0000000074CD0000-0x0000000075480000-memory.dmp

Filesize
7.7MB

Download
memory/3316-0-0x0000000074CDE000-0x0000000074CDF000-memory.dmp

Filesize
4KB

Download
memory/3316-20-0x0000000001A30000-0x0000000001AA2000-memory.dmp

Filesize
456KB

Download
memory/3316-21-0x00000000015A0000-0x00000000015AA000-memory.dmp

Filesize
40KB

Download
memory/3316-17-0x0000000001410000-0x0000000001436000-memory.dmp

Filesize
152KB

Download
memory/3316-22-0x00000000015B0000-0x00000000015BA000-memory.dmp

Filesize
40KB

Download
memory/3316-16-0x0000000001990000-0x0000000001A26000-memory.dmp

Filesize
600KB

Download
memory/3316-9-0x0000000074CD0000-0x0000000075480000-memory.dmp

Filesize
7.7MB

Download
memory/3316-241-0x0000000074CD0000-0x0000000075480000-memory.dmp

Filesize
7.7MB

Download
memory/3316-7-0x0000000074CDE000-0x0000000074CDF000-memory.dmp

Filesize
4KB

Download
memory/3316-6-0x0000000074CD0000-0x0000000075480000-memory.dmp

Filesize
7.7MB

Download
memory/3316-4-0x0000000009ED0000-0x0000000009F08000-memory.dmp

Filesize
224KB

Download
memory/3316-5-0x0000000009EB0000-0x0000000009EBE000-memory.dmp

Filesize
56KB

Download
memory/3316-3-0x0000000074CD0000-0x0000000075480000-memory.dmp

Filesize
7.7MB

Download
memory/3316-2-0x0000000074CD0000-0x0000000075480000-memory.dmp

Filesize
7.7MB

Download
memory/3316-1-0x0000000000EA0000-0x0000000001032000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request