Edit tour

Windows Analysis Report
https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

Overview

General Information

Sample URL:	https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi
Analysis ID:	1430917
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish54

Phishing site detected (based on image similarity)

Found iframes

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4820 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2372,i,3946242831991443377,15559813188679492094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.1.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
1.2.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
1.3.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
1.5.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: https://snyderinvestigationteam.us	Matcher: Template: microsoft matched with high similarity
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.5.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: Iframe src: https://86c4eb0b-1260ad3a.snyderinvestigationteam.us/Prefetch/Prefetch.aspx
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: Iframe src: https://86c4eb0b-1260ad3a.snyderinvestigationteam.us/Prefetch/Prefetch.aspx

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true

HTTP Parser: Number of links: 0

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true

HTTP Parser: Title: Sign in to your account does not match URL

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi	HTTP Parser: No favicon
Source: https://86c4eb0b-1260ad3a.snyderinvestigationteam.us/Prefetch/Prefetch.aspx	HTTP Parser: No favicon
Source: https://signup.snyderinvestigationteam.us/signup?sru=https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dCE8EFFE5F29EE452%26opidt%3d1713950504%26uaid%3d9e9783738a104aa89f96653f0ac8bbe9%26contextid%3dDC53A35435F0F058%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=9e9783738a104aa89f96653f0ac8bbe9&suc=https://ae668cd4-1260ad3a.snyderinvestigationteam.us	HTTP Parser: No favicon

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49741 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 68.142.107.4
Source: unknown	TCP traffic detected without corresponding DNS query: 68.142.107.4
Source: unknown	TCP traffic detected without corresponding DNS query: 68.142.107.4
Source: unknown	TCP traffic detected without corresponding DNS query: 68.142.107.4
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?hzAFM=pnZSvi HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?hzAFM=pnZSvi HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSviAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: c5f200cd-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://snyderinvestigationteam.snyderinvestigationteam.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="Sec-WebSocket-Key: CJ6WroGc/Dcwe2m9UJMHPg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?hzAFM=pnZSvi&sso_reload=true HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSviAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSviAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://snyderinvestigationteam.snyderinvestigationteam.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://snyderinvestigationteam.snyderinvestigationteam.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://snyderinvestigationteam.snyderinvestigationteam.ussec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: a+bJKTaXr/mqHIoGcetOwA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: 86c4eb0b-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0Sec-WebSocket-Key: LtjZf6DvB9UlKnLv3H60cw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: d156bbbb-1260ad3a.snyderinvestigationteam.usConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0Sec-WebSocket-Key: 7s6XYEhL8TGDVfUXUcdoeA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0Sec-WebSocket-Key: KZ8DHMKIK/4Y1uYKdnrLSw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2fsnyderinvestigationteam.snyderinvestigationteam.us%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASKm6fPE-ha4TV_Wqo914ndL2cxcsbnZJaBVa5iVCZsnP4FRsYXjIy3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFWhrnSfjA87QGLce89zUTRsdGU6x6gd6pft5mpm4OhlleiTmR1UVmJZZ-FWUhrq6FhT6ORq7FWvnJWfmlfok5xnYGlgZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzga-y7NONf-8x3Hq_4dSorU9PKyt3MPHKDIr1C8_39svyyUyrSvA3MQ02KIkK9gn0TI3MjfUsiivNtNwgwAAA1&estsfed=1&uaid=9e9783738a104aa89f96653f0ac8bbe9&signup=1&lw=1&fl=easi2&fci=https%3a%2f%2f86c4eb0b-1260ad3a.snyderinvestigationteam.us.orgid.com HTTP/1.1Host: l1ve.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /signup?sru=https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dCE8EFFE5F29EE452%26opidt%3d1713950504%26uaid%3d9e9783738a104aa89f96653f0ac8bbe9%26contextid%3dDC53A35435F0F058%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=9e9783738a104aa89f96653f0ac8bbe9&suc=https://ae668cd4-1260ad3a.snyderinvestigationteam.us HTTP/1.1Host: signup.snyderinvestigationteam.usConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: signup.snyderinvestigationteam.usConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.snyderinvestigationteam.us/signup?sru=https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dCE8EFFE5F29EE452%26opidt%3d1713950504%26uaid%3d9e9783738a104aa89f96653f0ac8bbe9%26contextid%3dDC53A35435F0F058%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=9e9783738a104aa89f96653f0ac8bbe9&suc=https://ae668cd4-1260ad3a.snyderinvestigationteam.usAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; MC1="GUID=e6e8c2a586be42329d73790d41f59228&HASH=e6e8&LV=202404&V=4&LU=1713950504355"; MS0=ba38bd0e0a44414883355b3d067411fd
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0; ai_session=BIAsd5NQkDlEcGKtNtS5h1\|1713950501289\|1713950501289; MC1="GUID=e6e8c2a586be42329d73790d41f59228&HASH=e6e8&LV=202404&V=4&LU=1713950504355"; MS0=ba38bd0e0a44414883355b3d067411fdSec-WebSocket-Key: SPXAsIpgjaf76ZLrgfxJIg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0; ai_session=BIAsd5NQkDlEcGKtNtS5h1\|1713950501289\|1713950501289; MC1="GUID=e6e8c2a586be42329d73790d41f59228&HASH=e6e8&LV=202404&V=4&LU=1713950504355"; MS0=ba38bd0e0a44414883355b3d067411fdSec-WebSocket-Key: r6Udky7npINzC7RYhYPINg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0; ai_session=BIAsd5NQkDlEcGKtNtS5h1\|1713950501289\|1713950501289; MC1="GUID=e6e8c2a586be42329d73790d41f59228&HASH=e6e8&LV=202404&V=4&LU=1713950504355"; MS0=ba38bd0e0a44414883355b3d067411fdSec-WebSocket-Key: w2iEXjJLgHmCJeP1HJUNyQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://snyderinvestigationteam.snyderinvestigationteam.usSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0; ai_session=BIAsd5NQkDlEcGKtNtS5h1\|1713950501289\|1713950501289; MC1="GUID=e6e8c2a586be42329d73790d41f59228&HASH=e6e8&LV=202404&V=4&LU=1713950504355"; MS0=ba38bd0e0a44414883355b3d067411fdSec-WebSocket-Key: M+KwK9m2ddseGRGYRj1/gg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Source: unknown

DNS traffic detected: queries for: snyderinvestigationteam.snyderinvestigationteam.us

Source: unknown

HTTP traffic detected: POST /?hzAFM=pnZSvi HTTP/1.1Host: snyderinvestigationteam.snyderinvestigationteam.usConnection: keep-aliveContent-Length: 5557Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://snyderinvestigationteam.snyderinvestigationteam.usContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSviAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: d4d95ffe-b8d6-429b-ae18-b5a7add22200x-ms-ests-server: 2.1.17910.10 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 712df4f1-e7b5-4715-bcfd-102224f47e00x-ms-ests-server: 2.1.17846.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 6ee633d2-5a11-4c3b-b671-965fc89b3e00x-ms-ests-server: 2.1.17910.10 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 120DA091323545E2905897397BD1B6ED Ref B: LON212050713009 Ref C: 2024-04-24T09:21:25Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 757795aa-b9d0-4df6-a258-f6ffb6950b00x-ms-ests-server: 2.1.17910.11 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: b09d9138-3049-4ed9-bec1-f31ca2044500x-ms-ests-server: 2.1.17910.10 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 8d884461-8906-4821-ae1b-b38e65de0d00x-ms-ests-server: 2.1.17910.11 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: nginxDate: Wed, 24 Apr 2024 09:21:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: no-storex-azure-externalerror: 0x80072efe,OriginConnectionAbortedx-msedge-ref: Ref A: CEBDC3FBC93E4221ACC8000E08896CD8 Ref B: MIL30EDGE1318 Ref C: 2024-04-24T09:21:47Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingp3p: CAO DSP COR ADMa DEV CONo TELo CUR PSA PSD TAI IVDo OUR SAM BUS DEM NAV STA UNI COM INT PHY ONL FIN PRE PURamserver: eusXXXXgn00000Mx-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: E9C6B454F3544DEAB13F6BA9D75C4CBC Ref B: MIL30EDGE1321 Ref C: 2024-04-24T09:21:49Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:21:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 3a90d1b1-1343-4125-83e8-d28aae2f3e00x-ms-ests-server: 2.1.17910.10 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:22:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 97e5d4a3-83ca-46f6-bc2b-0ad2c1b00d00x-ms-ests-server: 2.1.17910.11 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:22:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 35990934-5ff8-4005-9348-14e9bba03e00x-ms-ests-server: 2.1.17910.10 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 09:22:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 66336f12-447e-45a8-b7d4-95beead64500x-ms-ests-server: 2.1.17910.10 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49741 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@17/32@20/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2372,i,3946242831991443377,15559813188679492094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 --field-trial-handle=2372,i,3946242831991443377,15559813188679492094,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi	0%	Avira URL Cloud	safe
https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi	1%	Virustotal		Browse
https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js	0%	Avira URL Cloud	safe
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js	0%	Avira URL Cloud	safe
https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2fsnyderinvestigationteam.snyderinvestigationteam.us%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASKm6fPE-ha4TV_Wqo914ndL2cxcsbnZJaBVa5iVCZsnP4FRsYXjIy3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFWhrnSfjA87QGLce89zUTRsdGU6x6gd6pft5mpm4OhlleiTmR1UVmJZZ-FWUhrq6FhT6ORq7FWvnJWfmlfok5xnYGlgZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzga-y7NONf-8x3Hq_4dSorU9PKyt3MPHKDIr1C8_39svyyUyrSvA3MQ02KIkK9gn0TI3MjfUsiivNtNwgwAAA1&estsfed=1&uaid=9e9783738a104aa89f96653f0ac8bbe9&signup=1&lw=1&fl=easi2&fci=https%3a%2f%2f86c4eb0b-1260ad3a.snyderinvestigationteam.us.orgid.com	0%	Avira URL Cloud	safe
https://062c5918-1260ad3a.snyderinvestigationteam.us/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.6&apikey=b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951&upload-time=1713950501293&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true	0%	Avira URL Cloud	safe
https://c5f200cd-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js	0%	Avira URL Cloud	safe
https://snyderinvestigationteam.snyderinvestigationteam.us/favicon.ico	0%	Avira URL Cloud	safe
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css	0%	Avira URL Cloud	safe
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js	0%	Avira URL Cloud	safe
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js	0%	Avira URL Cloud	safe
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	0%	Avira URL Cloud	safe
https://snyderinvestigationteam.snyderinvestigationteam.us/1260ad3a5b3d49ddbff8affbd3065850/	0%	Avira URL Cloud	safe
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js	0%	Avira URL Cloud	safe
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg	0%	Avira URL Cloud	safe
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	0%	Avira URL Cloud	safe
https://signup.snyderinvestigationteam.us/favicon.ico	0%	Avira URL Cloud	safe
https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2	0%	Avira URL Cloud	safe
https://l1ve.snyderinvestigationteam.us/Me.htm?v=3	0%	Avira URL Cloud	safe
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
l1ve.snyderinvestigationteam.us	172.233.96.139	true	false	unknown
snyderinvestigationteam.snyderinvestigationteam.us	172.233.96.139	true	false	unknown
062c5918-1260ad3a.snyderinvestigationteam.us	172.233.96.139	true	false	unknown
signup.snyderinvestigationteam.us	172.233.96.139	true	false	unknown
www.google.com	142.250.101.103	true	false	high
86c4eb0b-1260ad3a.snyderinvestigationteam.us	172.233.96.139	true	false	unknown
c5f200cd-1260ad3a.snyderinvestigationteam.us	172.233.96.139	true	false	unknown
d156bbbb-1260ad3a.snyderinvestigationteam.us	172.233.96.139	true	false	unknown
5b3322f3-1260ad3a.snyderinvestigationteam.us	172.233.96.139	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js	false	Avira URL Cloud: safe	unknown
https://062c5918-1260ad3a.snyderinvestigationteam.us/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.6&apikey=b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951&upload-time=1713950501293&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true	false	Avira URL Cloud: safe	unknown
https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2fsnyderinvestigationteam.snyderinvestigationteam.us%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASKm6fPE-ha4TV_Wqo914ndL2cxcsbnZJaBVa5iVCZsnP4FRsYXjIy3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFWhrnSfjA87QGLce89zUTRsdGU6x6gd6pft5mpm4OhlleiTmR1UVmJZZ-FWUhrq6FhT6ORq7FWvnJWfmlfok5xnYGlgZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzga-y7NONf-8x3Hq_4dSorU9PKyt3MPHKDIr1C8_39svyyUyrSvA3MQ02KIkK9gn0TI3MjfUsiivNtNwgwAAA1&estsfed=1&uaid=9e9783738a104aa89f96653f0ac8bbe9&signup=1&lw=1&fl=easi2&fci=https%3a%2f%2f86c4eb0b-1260ad3a.snyderinvestigationteam.us.orgid.com	false	Avira URL Cloud: safe	unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js	false	Avira URL Cloud: safe	unknown
https://c5f200cd-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js	false	Avira URL Cloud: safe	unknown
https://snyderinvestigationteam.snyderinvestigationteam.us/favicon.ico	false	Avira URL Cloud: safe	unknown
https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi&sso_reload=true	true		unknown
https://signup.snyderinvestigationteam.us/signup?sru=https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dCE8EFFE5F29EE452%26opidt%3d1713950504%26uaid%3d9e9783738a104aa89f96653f0ac8bbe9%26contextid%3dDC53A35435F0F058%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=9e9783738a104aa89f96653f0ac8bbe9&suc=https://ae668cd4-1260ad3a.snyderinvestigationteam.us	false		unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css	false	Avira URL Cloud: safe	unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js	false	Avira URL Cloud: safe	unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js	false	Avira URL Cloud: safe	unknown
https://86c4eb0b-1260ad3a.snyderinvestigationteam.us/Prefetch/Prefetch.aspx	false		unknown
https://snyderinvestigationteam.snyderinvestigationteam.us/1260ad3a5b3d49ddbff8affbd3065850/	false	Avira URL Cloud: safe	unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	false	Avira URL Cloud: safe	unknown
https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi	true		unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	false	Avira URL Cloud: safe	unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg	false	Avira URL Cloud: safe	unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js	false	Avira URL Cloud: safe	unknown
https://signup.snyderinvestigationteam.us/favicon.ico	false	Avira URL Cloud: safe	unknown
https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2	false	Avira URL Cloud: safe	unknown
https://l1ve.snyderinvestigationteam.us/Me.htm?v=3	false	Avira URL Cloud: safe	unknown
https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.101.103	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.233.96.139	l1ve.snyderinvestigationteam.us	United States	20940	AKAMAI-ASN1EU	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430917
Start date and time:	2024-04-24 11:20:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@17/32@20/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2fsnyderinvestigationteam.snyderinvestigationteam.us%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASKm6fPE-ha4TV_Wqo914ndL2cxcsbnZJaBVa5iVCZsnP4FRsYXjIy3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFWhrnSfjA87QGLce89zUTRsdGU6x6gd6pft5mpm4OhlleiTmR1UVmJZZ-FWUhrq6FhT6ORq7FWvnJWfmlfok5xnYGlgZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzga-y7NONf-8x3Hq_4dSorU9PKyt3MPHKDIr1C8_39svyyUyrSvA3MQ02KIkK9gn0TI3MjfUsiivNtNwgwAAA1&estsfed=1&uaid=9e9783738a104aa89f96653f0ac8bbe9&signup=1&lw=1&fl=easi2&fci=https%3a%2f%2f86c4eb0b-1260ad3a.snyderinvestigationteam.us.orgid.com

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.137.94, 142.251.2.101, 142.251.2.113, 142.251.2.102, 142.251.2.138, 142.251.2.100, 142.251.2.139, 142.251.2.84, 34.104.35.123, 52.165.165.26, 23.1.234.57, 23.1.234.24, 52.165.164.15, 192.229.211.108, 74.125.137.95, 142.250.101.95, 142.251.2.95, 142.250.141.95, 142.250.101.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 223896
Category:	downloaded
Size (bytes):	54392
Entropy (8bit):	7.99546301797283
Encrypted:	true
SSDEEP:	1536:kRlKVY0aUdBpZfB/Gxsa6XU/8ly4Uz/whxejCXfQ/Y:kREGcZgd6XgWTc/w3QCXb
MD5:	82180A0A499F25966EC58295813468CF
SHA1:	E819DE67575165188E5BA3896C9D626AFC2B92A4
SHA-256:	78D8E2C780B8E60D7D64FF8071CCF376602A8ABA35E9F0C2C16CB7E207321C70
SHA-512:	7238B841C6847998B2916C52369C703490F1CDD11F6E69AEB709FF92F53886BA265DC24452031C03879802F1DDF3051EBD262DDE599EC1BF833D3D5472E3CC10
Malicious:	false
Reputation:	low
URL:	https://d156bbbb-1260ad3a.snyderinvestigationteam.us/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js
Preview:	...........k{.F.0.}...gV.L."..mR..v.y.O....g.....M.c...b[#q.......J.&...."...TwW.....[.^.w..u^.z..U...W....;...?;.<{....wo.;..^]$Eg..X.....[t....$.g.:....K.7O.Ug.g...u.y..6/..)J...w.......q^^u.>...>...$......~_..4+.9...Z[.CZ.N..X.yw../:?'.<+.e...%o....r.....S........y.5E..u.{,.:..m....4Q..&.d8.u...o.tu.7......c.Y.....\|....p.,..,.......[.,X....Zu2..w.X......B....q. ......9c.,-C...O.:....B3.;.(....pm..wI..r.t:.(.t..G..G..Qop......,..xo.<)/..~.^A.I.C-.sj.d.e.*..Yu........y.../....G.....p.y^...:.g.q..!<7..(..<.E..?......?.....7.]..`..cg.x..?.p..Qvss:....OO........J.8+..e...o.F.?............?.A...G......A.Q..W.<J./KX..'.,.e.O.....=]LX.v..."......K.G.O.-.>..p..k......OrVV9.n.2.a..b.s...+...$Y.;,.....!....(I.N....<,xkqt]..9+..Wc..q;..5.'.'...P.s...l<z.._...X...%.r...B..p..'p..`M,....2..8YU9s.....t..h......4.b.....t!...`\@..f...&.6P..g/5....g..!/.6......_.j....)..?.q.;.j...i.<).-.#.K........g+._C....d.-X..;.fM....M..D..p.$.d.1...Y......F<...9.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 11:20:58.118911028 CEST	53	53130	1.1.1.1	192.168.2.4
Apr 24, 2024 11:20:58.123655081 CEST	53	63034	1.1.1.1	192.168.2.4
Apr 24, 2024 11:20:59.106851101 CEST	53	59156	1.1.1.1	192.168.2.4
Apr 24, 2024 11:20:59.630018950 CEST	49862	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:20:59.630407095 CEST	52031	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:20:59.837512970 CEST	53	52031	1.1.1.1	192.168.2.4
Apr 24, 2024 11:20:59.837709904 CEST	53	49862	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:02.152297020 CEST	58564	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:02.153019905 CEST	58477	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:02.308098078 CEST	53	58477	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:02.308192968 CEST	53	58564	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:07.884361029 CEST	54296	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:07.884788036 CEST	64281	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:08.091490984 CEST	53	54296	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:08.091959953 CEST	53	64281	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:13.938635111 CEST	61544	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:13.938635111 CEST	50174	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:14.150073051 CEST	53	50174	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:14.150090933 CEST	53	61544	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:15.024049997 CEST	61294	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:15.024313927 CEST	63494	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:15.231174946 CEST	53	63494	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:15.231209993 CEST	53	61294	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:16.164879084 CEST	53	54930	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:17.429423094 CEST	138	138	192.168.2.4	192.168.2.255
Apr 24, 2024 11:21:17.897502899 CEST	51874	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:17.897702932 CEST	61195	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:18.104600906 CEST	53	51874	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:18.104643106 CEST	53	61195	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:22.718535900 CEST	50242	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:22.719059944 CEST	62313	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:22.923218966 CEST	53	62313	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:22.923506021 CEST	53	50242	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:26.643867970 CEST	53	62261	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:28.404611111 CEST	56488	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:28.404844999 CEST	59305	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:28.576503992 CEST	53	56488	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:28.576553106 CEST	53	59305	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:34.953114033 CEST	53	52147	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:42.371709108 CEST	62899	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:42.371850967 CEST	62452	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:42.579699039 CEST	53	62452	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:42.579722881 CEST	53	62899	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:44.717503071 CEST	52243	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:44.717694044 CEST	51764	53	192.168.2.4	1.1.1.1
Apr 24, 2024 11:21:44.924901009 CEST	53	52243	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:44.924917936 CEST	53	51764	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:57.451487064 CEST	53	50329	1.1.1.1	192.168.2.4
Apr 24, 2024 11:21:57.904948950 CEST	53	54938	1.1.1.1	192.168.2.4
Apr 24, 2024 11:22:25.355433941 CEST	53	58958	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:00 UTC	706	OUT	GET /?hzAFM=pnZSvi HTTP/1.1 Host: snyderinvestigationteam.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:21:01 UTC	181	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:01 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2024-04-24 09:21:01 UTC	7100	IN	Data Raw: 31 62 62 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 66 75 6e 63 74 69 6f 6e 20 61 30 79 28 71 2c 4f 29 7b 76 61 72 20 43 3d 61 30 54 28 29 3b 72 65 74 75 72 6e 20 61 30 79 3d 66 75 6e 63 74 69 6f 6e 28 46 2c 54 29 7b 46 3d 46 2d 30 78 31 61 36 3b 76 61 72 20 79 3d 43 5b 46 5d 3b 72 65 74 75 72 6e 20 79 3b 7d 2c 61 30 79 28 71 2c 4f 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 61 30 54 28 29 7b 76 61 72 20 72 41 3d 5b 27 63 6c 61 73 73 4c 69 73 74 27 2c 27 27 2c 27 27 2c 27 77 68 69 74 65 53 70 61 63 65 27 2c 27 5a 70 54 4b 43 27 2c 27 68 61 73 4f 77 6e 50 72 6f 70 65 Data Ascii: 1bb4<!DOCTYPE html><html lang="en"> <head> <script type="text/javascript"> function a0y(q,O){var C=a0T();return a0y=function(F,T){F=F-0x1a6;var y=C[F];return y;},a0y(q,O);}function a0T(){var rA=['classList','','','whiteSpace','ZpTKC','hasOwnPrope
2024-04-24 09:21:02 UTC	16384	IN	Data Raw: 33 66 66 61 0d 0a 41 6a 27 2c 27 2e 61 6c 65 72 74 2d 69 6e 66 6f 5b 64 61 74 61 2d 62 6c 6f 63 6b 2d 74 72 61 63 6b 2a 3d 5c 78 32 32 43 6f 6f 6b 69 65 4e 6f 74 69 63 65 5c 78 32 32 5d 27 2c 27 63 6f 6f 6b 69 65 74 65 73 74 3d 31 3b 5c 78 32 30 53 61 6d 65 53 69 74 65 3d 53 74 72 69 63 74 3b 27 2c 27 77 6b 73 27 2c 27 42 52 4f 4b 45 4e 5f 43 41 52 45 54 27 2c 27 55 75 6b 69 74 27 2c 27 63 6c 69 65 6e 74 48 65 69 67 68 74 27 2c 27 6b 6b 42 6b 73 27 2c 27 67 72 6f 75 70 73 27 2c 27 73 6a 47 6d 55 27 2c 27 6d 6f 7a 49 6e 6e 65 72 53 63 72 65 65 6e 58 27 2c 27 58 59 43 64 6c 27 2c 27 44 4f 4d 54 6f 6b 65 6e 4c 69 73 74 27 2c 27 79 5a 74 75 6d 27 2c 27 38 39 34 35 32 32 30 27 2c 27 51 5a 64 7a 47 27 2c 27 27 2c 27 53 65 63 75 72 69 74 79 45 72 72 6f 72 27 2c Data Ascii: 3ffaAj','.alert-info[data-block-track*=\x22CookieNotice\x22]','cookietest=1;\x20SameSite=Strict;','wks','BROKEN_CARET','Uukit','clientHeight','kkBks','groups','sjGmU','mozInnerScreenX','XYCdl','DOMTokenList','yZtum','8945220','QZdzG','','SecurityError',
2024-04-24 09:21:02 UTC	16384	IN	Data Raw: 0d 0a 34 30 30 30 0d 0a 75 3d 4a 28 30 78 31 38 31 61 29 2c 52 3d 68 28 27 73 70 65 63 69 65 73 27 29 3b 4c 5b 46 62 28 30 78 33 33 62 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 78 29 7b 76 61 72 20 46 72 3d 46 62 3b 72 65 74 75 72 6e 20 46 72 28 30 78 33 31 34 29 21 3d 3d 46 72 28 30 78 33 31 34 29 3f 66 75 6e 63 74 69 6f 6e 28 51 2c 64 2c 6d 29 7b 76 61 72 20 77 3d 78 28 51 29 2c 41 3d 6b 28 77 29 3b 69 66 28 30 78 30 3d 3d 3d 41 29 72 65 74 75 72 6e 21 57 26 26 2d 30 78 31 3b 76 61 72 20 67 2c 56 3d 64 28 6d 2c 41 29 3b 69 66 28 70 26 26 64 21 3d 64 29 7b 66 6f 72 28 3b 41 3e 56 3b 29 69 66 28 28 67 3d 77 5b 56 2b 2b 5d 29 21 3d 67 29 72 65 74 75 72 6e 21 30 78 30 3b 7d 65 6c 73 65 7b 66 6f 72 28 3b 41 3e 56 3b 56 2b 2b 29 69 66 28 28 42 7c 7c 56 20 69 6e 20 Data Ascii: 4000u=J(0x181a),R=h('species');L[Fb(0x33b)]=function(x){var Fr=Fb;return Fr(0x314)!==Fr(0x314)?function(Q,d,m){var w=x(Q),A=k(w);if(0x0===A)return!W&&-0x1;var g,V=d(m,A);if(p&&d!=d){for(;A>V;)if((g=w[V++])!=g)return!0x0;}else{for(;A>V;V++)if((B\|\|V in
2024-04-24 09:21:02 UTC	10	IN	Data Raw: 29 3b 65 6c 73 65 7b 76 0d 0a Data Ascii: );else{v
2024-04-24 09:21:02 UTC	16384	IN	Data Raw: 34 30 30 30 0d 0a 61 72 20 62 3d 4a 28 30 78 31 66 62 38 29 2c 68 3d 4a 28 30 78 31 37 35 66 29 3b 4c 5b 54 51 28 30 78 33 33 62 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 52 2c 78 29 7b 76 61 72 20 6b 3d 52 5b 78 5d 3b 72 65 74 75 72 6e 20 68 28 6b 29 3f 76 6f 69 64 20 30 78 30 3a 62 28 6b 29 3b 7d 3b 7d 7d 2c 30 78 32 30 63 35 3a 66 75 6e 63 74 69 6f 6e 28 4c 2c 47 2c 6f 29 7b 76 61 72 20 54 6d 3d 61 30 79 2c 4a 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 54 64 3d 61 30 79 3b 72 65 74 75 72 6e 20 62 26 26 62 5b 54 64 28 30 78 35 65 38 29 5d 3d 3d 3d 4d 61 74 68 26 26 62 3b 7d 3b 4c 5b 54 6d 28 30 78 33 33 62 29 5d 3d 4a 28 27 6f 62 6a 65 63 74 27 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 29 7c 7c 4a 28 Data Ascii: 4000ar b=J(0x1fb8),h=J(0x175f);L[TQ(0x33b)]=function(R,x){var k=R[x];return h(k)?void 0x0:b(k);};}},0x20c5:function(L,G,o){var Tm=a0y,J=function(b){var Td=a0y;return b&&b[Td(0x5e8)]===Math&&b;};L[Tm(0x33b)]=J('object'==typeof globalThis&&globalThis)\|\|J(
2024-04-24 09:21:02 UTC	16384	IN	Data Raw: 6a 28 66 75 6e 63 0d 0a 36 34 34 63 0d 0a 74 69 6f 6e 28 29 7b 7a 28 51 2c 7a 29 3b 7d 29 2c 51 5b 27 70 72 6f 6d 69 73 65 27 5d 3b 7d 7d 2c 30 78 31 33 36 31 3a 66 75 6e 63 74 69 6f 6e 28 4c 2c 47 2c 4a 29 7b 76 61 72 20 73 36 3d 61 30 79 2c 62 3d 4a 28 30 78 31 37 65 29 2c 68 3d 4a 28 30 78 37 30 66 29 2c 52 3d 4a 28 30 78 31 64 62 62 29 2c 78 3d 4a 28 30 78 31 65 33 61 29 2c 6b 3d 4a 28 30 78 31 35 64 66 29 2c 57 3d 4a 28 30 78 65 65 37 29 2c 70 3d 4a 28 30 78 31 36 37 62 29 2c 42 3d 4a 28 30 78 37 30 37 29 2c 5a 3d 4f 62 6a 65 63 74 5b 73 36 28 30 78 34 61 65 29 5d 3b 47 5b 27 66 27 5d 3d 62 3f 5a 3a 66 75 6e 63 74 69 6f 6e 28 6a 2c 59 29 7b 69 66 28 6a 3d 6b 28 6a 29 2c 59 3d 57 28 59 29 2c 42 29 74 72 79 7b 72 65 74 75 72 6e 20 5a 28 6a 2c 59 29 3b Data Ascii: j(func644ction(){z(Q,z);}),Q['promise'];}},0x1361:function(L,G,J){var s6=a0y,b=J(0x17e),h=J(0x70f),R=J(0x1dbb),x=J(0x1e3a),k=J(0x15df),W=J(0xee7),p=J(0x167b),B=J(0x707),Z=Object[s6(0x4ae)];G['f']=b?Z:function(j,Y){if(j=k(j),Y=W(Y),B)try{return Z(j,Y);
2024-04-24 09:21:02 UTC	16384	IN	Data Raw: 37 29 3b 4c 5b 4c 42 28 30 78 33 33 62 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 4c 61 3d 4c 42 3b 69 66 28 4c 61 28 30 78 32 66 38 29 3d 3d 3d 27 61 61 4b 69 63 27 29 72 65 74 75 72 6e 20 61 72 67 75 6d 65 6e 74 73 3b 65 6c 73 65 7b 76 61 72 20 68 3d 2b 62 3b 72 65 74 75 72 6e 20 68 21 3d 68 7c 7c 30 78 30 3d 3d 3d 68 3f 30 78 30 3a 4a 28 68 29 3b 7d 7d 3b 7d 2c 30 78 32 30 38 34 3a 66 75 6e 63 74 69 6f 6e 28 4c 2c 47 2c 4a 29 7b 76 61 72 20 4c 5a 3d 61 30 79 2c 62 3d 4a 28 30 78 62 62 64 29 2c 68 3d 4d 61 74 68 5b 4c 5a 28 30 78 33 35 39 29 5d 3b 4c 5b 27 65 78 70 6f 72 74 73 27 5d 3d 66 75 6e 63 74 69 6f 6e 28 75 29 7b 76 61 72 20 52 3d 62 28 75 29 3b 72 65 74 75 72 6e 20 52 3e 30 78 30 3f 68 28 52 2c 30 78 31 66 66 66 66 66 66 66 66 66 Data Ascii: 7);L[LB(0x33b)]=function(b){var La=LB;if(La(0x2f8)==='aaKic')return arguments;else{var h=+b;return h!=h\|\|0x0===h?0x0:J(h);}};},0x2084:function(L,G,J){var LZ=a0y,b=J(0xbbd),h=Math[LZ(0x359)];L['exports']=function(u){var R=b(u);return R>0x0?h(R,0x1fffffffff
2024-04-24 09:21:02 UTC	16384	IN	Data Raw: 73 65 7b 76 61 72 20 4f 30 3d 71 38 28 71 57 2c 71 62 29 3b 4f 30 26 26 64 65 6c 65 74 65 20 71 78 5b 71 63 5d 2c 71 4b 28 71 54 2c 71 56 2c 71 36 29 2c 4f 30 26 26 71 7a 21 3d 3d 71 37 26 26 71 66 28 71 6b 2c 71 6d 2c 4f 30 29 3b 7d 7d 7d 3b 69 66 28 71 70 26 26 28 71 59 3d 28 71 6a 3d 66 75 6e 63 74 69 6f 6e 28 71 6c 29 7b 76 61 72 20 47 67 3d 47 61 3b 71 47 28 74 68 69 73 2c 71 59 29 2c 71 79 28 71 6c 29 2c 71 71 28 71 33 2c 74 68 69 73 29 3b 76 61 72 20 71 66 3d 71 5a 28 74 68 69 73 29 3b 74 72 79 7b 69 66 28 27 50 59 49 43 76 27 3d 3d 3d 47 67 28 30 78 34 61 66 29 29 71 6c 28 71 74 28 71 45 2c 71 66 29 2c 71 74 28 71 44 2c 71 66 29 29 3b 65 6c 73 65 20 72 65 74 75 72 6e 27 5b 6f 62 6a 65 63 74 5c 78 32 30 27 2b 71 75 28 74 68 69 73 29 2b 27 5d 27 3b Data Ascii: se{var O0=q8(qW,qb);O0&&delete qx[qc],qK(qT,qV,q6),O0&&qz!==q7&&qf(qk,qm,O0);}}};if(qp&&(qY=(qj=function(ql){var Gg=Ga;qG(this,qY),qy(ql),qq(q3,this);var qf=qZ(this);try{if('PYICv'===Gg(0x4af))ql(qt(qE,qf),qt(qD,qf));else return'[object\x20'+qu(this)+']';
2024-04-24 09:21:02 UTC	16384	IN	Data Raw: 75 6c 6c 21 3d 3d 43 4d 26 26 43 42 28 43 4d 29 2c 43 4d 3b 7d 69 66 28 6f 6a 28 30 78 35 62 33 29 3d 3d 3d 43 5a 28 43 6a 29 29 72 65 74 75 72 6e 20 43 70 28 43 63 2c 43 6a 2c 43 59 29 3b 74 68 72 6f 77 20 6e 65 77 20 43 6e 28 6f 6a 28 30 78 35 36 65 29 29 3b 7d 3b 7d 65 6c 73 65 20 43 6b 3d 5b 30 78 36 2c 43 57 5d 2c 43 4a 3d 30 78 30 3b 7d 66 69 6e 61 6c 6c 79 7b 43 6f 3d 43 62 3d 30 78 30 3b 7d 69 66 28 30 78 35 26 43 6b 5b 30 78 30 5d 29 74 68 72 6f 77 20 43 6b 5b 30 78 31 5d 3b 72 65 74 75 72 6e 7b 27 76 61 6c 75 65 27 3a 43 6b 5b 30 78 30 5d 3f 43 6b 5b 30 78 31 5d 3a 76 6f 69 64 20 30 78 30 2c 27 64 6f 6e 65 27 3a 21 30 78 30 7d 3b 7d 28 5b 43 52 2c 43 78 5d 29 3b 7d 3b 7d 7d 4f 62 6a 65 63 74 5b 27 63 72 65 61 74 65 27 5d 3b 66 75 6e 63 74 69 6f Data Ascii: ull!==CM&&CB(CM),CM;}if(oj(0x5b3)===CZ(Cj))return Cp(Cc,Cj,CY);throw new Cn(oj(0x56e));};}else Ck=[0x6,CW],CJ=0x0;}finally{Co=Cb=0x0;}if(0x5&Ck[0x0])throw Ck[0x1];return{'value':Ck[0x0]?Ck[0x1]:void 0x0,'done':!0x0};}([CR,Cx]);};}}Object['create'];functio
2024-04-24 09:21:02 UTC	16384	IN	Data Raw: 3b 7d 28 43 75 2c 43 6b 5b 27 67 65 74 43 68 61 6e 6e 65 6c 44 61 74 61 27 5d 28 30 78 30 29 5b 4a 68 28 30 78 34 65 33 29 5d 28 43 75 5b 4a 68 28 30 78 34 64 39 29 5d 2d 30 78 31 29 29 2c 5b 30 78 32 2c 4d 61 74 68 5b 4a 68 28 30 78 34 64 65 29 5d 28 43 57 29 5d 29 3a 5b 30 78 32 2c 2d 30 78 33 5d 3b 7d 7d 29 3b 7d 65 6c 73 65 7b 76 61 72 20 43 70 3d 71 49 28 30 78 31 37 65 29 2c 43 42 3d 43 42 28 30 78 66 33 38 29 2c 43 61 3d 71 41 28 30 78 31 36 63 62 29 2c 43 5a 3d 71 47 28 30 78 38 66 35 29 2c 43 63 3d 43 70 28 30 78 31 35 64 66 29 2c 43 6e 3d 71 54 28 30 78 65 34 61 29 3b 43 6e 5b 27 66 27 5d 3d 43 70 26 26 21 43 42 3f 71 6b 5b 4a 72 28 30 78 34 66 35 29 5d 3a 66 75 6e 63 74 69 6f 6e 28 43 6a 2c 43 59 29 7b 76 61 72 20 4a 57 3d 4a 72 3b 43 5a 28 43 Data Ascii: ;}(Cu,Ck['getChannelData'](0x0)[Jh(0x4e3)](Cu[Jh(0x4d9)]-0x1)),[0x2,Math[Jh(0x4de)](CW)]):[0x2,-0x3];}});}else{var Cp=qI(0x17e),CB=CB(0xf38),Ca=qA(0x16cb),CZ=qG(0x8f5),Cc=Cp(0x15df),Cn=qT(0xe4a);Cn['f']=Cp&&!CB?qk[Jr(0x4f5)]:function(Cj,CY){var JW=Jr;CZ(C

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:03 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 09:21:03 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=250965 Date: Wed, 24 Apr 2024 09:21:03 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:04 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 09:21:04 UTC	531	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Content-Type: application/octet-stream ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0Fz4RYwAAAACZW8dCTzveR7lI76J6Z2l5U0pDRURHRTA1MTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=250957 Date: Wed, 24 Apr 2024 09:21:04 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-24 09:21:04 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:04 UTC	942	OUT	POST /?hzAFM=pnZSvi HTTP/1.1 Host: snyderinvestigationteam.snyderinvestigationteam.us Connection: keep-alive Content-Length: 5557 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://snyderinvestigationteam.snyderinvestigationteam.us Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:21:04 UTC	5557	OUT	Data Raw: 6c 38 71 68 77 33 75 6f 75 3d 25 35 42 25 35 42 25 32 32 33 32 33 39 37 65 36 63 37 37 25 32 32 25 32 43 25 32 32 32 35 33 37 34 34 32 35 33 37 25 32 32 25 32 43 25 32 32 34 32 32 35 33 33 34 34 37 35 25 32 32 25 32 43 25 32 32 37 35 36 34 32 35 33 33 34 35 25 32 32 25 32 43 25 32 32 33 32 37 36 36 39 36 63 32 35 25 32 32 25 32 43 25 32 32 33 37 34 36 36 65 36 37 36 64 25 32 32 25 32 43 25 32 32 36 65 37 37 37 38 36 62 36 36 25 32 32 25 32 43 25 32 32 32 35 33 36 33 30 36 62 33 38 25 32 32 25 32 43 25 32 32 37 39 33 32 33 31 33 39 33 31 25 32 32 25 32 43 25 32 32 33 37 33 37 33 31 33 35 33 35 25 32 32 25 32 43 25 32 32 33 36 33 37 33 32 33 34 33 31 25 32 32 25 32 43 25 32 32 33 32 33 31 33 32 25 32 32 25 35 44 25 32 43 25 32 32 32 31 39 31 37 37 31 35 35 Data Ascii: l8qhw3uou=%5B%5B%2232397e6c77%22%2C%222537442537%22%2C%224225334475%22%2C%227564253345%22%2C%223276696c25%22%2C%2237466e676d%22%2C%226e77786b66%22%2C%222536306b38%22%2C%227932313931%22%2C%223737313535%22%2C%223637323431%22%2C%22323132%22%5D%2C%22219177155
2024-04-24 09:21:05 UTC	444	IN	HTTP/1.1 302 Found Server: nginx Date: Wed, 24 Apr 2024 09:21:05 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close location: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi set-cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; Domain=snyderinvestigationteam.us; HttpOnly; Path=/; SameSite=None; Secure
2024-04-24 09:21:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:05 UTC	921	OUT	GET /?hzAFM=pnZSvi HTTP/1.1 Host: snyderinvestigationteam.snyderinvestigationteam.us Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
2024-04-24 09:21:07 UTC	792	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:07 GMT Content-Type: text/html; charset=utf-8 Content-Length: 55116 Connection: close cache-control: no-store, no-cache pragma: no-cache vary: Accept-Encoding p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: f3a9f385-485f-4675-b5c1-4ab596a40b04 x-ms-ests-server: 2.1.17846.6 - SEC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin content-encoding: gzip access-control-allow-origin: * access-control-allow-headers: *
2024-04-24 09:21:07 UTC	6428	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 bc 7d 7b 5f e2 c8 b6 e8 ff f3 29 94 3b 3f 48 b6 11 01 c1 07 74 86 8d 6f bb 7d b5 a0 ad 32 9c be 21 04 8c 42 82 49 50 7c f0 dd ef 5a ab 1e a9 40 ec 99 33 67 9f 3b bf bd db a4 52 8f 55 ab 56 ad 77 15 5f 96 f7 ce 77 5b b7 17 fb 4b f7 d1 68 f8 c7 6f 5f d8 9f a5 2f f7 8e d5 83 bf 4b 5f 22 37 1a 3a f8 b4 74 e9 f4 dc c0 b1 23 d7 1b e0 87 35 f9 e5 cb c8 89 ac 25 db f7 22 c7 8b cc 4c e4 4c a3 35 ec a7 b6 64 df 5b 41 e8 44 e6 24 ea af 6e 65 60 8c 68 bc ea 3c 4d dc 67 33 b3 cb aa af b6 5e c7 4e 66 2d a5 9b e3 7d d3 e9 0d 9c 64 ab 9b d5 ab c6 ea ae 3f 1a 5b 91 db 1d a6 37 7c 71 7b d1 bd d9 73 9e 5d db 59 a5 17 63 c9 f5 dc c8 b5 86 ab a1 6d 0d 1d b3 98 2f 18 4b 23 6b ea 8e 26 23 5e 54 c2 a2 49 e8 04 f4 6e 41 df e6 ab 13 66 96 3c 6b e4 98 Data Ascii: }{_);?Hto}2!BIP\|Z@3g;RUVw_w[Kho_/K_"7:t#5%"LL5d[AD$ne`h<Mg3^Nf-}d?[7\|q{s]Ycm/K#k&#^TInAf<k
2024-04-24 09:21:07 UTC	16384	IN	Data Raw: 68 62 a9 8f 39 22 1d 4a cc 82 c6 95 0a 2a 71 53 96 2f e6 65 aa e3 3c 9b 36 9d 0b b4 f1 1d 8f 12 90 5e 07 13 c5 77 81 17 e3 b7 cc 28 1c fc f3 e1 29 23 d7 6f 17 3b 6c b0 21 3b 9f 88 39 d4 f8 07 de 96 01 24 4c c6 24 50 7a 04 8a 9a e9 07 4d 42 71 9c af e7 5a 00 c9 bd f6 aa cf 6a b8 5a 5e 4f 43 52 cf 33 f3 d6 ed bf 6a ae ae c4 cb 67 2f c8 10 5e 49 f5 16 29 90 a0 ff 91 2a 17 4b 09 2b c4 cc 72 2d 59 0d cc 4e 4d 4f 3a ac bb 18 06 56 b7 1d b1 2e d5 af 1c c7 c0 e7 32 40 22 53 46 3e 81 5d 70 fd 9a 53 04 29 d6 b8 f2 a0 46 83 54 72 12 f1 2d 57 3a ca db 99 3e 9e 58 94 01 7d 99 24 ab 14 70 92 eb 18 01 19 0c b5 40 30 06 40 43 2d 76 06 29 ce 6d 72 b3 30 ff 0a 33 7a 9d b6 07 86 29 c6 30 da 6e c7 f4 09 9f bf 25 1c 70 b1 b9 60 58 ac 55 68 3e e7 1d f4 fb 08 37 95 0b 46 a8 0b Data Ascii: hb9"JqS/e<6^w()#o;l!;9$L$PzMBqZjZ^OCR3jg/^I)K+r-YNMO:V.2@"SF>]pS)FTr-W:>X}$p@0@C-v)mr03z)0n%p`XUh>7F
2024-04-24 09:21:08 UTC	16384	IN	Data Raw: a5 36 f8 66 e2 ea 53 ce c2 a9 f9 8c 47 4a 99 36 36 1e ba 78 6c 15 1d 20 ae 04 c3 5e 90 18 3b 30 8e 48 56 38 65 c9 0a 77 98 38 99 9e ac d0 e4 ad fa 71 2b 78 e1 ba 15 68 43 6f 50 a3 7e ad 35 29 59 e1 14 2f 76 9c e1 65 65 ca 89 88 38 5b b3 af b8 7c 8e 16 02 5f 77 47 30 84 61 83 a1 c0 44 26 31 22 0b a5 1e ae ef 68 ee 7e 9a 24 c3 b5 13 fc f6 4d 61 b7 80 df 1d ab 87 5e 05 ce 6b f0 11 93 76 a2 60 62 e3 e1 01 bd 66 9b a7 80 d3 6b c9 7f d9 c8 48 fa 60 03 d9 89 42 d4 8d e9 c8 3d 25 b0 c5 68 26 33 38 2d 4d 82 1d c2 1f c5 b9 ce 65 f5 72 01 55 32 85 22 23 22 76 bb 9d 72 5d df da 94 7a 7f 69 ab 22 23 48 8e f4 c0 59 fd ae 70 c0 61 46 8f 50 f9 29 17 e2 d2 bc 0b b9 2a 75 62 e6 d8 99 89 1c 48 84 43 8d ca 4b e5 9e 9e 88 0a a1 f6 ad 04 74 0e a4 fb f2 4b 6e e5 64 25 f7 47 6e Data Ascii: 6fSGJ66xl ^;0HV8ew8q+xhCoP~5)Y/vee8[\|_wG0aD&1"h~$Ma^kv`bfkH`B=%h&38-MerU2"#"vr]zi"#HYpaFP)*ubHCKtKnd%Gn
2024-04-24 09:21:08 UTC	15920	IN	Data Raw: f6 63 9a dd 3b d9 1b 68 63 6a 11 f8 32 50 0c 84 62 65 a5 14 ce 6b ba a8 cb 29 c4 72 8f 0b 9c f9 13 65 bf 48 e3 3a 28 96 8d dd 8f 48 14 9e e1 fa 65 a7 83 14 92 16 0f dc 07 9b 61 79 34 34 fa 3d 73 7b 15 74 0b ff 67 cc 37 0c 35 a9 84 3d 1c ff 7b c5 98 40 bb 69 25 4e 39 8d d8 09 c1 c2 52 49 74 20 a0 91 52 99 19 3e 9b e5 da 8e 1c ef cf 62 3f 89 35 70 8c 98 92 12 e1 4c 24 25 ce 05 6a 81 9b be 01 d4 25 70 83 81 3d 99 4a 11 e0 0e 9e cc 60 ac e7 2b b2 1f 34 b7 f8 69 cf 51 30 fe 44 ec e2 14 85 7c d4 2a 36 f3 48 e7 29 1f bd 1f 1f 9c bf d7 b7 47 bf 6d 6b a2 a3 ba f7 86 99 98 3d eb 8a 13 93 ce 03 e3 b6 5b 0d da 65 31 ae 84 4d a9 9c 8e aa f0 03 8d 4f ac 0e a9 21 7d f5 87 7b 15 4b e3 89 de 2a c3 ec 32 95 f5 9b 3f 7c a5 43 fa 8d b6 fb 90 4e e9 9f af f7 8d 96 3e a5 d1 ac Data Ascii: c;hcj2Pbek)reH:(Heay44=s{tg75={@i%N9RIt R>b?5pL$%j%p=J`+4iQ0D\|6H)Gmk=[e1MO!}{K2?\|CN>

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:09 UTC	709	OUT	GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1 Host: c5f200cd-1260ad3a.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://snyderinvestigationteam.snyderinvestigationteam.us sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:21:11 UTC	806	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:10 GMT Content-Type: application/x-javascript Content-Length: 49660 Connection: close cache-control: public, max-age=31536000 last-modified: Tue, 26 Mar 2024 18:07:05 GMT etag: 0x8DC4DBF8B990C6B x-ms-request-id: b14ecb33-c01e-0046-43ae-92cc83000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding access-control-allow-origin: * x-azure-ref: 20240424T092110Z-1679546b657kw4bl08v08tgc3800000006m000000000ufux x-fd-int-roxy-purgeid: 0 x-cache: TCP_HIT accept-ranges: bytes content-encoding: gzip
2024-04-24 09:21:11 UTC	6414	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd eb 5b e3 38 d2 38 fa fd fd 2b 82 77 0f 13 4f 8c c9 05 68 70 da cd 2f 0d 74 37 33 40 18 02 73 59 60 79 9c 58 01 4f 07 3b 6b 3b 5c 06 72 fe f6 53 17 c9 96 1d 87 ee d9 f7 3c e7 cb 99 4b b0 a5 92 2c 95 aa 4a 55 a5 92 b4 fe e3 ca ff d4 7e ac ad 7d ff 3f b5 c1 79 ef ec bc d6 ff 54 3b ff 72 78 b6 5f 3b 85 b7 3f 6a 27 fd f3 c3 bd 83 ef af 07 3f 8a ff 9f df 05 49 6d 1c 4c 44 0d fe 0e bd 44 f8 b5 28 ac 45 71 2d 08 47 51 3c 8d 62 2f 15 49 ed 1e 7e e3 c0 9b d4 c6 71 74 5f 4b ef 44 6d 1a 47 7f 8a 51 9a d4 26 41 92 42 a1 a1 98 44 8f b5 3a 54 17 fb b5 53 2f 4e 9f 6b 87 a7 a6 0d f5 0b a8 2d b8 0d 42 28 3d 8a a6 cf f0 7c 97 d6 c2 28 0d 46 a2 e6 85 3e d5 36 81 97 30 11 b5 59 e8 8b b8 f6 78 17 8c ee 6a c7 c1 28 8e 92 68 9c d6 62 31 12 c1 Data Ascii: [88+wOhp/t73@sY`yXO;k;\rS<K,JU~}?yT;rx_;?j'?ImLDD(Eq-GQ<b/I~qt_KDmGQ&ABD:TS/Nk-B(=\|(F>60Yxj(hb1
2024-04-24 09:21:11 UTC	16384	IN	Data Raw: 8b 92 2a b8 d1 82 46 0b 84 e8 2a 48 3d 17 0c 44 87 2a 8d 56 57 a9 ce 60 b1 b6 c8 b4 d2 37 6a 8b 96 d5 26 9b fa f7 ab c3 f6 ab 0a ff 46 47 e4 84 f7 c2 b1 1e bd d0 3f f5 d2 3b 27 b4 68 37 8f 93 5a e3 d8 bb a5 61 8b e7 0b 61 83 79 b8 50 a1 34 86 01 e6 11 00 54 11 f6 a8 e1 c2 f0 34 66 1c 25 20 d3 f3 76 c0 fc aa 3e 25 81 ff a1 01 ab 2c 0d 3e 04 96 64 6d 89 a5 09 91 d1 a9 17 c3 34 0b ba e9 e1 f8 24 4a 0f 9e 82 52 18 08 b7 f7 49 46 46 ca d8 e4 49 34 92 2e 03 b0 c4 33 3b 33 0f 7d 0c 65 5b f5 fd 5e 29 06 28 3c 21 73 e7 5f 92 7a 11 c6 aa 09 d5 b8 ca 08 17 f5 7d b1 38 50 61 d6 c3 2c ec 86 bf ee ca bf 32 94 54 b5 2d b6 4a db 4e 24 18 ad cf bc be 12 9b 41 7b 9e b2 48 3a ab d0 e4 85 a0 a9 d4 4d 69 f8 58 df c8 1b da 2d fa 38 66 76 29 5a b3 1e 6b cd 0b 71 ef 28 86 66 ca Data Ascii: FH=D*VW`7j&FG?;'h7ZaayP4T4f% v>%,>dm4$JRIFFI4.3;3}e[^)(<!s_z}8Pa,2T-JN$A{H:MiX-8fv)Zkq(f
2024-04-24 09:21:11 UTC	16384	IN	Data Raw: 65 34 29 ce c3 d8 c5 7a 6c 85 bb 42 1e 25 65 3a c5 30 51 e9 69 8c ed 0b 54 5c 23 5c 37 be 1b a2 5b e2 6e c8 cb cb f9 22 cb 2f 1e a6 ff e2 21 bf 30 3c 0c 15 3f b8 a8 ce f3 23 6b d6 78 28 81 e2 05 8d 7b 16 05 8b 6a b3 4b 46 6c 98 77 c2 94 db 88 3f 0f d5 c0 fe e6 51 48 02 cb 71 ad 5c 28 21 71 97 38 3d 5c e0 76 d1 6c 91 08 b9 19 bd a1 4f 40 21 5d dd 2d 0d da 8f 8b 5b 7a bb a8 b3 c5 44 79 a0 d0 f3 d6 68 c9 d9 58 0e 78 ab 4e 7e c5 68 58 b5 7c 40 94 30 9a 5b fb 55 01 33 9c 1d 41 17 30 02 7e 6e 7d 2e 54 d1 68 64 a5 67 45 5a e0 c3 d2 e8 18 19 cb cb 0f 4d c3 78 c4 c4 ec e2 6e 6e 40 3d fe c1 cd fa 65 24 5b 15 69 6e c0 76 eb c8 15 85 79 0b 48 dc 43 a6 07 b5 2a 02 54 26 30 f9 47 58 e7 68 17 7f ea a6 93 d4 e5 36 4d 81 14 e6 e1 d1 5d c9 b0 8e c7 db 74 81 cf dc 10 0b 0b Data Ascii: e4)zlB%e:0QiT\#\7[n"/!0<?#kx({jKFlw?QHq\(!q8=\vlO@!]-[zDyhXxN~hX\|@0[U3A0~n}.ThdgEZMxnn@=e$[invyHC*T&0GXh6M]t
2024-04-24 09:21:11 UTC	10478	IN	Data Raw: 72 cf 68 92 92 c4 48 0f 4e a0 e3 3c 8e e8 c7 64 c5 7f 82 85 4b 3f 48 aa be f4 4b be 41 bf bc e1 7e 10 d1 7f a9 6a c3 02 6d 8e f1 cf 19 fe 49 c3 25 7d e9 7c 9c de de 46 63 ef 3c 9c d3 f0 53 15 bb fb 3e 6d 85 73 fa 80 dc c0 37 62 69 e8 e2 78 a1 3a 79 12 ae 89 df ad 56 65 50 f9 82 4f 92 1d ef ee 46 80 8b a1 a9 40 fe 2f a4 4c 52 95 50 0d 54 ef e4 6c 7b 25 85 aa 24 a1 4a 52 5d 49 0a e3 3e 55 ea d3 3d 3f a7 c9 85 b3 ea ed ed 42 25 1b 53 af d2 9a ad 22 66 37 4c 43 a2 93 8d 0d d2 85 c5 eb 9e 11 43 49 db 3b 26 5a f3 4b 7a 99 56 88 7e 2f e1 04 fa d5 d2 f3 17 23 b8 0c 17 ec 7e dd c1 54 6b 58 1b 8b d0 99 e6 f9 22 89 ec b4 57 93 75 b3 da a0 d8 00 54 66 bd f1 2b 38 86 d0 50 8b 79 16 a9 63 54 84 89 81 17 60 31 8c 18 8f 18 27 12 91 55 06 66 8d e1 65 cf 38 72 99 75 4b 17 Data Ascii: rhHN<dK?HKA~jmI%}\|Fc<S>ms7bix:yVePOF@/LRPTl{%$JR]I>U=?B%S"f7LCCI;&ZKzV~/#~TkX"WuTf+8PycT`1'Ufe8ruK

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:12 UTC	716	OUT	GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1 Host: snyderinvestigationteam.snyderinvestigationteam.us Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://snyderinvestigationteam.snyderinvestigationteam.us Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ==" Sec-WebSocket-Key: CJ6WroGc/Dcwe2m9UJMHPg== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2024-04-24 09:21:13 UTC	755	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 24 Apr 2024 09:21:13 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: private p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: d4d95ffe-b8d6-429b-ae18-b5a7add22200 x-ms-ests-server: 2.1.17910.10 - NEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin access-control-allow-origin: * access-control-allow-headers: *
2024-04-24 09:21:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:12 UTC	953	OUT	GET /?hzAFM=pnZSvi&sso_reload=true HTTP/1.1 Host: snyderinvestigationteam.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2024-04-24 09:21:14 UTC	796	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:14 GMT Content-Type: text/html; charset=utf-8 Content-Length: 61143 Connection: close cache-control: no-store, no-cache pragma: no-cache vary: Accept-Encoding p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: e001497e-5509-465c-8c37-6d65b2b14100 x-ms-ests-server: 2.1.17910.10 - NEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin content-encoding: gzip access-control-allow-origin: * access-control-allow-headers: *
2024-04-24 09:21:14 UTC	15588	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ec bd 59 77 ea c8 b2 30 f8 5e bf 02 b3 ea da e8 5a 66 33 19 db b0 55 3e 18 4f 6c 1b 4f e0 f9 7a 79 09 29 01 d9 20 61 49 18 e3 6d 78 eb 5f d2 0f bd ee 43 bf f5 3f 38 7f ac 23 22 33 35 00 de b5 ab 4e 9d db df d7 ab 6a 9d b3 2d a5 72 88 8c 8c 39 23 93 af 4b bb a7 d5 e6 ed d9 5e a2 eb f7 7b bf fd f2 15 ff 24 8c 9e ee 79 5a 32 99 30 2d 57 4b f6 7c 37 99 e8 e9 76 47 4b 32 3b f9 db 2f 89 af 5d a6 9b f0 37 f1 d5 b7 fc 1e c3 a7 44 c3 ea d8 09 cb 4e f8 4e 62 ec 0c dd 84 6e 18 ce d0 f6 b1 d2 97 a0 d6 d7 3e f3 f5 84 e1 d8 3e b3 7d 2d e9 b3 37 ff 0b 0e 58 4e 18 5d dd f5 98 af 0d fd f6 da 66 12 80 f1 07 6b ec 65 68 bd 6a c9 2a af be d6 1c 0f 58 f2 cb 82 6e 6a 7b 1a 33 3b 2c de ea 66 ed b2 b2 56 75 fa 03 dd b7 5a bd c5 0d 47 96 e9 77 35 93 Data Ascii: Yw0^Zf3U>OlOzy) aImx_C?8#"35Nj-r9#K^{$yZ20-WK\|7vGK2;/]7DNNbn>>}-7XN]fkehj*Xnj{3;,fVuZGw5
2024-04-24 09:21:14 UTC	14460	IN	Data Raw: 19 2c 82 c2 11 eb ce 4e 30 04 20 26 f8 c5 3d 51 33 9c 19 5c 04 44 bb ae 71 56 74 89 11 2c db e8 0d 4d e6 d1 85 34 b1 71 82 e9 fc c4 38 b3 9c 3f 3b 52 90 77 82 b6 83 52 72 b7 ef 5d f0 67 81 3c e2 43 72 56 fb f9 d9 d1 06 f2 22 a9 53 9a 9f ea 40 1c 0e 8a 0e c8 c7 9b a7 97 79 76 64 d8 01 6e f0 c6 e3 77 3e a2 30 06 b6 58 7b 18 66 af 7e d6 bc 05 05 ed 52 82 81 af 84 62 14 bb f1 71 c3 d1 e4 95 42 15 f3 1a 75 36 a2 03 01 ed d1 06 1a 75 91 b4 c8 07 06 0d 28 66 a0 f0 17 58 31 f1 14 11 f6 11 3b 74 8c bd a3 de dc 06 a1 50 8a d5 12 db b3 2d ed bb 63 5f da fc 6a 47 6e 93 f0 24 5d c7 6e f8 ce 60 c0 cc 13 07 7f bd 88 27 d9 f2 4f c2 b0 92 e1 85 a1 c7 76 19 18 35 06 de 64 dd 00 bb 0f b8 d5 76 86 5e 98 51 81 e9 43 a0 d4 62 15 4f 40 50 51 8a 39 38 fc 4b d9 89 3a d2 be 87 07 Data Ascii: ,N0 &=Q3\DqVt,M4q8?;RwRr]g<CrV"S@yvdnw>0X{f~RbqBu6u(fX1;tP-c_jGn$]n`'Ov5dv^QCbO@PQ98K:
2024-04-24 09:21:15 UTC	16384	IN	Data Raw: 01 7c 77 40 d4 ac 45 e0 49 39 a5 e8 39 db 55 ba ac ba a0 f2 16 1f 01 64 5c 92 bf 83 0e ff 40 9f 3f b7 ee 55 dc ba be 4b a6 0a 58 d4 2b d5 2b 51 dd af 5d 95 06 16 cf d5 26 a9 e3 d8 e3 a4 aa 80 83 a3 2b a2 61 6d ce 1c b3 32 72 27 7e 9b b2 c3 6d d3 df 37 80 c3 36 93 b9 f2 99 a1 68 7f 5e 97 3d aa 82 d9 57 31 f1 09 20 82 ff 6f 4a 75 51 bc c6 bf 1a 61 1c 28 38 05 12 9b be 17 f5 df c1 29 ee 72 7d 91 4b a1 92 5c 66 e3 7f 04 8f 80 4b 16 e1 11 7b 7d d5 42 fc f9 6e f5 ba 4d 47 9e dc e1 33 39 cf ab 01 25 80 8e f1 37 7a 1d c1 f4 30 c7 0b fd ce f5 06 a4 93 1a cb 4f 72 9a d9 b1 cc c0 a7 01 42 e2 ab 88 e5 30 af ff 41 10 fc 4e 80 79 ef 80 dc e1 55 51 98 56 10 c6 51 82 c6 69 02 86 31 49 d8 ab 38 32 72 cc 0e 3b 87 6a bd 57 56 a6 ab ab d3 c8 26 3a 70 b2 4a a7 2c c3 6e 76 3f Data Ascii: \|w@EI99Ud\@?UKX++Q]&+am2r'~m76h^=W1 oJuQa(8)r}K\fK{}BnMG39%7z0OrB0ANyUQVQi1I82r;jWV&:pJ,nv?
2024-04-24 09:21:15 UTC	14711	IN	Data Raw: b2 72 10 9a 5d a8 85 b1 b1 ce a5 9b a6 cb 17 35 cb f2 a0 15 7b bd 2c 9a cc e6 bc 45 ca 31 17 07 3f 57 23 73 f1 34 48 01 59 27 d0 5b 8c 7f e2 be 50 04 17 ec eb eb 33 7a a6 28 95 28 86 95 88 e7 cc e8 99 6e 36 c5 4a 0f e6 ad e7 25 3d 0d 1b e4 69 68 b5 cb 88 a2 c1 05 5a 57 7f 22 15 48 57 bf f8 1e 23 67 64 9c a4 ab 37 af 58 18 31 ec 7e 22 f0 f2 26 e9 ee c6 33 df a4 db 35 f4 b3 ac 20 46 46 08 3c dd 61 82 39 0e 2d ba a5 a4 8f 27 89 6d f0 f9 53 e0 eb 7c 59 b9 3e 32 29 f1 9d 4f 81 5a e7 41 7c 97 8c 29 d3 d2 c8 93 f7 4b 81 a5 d9 42 20 af 3f 65 af 3a 30 2a 23 69 60 74 91 8f d1 36 3f f9 cf 1e 3a 27 9d 57 e8 05 7e 53 8a f7 a2 59 47 86 02 80 f8 13 43 8f a0 b0 fc 61 25 ca 46 84 9b 58 5b 4e d2 a0 56 57 fb f2 5d ca 6f 91 40 3f 8f 37 e4 6a e2 67 cb f9 8a d3 41 3f 5d d3 fd Data Ascii: r]5{,E1?W#s4HY'[P3z((n6J%=ihZW"HW#gd7X1~"&35 FF<a9-'mS\|Y>2)OZA\|)KB ?e:0*#i`t6?:'W~SYGCa%FX[NVW]o@?7jgA?]

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:12 UTC	830	OUT	GET /favicon.ico HTTP/1.1 Host: snyderinvestigationteam.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2024-04-24 09:21:13 UTC	754	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 24 Apr 2024 09:21:13 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: private p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 712df4f1-e7b5-4715-bcfd-102224f47e00 x-ms-ests-server: 2.1.17846.6 - WEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin access-control-allow-origin: * access-control-allow-headers: *
2024-04-24 09:21:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:15 UTC	474	OUT	OPTIONS /api/report?catId=GW+estsfd+ams2 HTTP/1.1 Host: 5b3322f3-1260ad3a.snyderinvestigationteam.us Connection: keep-alive Origin: https://snyderinvestigationteam.snyderinvestigationteam.us Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:21:16 UTC	336	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:15 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding access-control-allow-headers: content-type access-control-allow-credentials: false access-control-allow-methods: , GET, OPTIONS, POST access-control-allow-origin:
2024-04-24 09:21:16 UTC	12	IN	Data Raw: 37 0d 0a 4f 50 54 49 4f 4e 53 0d 0a Data Ascii: 7OPTIONS
2024-04-24 09:21:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:15 UTC	711	OUT	GET /shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js HTTP/1.1 Host: d156bbbb-1260ad3a.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://snyderinvestigationteam.snyderinvestigationteam.us sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:21:18 UTC	746	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:18 GMT Content-Type: application/x-javascript Content-Length: 121286 Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 1591523 cache-control: public, max-age=31536000 etag: 0x8DC55179E1E3E92 last-modified: Fri, 05 Apr 2024 02:25:10 GMT vary: Accept-Encoding x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: dc7a320d-701e-00c0-5eaf-87de62000000 x-ms-version: 2009-09-19 content-encoding: gzip
2024-04-24 09:21:18 UTC	13688	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd fb 7b e3 38 8e 00 f8 fb fd 15 8e 66 2e 63 77 14 97 e5 57 6c a5 d5 59 e7 55 95 ed 24 ce c4 49 77 ef a6 32 f9 64 89 76 d4 91 25 af 24 e7 31 8e f7 6f 3f 00 24 25 4a 96 53 55 b3 7b 77 df 7d d7 bb 53 b1 48 f0 05 82 20 00 82 e0 a7 9f b6 fe 8f ca 4f 95 dd ef ff af 32 ba 19 5c df 54 86 a7 95 9b 2f 67 d7 c7 95 2b f8 fa 8f ca e5 f0 e6 ec e8 e4 fb eb c1 46 f1 7f 37 8f 5e 5c 99 78 3e ab c0 df b1 1d 33 b7 12 06 95 30 aa 78 81 13 46 f3 30 b2 13 16 57 66 f0 6f e4 d9 7e 65 12 85 b3 4a f2 c8 2a f3 28 fc 93 39 49 5c f1 bd 38 81 42 63 e6 87 2f 95 2a 54 17 b9 95 2b 3b 4a de 2a 67 57 b5 3a d4 cf a0 36 6f ea 05 50 da 09 e7 6f f0 fb 31 a9 04 61 e2 39 ac 62 07 2e d5 e6 c3 47 10 b3 ca 22 70 59 54 79 79 f4 9c c7 ca 85 e7 44 61 1c 4e 92 4a c4 1c Data Ascii: {8f.cwWlYU$Iw2dv%$1o?$%JSU{w}SH O2\T/g+F7^\x>30xF0Wfo~eJ(9I\8Bc/T+;J*gW:6oPo1a9b.G"pYTyyDaNJ
2024-04-24 09:21:18 UTC	16384	IN	Data Raw: f6 47 3f 3f ee 8f a4 01 ed c8 6a a0 f7 c7 81 a6 99 a3 f4 4d 39 00 7c c1 73 a0 54 8d 18 fd f4 ac 57 47 a0 4b fc 04 95 be e6 87 00 9d b7 78 ef 91 96 8f f4 17 7d bc be f8 5e c9 92 b7 9f b5 fb 66 b1 1d b5 41 1c ea d6 c3 dd db 7d 6d 1c 31 fb 69 3f 9d fc 37 24 0d d0 c9 d3 17 97 9f 0a 2b 8d 23 0f db 0e ca 5a 7e 42 1b 89 17 1f a5 db c5 6f f4 5c 5c c9 be 75 52 2f ec 29 d2 9f 87 38 ed a6 89 dd e0 d6 f8 a6 52 07 ba bc 6a b4 5d e7 d7 ca fa 11 1d 1a f3 30 27 53 a9 62 c6 97 15 23 ea a2 05 b6 73 52 cf 6f 88 a8 50 25 e1 ed cd 91 c4 e6 aa c4 dd 93 b3 71 e1 cc 88 fc 7a ed c0 0c df b0 00 d6 ed 65 a7 22 fb 5b 85 1e 06 5c 31 c7 a7 9d 33 47 9b 58 bc b9 6e 45 f2 80 9f bc 6d aa 77 ff a8 dc ef d4 3e d1 dc 3a b4 56 53 17 0a 07 a4 58 10 bd 4b 9c 3f bd ba 74 f3 4c 6b 23 27 d6 df d9 Data Ascii: G??jM9\|sTWGKx}^fA}m1i?7$+#Z~Bo\\uR/)8Rj]0'Sb#sRoP%qze"[\13GXnEmw>:VSXK?tLk#'
2024-04-24 09:21:18 UTC	16384	IN	Data Raw: ef 7a d8 08 23 e4 3a 10 4a fa b1 c6 8b d3 7e 8d 17 a7 c3 62 76 2a ad b0 ac 7e 4d fe 65 1e 04 0a 42 00 2f e2 e6 5c af fb 71 71 f1 a3 3b 45 83 1e 17 28 c1 05 2b 13 8d 11 e1 9f 7d f8 0f 8a 8c c9 4a 0b 55 c3 29 2e 4f c1 ce 79 eb 92 18 e0 46 ef 77 13 4e 4b 1f 9d 7b 8d 5c 00 2a da 8d 13 57 6e 67 da df 62 d1 5a db d1 27 bf 73 08 7d 21 42 66 f6 55 74 76 2a 8d 02 7f 83 a6 69 b4 85 2f 5c 18 ee 58 f6 8b ac b0 7d 6d 87 ad 3b 66 b7 47 3b a3 34 13 ca 93 8e 35 88 a8 07 17 1d 86 b0 8f 37 c5 cf e7 0c e1 40 05 50 2f ba 86 87 c0 f2 5e fc a1 5a 04 17 73 71 d1 2e 86 5f 0f 38 13 96 5b ca 73 00 dd 21 75 e2 bf 76 8d a2 50 ea 01 3d 65 93 f2 a0 72 f0 78 e3 c9 4b 65 14 7c 3f b7 4d 3c 02 0b d0 7d 52 ef 06 0b aa 61 af 06 b8 26 4d 20 de 3c a7 74 a0 9d 98 59 56 bf 7c d8 47 40 2b 1b 23 Data Ascii: z#:J~bv~MeB/\qq;E(+}JU).OyFwNK{\WngbZ's}!BfUtv*i/\X}m;fG;457@P/^Zsq._8[s!uvP=erxKe\|?M<}Ra&M <tYV\|G@+#
2024-04-24 09:21:18 UTC	16384	IN	Data Raw: 86 a1 92 c3 c4 ad 5e 57 af 10 2d c5 fa 8e 48 6d a6 58 0b 74 51 5e 7c 16 9d 23 86 62 0c de 4d 14 23 11 3f 13 15 e3 94 5c 2a b0 35 93 a6 3d 61 d3 73 e4 d7 6b 67 c4 b4 ed 96 8e 8f 29 b9 57 44 48 b3 93 6a 79 0e 49 a8 60 e8 ee 42 fe f8 88 02 27 01 07 bc e0 0f e2 6e bb d1 59 24 4b c3 1e 52 01 54 e3 49 cf 51 bc c3 53 45 3a 66 71 11 c3 1c b2 9c 37 a2 7c af e3 75 66 05 9b f8 32 f8 17 5f db 16 c6 ca d9 c2 7f 5e 92 7a 49 2a 93 e8 4b e9 6d fc 11 95 0e 6e 3d cb 2e 2f 13 22 a3 11 da 50 1b 3c 4c 5d 07 f1 40 3a 93 4a 1e 35 f3 ef 7b 35 b7 23 d2 b7 23 82 e9 33 12 01 33 ca 01 db 02 c0 ab e5 67 c5 89 40 8e ed 84 cc ca 6b 89 dd e3 60 1a bc b3 70 ba e8 4c 98 7b e8 26 e4 bb cd 4e cc e7 92 ab ff 44 3a 95 54 a9 66 7e 21 59 b4 7a 66 39 2f c5 7d d4 c8 23 49 da eb 51 49 21 2f a6 75 Data Ascii: ^W-HmXtQ^\|#bM#?\5=askg)WDHjyI`B'nY$KRTIQSE:fq7\|uf2_^zIKmn=./"P<L]@:J5{5##33g@k`pL{&ND:Tf~!Yzf9/}#IQI!/u
2024-04-24 09:21:18 UTC	16384	IN	Data Raw: ce 0a 76 7c eb 31 ba 08 ca 62 11 96 2e 7f 41 04 83 c6 56 28 2c 60 98 b2 ad e0 4a cb 7a a5 26 3c 16 6b 93 3c 29 6d 30 22 0e 22 7a e6 6c 14 88 5a d0 ba 2f ec 24 84 c1 54 f5 fb 48 ec 66 d2 31 40 0a 18 5c 5c 54 c5 45 74 33 ae b2 b2 a6 92 1a db db d7 c8 de 06 b7 a5 ab 9c 5a b3 c0 c2 fb 80 d8 91 a4 6a 6d e9 01 55 eb 19 32 e7 54 f9 41 7e ab b5 8c d4 5c cf f1 d3 2f 90 39 da f5 1b 99 ca 43 f7 c2 7d e9 9e 21 8d dc c6 c7 c9 37 9e ca 4f 33 5a 37 00 ec 1f cb 6f 42 fa cf 3b 93 6c 6c 1f 9f 9f d3 e3 20 44 41 87 33 ca 21 a1 dc c7 67 f4 f3 19 fd 7c f6 70 f6 af ef cf bf f1 bc 91 f7 0d 55 e4 b5 ab 71 cf 9c 67 e7 9e ca 7f f3 cd c8 fb f8 97 17 97 29 f2 dc d9 89 74 3e 8e b9 a4 29 a3 13 e1 bc b8 d4 c6 ef cf 93 8e 28 91 f5 ed 6f de 29 0f 0f 59 7b c3 35 0e 4d 1b 14 f1 3a 1e 1c 4c Data Ascii: v\|1b.AV(,`Jz&<k<)m0""zlZ/$THf1@\\TEt3ZjmU2TA~\/9C}!7O3Z7oB;ll DA3!g\|pUqg)t>)(o)Y{5M:L
2024-04-24 09:21:19 UTC	16384	IN	Data Raw: 85 2b db 68 4f f4 b5 0a 76 6e b6 ba a2 7c f7 02 8f ab 5d 5e b0 15 ce 26 95 4e 0d 4c 43 ff 1e 6a ef 6c a8 14 9f 87 bd 9a 05 a1 c4 2a ef 52 9e 33 c2 0f 22 b2 f1 aa 1b 4f 9f cf fa 38 98 3c b0 f6 ab 33 e0 c6 e4 9f e7 27 83 83 30 18 d3 ab fa 21 a4 07 bb f3 3d 52 af ea 87 98 1e 9c f6 f7 c8 52 af ea 07 5b 3f a8 3b 37 22 e7 72 79 d3 30 5b e6 e0 2e 5b fb 7a 58 9b 56 56 e9 d2 dc e1 ba 98 94 c3 9c fc 84 75 15 e2 11 fa b6 92 01 26 bb 28 17 7b 19 18 ff de 59 29 2e 66 72 ef de e0 be bc 3f b8 47 d7 9b 12 59 40 95 23 c7 da 74 f0 fd f3 27 3f 7e f7 54 1d 95 7f f6 fc c7 1f 9e 0c c6 85 39 20 96 93 55 c0 26 6f e5 87 6a ba 4e ff 5a ee a8 af c3 1c ca 31 33 9a b2 4a 32 27 7f 55 d7 88 4d d9 98 ae 31 9b 86 fe fa 5c 2f 0b 81 a7 df 1f 40 89 81 5a bb 78 00 0d e4 44 56 0f 96 c9 1b 2b Data Ascii: +hOvn\|]^&NLCjl*R3"O8<3'0!=RR[?;7"ry0[.[zXVVu&({Y).fr?GY@#t'?~T9 U&ojNZ13J2'UM1\/@ZxDV+
2024-04-24 09:21:19 UTC	16384	IN	Data Raw: 9a 5f ab 2d 61 e9 9f cd cb b3 47 40 96 83 16 ca 5c 83 e0 32 35 b8 47 27 73 a9 f4 5f 7d 8c b1 7e 9b b0 ce 6b 43 86 cb 06 5a 48 44 dc a9 99 4b 9d 4f fc 5b 0a ee 98 77 90 66 a5 52 0b 2d ea fc e2 fb a9 aa 64 18 d5 c0 d4 ae eb 3c 40 a5 4d ed b5 bf 2d bf 76 d0 94 48 00 b6 09 5a 27 1d b2 83 a0 86 90 44 ae f2 8b ec 9b b2 0d 19 3d 9a cd ca f7 7f 9d b3 0f cf 2f 16 df d1 c7 6f cb 5f f7 ee de 55 18 f2 5d 5d 18 54 74 42 5e 8a e1 88 66 6a c9 a2 36 cd 57 4f d5 b5 e1 a9 01 10 4f 3b af 4b 7c cb 00 7a 3d 22 f3 6e b0 a7 14 9e e6 39 65 f3 4d f4 47 74 37 e7 a7 79 71 b2 cf a0 53 b4 44 82 42 9c ef 58 2a 67 07 74 ee ee f5 2f f7 7e 7e 96 1c bf 7a 99 18 d8 5e c9 5f c1 56 de 2c 47 76 bd 25 58 19 35 19 e1 1a 35 c0 22 d7 97 f3 5a e2 8c ae cf eb 15 66 9a 5c 7a 99 02 fd cb 2b 95 25 e8 Data Ascii: _-aG@\25G's_}~kCZHDKO[wfR-d<@M-vHZ'D=/o_U]]TtB^fj6WOO;K\|z="n9eMGt7yqSDBX*gt/~~z^_V,Gv%X55"Zf\z+%
2024-04-24 09:21:19 UTC	9294	IN	Data Raw: bc 0a d8 df 6e ff 1e ae 03 92 7c d7 14 b5 b7 81 97 96 0e f9 65 c9 a5 72 1d 52 5a 0e 5a 34 c5 29 ae 31 31 80 8d dd 69 62 4f 8f 03 6d 59 7a 20 f1 1c 0d 23 9f d6 f8 db ed ed 8e 41 2f 5a 56 78 48 f9 fe 24 8f 83 23 01 34 a5 41 c7 62 15 4c d3 08 9e cb 30 4d dd d2 03 09 a6 e9 12 af 51 56 61 9a fa f0 94 ea bb c9 45 32 25 f9 57 84 95 b6 84 c8 e4 d7 b7 e8 68 a5 df b7 b7 dd 6e a9 b7 fa 9d 4c 76 25 b3 32 de 1e bd d1 a9 18 27 08 ee a0 70 bd 8f 01 68 77 41 7a 19 94 93 bd 32 6c f3 7f 8a 57 c6 bd 2f 5a ca 0e 67 e5 ad a7 41 d6 53 d0 44 79 f1 31 e3 57 07 b5 94 c2 61 4d c4 fb c9 ab 36 b8 ad 15 3e 80 cc f3 4f a6 34 dc 35 f0 f9 f3 2c 9e 3d a7 d7 04 4b fb ac 2a b6 c4 8f 6f 5f 50 4d fa 0c d4 90 0c cd ae ac de 87 4a b5 d5 7b ba ac 74 b3 7d ba 4e 84 0a cb d9 7e 5d e6 68 f0 8d 28 Data Ascii: n\|erRZZ4)11ibOmYz #A/ZVxH$#4AbL0MQVaE2%WhnLv%2'phwAz2lW/ZgASDy1WaM6>O45,=K*o_PMJ{t}N~]h(

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:15 UTC	734	OUT	GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1 Host: d156bbbb-1260ad3a.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://snyderinvestigationteam.snyderinvestigationteam.us sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:21:17 UTC	729	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:17 GMT Content-Type: text/css Content-Length: 20314 Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 2694009 cache-control: public, max-age=31536000 etag: 0x8DC070858CA028D last-modified: Wed, 27 Dec 2023 18:19:21 GMT vary: Accept-Encoding x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 60f65dc4-b01e-0030-23a8-7d7b37000000 x-ms-version: 2009-09-19 content-encoding: gzip
2024-04-24 09:21:17 UTC	15650	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d 6b 73 e3 36 b2 e8 f7 f9 15 5c a7 52 3b ce 4a 8c 48 3d 2d 57 52 3b 99 cc 26 3e 67 5e 35 33 d9 47 a5 52 5b b4 44 59 3c 43 89 ba 24 65 8f 57 47 ff fd e2 8d 06 d0 20 29 8f b3 d9 7b 2b 27 67 13 0b dd 6c 00 dd 8d 06 1a e8 06 be fe ea 0f c1 f3 62 77 5f 66 37 eb 3a 78 fa fc 3c 78 95 2d ca a2 2a 56 35 29 2f 77 45 99 d4 59 b1 0d 83 67 79 1e 30 a4 2a 28 d3 2a 2d 6f d3 65 18 7c f5 f5 d7 5f fd e1 49 bf fb ff 05 ef 3f 3c 7b f7 21 78 f3 97 e0 c3 8f 57 ef be 0f de 92 5f ff 08 5e bf f9 70 f5 fc 45 d0 99 ca 93 27 1f d6 59 15 ac b2 3c 0d c8 7f af 93 2a 5d 06 c5 36 28 ca 20 db 2e 44 ab d3 2a d8 90 7f 97 59 92 07 ab b2 d8 04 f5 3a 0d 76 65 f1 3f e9 82 f4 21 cf aa 9a 7c 74 9d e6 c5 5d f0 94 90 2b 97 c1 db a4 ac ef 83 ab b7 e7 61 f0 81 e0 16 Data Ascii: }ks6\R;JH=-WR;&>g^53GR[DY<C$eWG ){+'glbw_f7:x<x-V5)/wEYgy0(-oe\|_I?<{!xW_^pE'Y<]6( .D*Y:ve?!\|t]+a
2024-04-24 09:21:17 UTC	4664	IN	Data Raw: a7 bc ef e9 bc 62 55 e4 cb 9d 46 11 60 f2 34 8a 20 ba 0a e1 1d 2d b3 ba 41 d4 6a 33 50 25 58 6c a8 15 02 68 eb 56 83 ba b5 a0 21 5d f4 aa e1 60 30 5e 26 13 b7 4f 5a e3 0c 32 50 fb 10 40 6b 9f fc 5a d9 82 86 f5 c9 a7 ad bc 4f 0f 53 c6 3e 8f 75 ef 81 fb bb e5 60 13 bf d0 d1 86 c0 d4 70 43 60 72 bc 81 ca 0c ee 7b ca cd 06 61 90 56 01 34 34 b4 0d 0f 13 81 b8 e1 dc 70 52 d0 d3 64 f3 b6 df 8a 2c 1c d2 a7 e1 c5 ec 1c b9 2b 18 00 b1 42 22 26 de 7d 9d 59 8d 1f 8e 83 89 00 6e 65 8f 64 aa a2 fc c3 d8 65 70 5f b6 f7 9c 65 7e ea 83 9d 2c f7 31 10 e4 08 df ce 47 c4 df 33 f4 3c 40 c9 2e 2b 17 af 8a ce 37 c9 36 db ed 73 c6 5e f7 a6 5d 71 27 8b f1 12 a2 08 34 b3 5d 51 23 fb f8 b7 98 8b 21 ef ed 1b 07 ec 4b 8b e1 7e 9a ad 02 8f 30 cd da 14 7f 83 b9 d0 6e c2 6f 39 ba e4 dc Data Ascii: bUF`4 -Aj3P%XlhV!]`0^&OZ2P@kZOS>u`pC`r{aV44pRd,+B"&}Ynedep_e~,1G3<@.+76s^]q'4]Q#!K~0no9

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:15 UTC	730	OUT	GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js HTTP/1.1 Host: d156bbbb-1260ad3a.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://snyderinvestigationteam.snyderinvestigationteam.us sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:21:17 UTC	745	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:17 GMT Content-Type: application/x-javascript Content-Length: 15776 Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 1827159 cache-control: public, max-age=31536000 etag: 0x8DC535BDA2DB838 last-modified: Tue, 02 Apr 2024 21:28:34 GMT vary: Accept-Encoding x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 6bd8b32d-e01e-00b9-0a8a-855f71000000 x-ms-version: 2009-09-19 content-encoding: gzip
2024-04-24 09:21:17 UTC	13689	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 7d 4d 73 23 47 b2 d8 dd bf 02 8b 75 68 86 4f 3d 10 3e f8 89 11 34 06 01 70 06 4f 24 00 01 e0 50 0a 49 46 34 81 22 d8 4b a0 1b af bb 31 1c 2e 35 8e bd f9 f0 0e be da 37 1f 7c f2 d1 17 df fd 53 36 e2 f9 77 38 3f aa aa ab ba 1b 00 39 d2 d3 ee b3 42 c1 41 77 55 65 65 65 65 65 65 66 65 65 ff e1 66 ed 4f 63 2f f0 5f 8a bd 47 f5 bb 10 bc f4 f7 1e bd 9b 97 de 8f fe cf 7b a1 88 d7 a1 5f c0 df 25 f1 71 15 84 71 f4 fa 83 1b 16 e2 06 be 6a 3c ca 77 f5 c7 4f 8e 37 ab fb ce 22 70 67 62 56 ff 43 e5 d3 6b d9 54 60 d3 a9 bb 58 bc 8c 15 04 27 76 92 df c1 1e 3c 70 b3 c6 1f ca 49 c1 27 ec c6 6b 3c 6a 40 41 69 d9 10 4e 50 9a 36 3c f8 bb 6a 14 8b 4e f0 b2 bc f7 e9 e5 8f c9 30 9c c0 f1 00 f9 97 d5 3d c2 d2 6f 78 2f 2b 00 1f fe 39 d8 73 42 f8 e7 Data Ascii: }Ms#GuhO=>4pO$PIF4"K1.57\|S6w8?9BAwUeeeeeefeefOc/_G{_%qqj<wO7"pgbVCkT`X'v<pI'k<j@AiNP6<jN0=ox/+9sB
2024-04-24 09:21:17 UTC	2087	IN	Data Raw: 66 14 e0 44 f2 25 96 31 4f d2 26 ad 1e 6d 28 6d eb cf 3c 24 e9 86 0c 5b b6 8a be 05 a5 ba 43 3b 2b 4e 4a d5 39 d9 56 05 10 be 70 97 18 aa c1 75 35 3c 72 f5 c8 6b af 3c 84 72 5e d1 29 25 1f 09 53 5e 29 ac 9d 0b 89 df e8 47 35 21 b2 49 75 73 13 8e b8 59 8a 4c 9b 9a d1 86 7d 24 7a ec 35 1b 09 b3 74 23 da 74 74 c9 a1 6b a6 bd 81 37 46 b8 c2 7e 6e 39 8a 2a 5d 07 61 a8 24 f2 c9 58 99 c6 35 b2 68 74 29 23 47 21 93 32 a6 48 62 66 8f f2 b8 92 df c6 9a cc 54 13 20 a6 1d 81 85 fc 3f e7 1b 8d 14 45 c3 b5 29 90 27 5c af c8 93 52 25 53 7a 4b ab 0e de 27 9e d2 3c a4 1b 4a 6f 62 12 54 d3 f1 43 b0 65 cc 29 b3 9a 94 8f aa e9 16 6c 2a e2 af de 86 26 fb 48 07 2e 31 c8 60 4f e3 49 59 9a 75 4d bc c2 a9 83 92 14 71 a0 f8 64 3f bf 50 2a e3 6a b5 63 cd 83 a2 19 f5 94 04 d4 65 2c Data Ascii: fD%1O&m(m<$[C;+NJ9Vpu5<rk<r^)%S^)G5!IusYL}$z5t#ttk7F~n9]a$X5ht)#G!2HbfT ?E)'\R%SzK'<JobTCe)l&H.1`OIYuMqd?P*jce,

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:16 UTC	381	OUT	POST /api/report?catId=GW+estsfd+ams2 HTTP/1.1 Host: 5b3322f3-1260ad3a.snyderinvestigationteam.us Connection: keep-alive Content-Length: 505 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:21:16 UTC	505	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 32 30 33 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 73 6e 79 64 65 72 69 6e 76 65 73 74 69 67 61 74 69 6f 6e 74 65 61 6d 2e 73 6e 79 64 65 72 69 6e 76 65 73 74 69 67 61 74 69 6f 6e 74 65 61 6d 2e 75 73 2f 3f 68 7a 41 46 4d 3d 70 6e 5a 53 76 69 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 32 33 33 2e 39 36 2e 31 33 39 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 Data Ascii: [{"age":0,"body":{"elapsed_time":2036,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi","sampling_fraction":1.0,"server_ip":"172.233.96.139","status_code":404,"
2024-04-24 09:21:32 UTC	392	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:31 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 70 Connection: close vary: Accept-Encoding request-context: appId=cid-v1:0df9f0fa-2b61-4bcc-8864-10ea6079c765 access-control-allow-credentials: false access-control-allow-methods: , GET, OPTIONS, POST access-control-allow-origin: content-encoding: gzip
2024-04-24 09:21:32 UTC	70	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 f3 73 f5 51 70 4c 4f 2f 4a 4d 4f 2c c9 2f 52 c8 48 2c 56 28 2e 4d 4e 4e 2d 2e 4e 2b cd c9 a9 54 28 28 ca 07 71 52 53 14 4a 32 52 15 8a 52 0b 4b 53 8b 4b 00 48 8c 5e 6b 35 00 00 00 Data Ascii: sQpLO/JMO,/RH,V(.MNN-.N+T((qRSJ2RRKSKH^k5

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:18 UTC	843	OUT	GET /Me.htm?v=3 HTTP/1.1 Host: l1ve.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Purpose: prefetch Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
2024-04-24 09:21:20 UTC	514	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:20 GMT Content-Type: text/html; charset=utf-8 Content-Length: 1170 Connection: close cache-control: max-age=315360000 vary: Accept-Encoding p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" referrer-policy: strict-origin-when-cross-origin x-ms-route-info: C523_BL2 x-ms-request-id: 27ffbc84-b43c-4fc9-9e13-db8dc0252734 ppserver: PPV: 30 H: BL02EPF0001D825 V: 0 content-encoding: gzip access-control-allow-origin: * access-control-allow-headers: *
2024-04-24 09:21:20 UTC	1170	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 95 56 6d 6f db 36 10 fe de 5f 61 0b 85 21 ce 9c 62 f9 35 91 c2 14 43 b7 a1 2e d6 36 48 3a ec 83 a2 01 8c 74 b2 b9 c9 a4 40 d2 6e 03 47 ff 7d a7 37 db e9 b0 a1 86 61 59 26 ef 1e 3e cf e3 bb b3 ae 4d a2 45 61 7b f6 a9 00 e6 58 f8 6a 2f fe e2 3b de ac 3a 37 af 7a fd 6c 2b 13 2b 94 74 25 b5 64 9f 29 ed ee b8 ee 41 4f c8 9e 25 32 82 98 59 bc 94 ae 5d 0b 43 8f c1 18 da de f7 ac 2b c8 5e 64 2e 44 22 26 1a ec 56 cb 5e 75 ef c1 d7 42 69 6b c2 0a d0 b0 6a 89 ed db b5 60 5f 52 91 06 82 e6 8a a7 90 06 7d bf 0c db 54 59 a5 26 3c cf 5d d3 21 50 7c 1d ee 2d c1 2f 4d 1a eb 8f 8e 1b 65 cd 9b ed 0f 40 d6 db 30 14 e5 25 0c f0 5a 30 c7 a1 d6 1d 91 d2 8d be d1 dc 09 81 5a 56 eb 80 65 ab 28 89 29 b0 11 15 cc 7a 39 c8 95 5d 87 70 2d c2 e1 10 08 ca Data Ascii: Vmo6_a!b5C.6H:t@nG}7aY&>MEa{Xj/;:7zl++t%d)AO%2Y]C+^d.D"&V^uBikj`_R}TY&<]!P\|-/Me@0%Z0ZVe()z9]p-

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:19 UTC	747	OUT	GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1 Host: d156bbbb-1260ad3a.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
2024-04-24 09:21:21 UTC	745	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:21 GMT Content-Type: application/x-javascript Content-Length: 61164 Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 2693405 cache-control: public, max-age=31536000 etag: 0x8DB5D44A2CEB430 last-modified: Thu, 25 May 2023 17:22:37 GMT vary: Accept-Encoding x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 47c5b7ec-701e-0044-25a9-7d253f000000 x-ms-version: 2009-09-19 content-encoding: gzip
2024-04-24 09:21:21 UTC	6449	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cc bd 69 77 db 46 b2 30 fc fd fe 0a 0a 27 57 03 8c 60 9a 94 97 38 a4 11 5e 59 a2 6d 26 da a2 25 4e 46 d6 e8 40 60 4b 84 4d 02 0c 00 52 d6 48 fc ef 4f 55 f5 0e 02 94 94 e4 be f7 3d 89 45 a0 51 bd 57 57 57 57 d7 e2 de c4 c9 30 bd 69 16 6c cc 26 ac c8 6e 2f 6e d8 e5 34 8c be fe 94 a7 c9 34 58 f9 f5 fe fe ec dc 6b 4e 67 f9 c8 3d 3b db 3c f7 cf 7c df bf 9a 25 51 11 a7 89 cb fc c2 4f bc 3b 67 96 b3 46 5e 64 71 54 38 dd a4 99 b9 85 e7 27 cd a1 5b f8 ce af e1 78 c6 7e 86 0a 1c df 55 d9 bc bb 8c 15 b3 2c 69 64 4d b6 f0 14 6c 7f ce 92 62 37 2c 58 12 dd d6 80 87 65 f0 43 96 e5 71 8e 59 58 4d 96 4b 23 cb 49 16 46 6c 97 cd d9 b8 06 78 68 00 6f 4d a7 83 24 8f af 47 45 be 9d 66 d5 c5 c7 56 8b de 85 39 ab 05 35 8b be e8 7f 83 26 0f d9 70 90 Data Ascii: iwF0'W`8^Ym&%NF@`KMRHOU=EQWWWW0il&n/n44XkNg=;<\|%QO;gF^dqT8'[x~U,idMlb7,XeCqYXMK#IFlxhoM$GEfV95&p
2024-04-24 09:21:21 UTC	16384	IN	Data Raw: 6a 07 9b af f9 94 db c9 cb c0 48 d3 36 5f b7 4b b0 8a b6 61 a6 93 fe d6 de f1 5e bf 0f ab eb 03 7d 85 0c 38 f3 95 df 04 73 b3 77 08 0d 3d a6 83 1b 11 54 9d 20 c8 29 9f 6e 4e 4c f5 1c 1f 0d b6 3f ee f5 77 06 5b 7a bd 11 13 ba 94 2e b9 51 63 c1 09 76 b4 b4 da b6 76 c4 52 23 6e 54 bc c9 4f 82 10 11 2f 2a de e4 27 a3 01 af e9 6b b9 e6 e3 9f 07 40 30 88 f5 e4 2f f2 c3 09 9c cd 90 ef da 24 56 53 bd f3 cf 74 22 0f 5e d0 2e 41 cf 70 88 e6 fa 5e 77 52 1e 31 12 26 2e 13 6e e2 f2 45 dc b9 dc 8a bb 94 93 e0 cc 89 3a 8e ef c4 f8 e7 a6 e3 9c fb db c1 9d f3 7d d4 8a 5e 5f 0e af 9e 01 73 d4 0a 87 2f c2 66 9e dc 0e 59 16 27 73 96 17 e8 cc 22 46 f9 68 38 69 ce 72 a7 e3 44 ed e6 24 8e b2 34 4f af 8a 66 94 4e a0 a8 97 6f 5e 0f df fc f0 c3 ab c7 96 d0 fc 76 99 7e 13 79 87 d1 Data Ascii: jH6_Ka^}8sw=T )nNL?w[z.QcvvR#nTO/*'k@0/$VSt"^.Ap^wR1&.nE:}^_s/fY's"Fh8irD$4OfNo^v~y
2024-04-24 09:21:22 UTC	16384	IN	Data Raw: a2 9f af 55 a8 f1 72 b0 e4 cc 0d 93 ca 7e df 3a 67 ce de f1 fb c3 6d 60 6f c8 95 1b 10 19 2d f4 eb dc 49 45 0e 6c 1a d7 cd e0 4f fc 5a 56 69 7c e1 83 68 2d d4 21 1a 8b 3a 28 42 60 02 8f 5f 72 8a 29 83 90 fc 9a 83 54 ce a4 00 80 d7 c4 79 79 bc 0b d2 b6 39 52 2f 51 a7 93 aa 87 95 1a 99 f7 e1 cb 19 96 8c 7c f8 27 db 97 0b a5 41 83 84 ca 6a e7 ce d4 6a b5 54 b9 55 4c 46 74 99 a4 1d 12 3a 8e af fa 20 9e f9 4d 9e ba f0 c3 47 ae 21 af 00 b8 95 d0 c2 7f 50 0e 4a d3 79 9b 44 7b 33 38 6c c3 f3 04 7e 77 d2 49 18 27 1d e7 fb a8 15 bd be 1c 5e 3d 6b 6f be 6e 85 c3 17 61 33 4f 6e 87 0c f6 be 39 b4 4d a8 35 17 2c 9c 34 67 b9 b3 00 0a 76 76 5e 72 da 5a ad 67 af 3e ce b8 27 c8 c4 70 f0 e7 db a0 e4 8a 43 6b ed 5f da a5 11 a1 32 4b 43 27 08 5e 0f 33 e1 43 a7 e4 6b 98 3b 5d Data Ascii: Ur~:gm`o-IElOZVi\|h-!:(B`_r)Tyy9R/Q\|'AjjTULFt: MG!PJyD{38l~wI'^=kona3On9M5,4gvv^rZg>'pCk_2KC'^3Ck;]
2024-04-24 09:21:22 UTC	16384	IN	Data Raw: 95 3d a3 bf b5 2d 96 4a 68 ca d5 5a 54 b9 45 60 da 50 99 a6 3d 85 f2 ca e6 3f 4a ed b3 4a 2e bb 68 f3 cf 3c 61 70 e5 1f 62 d9 88 18 3d c0 2f d1 a8 a7 a0 61 69 39 8f 02 e7 43 3c c8 d2 3c 1d 15 7b 13 84 bb 17 98 80 16 47 0b d7 86 87 43 87 21 cc fd f2 25 6a 2e 5d 15 a9 6f a4 43 80 49 b2 f2 f8 2e ca e0 02 b7 83 55 fa 2b c8 68 6e d9 37 5d a0 b1 2c 5a f4 d5 96 69 c5 da a9 68 1d 0c 85 96 26 87 50 6b c4 b9 0c 75 0f 28 19 2f 72 9b 2c 03 92 a2 ab 22 e3 72 97 58 27 ce 71 da e6 12 b2 eb 09 37 24 48 72 e4 75 08 96 b9 da 67 e1 69 e3 0a e8 62 05 38 00 4f 42 b5 b9 59 2d 25 0a ec 11 8f fe 56 6b 67 6b 37 da 52 d5 b2 79 5c 43 bb e9 0b 52 21 1f a3 1b 6c 9a 5d 45 ee 11 bc 6c 40 7c 04 b7 af 09 16 65 71 d3 ad af 67 df 32 30 f1 4f a4 68 64 af 46 58 0d de 29 73 71 84 20 2b 28 34 Data Ascii: =-JhZTE`P=?JJ.h<apb=/ai9C<<{GC!%j.]oCI.U+hn7],Zih&Pku(/r,"rX'q7$Hrugib8OBY-%Vkgk7Ry\CR!l]El@\|eqg20OhdFX)sq +(4
2024-04-24 09:21:22 UTC	5563	IN	Data Raw: 18 fd e2 f7 ff f1 18 b8 eb 46 eb 81 ff 1a 86 42 15 ee ee be e9 6d 46 b7 b7 cc 0f 31 30 78 14 30 53 8b f8 a3 73 22 31 8f ff 92 af fe e5 1f 8f 6d 6b f0 0a 9f 40 35 fb 7d c4 61 d1 65 12 52 b3 c4 c5 51 08 ac 06 4c df e8 d7 16 fc f3 bc b3 b7 c7 d0 07 6d 83 a2 4d 51 65 14 22 6e 7b 9f e2 2d 40 a3 7e ed f4 fc 12 be 10 c4 21 83 88 a3 eb 9f 48 7a ab 65 3f a9 5f c9 a4 12 e1 e2 62 14 14 20 87 76 60 56 4d 1b 7e 3f ec 42 5f 35 48 62 fd 63 14 5c 43 9b a0 bd 5a 9d 15 11 22 74 b3 58 84 e9 70 42 0a 9f 7e e9 e6 c2 73 74 2e 04 ed 83 82 e4 01 fd 2a 09 67 45 90 92 35 50 fa 6b 00 9f d6 4f bb 6d 91 59 f6 e7 46 31 42 e1 3b d4 a9 b7 42 38 a9 f2 6c 08 33 7e d6 1a 61 78 70 e0 1d 60 78 36 75 09 0a a2 a1 c6 eb f9 d3 f6 b3 8e 53 19 13 d5 31 ab 9d f4 43 1c e0 58 1f 12 20 4c ca b4 41 51 Data Ascii: FBmF10x0Ss"1mk@5}aeRQLmMQe"n{-@~!Hze?_b v`VM~?B_5Hbc\CZ"tXpB~st.*gE5PkOmYF1B;B8l3~axp`x6uS1CX LAQ

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:23 UTC	788	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js HTTP/1.1 Host: d156bbbb-1260ad3a.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
2024-04-24 09:21:25 UTC	745	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:25 GMT Content-Type: application/x-javascript Content-Length: 54392 Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 1827165 cache-control: public, max-age=31536000 etag: 0x8DC4F6D50F3D2E7 last-modified: Thu, 28 Mar 2024 21:23:30 GMT vary: Accept-Encoding x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 22b813b5-601e-0035-2d8a-85fc3d000000 x-ms-version: 2009-09-19 content-encoding: gzip
2024-04-24 09:21:25 UTC	6449	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ec bd 6b 7b db 46 92 30 fa 7d 7f 05 85 67 56 01 4c 90 22 a9 8b 6d 52 10 c7 76 92 79 bd 4f 12 fb d8 ce bc 67 8f cc cd 03 91 4d 09 63 0a e0 e2 62 5b 23 71 7f fb a9 aa be 03 0d 4a be 26 9b f1 ec c6 22 1a 8d be 54 77 57 d7 bd f6 ee ed fc 5b e7 5e a7 77 f7 ff 75 5e be 7a f4 e2 55 e7 d9 8f 9d 57 ff e7 e9 8b ef 3b cf e1 e9 3f 3b bf 3c 7b f5 f4 c9 0f 77 6f 07 3b c5 ff 5e 5d 24 45 67 99 ac 58 07 fe 9e c5 05 5b 74 b2 b4 93 e5 9d 24 9d 67 f9 3a cb e3 92 15 9d 4b f8 37 4f e2 55 67 99 67 97 9d f2 82 75 d6 79 f6 0f 36 2f 8b ce 2a 29 4a f8 e8 8c ad b2 77 1d 1f 9a cb 17 9d e7 71 5e 5e 75 9e 3e 0f fa d0 3e 83 d6 92 f3 24 85 af e7 d9 fa 0a 7e 5f 94 9d 34 2b 93 39 eb c4 e9 82 5a 5b c1 43 5a b0 4e 95 2e 58 de 79 77 91 cc 2f 3a 3f 27 f3 3c 2b b2 Data Ascii: k{F0}gVL"mRvyOgMcb[#qJ&"TwW[^wu^zUW;?;<{wo;^]$EgX[t$g:K7OUgguy6/*)Jwq^^u>>$~_4+9Z[CZN.Xyw/:?'<+
2024-04-24 09:21:26 UTC	16384	IN	Data Raw: a8 95 de 88 63 5f 0a fe 89 e9 c7 cf 2a ac 1d 4a 7e 2f 42 65 ad 83 b0 a7 2b d4 d9 3d f0 8e 48 08 1b 97 6b a5 a8 77 de 3e 6f 82 18 9c 86 14 c2 ed 23 ef 30 34 7f 0a 95 d3 79 b6 c0 c8 a4 d0 5d b1 66 f3 64 99 30 0a c2 9a d2 36 22 9c aa 14 f7 fc 02 3c 43 c6 be c6 d0 74 96 0a 75 88 82 b9 28 a0 71 9a 24 2c 95 48 c3 a1 fa d8 dd 37 f1 77 82 25 ad 0d 44 48 2a e3 0e 6f e5 3b c5 5d 39 28 63 5a c3 c7 74 70 00 b5 9a 90 35 de 4c ed f3 28 06 09 54 f3 55 c9 7e e2 06 da f9 f1 00 d5 b5 ba e4 38 6f d9 7b df 65 cb 25 90 6b df 21 64 b3 0a 98 a4 65 07 ce 5c ba 28 38 5f 6a b7 d1 f5 51 69 10 b4 35 c5 f7 91 b3 a9 32 42 41 a3 9a 31 d0 34 e6 e3 b4 b1 89 c7 db df c3 62 8d 9b 65 00 89 49 eb 39 29 db ce 05 8b 38 e1 61 72 66 02 ae e3 e6 f6 9c 36 90 61 bd 0a da f1 7b 5c 89 e0 a3 44 b4 5c Data Ascii: c_J~/Be+=Hkw>o#04y]fd06"<Ctu(q$,H7w%DHo;]9(cZtp5L(TU~8o{e%k!de\(8_jQi52BA14beI9)8arf6a{\D\
2024-04-24 09:21:26 UTC	16384	IN	Data Raw: 00 9a 7b 30 4e 4c 42 94 00 d5 32 59 3d c3 ee 41 08 07 f5 d7 46 90 91 cc be ec b7 81 90 06 1a f4 cf 59 8a fb ce 30 88 31 eb 60 bc 97 fc 74 30 b3 3e 44 02 29 3f 1d 5a 85 18 c6 ca 0c f4 a2 4e c2 d6 c8 22 f5 63 a3 9c 22 71 6c 77 f9 12 eb e9 58 26 c5 f6 6f 0c a4 64 45 98 b9 4b 0c 14 eb 5b 5e 5f 7d 0f f0 b8 f3 b7 50 57 7d 47 c4 ed d6 0f 39 65 42 31 47 54 67 22 e2 cb 5d 3e 94 75 b9 bb c0 bc 1e bd a5 a2 b2 b0 0a 1c 4c e8 72 0b 13 ba df 60 42 cb 3e b7 ac fa 39 5e ff 8d ef 27 a0 8b 50 d6 74 10 38 de 84 46 f5 27 40 b1 20 bf 83 b9 01 1e 1c 06 cd 17 aa f2 2f 68 4e 88 b5 1e 04 46 09 8e a7 19 63 58 06 86 39 1a 89 c0 30 87 fb 0f 79 60 98 a3 d1 51 d0 27 54 fc 92 95 61 41 0d c2 20 a1 c3 35 ac d1 4f 49 51 6a de 8f 5c 06 90 f4 67 3a d9 e7 6f 64 4b 4b 61 02 1e e5 e7 a8 dd c7 Data Ascii: {0NLB2Y=AFY01`t0>D)?ZN"c"qlwX&odEK[^_}PW}G9eB1GTg"]>uLr`B>9^'Pt8F'@ /hNFcX90y`Q'TaA 5OIQj\g:odKKa
2024-04-24 09:21:26 UTC	15175	IN	Data Raw: c2 3f dc ea 1e 3e ea 76 0f 8f 76 51 b5 3d 88 da 5d 9c f9 ad c3 87 7b 94 82 cb 19 53 f7 86 68 79 2b 57 81 07 17 ae 0f 2b e1 48 ae 80 04 9e f7 cc f3 a1 7c 3c dc df 4a 86 7a 41 14 66 41 00 f1 55 55 4c 0f c3 c3 3d 18 fd d6 59 3d 7d 1f 8f e0 aa 3d 6f 49 00 72 ae 06 45 06 75 22 97 4d 3c e9 c2 a3 07 59 07 41 dc e7 a1 d7 3d 3e 8e 7c 78 1c 85 73 68 2c 9c 80 9d 47 18 9a aa 9f 75 ba c1 2e e2 cf f5 e1 a1 2b 66 b0 5f ca f6 64 48 4b 76 d2 0e 2f 51 7f b7 85 a5 3b 53 2c 3e 7b f2 24 ec 4c c5 b4 0d cb 62 fa 64 b7 97 c0 7e 3f 7c 90 b4 b9 94 a0 12 d3 4e 78 c4 b6 27 45 98 58 65 13 5d 36 a5 b2 05 95 2d 1a ca 4a 26 24 f1 81 be ec 8c 7a 4a be 83 9a 69 8d 09 54 f4 df 44 6f 02 6f 46 ed f6 1f bc 4c 61 2f 25 e5 0d 1e 12 af 81 c0 d8 9e 65 d7 de 1e 81 66 76 c2 91 f2 8f 54 b9 8b 07 56 Data Ascii: ?>vvQ=]{Shy+W+H\|<JzAfAUUL=Y=}=oIrEu"M<YA=>\|xsh,Gu.+f_dHKv/Q;S,>{$Lbd~?\|Nx'EXe]6-J&$zJiTDooFLa/%efvTV

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:23 UTC	881	OUT	GET /Prefetch/Prefetch.aspx HTTP/1.1 Host: 86c4eb0b-1260ad3a.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
2024-04-24 09:21:26 UTC	430	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 24 Apr 2024 09:21:25 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: no-store, no-cache x-ua-compatible: IE=Edge x-cache: CONFIG_NOCACHE x-msedge-ref: Ref A: 120DA091323545E2905897397BD1B6ED Ref B: LON212050713009 Ref C: 2024-04-24T09:21:25Z access-control-allow-origin: * access-control-allow-headers: *
2024-04-24 09:21:26 UTC	1252	IN	Data Raw: 34 64 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 Data Ascii: 4dd<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404
2024-04-24 09:21:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:24 UTC	844	OUT	GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1 Host: snyderinvestigationteam.snyderinvestigationteam.us Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://snyderinvestigationteam.snyderinvestigationteam.us Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0 Sec-WebSocket-Key: LtjZf6DvB9UlKnLv3H60cw== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2024-04-24 09:21:26 UTC	755	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 24 Apr 2024 09:21:25 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: private p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 757795aa-b9d0-4df6-a258-f6ffb6950b00 x-ms-ests-server: 2.1.17910.11 - WEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin access-control-allow-origin: * access-control-allow-headers: *
2024-04-24 09:21:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

Windows Analysis Report
https://snyderinvestigationteam.snyderinvestigationteam.us/?hzAFM=pnZSvi

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:27 UTC	819	OUT	GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: d156bbbb-1260ad3a.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
2024-04-24 09:21:28 UTC	674	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:28 GMT Content-Type: image/x-icon Transfer-Encoding: chunked Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 2694025 cache-control: public, max-age=31536000 etag: 0x8D8731240E548EB last-modified: Sun, 18 Oct 2020 03:02:30 GMT x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 4be32bbf-f01e-00c8-2aa8-7d8673000000 x-ms-version: 2009-09-19
2024-04-24 09:21:28 UTC	2286	IN	Data Raw: 38 65 37 0d 0a 00 00 01 00 06 00 10 10 00 00 00 00 20 00 16 01 00 00 66 00 00 00 18 18 00 00 00 00 20 00 24 01 00 00 7c 01 00 00 20 20 00 00 00 00 20 00 35 01 00 00 a0 02 00 00 30 30 00 00 00 00 20 00 6a 01 00 00 d5 03 00 00 40 40 00 00 00 00 20 00 f3 01 00 00 3f 05 00 00 80 80 00 00 00 00 20 00 b5 01 00 00 32 07 00 00 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 10 00 00 00 10 08 06 00 00 00 1f f3 ff 61 00 00 00 dd 49 44 41 54 78 9c dd 92 31 4e 43 41 10 43 df cc 8e 44 40 b0 22 2d 65 6e c4 21 90 68 c3 15 38 40 ce c4 39 68 a8 11 22 e4 ff 00 05 93 35 4d 1a b2 bf 89 68 10 2e 2d 8d c7 b6 6c 9b eb 85 4c fc 80 50 d6 59 09 5e 6c 75 77 ff c8 95 d9 72 dc 28 cd 08 0e e0 87 c7 c7 c2 7f 77 fe 17 04 42 28 7b da 12 04 f2 26 01 46 02 a9 89 be a2 ce 4e ba 66 Data Ascii: 8e7 f $\| 500 j@@ ? 2PNGIHDRaIDATx1NCACD@"-en!h8@9h"5Mh.-lLPY^luwr(wB({&FNf
2024-04-24 09:21:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:27 UTC	833	OUT	GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1 Host: d156bbbb-1260ad3a.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
2024-04-24 09:21:28 UTC	739	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:28 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 9620318 cache-control: public, max-age=31536000 etag: 0x8DB5C3F4BB4F03C last-modified: Wed, 24 May 2023 10:11:52 GMT vary: Accept-Encoding x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 45619c8f-f01e-0018-76a9-3eb215000000 x-ms-version: 2009-09-19 content-encoding: gzip
2024-04-24 09:21:28 UTC	628	IN	Data Raw: 32 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 ff 7d 55 4d 6f 22 31 0c fd 2b a3 d9 ab 93 c9 f7 47 3b 20 cd 9e 38 6c af 1c b8 4d 0b 05 24 0a 55 19 41 57 ab fe f7 b5 93 a0 55 61 58 0d d8 60 27 ef 3d db 09 b4 c7 d3 ba fa 7c db ed 8f 93 7a 33 0c ef 0f 4d 73 3e 9f f9 59 f3 c3 c7 ba 51 42 88 06 57 d4 d5 79 bb 1c 36 93 da 84 ba da ac b6 eb cd 90 3f 9f b6 ab f3 cf c3 e7 a4 16 95 a8 4c c0 57 3d 6d 97 ab d7 e3 b4 3d 0e bf 77 ab 29 ef ff bc 6e 77 bb 87 fd 61 bf 7a fc e2 cf f9 db 0f 23 e8 79 fc 6a 9b bc ac 6d f2 a6 8f d5 cb 50 bd ec fa 23 ca e9 ef b1 36 d3 f6 bd 1f 36 97 75 cf 75 b5 9c d4 4f 46 80 56 dc fa 30 37 62 a6 d5 5c bb 99 0a 73 ad 66 ca cc 55 e0 de b9 4e 0a ee 42 84 e2 04 3e 12 64 04 2d 7a 0c a5 78 89 32 cb ad f1 4c 72 0b 52 72 29 dc c5 e5 ac e2 4a 46 cc 7a 19 3b Data Ascii: 26d}UMo"1+G; 8lM$UAWUaX`'=\|z3Ms>YQBWy6?LW=m=w)nwaz#yjmP#66uuOFV07b\sfUNB>d-zx2LrRr)JFz;
2024-04-24 09:21:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:27 UTC	832	OUT	GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1 Host: d156bbbb-1260ad3a.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
2024-04-24 09:21:28 UTC	740	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:28 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 24663629 cache-control: public, max-age=31536000 etag: 0x8DB5C3F466DE917 last-modified: Wed, 24 May 2023 10:11:43 GMT vary: Accept-Encoding x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 58638210-301e-0032-0bd8-b51291000000 x-ms-version: 2009-09-19 content-encoding: gzip
2024-04-24 09:21:28 UTC	680	IN	Data Raw: 32 61 31 0d 0a 1f 8b 08 00 00 00 00 00 00 ff b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 Data Ascii: 2a1Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9
2024-04-24 09:21:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:27 UTC	833	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: d156bbbb-1260ad3a.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
2024-04-24 09:21:28 UTC	739	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:28 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 2693207 cache-control: public, max-age=31536000 etag: 0x8DB5C3F495F4B8C last-modified: Wed, 24 May 2023 10:11:48 GMT vary: Accept-Encoding x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: ed809c39-e01e-003d-10aa-7da42c000000 x-ms-version: 2009-09-19 content-encoding: gzip
2024-04-24 09:21:28 UTC	1442	IN	Data Raw: 35 39 62 0d 0a 1f 8b 08 00 00 00 00 00 00 ff bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 Data Ascii: 59bWMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#
2024-04-24 09:21:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:27 UTC	794	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_ea3e62a2bdfb2b2ee8c8.js HTTP/1.1 Host: d156bbbb-1260ad3a.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
2024-04-24 09:21:29 UTC	745	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:28 GMT Content-Type: application/x-javascript Content-Length: 35850 Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 1823939 cache-control: public, max-age=31536000 etag: 0x8DC4F6D5254E400 last-modified: Thu, 28 Mar 2024 21:23:33 GMT vary: Accept-Encoding x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 2c34530b-601e-005d-3f92-85e60e000000 x-ms-version: 2009-09-19 content-encoding: gzip
2024-04-24 09:21:29 UTC	13689	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd 7b 7f db 38 92 28 fa ff f9 14 b6 a6 c7 11 db b4 2c ea 2d db 8c c7 f1 a3 93 99 a4 93 cd a3 67 67 6c 75 86 a2 20 89 6d 8a 94 49 ca 8f c4 de cf 7e ab 0a 6f 52 76 92 d9 b3 e7 dc df bd 99 69 9a 28 14 0a 85 02 50 28 14 0a d4 ee cf 9b ff 6b e3 e7 8d 9d ef ff b7 f1 e1 e3 d1 fb 8f 1b 6f cf 36 3e be 7c f5 fe 64 e3 1d a4 fe b1 f1 eb db 8f af 8e 4f bf 9f 0e 56 8a ff 7d 9c 47 f9 c6 34 8a d9 06 fc 1d 07 39 9b 6c a4 c9 46 9a 6d 44 49 98 66 cb 34 0b 0a 96 6f 2c e0 99 45 41 bc 31 cd d2 c5 46 31 67 1b cb 2c fd 83 85 45 be 11 47 79 01 85 c6 2c 4e 6f 36 ea 40 2e 9b 6c bc 0b b2 e2 6e e3 d5 3b a7 01 f4 19 50 8b 66 51 02 a5 c3 74 79 07 ef f3 62 23 49 8b 28 64 1b 41 32 21 6a 31 24 92 9c 6d ac 92 09 cb 36 6e e6 51 38 df 78 13 85 59 9a a7 d3 62 Data Ascii: {8(,-gglu mI~oRvi(P(ko6>\|dOV}G49lFmDIf4o,EA1F1g,EGy,No6@.ln;PfQtyb#I(dA2!j1$m6nQ8xYb
2024-04-24 09:21:29 UTC	16384	IN	Data Raw: c3 1f 82 dd f2 56 07 ae d3 a7 34 52 9d 9e f2 b4 fd cd c1 b7 2a 76 9d 42 41 52 95 9c ca a4 c4 0e 08 5b f9 a9 18 65 2b 3f 15 25 cb 9f 28 7c 6b 7c da c9 a3 3b c1 a9 05 f1 08 22 77 f1 01 4d 25 fd b9 6b fe 45 c3 14 bf 08 21 0f 91 c8 09 fa f6 54 87 92 53 70 44 ca 0c 00 35 72 aa ef 93 d0 b9 d2 db b2 7f 86 8a 95 fd 33 48 5c 87 1a f3 fb 36 6f 75 b0 3c 75 5c aa d3 53 9e 96 07 65 74 30 95 ea eb 27 43 72 8f a7 f3 85 98 62 b4 2c a4 a5 8f ea a5 e6 67 d8 02 02 18 ac 73 0c e3 a3 74 43 8a 58 4c 75 b8 7b 93 0b 5e 9d d6 51 40 e5 5b 23 92 9e be f4 99 9a 00 ea 98 05 9b 05 16 5f 06 80 4e 8e de 92 9b 5f 5d 9f 9f 12 8e 09 1a 0b 90 ea 9a 1e 4f 97 be 29 f9 b6 e2 3f 27 bc 32 94 b6 c1 c6 49 2b 1d 0e bc 5d b2 e4 b1 af 3a 86 66 be 95 43 83 08 4c 39 79 ee 43 51 de e9 b2 f4 55 cb d4 fc Data Ascii: V4R*vBAR[e+?%(\|k\|;"wM%kE!TSpD5r3H\6ou<u\Set0'Crb,gstCXLu{^Q@[#_N_]O)?'2I+]:fCL9yCQU
2024-04-24 09:21:29 UTC	5777	IN	Data Raw: 95 a1 76 0e c4 51 4a 6d b7 d8 99 62 74 a0 67 5a 96 e7 8e 94 9f 03 9d 36 b1 dd 9d e3 63 11 86 c5 e6 54 b2 04 27 15 00 ea ff 43 8c 19 1e 5c bc 34 76 a3 b4 37 60 46 06 cf cb f7 84 58 46 a8 82 96 b5 e0 f9 2c f1 43 da f1 81 95 18 c2 b6 16 3a 6d 14 97 a3 d5 07 63 8d aa a4 25 e8 16 02 b2 5c 9e 71 9f 0a ef d8 ef 71 e9 a2 c4 3b 6b e7 c2 3b eb d1 b6 ef 5d bd 3b 39 d9 f6 bc 56 bb bd b7 52 61 5b 62 ca 1d 42 9b 47 47 8b 6d 5b 49 51 95 b6 b9 a1 59 54 79 52 0f dd d0 c1 10 08 42 cb 42 4e 8a 96 48 b3 c2 e7 e5 a5 aa 43 e8 1d 5d f2 a3 2b 3f d3 c3 b8 fc 27 a2 f6 27 ba 70 43 18 c1 8c f0 4f a4 e2 06 29 bf 26 61 8c 2e c0 1b 5f 4e 7e b0 80 36 df 03 a9 5d 20 1d 06 1a 7b b9 cf 87 fc f1 dd de b6 bb 8d d0 9d 61 46 22 cb 44 93 f9 57 24 c6 f0 f5 19 8c 90 34 d7 dd 98 9c 6e a5 61 5f 64 Data Ascii: vQJmbtgZ6cT'C\4v7`FXF,C:mc%\qq;k;];9VRa[bBGGm[IQYTyRBBNHC]+?''pCO)&a._N~6] {aF"DW$4na_d

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:29 UTC	563	OUT	GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1 Host: d156bbbb-1260ad3a.snyderinvestigationteam.us Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
2024-04-24 09:21:30 UTC	740	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:21:30 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 24663631 cache-control: public, max-age=31536000 etag: 0x8DB5C3F466DE917 last-modified: Wed, 24 May 2023 10:11:43 GMT vary: Accept-Encoding x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 58638210-301e-0032-0bd8-b51291000000 x-ms-version: 2009-09-19 content-encoding: gzip
2024-04-24 09:21:30 UTC	680	IN	Data Raw: 32 61 31 0d 0a 1f 8b 08 00 00 00 00 00 00 ff b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 Data Ascii: 2a1Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9
2024-04-24 09:21:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:40 UTC	844	OUT	GET /1260ad3a5b3d49ddbff8affbd3065850/ HTTP/1.1 Host: snyderinvestigationteam.snyderinvestigationteam.us Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://snyderinvestigationteam.snyderinvestigationteam.us Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=3600776a-8cf1-4432-8e9d-03ece66ca14b; brcap=0 Sec-WebSocket-Key: KZ8DHMKIK/4Y1uYKdnrLSw== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2024-04-24 09:21:41 UTC	755	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 24 Apr 2024 09:21:41 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: private p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 8d884461-8906-4821-ae1b-b38e65de0d00 x-ms-ests-server: 2.1.17910.11 - WEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://5b3322f3-1260ad3a.snyderinvestigationteam.us/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin access-control-allow-origin: * access-control-allow-headers: *
2024-04-24 09:21:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:42 UTC	1589	OUT	GET /oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2fsnyderinvestigationteam.snyderinvestigationteam.us%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASKm6fPE-ha4TV_Wqo914ndL2cxcsbnZJaBVa5iVCZsnP4FRsYXjIy3mAT9i9I9U8KL3VJTUosSSzLz8y6wCLxi4TFgtuLg4BJgkGBQYPjBwriIFWhrnSfjA87QGLce89zUTRsdGU6x6gd6pft5mpm4OhlleiTmR1UVmJZZ-FWUhrq6FhT6ORq7FWvnJWfmlfok5xnYGlgZTmATmsDGdIqN4QMbYwc7wyx2hgOcjBt4GA_wMvzga-y7NONf-8x3Hq_4dSorU9PKyt3MPHKDIr1C8_39svyyUyrSvA3MQ02KIkK9gn0TI3MjfUsiivNtNwgwAAA1&estsfed=1&uaid=9e9783738a104aa89f96653f0ac8bbe9&signup=1&lw=1&fl=easi2&fci=https%3a%2f%2f86c4eb0b-1260ad3a.snyderinvestigationteam.us.orgid.com HTTP/1.1 Host: l1ve.snyderinvestigationteam.us Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
2024-04-24 09:21:44 UTC	1012	IN	HTTP/1.1 302 Found Server: nginx Date: Wed, 24 Apr 2024 09:21:44 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close cache-control: no-store, no-cache pragma: no-cache location: https://signup.snyderinvestigationteam.us/signup?sru=https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dCE8EFFE5F29EE452%26opidt%3d1713950504%26uaid%3d9e9783738a104aa89f96653f0ac8bbe9%26contextid%3dDC53A35435F0F058%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=9e9783738a104aa89f96653f0ac8bbe9&suc=https://ae668cd4-1260ad3a.snyderinvestigationteam.us p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" referrer-policy: strict-origin-when-cross-origin x-ms-route-info: C532_BL2 x-ms-request-id: 1ce09408-0c85-4386-b7c7-aa629cd300d7 ppserver: PPV: 30 H: BL02EPF0001D8A6 V: 0 access-control-allow-origin: * access-control-allow-headers: *
2024-04-24 09:21:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:43 UTC	1121	OUT	POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.6&apikey=b0c252808e614e949086e019ae1cb300-e0c02060-e3b3-4965-bd7c-415e1a7a9fde-6951&upload-time=1713950501293&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true HTTP/1.1 Host: 062c5918-1260ad3a.snyderinvestigationteam.us Connection: keep-alive Content-Length: 1741 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://snyderinvestigationteam.snyderinvestigationteam.us Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://snyderinvestigationteam.snyderinvestigationteam.us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
2024-04-24 09:21:43 UTC	1741	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 49 44 55 58 5f 45 53 54 53 43 6c 69 65 6e 74 54 65 6c 65 6d 65 74 72 79 45 76 65 6e 74 5f 57 65 62 57 61 74 73 6f 6e 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 30 34 2d 32 34 54 30 39 3a 32 31 3a 34 31 2e 32 38 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 62 30 63 32 35 32 38 30 38 65 36 31 34 65 39 34 39 30 38 36 65 30 31 39 61 65 31 63 62 33 30 30 22 2c 22 65 78 74 22 3a 7b 22 61 70 70 22 3a 7b 22 76 65 72 22 3a 22 32 2e 31 2e 31 37 39 31 30 2e 31 30 22 2c 22 6e 61 6d 65 22 3a 22 49 44 55 58 5f 45 53 54 53 43 6c 69 65 6e 74 54 65 6c 65 6d 65 74 72 79 45 76 65 6e 74 5f 57 65 62 57 61 74 73 6f 6e 22 2c 22 73 65 73 49 64 22 3a 22 42 49 41 73 64 35 4e 51 6b 44 6c 45 63 47 4b 74 4e 74 53 35 68 31 Data Ascii: {"name":"IDUX_ESTSClientTelemetryEvent_WebWatson","time":"2024-04-24T09:21:41.285Z","ver":"4.0","iKey":"o:b0c252808e614e949086e019ae1cb300","ext":{"app":{"ver":"2.1.17910.10","name":"IDUX_ESTSClientTelemetryEvent_WebWatson","sesId":"BIAsd5NQkDlEcGKtNtS5h1
2024-04-24 09:21:45 UTC	887	IN	HTTP/1.1 204 No Content Server: nginx Date: Wed, 24 Apr 2024 09:21:44 GMT Content-Type: text/html; charset=utf-8 Connection: close p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" time-delta-millis: 3062 access-control-allow-headers: P3P,Set-Cookie,time-delta-millis access-control-allow-methods: POST access-control-allow-credentials: true access-control-allow-origin: https://snyderinvestigationteam.snyderinvestigationteam.us access-control-expose-headers: time-delta-millis set-cookie: MC1="GUID=e6e8c2a586be42329d73790d41f59228&HASH=e6e8&LV=202404&V=4&LU=1713950504355"; Domain=snyderinvestigationteam.us; expires=Wed, 16 Aug 2079 18:43:28 GMT; Path=/; Secure set-cookie: MS0=ba38bd0e0a44414883355b3d067411fd; Domain=snyderinvestigationteam.us; expires=Tue, 16 Aug 2078 19:13:28 GMT; Path=/; Secure

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:21:45 UTC	1238	OUT	GET /signup?sru=https://l1ve.snyderinvestigationteam.us/oauth20_authorize.srf%3flc%3d1033%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26mkt%3dEN-US%26opid%3dCE8EFFE5F29EE452%26opidt%3d1713950504%26uaid%3d9e9783738a104aa89f96653f0ac8bbe9%26contextid%3dDC53A35435F0F058%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=9e9783738a104aa89f96653f0ac8bbe9&suc=https://ae668cd4-1260ad3a.snyderinvestigationteam.us HTTP/1.1 Host: signup.snyderinvestigationteam.us Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: GsnOqQ="MTI2MGFkM2EtNWIzZC00OWRkLWJmZjgtYWZmYmQzMDY1ODUwOmIwMTZkMDE4LTBkN2EtNDQ0ZC1iZTZiLWZjOWNjMjQxMWMyMQ=="
2024-04-24 09:21:47 UTC	413	IN	HTTP/1.1 503 Service Unavailable Server: nginx Date: Wed, 24 Apr 2024 09:21:47 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cache-control: no-store x-azure-externalerror: 0x80072efe,OriginConnectionAborted x-msedge-ref: Ref A: CEBDC3FBC93E4221ACC8000E08896CD8 Ref B: MIL30EDGE1318 Ref C: 2024-04-24T09:21:47Z access-control-allow-origin: * access-control-allow-headers: *
2024-04-24 09:21:47 UTC	989	IN	Data Raw: 33 64 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 27 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 27 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 27 3e 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 27 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 27 20 68 74 74 70 2d 65 71 75 69 76 3d 27 63 6f 6e 74 65 6e 74 2d 74 79 70 65 27 2f 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d Data Ascii: 3d6<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta content='text/html; charset=utf-8' http-equiv='content-type'/><style type=
2024-04-24 09:21:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0