Windows Analysis Report
https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

Overview

General Information

Sample URL:	https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi
Analysis ID:	1430917
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish54

Phishing site detected (based on image similarity)

Found iframes

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: https://snyderinvestigationteam.us	Matcher: Template: microsoft matched with high similarity
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.5.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Found iframes

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: Iframe src: https://86c4eb0b-1260ad3a.snyderinvestigationteam.us/Prefetch/Prefetch.aspx
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: Iframe src: https://86c4eb0b-1260ad3a.snyderinvestigationteam.us/Prefetch/Prefetch.aspx

HTML body contains low number of good links

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]

HTML title does not match URL

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true

HTTP Parser: Title: Sign in to your account does not match URL

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi	HTTP Parser: No favicon
Source: https://86c4eb0b-1260ad3a.snyderinvestigationteam.us/Prefetch/Prefetch.aspx	HTTP Parser: No favicon
Source: https://signup.snyderinvestigationteam.us/signup?sru=https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dCE8EFFE5F29EE452%26opidt%3d1713950504%26uaid%3d9e9783738a104aa89f96653f0ac8bbe9%26contextid%3dDC53A35435F0F058%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=9e9783738a104aa89f96653f0ac8bbe9&suc=https://ae668cd4-1260ad3a.snyderinvestigationteam.us	HTTP Parser: No favicon

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49741 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 68.142.107.4
Source: unknown	TCP traffic detected without corresponding DNS query: 68.142.107.4
Source: unknown	TCP traffic detected without corresponding DNS query: 68.142.107.4
Source: unknown	TCP traffic detected without corresponding DNS query: 68.142.107.4
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?hzAFM=pnZSvi HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?hzAFM=pnZSvi HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSviAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: c5f200cd-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://snyderinvestigationteam.snyderinvestigationteam.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="Sec-WebSocket-Key: CJ6WroGc/Dcwe2m9UJMHPg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?hzAFM=pnZSvi&sso_reload=true HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSviAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSviAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://snyderinvestigationteam.snyderinvestigationteam.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://snyderinvestigationteam.snyderinvestigationteam.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://snyderinvestigationteam.snyderinvestigationteam.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: a+bJKTaXr/mqHIoGcetOwA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: 86c4eb0b-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0Sec-WebSocket-Key: LtjZf6DvB9UlKnLv3H60cw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0Sec-WebSocket-Key: 7s6XYEhL8TGDVfUXUcdoeA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0Sec-WebSocket-Key: KZ8DHMKIK/4Y1uYKdnrLSw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2fsnyderinvestigationteam.snyderinvestigationteam.us%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASKm6fPE-ha4TV_Wqo914ndL2cxcsbnZJaBVa5iVCZsnP4FRsYXjIy3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFWhrnSfjA87QGLce89zUTRsdGU6x6gd6pft5mpm4OhlleiTmR1UVmJZZ-FWUhrq6FhT6ORq7FWvnJWfmlfok5xnYGlgZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzga-y7NONf-8x3Hq_4dSorU9PKyt3MPHKDIr1C8_39svyyUyrSvA3MQ02KIkK9gn0TI3MjfUsiivNtNwgwAAA1&estsfed=1&uaid=9e9783738a104aa89f96653f0ac8bbe9&signup=1&lw=1&fl=easi2&fci=https%3a%2f%2f86c4eb0b-1260ad3a.snyderinvestigationteam.us.orgid.com HTTP/1.1Host: l1ve.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /signup?sru=https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dCE8EFFE5F29EE452%26opidt%3d1713950504%26uaid%3d9e9783738a104aa89f96653f0ac8bbe9%26contextid%3dDC53A35435F0F058%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=9e9783738a104aa89f96653f0ac8bbe9&suc=https://ae668cd4-1260ad3a.snyderinvestigationteam.us HTTP/1.1Host: signup.snyderinvestigationteam.usConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: signup.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.snyderinvestigationteam.us/signup?sru=https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dCE8EFFE5F29EE452%26opidt%3d1713950504%26uaid%3d9e9783738a104aa89f96653f0ac8bbe9%26contextid%3dDC53A35435F0F058%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=9e9783738a104aa89f96653f0ac8bbe9&suc=https://ae668cd4-1260ad3a.snyderinvestigationteam.usAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; MC1="GUID=e6e8c2a586be42329d73790d41f59228&HASH=e6e8&LV=202404&V=4&LU=1713950504355"; MS0=ba38bd0e0a44414883355b3d067411fd
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0; ai_session=BIAsd5NQkDlEcGKtNtS5h1\|1713950501289\|1713950501289; MC1="GUID=e6e8c2a586be42329d73790d41f59228&HASH=e6e8&LV=202404&V=4&LU=1713950504355"; MS0=ba38bd0e0a44414883355b3d067411fdSec-WebSocket-Key: SPXAsIpgjaf76ZLrgfxJIg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0; ai_session=BIAsd5NQkDlEcGKtNtS5h1\|1713950501289\|1713950501289; MC1="GUID=e6e8c2a586be42329d73790d41f59228&HASH=e6e8&LV=202404&V=4&LU=1713950504355"; MS0=ba38bd0e0a44414883355b3d067411fdSec-WebSocket-Key: r6Udky7npINzC7RYhYPINg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0; ai_session=BIAsd5NQkDlEcGKtNtS5h1\|1713950501289\|1713950501289; MC1="GUID=e6e8c2a586be42329d73790d41f59228&HASH=e6e8&LV=202404&V=4&LU=1713950504355"; MS0=ba38bd0e0a44414883355b3d067411fdSec-WebSocket-Key: w2iEXjJLgHmCJeP1HJUNyQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0; ai_session=BIAsd5NQkDlEcGKtNtS5h1\|1713950501289\|1713950501289; MC1="GUID=e6e8c2a586be42329d73790d41f59228&HASH=e6e8&LV=202404&V=4&LU=1713950504355"; MS0=ba38bd0e0a44414883355b3d067411fdSec-WebSocket-Key: M+KwK9m2ddseGRGYRj1/gg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Source: unknown

DNS traffic detected: queries for: snyderinvestigationteam.snyderinvestigationteam.us

Source: unknown

HTTP traffic detected: POST /?hzAFM=pnZSvi HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: keep-aliveContent-Length: 5557Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://snyderinvestigationteam.snyderinvestigationteam.usContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSviAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: d4d95ffe-b8d6-429b-ae18-b5a7add22200x-ms-ests-server: 2.1.17910.10 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 712df4f1-e7b5-4715-bcfd-102224f47e00x-ms-ests-server: 2.1.17846.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 6ee633d2-5a11-4c3b-b671-965fc89b3e00x-ms-ests-server: 2.1.17910.10 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 120DA091323545E2905897397BD1B6ED Ref B: LON212050713009 Ref C: 2024-04-24T09:21:25Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 757795aa-b9d0-4df6-a258-f6ffb6950b00x-ms-ests-server: 2.1.17910.11 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: b09d9138-3049-4ed9-bec1-f31ca2044500x-ms-ests-server: 2.1.17910.10 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 8d884461-8906-4821-ae1b-b38e65de0d00x-ms-ests-server: 2.1.17910.11 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: nginxDate: Wed, 24 Apr 2024 09:21:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: no-storex-azure-externalerror: 0x80072efe,OriginConnectionAbortedx-msedge-ref: Ref A: CEBDC3FBC93E4221ACC8000E08896CD8 Ref B: MIL30EDGE1318 Ref C: 2024-04-24T09:21:47Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingp3p: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PURamserver: eusXXXXgn00000Mx-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: E9C6B454F3544DEAB13F6BA9D75C4CBC Ref B: MIL30EDGE1321 Ref C: 2024-04-24T09:21:49Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 3a90d1b1-1343-4125-83e8-d28aae2f3e00x-ms-ests-server: 2.1.17910.10 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:22:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 97e5d4a3-83ca-46f6-bc2b-0ad2c1b00d00x-ms-ests-server: 2.1.17910.11 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:22:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 35990934-5ff8-4005-9348-14e9bba03e00x-ms-ests-server: 2.1.17910.10 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:22:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 66336f12-447e-45a8-b7d4-95beead64500x-ms-ests-server: 2.1.17910.10 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49741 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@17/32@20/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2372,i,3946242831991443377,15559813188679492094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2372,i,3946242831991443377,15559813188679492094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.101.103	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.233.96.139	l1ve.snyderinvestigationteam.us	United States	20940	AKAMAI-ASN1EU	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
l1ve.snyderinvestigationteam.us	172.233.96.139	true
snyderinvestigationteam.snyderinvestigationteam.us	172.233.96.139	true
062c5918-1260ad3a.snyderinvestigationteam.us	172.233.96.139	true
signup.snyderinvestigationteam.us	172.233.96.139	true
www.google.com	142.250.101.103	true
86c4eb0b-1260ad3a.snyderinvestigationteam.us	172.233.96.139	true
c5f200cd-1260ad3a.snyderinvestigationteam.us	172.233.96.139	true
d156bbbb-1260ad3a.snyderinvestigationteam.us	172.233.96.139	true
5b3322f3-1260ad3a.snyderinvestigationteam.us	172.233.96.139	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js	false	Avira URL Cloud: safe	unknown
https://062c5918-1260ad3a.snyderinvestigationteam.us/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.6&apikey=b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951&upload-time=1713950501293&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true	false	Avira URL Cloud: safe	unknown
https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2fsnyderinvestigationteam.snyderinvestigationteam.us%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASKm6fPE-ha4TV_Wqo914ndL2cxcsbnZJaBVa5iVCZsnP4FRsYXjIy3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFWhrnSfjA87QGLce89zUTRsdGU6x6gd6pft5mpm4OhlleiTmR1UVmJZZ-FWUhrq6FhT6ORq7FWvnJWfmlfok5xnYGlgZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzga-y7NONf-8x3Hq_4dSorU9PKyt3MPHKDIr1C8_39svyyUyrSvA3MQ02KIkK9gn0TI3MjfUsiivNtNwgwAAA1&estsfed=1&uaid=9e9783738a104aa89f96653f0ac8bbe9&signup=1&lw=1&fl=easi2&fci=https%3a%2f%2f86c4eb0b-1260ad3a.snyderinvestigationteam.us.orgid.com	false	Avira URL Cloud: safe	unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js	false	Avira URL Cloud: safe	unknown
https://c5f200cd-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js	false	Avira URL Cloud: safe	unknown
https://snyderinvestigationteam.snyderinvestigationteam.us/favicon.ico	false	Avira URL Cloud: safe	unknown
https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	true		unknown
https://signup.snyderinvestigationteam.us/signup?sru=https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dCE8EFFE5F29EE452%26opidt%3d1713950504%26uaid%3d9e9783738a104aa89f96653f0ac8bbe9%26contextid%3dDC53A35435F0F058%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=9e9783738a104aa89f96653f0ac8bbe9&suc=https://ae668cd4-1260ad3a.snyderinvestigationteam.us	false		unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css	false	Avira URL Cloud: safe	unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js	false	Avira URL Cloud: safe	unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js	false	Avira URL Cloud: safe	unknown
https://86c4eb0b-1260ad3a.snyderinvestigationteam.us/Prefetch/Prefetch.aspx	false		unknown
https://snyderinvestigationteam.snyderinvestigationteam.us/1260ad3a5b3d49ddbff8affbd3065850/	false	Avira URL Cloud: safe	unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	false	Avira URL Cloud: safe	unknown
https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi	true		unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	false	Avira URL Cloud: safe	unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg	false	Avira URL Cloud: safe	unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js	false	Avira URL Cloud: safe	unknown
https://signup.snyderinvestigationteam.us/favicon.ico	false	Avira URL Cloud: safe	unknown
https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2	false	Avira URL Cloud: safe	unknown
https://l1ve.snyderinvestigationteam.us/Me.htm?v=3	false	Avira URL Cloud: safe	unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 56	gzip compressed data, from Unix, original size modulo 2^32 223896	82180A0A499F25966EC58295813468CF	E819DE67575165188E5BA3896C9D626AFC2B92A4	78D8E2C780B8E60D7D64FF8071CCF376602A8ABA35E9F0C2C16CB7E207321C70
Chrome Cache Entry: 57	gzip compressed data, from Unix, original size modulo 2^32 113084	7B082644CE5A069FB55F47B1A6B667F2	6A5FFA5369BF15FA42446C6EDE88E9E40A40E0E9	8E34884C24973C66D83BAFDEC9445F746BEFEE773A384B340CA24C7B7703AF3A
Chrome Cache Entry: 58	gzip compressed data, original size modulo 2^32 1864	2D2CBA7D7DC75F3BA9DC756738D41A6E	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
Chrome Cache Entry: 59	gzip compressed data, from Unix, original size modulo 2^32 444389	49068F7C1800FA02FECB7022530DCC3C	2629672E2B8DCCF4055C8AD6145C2609DF6BA1AC	A0AFE58C44CEAA0CBD7793AE269EE550E29080AB83B998514C27A2C7F446BA97
Chrome Cache Entry: 60	HTML document, ASCII text, with CRLF line terminators	5343C1A8B203C162A3BF3870D9F50FD4	04B5B886C20D88B57EEA6D8FF882624A4AC1E51D	DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F
Chrome Cache Entry: 61	gzip compressed data, original size modulo 2^32 3651	DF6A7721C242813411CC6950DF40F9B3	B2068C4A65C183AAD6FC22A44CC1FA449CD355B4	AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
Chrome Cache Entry: 62	gzip compressed data, from Unix, original size modulo 2^32 190331	62B23C604CF8FA227EB7C78816A239D3	31E600DA8B7B931BA80F42F2C8FD7616CC651EDA	DE2CDB409650BAFA628E84094ED787A1E85027B149CF1FEC688B05D2AC78C7E8
Chrome Cache Entry: 63	ASCII text, with no line terminators	9F9FA94F28FE0DE82BC8FD039A7BDB24	6FE91F82974BD5B101782941064BCB2AFDEB17D8	9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
Chrome Cache Entry: 64	gzip compressed data, original size modulo 2^32 3651	DF6A7721C242813411CC6950DF40F9B3	B2068C4A65C183AAD6FC22A44CC1FA449CD355B4	AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
Chrome Cache Entry: 65	gzip compressed data, from Unix, original size modulo 2^32 2589	6C0045ED576E9F1631C9E6110420E645	F69C2CCE822DE66A00C6199255F0DFEB72D1FE69	2D8B3CC3EC578329BC8EBCC123BEE6F0BDA6DCCE682B23416D1E95368A3AAD15
Chrome Cache Entry: 66	gzip compressed data, from Unix, original size modulo 2^32 55037	C9FEA7B73DB87151F6E7414DBE01BC09	749C0343CDA07BE115086D4BABA33C1482B4B331	21E3EA815C63CA5D738E667982E41C91C299E461649A812DFC28244DE41AEBC5
Chrome Cache Entry: 67	gzip compressed data, original size modulo 2^32 1592	ECC8894D3791BEDDB4E0226F8DAB065A	6510EB51E76A49746C526E432455549B50DE5AF1	64C8C0A9EFBC27AD86EAEC90465B75C52AE8CD68F7E76FC9431DC6AE66072AC3
Chrome Cache Entry: 68	MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	7E0D59593F3377B72C29435C4B43954A	B4C5C39A6DFB460BBD2EACCEB09EC8079FB6A8E2	62D706019A0D80173113EF70FBBEE12F286E8E221534BE788448AADA4B14C8E8
Chrome Cache Entry: 69	gzip compressed data, original size modulo 2^32 1864	2D2CBA7D7DC75F3BA9DC756738D41A6E	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
Chrome Cache Entry: 70	gzip compressed data, from Unix, original size modulo 2^32 113717	9AB9BE55CDEBD8E1C8776CA18F9C3418	D62F0EDD8483CA93C44DC87E3E7638D1FD305716	2F8C4A3C4475E9A63E91988F2B3A5CAFC84CCE004A715D1E74B9C88234D5FC62
Chrome Cache Entry: 71	MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	7E0D59593F3377B72C29435C4B43954A	B4C5C39A6DFB460BBD2EACCEB09EC8079FB6A8E2	62D706019A0D80173113EF70FBBEE12F286E8E221534BE788448AADA4B14C8E8
Chrome Cache Entry: 72	gzip compressed data, from Unix, original size modulo 2^32 141351	AC6EDF12525B189AA6C1A2992D324E0E	D07CA0C0A30D3C4B19BFBB2A0651BED2C3197C5A	23B87939A63A5F4721F5468A11299A5366908F881963F98808CE1BA5F5920A16
Chrome Cache Entry: 73	gzip compressed data, original size modulo 2^32 1592	ECC8894D3791BEDDB4E0226F8DAB065A	6510EB51E76A49746C526E432455549B50DE5AF1	64C8C0A9EFBC27AD86EAEC90465B75C52AE8CD68F7E76FC9431DC6AE66072AC3

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: https://snyderinvestigationteam.us	Matcher: Template: microsoft matched with high similarity
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.5.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Found iframes

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: Iframe src: https://86c4eb0b-1260ad3a.snyderinvestigationteam.us/Prefetch/Prefetch.aspx
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: Iframe src: https://86c4eb0b-1260ad3a.snyderinvestigationteam.us/Prefetch/Prefetch.aspx

HTML body contains low number of good links

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]

HTML title does not match URL

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true

HTTP Parser: Title: Sign in to your account does not match URL

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi	HTTP Parser: No favicon
Source: https://86c4eb0b-1260ad3a.snyderinvestigationteam.us/Prefetch/Prefetch.aspx	HTTP Parser: No favicon
Source: https://signup.snyderinvestigationteam.us/signup?sru=https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dCE8EFFE5F29EE452%26opidt%3d1713950504%26uaid%3d9e9783738a104aa89f96653f0ac8bbe9%26contextid%3dDC53A35435F0F058%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=9e9783738a104aa89f96653f0ac8bbe9&suc=https://ae668cd4-1260ad3a.snyderinvestigationteam.us	HTTP Parser: No favicon

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49741 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 68.142.107.4
Source: unknown	TCP traffic detected without corresponding DNS query: 68.142.107.4
Source: unknown	TCP traffic detected without corresponding DNS query: 68.142.107.4
Source: unknown	TCP traffic detected without corresponding DNS query: 68.142.107.4
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?hzAFM=pnZSvi HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?hzAFM=pnZSvi HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSviAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: c5f200cd-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://snyderinvestigationteam.snyderinvestigationteam.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="Sec-WebSocket-Key: CJ6WroGc/Dcwe2m9UJMHPg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?hzAFM=pnZSvi&sso_reload=true HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSviAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSviAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://snyderinvestigationteam.snyderinvestigationteam.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://snyderinvestigationteam.snyderinvestigationteam.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://snyderinvestigationteam.snyderinvestigationteam.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: a+bJKTaXr/mqHIoGcetOwA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: 86c4eb0b-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0Sec-WebSocket-Key: LtjZf6DvB9UlKnLv3H60cw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0Sec-WebSocket-Key: 7s6XYEhL8TGDVfUXUcdoeA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0Sec-WebSocket-Key: KZ8DHMKIK/4Y1uYKdnrLSw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2fsnyderinvestigationteam.snyderinvestigationteam.us%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASKm6fPE-ha4TV_Wqo914ndL2cxcsbnZJaBVa5iVCZsnP4FRsYXjIy3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFWhrnSfjA87QGLce89zUTRsdGU6x6gd6pft5mpm4OhlleiTmR1UVmJZZ-FWUhrq6FhT6ORq7FWvnJWfmlfok5xnYGlgZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzga-y7NONf-8x3Hq_4dSorU9PKyt3MPHKDIr1C8_39svyyUyrSvA3MQ02KIkK9gn0TI3MjfUsiivNtNwgwAAA1&estsfed=1&uaid=9e9783738a104aa89f96653f0ac8bbe9&signup=1&lw=1&fl=easi2&fci=https%3a%2f%2f86c4eb0b-1260ad3a.snyderinvestigationteam.us.orgid.com HTTP/1.1Host: l1ve.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /signup?sru=https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dCE8EFFE5F29EE452%26opidt%3d1713950504%26uaid%3d9e9783738a104aa89f96653f0ac8bbe9%26contextid%3dDC53A35435F0F058%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=9e9783738a104aa89f96653f0ac8bbe9&suc=https://ae668cd4-1260ad3a.snyderinvestigationteam.us HTTP/1.1Host: signup.snyderinvestigationteam.usConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: signup.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.snyderinvestigationteam.us/signup?sru=https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dCE8EFFE5F29EE452%26opidt%3d1713950504%26uaid%3d9e9783738a104aa89f96653f0ac8bbe9%26contextid%3dDC53A35435F0F058%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=9e9783738a104aa89f96653f0ac8bbe9&suc=https://ae668cd4-1260ad3a.snyderinvestigationteam.usAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; MC1="GUID=e6e8c2a586be42329d73790d41f59228&HASH=e6e8&LV=202404&V=4&LU=1713950504355"; MS0=ba38bd0e0a44414883355b3d067411fd
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0; ai_session=BIAsd5NQkDlEcGKtNtS5h1\|1713950501289\|1713950501289; MC1="GUID=e6e8c2a586be42329d73790d41f59228&HASH=e6e8&LV=202404&V=4&LU=1713950504355"; MS0=ba38bd0e0a44414883355b3d067411fdSec-WebSocket-Key: SPXAsIpgjaf76ZLrgfxJIg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0; ai_session=BIAsd5NQkDlEcGKtNtS5h1\|1713950501289\|1713950501289; MC1="GUID=e6e8c2a586be42329d73790d41f59228&HASH=e6e8&LV=202404&V=4&LU=1713950504355"; MS0=ba38bd0e0a44414883355b3d067411fdSec-WebSocket-Key: r6Udky7npINzC7RYhYPINg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0; ai_session=BIAsd5NQkDlEcGKtNtS5h1\|1713950501289\|1713950501289; MC1="GUID=e6e8c2a586be42329d73790d41f59228&HASH=e6e8&LV=202404&V=4&LU=1713950504355"; MS0=ba38bd0e0a44414883355b3d067411fdSec-WebSocket-Key: w2iEXjJLgHmCJeP1HJUNyQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0; ai_session=BIAsd5NQkDlEcGKtNtS5h1\|1713950501289\|1713950501289; MC1="GUID=e6e8c2a586be42329d73790d41f59228&HASH=e6e8&LV=202404&V=4&LU=1713950504355"; MS0=ba38bd0e0a44414883355b3d067411fdSec-WebSocket-Key: M+KwK9m2ddseGRGYRj1/gg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Source: unknown

DNS traffic detected: queries for: snyderinvestigationteam.snyderinvestigationteam.us

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: d4d95ffe-b8d6-429b-ae18-b5a7add22200x-ms-ests-server: 2.1.17910.10 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 712df4f1-e7b5-4715-bcfd-102224f47e00x-ms-ests-server: 2.1.17846.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 6ee633d2-5a11-4c3b-b671-965fc89b3e00x-ms-ests-server: 2.1.17910.10 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 120DA091323545E2905897397BD1B6ED Ref B: LON212050713009 Ref C: 2024-04-24T09:21:25Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 757795aa-b9d0-4df6-a258-f6ffb6950b00x-ms-ests-server: 2.1.17910.11 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: b09d9138-3049-4ed9-bec1-f31ca2044500x-ms-ests-server: 2.1.17910.10 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 8d884461-8906-4821-ae1b-b38e65de0d00x-ms-ests-server: 2.1.17910.11 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: nginxDate: Wed, 24 Apr 2024 09:21:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: no-storex-azure-externalerror: 0x80072efe,OriginConnectionAbortedx-msedge-ref: Ref A: CEBDC3FBC93E4221ACC8000E08896CD8 Ref B: MIL30EDGE1318 Ref C: 2024-04-24T09:21:47Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingp3p: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PURamserver: eusXXXXgn00000Mx-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: E9C6B454F3544DEAB13F6BA9D75C4CBC Ref B: MIL30EDGE1321 Ref C: 2024-04-24T09:21:49Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 3a90d1b1-1343-4125-83e8-d28aae2f3e00x-ms-ests-server: 2.1.17910.10 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:22:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 97e5d4a3-83ca-46f6-bc2b-0ad2c1b00d00x-ms-ests-server: 2.1.17910.11 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:22:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 35990934-5ff8-4005-9348-14e9bba03e00x-ms-ests-server: 2.1.17910.10 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:22:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 66336f12-447e-45a8-b7d4-95beead64500x-ms-ests-server: 2.1.17910.10 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49741 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@17/32@20/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2372,i,3946242831991443377,15559813188679492094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2372,i,3946242831991443377,15559813188679492094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1430917
Product:	CloudBasic
Start time:	11:20:04
Start date:	24.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi