By Paul Cruickshank, CNN

For the photo essay go here.

This story is based on French police documents on the investigation into the Paris attacks obtained by CNN and interviews with investigators over the last four months, as well as the public statements of Belgian and French prosecutors.

(CNN)The night that shook Paris started with three rental cars: three cars with three teams of terrorists maneuvering through the Friday evening traffic, armed with the weapons of war.

A little before 9 p.m., a Renault Clio driven by Salah Abdeslam, the Paris plotter captured on March 18 in Brussels, pulled up outside the national stadium. An international soccer friendly match between France and Germany was just kicking off and 80,000 fans, including French President Francois Hollande, were already inside. Three men got out of the car and headed toward the stands.

One of them — Bilal Hadfi, a young French citizen living in Belgium — can be seen on surveillance video speaking into a cell phone. The other two were Iraqis who had slipped into Europe weeks before by posing as refugees. One of the trio was dressed in a Bayern Munich football team jogging suit. Concealed underneath their clothes were shrapnel-filled suicide vests held together with tape.

A few miles away, a black Seat Leon weaved toward the busy cafe district of Paris. The man behind the wheel, an already notorious Belgian ISIS operative named Abdelhamid Abaaoud, was on the phone speaking to Hadfi at the stadium to make sure everything went according to plan. In the passenger seats, two of his childhood friends, Chakib Akrouh and Salah Abdeslam’s older brother, Brahim, clutched their Kalashnikovs, readying themselves.

Not far away, a black Volkswagen Polo with another trio of heavily armed terrorists headed toward the Bataclan concert hall, where hundreds had gathered to hear the American rock band Eagles of Death Metal. The French ISIS fighters in the car — Ismael Omar Mostefai, Samy Amimour and Foued Mohamed-Aggad — had all recently been on the front lines in Syria, and were moments away from carrying out the worst massacre in the modern history of France.

A night of terror

It is still not clear why the stadium attackers arrived slightly late for the game, but eyewitness accounts suggest they did not have tickets. A security guard at Gate R told French police that starting at 9.05 p.m., he blocked a man resembling one of the Iraqi stadium attackers four times from trying to trick his way in, according to French police documents. One eyewitness interviewed by police remembered seeing three attackers, including Salah Abdeslam, talking to one another after being refused entry into the stadium.

Interrogated after his capture four months later, Abdeslam claimed he had been assigned to blow himself up at the stadium but backed out, according to Paris prosecutor Francois Molins, who said the claim should be treated with caution.

The French police reports make clear that eyewitness accounts are not always reliable and, in the case of the many interviewed after the Paris attacks, were sometimes contradictory. What is clear is that at a certain point after dropping off the stadium attackers, Salah Abdeslam drove away with his suicide vest.

Explosion at the Stade de France

At 9:20 p.m., the first of what would be several large bangs thundered across the stadium. The Iraqi suicide bomber — who according to the security guard had been trying to sneak in — blew himself up outside Gate D, killing one other person. A doctored Syrian passport in the fake name of Ahmad al Mohammad would later be found near what remained of his right foot.

At the moment of the first blast, Bilal Hadfi, the young Belgian member of the stadium attack team, was still on the phone with Abaaoud, the plot ringleader, who was impatiently maneuvering his Seat rental car through the traffic on Rue Bichat to get to the cafe district. Inside the car were his childhood friends Brahim Abdeslam and Chakib Akrouh. The elder Abdeslam brother had traveled from Belgium to Syria in January 2015, where like Akrouh he had joined ISIS.

Kalashnikov fire in the cafe district

Their attack began at 9:25 p.m. when a car in front of Abaaoud blocked his path. Five shots were fired from the Seat Leon, killing the driver of the car. According to some eyewitnesses, Abaaoud stopped the car in the middle of the road, turning on the blinking hazard lights. Shouting “Allahu akbar,” Arabic for “God is great,” all three terrorists then got out of the vehicle and sprayed the terrace and windows of the Cambodge and Carillon cafes with their Kalashnikovs, killing 13 people.

At 9:30 p.m., a second bang was heard in the stadium. A second suicide bomber, dressed in the colors of Bayern Munich, detonated his vest outside Gate H. Fortunately, no one was killed. Hollande, the French president, would soon be evacuated from the stadium. The third suicide bomber detonated his explosive vest 20 minutes later, next to a McDonald’s restaurant near the stadium, injuring over 50, including seven seriously.

By the time of the second explosion at the Stade de France, the Seat Leon was at a new location. At 9:32 p.m., Abaaoud’s team got out of the vehicle, again shouted “Allahu akbar” and opened fire at revelers at the Casa Nostra and Bonne Biere cafes near the Place de la Republique, killing five. One of the surviving eyewitnesses noticed one of the shooters was wearing orange sneakers, Abaaoud’s footwear selection that night.

The killers then jumped back in the car. At 9:36 p.m., the cafe killers opened fire on La Belle Equipe cafe, killing 19. As at the other cafes, most of those who lost their lives were sitting on the outdoor terraces. Eyewitnesses later recalled the gunmen did not speak to each other as they calmly sprayed the cafes and cars traveling down the road with bullets.

The car again sped off to a new location. At 9:40 p.m., Abaaoud dropped off Brahim Abdeslam at the Comptoir Voltaire cafe. According to eyewitnesses interviewed by police, he was wearing a hooded jacket over several layers of clothing when he brusquely entered the covered interior terrace of the establishment. He smiled at the other patrons, apologized for interrupting their dinner, then blew himself up. Their killing done for the night, Abaaoud and Akrouh drove up toward the Montreuil suburb of Paris, where they would abandon the car.

The Bataclan attack: ‘We’re starting’

At around 9:40 p.m., Bataclan attackers Ismael Omar Mostefai, Samy Amimour and Foued Mohamed-Aggad parked their Volkswagen Polo in front of the concert hall. At 9:42 p.m., one of them took out a Samsung smartphone and sent a last text to a cell phone located in Brussels: “We’re getting going; we’re starting.” They then tossed the Samsung phone into a garbage can near the entrance of the Bataclan.

The phone was later recovered and has provided key information to investigators. They believe one of the men who received the text message in Belgium outranked Abaaoud in the Paris attack conspiracy. He has been identified as Mohammed Belkaid, an Algerian confectioner turned ISIS operative who was killed on March 15 in Brussels. Investigators believe he was the overall commander of the ISIS cell behind the Paris attacks as well as the attacks that shook Belgium five months later.

Investigators believe Belkaid was being assisted in Brussels on the night of the Paris attacks by Najim Laachraoui, the cell’s suspected bomb-maker, who went to Syria in February 2013 and returned to Belgium using a fake identity. On March 22, 2016, Laachraoui was one of two suicide bombers who detonated suitcase bombs at the Brussels airport.

MORE: New Paris attacks suspect named

In total, 21 phone calls and two text messages were exchanged between the Samsung phone and the cell phone geolocated in Belgium after the latter phone went active, 24 hours before the Paris attack.

Investigators believe Belkaid and Laachraoui provided direction to the Paris attackers from Brussels before, during and after the night of the attacks, using multiple cell phones. According to French police reports obtained and viewed by CNN, the second of those cell phones, geolocated in precisely the same area in Belgium as the first, was communicating with Hadfi at the stadium and with Abaaoud’s cafe team as the attacks unfolded, suggesting the attack was being coordinated in real time from Brussels.

The encryption app

Several hours earlier, at 2:14 p.m., the Bataclan attackers had downloaded the encryption messaging app Telegram onto their Samsung smart phone, according to police reports. No recovered content from the messaging app is mentioned in the French police documents, suggesting there were likely communications by the Bataclan attackers that will never be recovered.

As well as offering end-to-end encryption, the Telegram messaging app offers an option for users to “self-destruct” messages. At 4:39 p.m. on November 13, one of the attackers downloaded detailed floor plans of the Bataclan venue onto the Samsung phone and conducted online searches for the American rock band playing there that night, the Eagles of Death Metal.

Almost all of the 89 people killed inside the Bataclan lost their lives during the first 20 minutes of the attack. The gunmen first killed three people on the sidewalk outside the concert hall, then entered and moved to the floor area of the venue, peppering the concertgoers with automatic fire, while shouting “Allahu akbar.”

Inside the Bataclan

As one fired his weapon, the other reloaded so they could kill as efficiently as possible. Researching the floor plans appears to have paid off for the perpetrators. As some of those inside tried to escape through an emergency exit, they found a third terrorist waiting for them on the other side, according to the French police documents.

According to the eyewitnesses cited in the French police documents, the attackers spoke perfect French, taunting those lying wounded on the floor  of the concert hall by saying, “Anybody who moves, I’m going to kill.”

‘Where are those Yanks?’

After the initial wave of killing, the gunmen stopped and asked each other “Where is the singer? Where are those Yanks? It’s an American group, you’re bombing us with the Americans, so we’re going to hit the Americans and you,” according to an eyewitness cited in the police documents.

The terrorists then addressed those fighting for their lives on the floor, telling them they had been dispatched from Syria by ISIS to carry out the attack to avenge French airstrikes in Iraq and Syria.

At 10 p.m., two local French police officers arrived at the venue. Although only armed with handguns, they managed to take out Samy Amimour. As Amimour fell mortally wounded to the floor, he triggered his suicide vest. According to police documents cited by Le Monde, when the other two terrorists opened fire on the police officers from above, they were forced to retreat.

The two surviving terrorists, Mostefai and Aggad, then took some of the surviving hostages, and according to documents cited by Le Monde, herded them to an L-shaped corridor deeper inside the building. According to police documents obtained by CNN, by then the terrorists had seized several cell phones from concertgoers to try to access the Internet but could not find a signal.

Hostage rescue

By 10:45 p.m., France’s rapid response commandos, a unit known as RAID, were on the scene. According to the French police documents obtained by CNN, they started communicating with the hostage-takers from outside the corridor via cell phone. The terrorists threatened to start executing their prisoners unless they received a signed paper promising that France would leave Muslim lands.

At around that time, Abaaoud, the Paris team leader, was spotted by a witness outside the Bataclan concert hall, apparently barking orders into a hands-free cell phone to the two surviving terrorists inside. Investigators later traced the cell phone he was using that night to the area outside the Bataclan. After abandoning the Seat Leon in Montreuil, he had ridden the metro back into the center of town to coordinate the final phase of the attack.

Just after midnight, the RAID commandos stormed the corridor, rescuing all the hostages alive. According to eyewitness reports cited by Le Monde, Mostefai and Aggad were cut down by police bullets. At least one of them managed to detonate his suicide vest.

A second attack is thwarted

Seven terrorists in the 10-man attack team were now dead. Only Salah Abdeslam, Abaaoud and Akrouh remained alive. Their attack was the deadliest in Europe since the 2004 Madrid train bombings. The death toll would soon rise to 130, with hundreds of others injured. Only fast detective work over the next few days prevented the death count from increasing further.

Instead of returning to a house rented by the cell in Bobigny, Abaaoud and Akrouh set up a makeshift camp that night in a small wooded area near a highway overpass near Rue des Bergeries in Aubervilliers, not far from the national stadium.

A helpful cousin

This is when Abaaoud’s female cousin Hasna ait Boulahcen came into the picture.

According to close associates interviewed by French police, she had been in love with Abaaoud ever since nearly marrying him when she was 16 and had stayed in touch with him online after he joined ISIS in Syria. According to others interviewed by police, she had recently herself become radicalized and had started wearing a full veil.

According to French police documents, Boulahcen received several calls from Belgium between November 13 and November 16 to guide her to Abaaoud’s location. The working assumption is these calls were placed by Belkaid or Laachraoui in Brussels, asking her to help Abaaoud find a place to stay.

She met him in his hideout late in the evening of November 15, according to French police documents. Police received a tip about the meeting the following day from a female confidential witness who had accompanied Boulahcen to the hideout. When this witness was eventually interviewed, she told police she had met a man wearing orange sneakers who claimed he had taken advantage of refugees to come to France with 90 others to carry out attacks.

French police began monitoring Boulahcen’s phone and following her after the tipoff, and also put the wooded area in Aubervilliers under surveillance, according to police documents.

According to the female confidential witness, Abaaoud was planning a followup attack on the La Defence shopping district in Paris on November 19, while his accomplice was hoping to hit a police station. In order to help them carry out the attack, Boulahcen was given 4,000 euros to buy suits and shoes for Abaaoud and Akrouh.

On November 17, the cell’s commander, Belkaid, accompanied by Laachraoui, transferred 750 euros to Boulahcen from a Western Union office in Brussels so she could rent lodging for Abaaoud and Akrouh. Boulahcen then contacted somebody she knew in the criminal underworld to arrange for the men to stay at a ramshackle dwelling with no running water in Saint-Denis. That night she went to the wooded area to pick up Abaaoud and Akrouh in a taxi and took them to the property at about 10:30 p.m.

Just a few hours later, in the early morning of November 18, RAID commandos moved against the residence. The firefight that followed was so intense, one of the ceilings caved in. Akrouh detonated his suicide vest, Abaaoud was also killed, and Boulahcen suffocated to death, according to the police documents.

Slipping through the net

After driving away from the stadium on the night of November 13, Salah Abdeslam abandoned his Renault Clio rental car in the 18th district and then jettisoned his suicide vest in a trash can in the southern Paris suburb of Montrouge.

Around 11 p.m., Abdeslam called Mohammed Amri, a friend from Brussels, to ask him to pick him up. A few hours later, Amri and a second friend, Hamza Attou, picked Abdeslam up in the capital and drove him back to Belgium.

Their car was stopped three times before it reached the Belgian border, including at 9 a.m. near the town of Cambrai, but the men were not detained because French police had not yet established that the Volkswagen Polo that was recovered outside the Bataclan had been rented by Salah Abdeslam.

After their arrest in Brussels later that day, Amri and Attou — who face trial for helping Abdeslam escape — told investigators that he was in a state of emotional distress and threatened to blow up the car unless they drove him to Brussels. When they dropped Abdeslam off in the city, he melted away, and for months the trail for him went completely cold.

Investigators get a break

Fast forward to March 15, and investigators got a lucky break.

When Belgian and French police arrived at what they thought was an abandoned residence which intelligence suggested was connected to the Paris attack, three terrorists inside opened fire on them.

One of them was Belkaid, the cell’s commander, an Algerian ISIS operative who had helped coordinate the Paris attacks by phone from Belgium. He provided covering fire as the other two fled, and was later shot dead by a Belgian police sniper.

When police moved in they found Abdeslam’s fingerprints and DNA and other evidence suggesting he had been in the apartment recently. They also found a Kalashnikov, ammunition, an ISIS flag and detonators, raising concern the men inside may have been planning an attack. The trail of Europe’s most wanted terrorist had gone from stone cold to red hot.

Abdeslam would soon make a critical mistake. After fleeing from the apartment, Abdeslam and an accomplice using the fake identity “Monir Ahmed Alaaj” phoned an associate who was under surveillance, according to a senior Belgian counterterrorism  official. “He came right into our net,” the official told CNN.

As a result, three days later police located Abdeslam and “Alaaj” in Molenbeek and took them into custody. Investigators had no idea that just a few miles across Brussels, the remaining members of his ISIS cell were accelerating an attack plan that had already been in the works.

A drumbeat of terror

The road to the Paris attacks began several months earlier, when an ISIS media team in Syria arranged for the attackers to be filmed in a gruesome propaganda video. Nearly all the attackers who later gathered in Paris are seen clutching the throats of prisoners in orange jumpsuits before beheading them. “If it’s not with our knives it will be with our Kalashnikovs. It’s an order from our emir Abu Bakr al-Baghdadi to fight you in your lands, and Allah willing our appointment will be on the Champs Elysees,” declared the future Bataclan attacker Mostefai.

Western intelligence agencies believe the top leadership of ISIS signed off on the Paris plot. The group has set up an external operations division reporting up to Abu Mohammed al-Adnani, one of Baghdadi’s top deputies, according to U.S. officials.

Laying the groundwork

Abaaoud was assigned the task of leading the attack team in Paris. Radicalized in jail in Belgium for a string of robberies he committed with Saleh Abdeslam, he had risen up the ranks of ISIS after first traveling to Syria from Belgium in early 2013. Later that year, Abaaoud briefly returned to Belgium to abduct his 13-year-old brother Younes, who his family believes has since been killed in Syria, according to French police documents.

During his stay in Belgium, Abaaoud received a phone call from Mehdi Nemmouche, a French ISIS fighter who is the prime suspect in the May 2014 killings of four people at a Jewish museum in Brussels, suggesting a possible role in that attack. When Abaaoud returned to Syria in January 2014, according to the testimony of a French ISIS fighter, he was assigned to an internal security unit of ISIS before being tasked with organizing plots against Europe.

Plotting against France

Abaaoud escaped the dragnet and returned to Syria. According to French police documents, one of those interrogated in Belgium in the weeks after the plot was thwarted was Abaaoud’s childhood friend Salah Abdeslam, who claimed he did not share Abaaoud’s radical views.

Back in ISIS’ Syrian de facto capital, Raqqa, Abaaoud worked feverishly with several other French-speaking ISIS operatives to set in motion a string of plots against France.

A key figure in the group was Fabien Clain, a veteran French jihadi about 10 years Abaaoud’s senior, who European intelligence agencies believe is a driving force behind Dar al-Islam, ISIS’ French magazine. Before arriving in Syria, Clain had spent jail time in France for recruiting for al Qaeda in Iraq and, as CNN has previously reported, also threatened to attack the Bataclan concert hall.

During the course of 2015, Dar al-Islam’s repeated threats against France did not escape the notice of European counterterrorism officials. The day after the Paris attacks, it was Clain who claimed responsibility on behalf of ISIS, suggesting he played a senior role in the conspiracy.

Looking for recruits

According to a senior Belgian counterterrorism official, Clain and Abaaoud were on the lookout for fresh recruits who could be given quick training for a week or two and then sent back to Europe to launch attacks.

The first plot Abaaoud and Clain allegedly instigated was a plan by Sid Ahmed Ghlam, a Paris-based student, to attack a church in Paris. Ghlam made two trips to Turkey, where he met with operatives connected to Clain who assigned him to launch an attack. The plot was thwarted in April 2015 after Ghlam accidentally shot himself in the leg.

In June 2015, Nicholas Moreau, a French suspected ISIS recruit, was taken into custody by French authorities after being deported from Turkey. He was later charged with being part of a conspiracy with relation to a terrorist enterprise. Under interrogation, he claimed Abaaoud was “the principal commander of future attacks in Europe” and had been charged by ISIS with examining the background of potential recruits for those attacks, according to French police documents. Although analysts believe Moreau exaggerated Abaaoud’s importance, it was clear he was quickly becoming one of the caliphate’s most dangerous operatives.

Weapons training in the park

That same June, Abaaoud assigned Reda Hame, a French ISIS recruit, to return to France and launch an attack on a crowded concert venue. Hame claimed he had backed out of the planned attack when he was arrested by French authorities.

CNN has obtained the transcript of his August 13 interrogation by French police. Rame claimed he had been provided hands-on weapons training, including in the use of Kalashnikovs and grenades, by Abaaoud in a park in Raqqa in early June. According to Hame, Abaaoud gave him his assignment, “choosing an easy target, like a group of people, a concert for example, where there is a crowd. He specified that after carrying out the attack I should wait for security services to arrive and die while taking out the hostages. He added that if lots of civilians were hit, the foreign policy of France would change.”

A few minutes later Hame was asked if he was aware of any attacks in the works against France. “All I can tell you is that it’s going to happen soon. It’s a veritable factory over there — they are really looking to hit France or Europe,” Hame replied.

Hame also revealed that ISIS had set up an elaborate encrypted communication system so that it could keep in touch with its European operatives. In Raqqa, he said, he was instructed to encrypt communications with a software tool called Truecrypt, which authorities found on a thumb drive he had been given by Abaaoud. Hame said he had been taught to copy a message into the software, select an encryption option and then paste the message into a password-protected sharing site.

“An English-speaking expert on clandestine communications I met over there had the same password,” Hame told interrogators. “It operated like a dead letter drop.”

There were also links to Abaaoud in an attempted attack on a high-speed train heading toward Paris later in August 2015, which was thwarted by the heroic intervention of three Americans. The gunman, Ayoub el Khazzani, had connections to associates of Abaaoud, according to French police documents.

Moving fighters into Europe

Although investigators do not yet have a complete picture, they believe most of the 10-man attack team entered Europe in the late summer and early autumn of 2015.

In early August, Salah Abdeslam took a ferry from Greece to Italy in the company of Ahmed Dahmani, a Belgian associate. It is not clear if they were in Greece to pick up operatives coming back from Syria. All 10 of the Paris attackers except Salah Abdeslam were featured in the ISIS video filmed in Syria and released after the attack. Dahmani, who investigators believe was part of the broader Paris attack conspiracy, was subsequently arrested in Turkey after boarding a flight from Amsterdam the day after the attacks.

On September 9, Salah Abdeslam was checked at the Hungarian-Austrian border on his way back to Belgium in a rented Mercedes, on one of two trips that month that Belgian investigators suspect were to pick up members of the cell who had worked their way from Syria through Greece and the Balkans.

In the car with him that day were two key figures in the Paris conspiracy: Belkaid, the cell’s commander, and Laachraoui, the suspected bomb-maker, who had slipped into Europe from Syria using fake identities and had been picked up by Abdeslam in Hungary.

Abaaoud, the attack team leader in Paris, had slipped into Europe by the end of September. Investigators later established through eyewitness accounts that he had been present at some point that month on the Greek island of Leros. It is still not clear whether he disembarked in Leros or went there to pick up other members of the cell.

Two other ISIS operatives are thought to have entered Europe through Leros that September. One was the man later arrested with Salah Abdeslam in Brussels on March 18 who carried the fake identity papers of “Monir Ahmed Alaaj.” The other was carrying a Syrian passport in the name of Naim el Hamed. German investigators believe both men were picked up at a hotel near a refugee center in Ulm, Germany, by Salah Abdeslam and driven to Brussels on October 3.

That same day, the two Iraqis tasked with blowing themselves up at the Stade de France disembarked on Leros from a boat carrying almost 200 migrants. They used doctored Syrian passports to register as refugees and then took a ferry to Athens, before traveling through the Balkans to Hungary, then Austria. They then joined the other members of the conspiracy in Belgium.

Building bombs in safe houses

Investigators have established that the group gathered in at least three safe houses in Belgium in the weeks before the attack. An apartment they rented on Rue Henri Berge in the Brussels district of Schaerbeek on September 1 served as the bomb factory. Here the group manufactured the high explosive TATP and inserted it into suicide vests. It is not yet known who made the bombs. A sewing machine used to stitch together the vests, as well as the fingerprints of Salah Abdeslam and the DNA of Laachraoui, were later found at the property. Laachraoui’s DNA was also found on parts of the suicide vests used by the Paris attackers.

According to Belgian public broadcaster RTBF, the apartment was rented by Mohammed Bakkali, a Belgian extremist. He — along with Salah Abdeslam, Mohammed Belkaid and Najim Laachraoui — played a key role in the logistics and planning of the attack, officials told CNN. Bakkali was arrested in Brussels on November 26 and faces trial. According to a senior Belgian counterterrorism official, police recovered surveillance footage at his residence of an official working at a Belgian nuclear site.

On September 3, the conspirators rented an apartment on Rue de Fort in Charleroi, Belgium, where Abaaoud’s fingerprints were subsequently found. And on October 5, Laachraoui rented a large villa with a climate-controlled cellar in the small town of Auvelais near Charleroi, where traces of Abaaoud’s presence were also found, according to a senior Belgian official.

Rental cars and final preparations

Between November 11 and November 13, rental cars arranged by Salah Abdeslam shuttled back and forth to Belgium, ferrying the attackers to Paris. After the attacks, authorities recovered surveillance footage showing the attackers stopping off at various highway service stations en route. One of the drivers, Mohamed Abrini, a Belgian-Moroccan from Molenbeek, is still at large.

The Bataclan attackers congregated at the “City” hotel in the Paris suburb of Alfortville. Syringes were later found in one of their rooms, which investigators believe were used to add the final detonating chemical necessary to arm the suicide vests.

The stadium and cafe attackers stayed at a dilapidated house on the Rue Georges Tarral, in the northeastern suburb of Bobigny, rented by Brahim Abdeslam. At 8:30 p.m. on November 13, an eyewitness saw a Renault Clio pulling away from the residence. Driven by Salah Abdeslam, it made its way toward the national stadium just a few miles away in Saint-Denis to launch the opening phase of an attack that would traumatize France.

The Brussels attack

The very same ISIS cell behind the Paris attacks launched last week’s twin attacks on Brussels, killing at least 32.

After Salah Abdeslam returned to Brussels the day after the Paris attacks, he went to ground in a safe house unknown to Belgian police in the Forest district of Brussels. There he was reunited with Belkaid, who investigators believe was the commander of the cell that carried out both the Paris and Brussels attacks. Investigators believe Belkaid was preparing a Paris-style gun and bomb attack in Brussels or a series of attacks on the city involving at least two attack teams, and that Abdelsam was primed to participate. At a bomb factory at the Rue Max Roos in Schaerbeek, the cell had prepared a large quantity of TATP for the attack.

When their safe house in the Forest district was discovered and Belkaid was killed and Abdeslam was arrested, investigators believe the remaining conspirators accelerated their plans to avoid capture.

Early in the morning of March 22, three men were picked up by a taxi driver at the bomb factory in Schaarbeek. He later told investigators the men brought down so many bags — later found to be filled with explosives — that they had to leave one behind.

Just before 8 a.m., their attack began at the airport. Two of the men detonated explosives they had placed in luggage on a trolley, killing about a dozen. They were later identified as the bomb-maker Laachraoui and Ibrahim al Bakraoui, a former bank robber who had tried to travel to Syria earlier in 2015 before being detained near the Turkish-Syrian border and deported by Turkey. The third suspected airport bomber, seen in a light jacket and hat on surveillance video, fled the scene and is still at large. He failed to explode his device, which was detonated by authorities later in a controlled explosion.

At 9:11 a.m., Bakraoui’s brother Khalid, also a former bank robber, blew himself up at the Maalbeek metro station, killing at least 20. Investigators later established he had rented Salah Abdeslam’s hiding place in the Forest district of Brussels and the Charleroi safe house used by the Paris attackers, underlining the close connections between the Brussels and Paris plots. A second suspect seen on surveillance video with a bag at the station is still at large.

So far, according to French Interior Minister Bernard Cazeneuve, eight people with direct links to the Paris attacks are in custody in Belgium and two in France. Eight others are wanted by European security services in connection with the Paris and Brussels attacks, according to a security bulletin distributed the day after the attacks. A source with access to the document provided details to CNN.

Various suspects on the list spent time relatively recently in Belgium, France, Holland, Sweden and Germany, underlining the Europe-wide reach of the network. One of those on the list is “Naim el Hamed,” the operative picked up by Salah Abdeslam in Ulm, Germany, who is suspected to have played an operational role in the Brussels attacks, according to a source close to the investigation. Another is Yoni Patrick Mayne, a Belgian-Malian extremist who traveled with Abaaoud to Syria in January 2014 and who may have subsequently faked his own death.

Fabien Clain, Mohammed Abrini and an unknown number of others also remain at large.