ID: 402013 Cookbook: browseurl.jbs Time: 11:41:48 Date: 01/05/2021 Version: 32.0.0 Black Diamond Table of Contents

Table of Contents 2 Analysis Report https://managebooking.reservanto.cz/Account/SecretKey? type=NewAccount&secretKey=3d428529-925c-4bc2-8634-dfe869521dd8 4 Overview 4 General Information 4 Detection 4 Signatures 4 Classification 4 Startup 4 Malware Configuration 4 Yara Overview 4 Sigma Overview 4 Signature Overview 4 Mitre Att&ck Matrix 5 Behavior Graph 5 Screenshots 6 Thumbnails 6 Antivirus, Machine Learning and Genetic Malware Detection 7 Initial Sample 7 Dropped Files 7 Unpacked PE Files 7 Domains 7 URLs 7 Domains and IPs 8 Contacted Domains 8 Contacted URLs 8 URLs from Memory and Binaries 9 Contacted IPs 9 Public 10 General Information 10 Simulations 11 Behavior and APIs 11 Joe Sandbox View / Context 11 IPs 11 Domains 11 ASN 12 JA3 Fingerprints 12 Dropped Files 12 Created / dropped Files 12 Static File Info 43 No static file info 43 Network Behavior 43 Network Port Distribution 43 TCP Packets 44 UDP Packets 45 DNS Queries 47 DNS Answers 48 HTTPS Packets 49 Code Manipulations 55 Statistics 55 Behavior 55 System Behavior 55 Analysis Process: iexplore.exe PID: 3728 Parent PID: 792 55 General 55

Copyright Joe Security LLC 2021 Page 2 of 56 File Activities 55 Registry Activities 56 Analysis Process: iexplore.exe PID: 68 Parent PID: 3728 56 General 56 File Activities 56 Registry Activities 56 Disassembly 56

Copyright Joe Security LLC 2021 Page 3 of 56 Analysis Report https://managebooking.reservanto.cz/A…ccount/SecretKey?type=NewAccount&secretKey=3d428529-925c-4bc2-8634-dfe869521dd8

Overview

General Information Detection Signatures Classification

Sample URL: https://managebooki ng.reservanto.cz/Account/ HHTTMLL bbooddyy ccoonntttaaiiinnss lllooww nnuumbbeerrr oofff … SecretKey?type=NewAcco HTML body contains low number of unt&secretKey=3d428529- 925c-4bc2-8634-dfe86952 1dd8 Ransomware

Analysis ID: 402013 Miner Spreading Infos: mmaallliiiccciiioouusss

malicious

Evader Phishing

sssuusssppiiiccciiioouusss Most interesting Screenshot: suspicious

cccllleeaann

clean

Exploiter Banker

Spyware Trojan / Bot

Adware

Score: 0 Range: 0 - 100 Whitelisted: false Confidence: 80%

Startup

System is w10x64 iexplore.exe (PID: 3728 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 68 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3728 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Copyright Joe Security LLC 2021 Page 4 of 56 • Phishing • Compliance • Networking • System Summary

Click to jump to signature section

There are no malicious signatures, click here to show all signatures .

Mitre Att&ck Matrix

Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS File and Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Directory Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 1 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 2 Location Cloud Data Drive Backups

Behavior Graph

Copyright Joe Security LLC 2021 Page 5 of 56 Hide Legend Behavior Graph Legend: ID: 402013 Process URL: https://managebooking.reser... Signature Startdate: 01/05/2021 Created File Architecture: WINDOWS DNS/IP Info Score: 0 Is Dropped

Is Windows Process

Number of created Registry Values

managebooking.reservanto.cz started Number of created Files

Visual Basic

Delphi

iexplore.exe Java .Net C# or VB.NET

C, C++ or other language 2 62 Is malicious

Internet started

iexplore.exe

7 127

managebooking.reservanto.cz c.seznam.cz

217.16.185.201, 443, 49720, 49721 77.75.78.60, 443, 49761, 49762 21 other IPs or domains VSHOSTINGCZ SEZNAM-CZ Czech Republic Czech Republic

Screenshots

Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Copyright Joe Security LLC 2021 Page 6 of 56 Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source Detection Scanner Label Link https://managebooking.reservanto.cz/Account/SecretKey? 0% Avira URL Cloud safe type=NewAccount&secretKey=3d428529-925c-4bc2-8634-dfe869521dd8

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source Detection Scanner Label Link booking.reservanto.cz 0% Virustotal Browse sni1gl.wpc.gammacdn.net 0% Virustotal Browse 1610534878.rsc.cdn77.org 0% Virustotal Browse 1746822127.rsc.cdn77.org 1% Virustotal Browse

URLs

Copyright Joe Security LLC 2021 Page 7 of 56 Source Detection Scanner Label Link https://managebooking.reservanto.cz/favicon.ico 0% Avira URL Cloud safe https://www.reservanto.cz 0% Avira URL Cloud safe https://merchant.reservanto.cz/Content/Settings/016000/16503/4269/51e4a9a7-b660-4911-81e8- 0% Avira URL Cloud safe dd3d825966 https://booking.reservanto.cz/favicon.ico 0% Avira URL Cloud safe https://www.reservanto.cz/Stranka/Bonus-1-100-Kc 0% Avira URL Cloud safe https://booking.reservanto.cz/Modal?id=16503cretKey?type=NewAccount&secretKey=3d428529- 0% Avira URL Cloud safe 925c-4bc2-863 https://www.reservanto.cz/anto.cz/Account/SecretKey?type=NewAccount&secretKey=3d428529- 0% Avira URL Cloud safe 925c-4bc2-863 https://www.pays.cz 0% Avira URL Cloud safe https://cct.google/taggy/agent.js 0% URL Reputation safe https://cct.google/taggy/agent.js 0% URL Reputation safe https://cct.google/taggy/agent.js 0% URL Reputation safe https://booking.reservanto.cz/Modal?id=16503z 0% Avira URL Cloud safe https://managebooking.reservanto.cz/favicon.ico~ 0% Avira URL Cloud safe https://managebooking.reservanto.cz/Account/SecretKey? 0% Avira URL Cloud safe type=NewAccount&secretKey=3d428529-925c-4bc2-8 https://www.google.%/ads/ga-audiences 0% URL Reputation safe https://www.google.%/ads/ga-audiences 0% URL Reputation safe https://www.google.%/ads/ga-audiences 0% URL Reputation safe https://booking.reservanto.cz/favicon.ico~ 0% Avira URL Cloud safe https://www.reservanto.cz/favicon.ico~ 0% Avira URL Cloud safe https://www.reservanto.cz/favicon.ico 0% Avira URL Cloud safe https://booking.reserv 0% Avira URL Cloud safe https://booking.reservanto.cz/Modal?id=16503:Online 0% Avira URL Cloud safe https://blog.reservanto.cz 0% Avira URL Cloud safe https://www.reservanto.cz/Files/TeamViewerQS-idcrksttc8.exe 0% Avira URL Cloud safe https://merchant.reservanto.cz 0% Avira URL Cloud safe

Domains and IPs

Contacted Domains

Name IP Active Malicious Antivirus Detection Reputation www.google.de 142.250.186.35 true false high booking.reservanto.cz 217.16.185.201 true false 0%, Virustotal, Browse unknown sni1gl.wpc.gammacdn.net 152.199.21.175 true false 0%, Virustotal, Browse unknown 1610534878.rsc.cdn77.org 89.187.165.7 true false 0%, Virustotal, Browse unknown stats.l.doubleclick.net 173.194.76.155 true false high c.seznam.cz 77.75.78.60 true false high 1746822127.rsc.cdn77.org 89.187.165.7 true false 1%, Virustotal, Browse unknown merchant.reservanto.cz 217.16.185.201 true false unknown www.reservanto.cz 217.16.185.201 true false unknown managebooking.reservanto.cz 217.16.185.201 true false unknown googleads.g.doubleclick.net 142.250.185.226 true false high websocket-visitors.smartsupp.com 35.158.253.187 true false high c.imedia.cz 77.75.79.33 true false high bootstrap.smartsuppchat.com 3.120.69.250 true false unknown 1161431244.rsc.cdn77.org 89.187.165.8 true false unknown widget-v2.smartsuppcdn.com unknown unknown false unknown rec.smartlook.com unknown unknown false high stats.g.doubleclick.net unknown unknown false high www.smartsuppchat.com unknown unknown false unknown dc.services.visualstudio.com unknown unknown false high

Contacted URLs

Name Malicious Antivirus Detection Reputation https://www.reservanto.cz/ false unknown https://booking.reservanto.cz/Modal?id=16503 false unknown https://managebooking.reservanto.cz/Account/SecretKey? false unknown type=NewAccount&secretKey=3d428529-925c-4bc2-8634-dfe869521dd8

Copyright Joe Security LLC 2021 Page 8 of 56 URLs from Memory and Binaries

Name Source Malicious Antivirus Detection Reputation www.twitter.com/reservanto 2GXCYCVG.htm.3.dr false high dev.jquery.com/ticket/2752) modal[1].js.3.dr false high https://managebooking.reservanto.cz/favicon.ico imagestore.dat.3.dr false Avira URL Cloud: safe unknown https://www.reservanto.cz SecretKey[1].htm.3.dr false Avira URL Cloud: safe unknown https://rec.smartlook.com/recorder.js 809ce55600814ee47cbdb82a46a165 false high 4879a9375f[1].json.3.dr, 2GXCY CVG.htm.3.dr www.inkscape.org/) povodi_moravy[1].svg.3.dr false high custom-style[1].css.3.dr false Avira URL Cloud: safe unknown https://merchant.reservanto.cz/Content/Settings/016000/1650 3/4269/51e4a9a7-b660-4911-81e8-dd3d825966 malsup.com/jquery/form/ modal[1].js.3.dr false high https://booking.reservanto.cz/favicon.ico imagestore.dat.3.dr false Avira URL Cloud: safe unknown https://www.reservanto.cz/ ~DF67884A2BDFFFD9BE.TMP.1.dr false unknown https://www.reservanto.cz/Stranka/Bonus-1-100-Kc 2GXCYCVG.htm.3.dr false Avira URL Cloud: safe unknown jqueryui.com modal[1].js.3.dr false high modal[1].js.3.dr false high docs.jquery.com/Tutorials:Introducing_$(document).ready() https://booking.reservanto.cz/Modal?id=16503cretKey? ~DF67884A2BDFFFD9BE.TMP.1.dr false Avira URL Cloud: safe unknown type=NewAccount&secretKey=3d428529-925c-4bc2-863 https://www.reservanto.cz/anto.cz/Account/SecretKey? ~DF67884A2BDFFFD9BE.TMP.1.dr false Avira URL Cloud: safe unknown type=NewAccount&secretKey=3d428529-925c-4bc2-863 https://www.pays.cz 2GXCYCVG.htm.3.dr false Avira URL Cloud: safe unknown https://booking.reservanto.cz/Modal?id=16503 ~DF67884A2BDFFFD9BE.TMP.1.dr, false unknown Modal[1].htm.3.dr https://cct.google/taggy/agent.js gtm[1].js.3.dr false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe creativecommons.org/ns# povodi_moravy[1].svg.3.dr false high https://booking.reservanto.cz/Modal?id=16503z ~DF67884A2BDFFFD9BE.TMP.1.dr false Avira URL Cloud: safe unknown https://managebooking.reservanto.cz/favicon.ico~ imagestore.dat.3.dr false Avira URL Cloud: safe unknown ~DF67884A2BDFFFD9BE.TMP.1.dr, false Avira URL Cloud: safe unknown https://managebooking.reservanto.cz/Account/SecretKey? {FB3F0AD5-AAAC-11EB-90E4-ECF4B type=NewAccount&secretKey=3d428529-925c-4bc2-8 B862DED}.dat.1.dr https://bid.g.doubleclick.net/xbbe/pixel?d=KAE f[1].txt.3.dr false high https://www.gopay.cz 2GXCYCVG.htm.3.dr false high modal[1].js.3.dr false high https://github.com/malsup/form/commit/588306aedba1de0138 8032d5f42a60159eea9228#commitcomment-2180219 sodipodi.sourceforge.net/DTD/sodipodi-0.dtd povodi_moravy[1].svg.3.dr false high https://www.google.%/ads/ga-audiences analytics[1].js.3.dr false URL Reputation: safe low URL Reputation: safe URL Reputation: safe https://booking.reservanto.cz/favicon.ico~ imagestore.dat.3.dr false Avira URL Cloud: safe unknown https://connect.facebook.net/en_US/fbevents.js reservanto-booking.tracking[1].js.3.dr false high https://www.reservanto.cz/favicon.ico~ imagestore.dat.3.dr false Avira URL Cloud: safe unknown https://github.com/malsup/form#copyright-and-license modal[1].js.3.dr false high https://github.com/malsup/form modal[1].js.3.dr false high https://stats.g.doubleclick.net/j/collect analytics[1].js.3.dr false high https://www.reservanto.cz/favicon.ico imagestore.dat.3.dr false Avira URL Cloud: safe unknown https://booking.reserv {FB3F0AD5-AAAC-11EB-90E4-ECF4B false Avira URL Cloud: safe unknown B862DED}.dat.1.dr https://booking.reservanto.cz/Modal?id=16503:Online ~DF67884A2BDFFFD9BE.TMP.1.dr false Avira URL Cloud: safe unknown https://blog.reservanto.cz 2GXCYCVG.htm.3.dr false Avira URL Cloud: safe unknown https://www.reservanto.cz/Files/TeamViewerQS- 2GXCYCVG.htm.3.dr false Avira URL Cloud: safe unknown idcrksttc8.exe www.inkscape.org/namespaces/inkscape povodi_moravy[1].svg.3.dr false high https://www.youtube.com/embed/cafu2EAbGf8? 2GXCYCVG.htm.3.dr false high rel=0&autoplay=1&showinfo=0 https://merchant.reservanto.cz 2GXCYCVG.htm.3.dr false Avira URL Cloud: safe unknown

Contacted IPs

Copyright Joe Security LLC 2021 Page 9 of 56 No. of IPs < 25%

25% < No. of IPs < 50% 50% < No. of IPs < 75%

75% < No. of IPs

Public

IP Domain Country Flag ASN ASN Name Malicious 142.250.186.35 www.google.de United States 15169 GOOGLEUS false 3.120.69.250 bootstrap.smartsuppchat.c United States 16509 AMAZON-02US false om 173.194.76.155 stats.l.doubleclick.net United States 15169 GOOGLEUS false 77.75.78.60 c.seznam.cz Czech Republic 43037 SEZNAM-CZ false 77.75.79.33 c.imedia.cz Czech Republic 43037 SEZNAM-CZ false 142.250.185.226 googleads.g.doubleclick.ne United States 15169 GOOGLEUS false t 152.199.21.175 sni1gl.wpc.gammacdn.net United States 15133 EDGECASTUS false 89.187.165.7 1610534878.rsc.cdn77.org Czech Republic 60068 CDN77GB false 89.187.165.8 1161431244.rsc.cdn77.org Czech Republic 60068 CDN77GB false 35.158.253.187 websocket- United States 16509 AMAZON-02US false visitors.smartsupp.com 217.16.185.201 booking.reservanto.cz Czech Republic 43541 VSHOSTINGCZ false

General Information

Joe Sandbox Version: 32.0.0 Black Diamond Analysis ID: 402013 Start date: 01.05.2021 Start time: 11:41:48 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 3m 10s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: https://managebooking.reservanto.cz/Account/Se cretKey?type=NewAccount&secretKey=3d428529-925c -4bc2-8634-dfe869521dd8 Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes analysed: 7 Copyright Joe Security LLC 2021 Page 10 of 56 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: CLEAN Classification: clean0.win@3/95@16/11 Cookbook Comments: Adjust boot time Enable AMSI Browsing link: https://www.reservanto.cz/ Browsing link: https://manageb ooking.reservanto.cz/Account/ReturnToCaller? merchantId=16503

Warnings: Show All Excluded IPs from analysis (whitelisted): 40.88.32.150, 88.221.62.148, 172.217.16.138, 172.217.16.131, 142.250.185.142, 142.250.186.104, 142.250.185.130, 52.236.186.210, 142.250.185.68, 152.199.19.161, 20.50.102.62, 184.30.24.56 TCP Packets have been reduced to 100 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, www.googleadservices.com, arc.msn.com.nsatc.net, fs- wildcard.microsoft.com.edgekey.net, fs- wildcard.microsoft.com.edgekey.net.globalredir.aka dns.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, www.googletagmanager.com, www.google.com, arc.trafficmanager.net, watson.telemetry.microsoft.com, weu05-breeziest- in.cloudapp.net, prod.fs.microsoft.com.akadns.net, www.google-analytics.com, fonts.googleapis.com, fs.microsoft.com, www-google- analytics.l.google.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, www- googletagmanager.l.google.com, e1723.g.akamaiedge.net, az416426.vo.msecnd.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, dc.trafficmanager.net, dc.applicationinsights.microsoft.com, cs9.wpc.v0cdn.net Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

Copyright Joe Security LLC 2021 Page 11 of 56 No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\431C5UPT\www.reservanto[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: dropped Size (bytes): 205 Entropy (8bit): 4.563698374164237 Encrypted: false SSDEEP: 6:JFK1rFK1rFK1rFK1rFK1rFK1rUFsWqLCPlHaTsMXRipb:JsrsrsrsrsrsrUivLIZaTnXRi1 MD5: 31F33D455FB2EF3CA615CB511AACCE02 SHA1: 02AE83D00BAA98BBE737A14FC6757595D8027F42 SHA-256: D914F99E68BA3E4790E04F4EEA6210427C43AC412DCC3D7AB990B56CD79A0E0E SHA-512: A46E6B6966AA771DD52E18B556D11C4DD0B700C4FCB26FB2E48642790D737C970D7F1206F51735146CF244DFB2CD666719D845E79E0BCEA0C29E137D555A77C1 Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\YM6SGN48\managebooking.reservanto[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: dropped Size (bytes): 26 Entropy (8bit): 2.469670487371862 Encrypted: false SSDEEP: 3:D90aK1r0aKb:JFK1rFKb MD5: 132294CA22370B52822C17DCB5BE3AF6 SHA1: DD26B82638AD38AD471F7621A9EB79FED448A71C SHA-256: 451ABBE0AEFC000F49967DABF8D42344D146429F03C8C8D4AE5E33FF9963CF77 SHA-512: 6D5808CAD199A785C82763C68F0AE1F4938C304B46B70529EA26B3D300EF9430AD496C688D95D01588576B3A577001D62245D98137FD5CD825AD62E17D36F15C Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FB3F0AD3-AAAC-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 30296 Entropy (8bit): 1.860256753305529 Encrypted: false SSDEEP: 96:rKZJZm2AWUlbtUl4fUlnFMU8UN5UNDfUNk8X:rKZJZm2AWQtvf2FMvK5KDfKk8X MD5: F1067658439C36D0F809FF206F86C2BE SHA1: 452846DC6F2F501AE1B0D560F43962EE29F19DEA SHA-256: BBB1C325DE3B6A46E5B059C33BE20417BFB0E5FFF1320E3C1A15537D213E7689 SHA-512: BF1BB369FF6D429E016047C5FF4A5DCFB8C12D47DA3E56F7DCFF66AE696F3B2EC3846B6C41480969CB758D1771733D08B6237FADEF9CDB148A08667B036BE01 9

Copyright Joe Security LLC 2021 Page 12 of 56 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FB3F0AD3-AAAC-11EB-90E4-ECF4BB862DED}.dat Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FB3F0AD5-AAAC-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 62294 Entropy (8bit): 2.43122276039205 Encrypted: false SSDEEP: 192:rEZ2Qa6wkIj121WeM+jl2Ij2Ct2R2v2M2D8a2Ct2R2v2M2wx8IM238dV2v2jid2o:r0DF9KsM3Q3sFL2IPYXHQWObo0EnHUv MD5: 38D853A8779F595FBECD8F309A356593 SHA1: 260F37F293255255E5E944CC5F5500D57CCF98CB SHA-256: 93EE14FAB7BCF430C182D3EB8912D78AB6198A1CC23D7D2E765C13C310179974 SHA-512: D4C06BB991BF5268BEF25B14EC55F40C6D1FDC5D7DD834D4F3440D8DDCF393C0C719656DB8F39CBF1D9580E6050065B4B36024EAB9CA8BEE093393E6833F934 C Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FB3F0AD6-AAAC-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 16984 Entropy (8bit): 1.5645694652690163 Encrypted: false SSDEEP: 48:IwIGcprNGwpaUG4pQUGrapbSzGQpKuoG7HpRlTGIpG:r8ZXQk6iBSNAuzTzA MD5: 74582D8B7BFE2DF2213514752304FB5A SHA1: 02868796C16386CC17EE34F80F15D5DD8784512F SHA-256: 24323922818D43454A111B4206AE25BB2A33B4232D527360D071363543DC4D4D SHA-512: 766A20017982E8C4FC7C3AE3F1E932E73761A276F3A605898044B37E991EBBEBFC9AF72304BAE3548B776D55A6B74F47C7A93E2BC73A142864761BEBA72F8B85 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 54136 Entropy (8bit): 4.513216307787513 Encrypted: false SSDEEP: 768:UDBHBaUYqYR3CaDBHBaXYqYRoFkDBHBaVYqYRKHi:UDlBaUYqYRZDlBaXYqYRnDlBaVYqYR3 MD5: 674399E143423E0220E702282B9F64B9 SHA1: 9CA0D9B1ED9DCAACCBDB878F3EEAE05EEC429202 SHA-256: F00D9850F1D1698F1FFE4A00268E4318A573F911A4260AABEDDEA85CBBFAAD94 SHA-512: 74F3C396889DEE7633866EB6DA5BA82DD150AE5736A1CCCB56A91702232872EB84A8A0BF2E6A88C84BBAD2B7D01D71FA6DED4F4BE30A35292C029C1789337E7 2 Malicious: false Reputation: low Preview: /.h.t.t.p.s.:././.m.a.n.a.g.e.b.o.o.k.i.n.g...r.e.s.e.r.v.a.n.t.o...c.z./.f.a.v.i.c.o.n...i.c.o..%...... 00...... %...... (...0...`...... <...v...... }...O......

Copyright Joe Security LLC 2021 Page 13 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\4iCv6KVjbNBYlgoC1CzjvmyL[1].woff

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 92840, version 1.1 Category: downloaded Size (bytes): 92840 Entropy (8bit): 7.993788624255599 Encrypted: true SSDEEP: 1536:3G+nUYRtG5jRa/Kjos2Cf4b2IpYmj9Rm6U8kUadPqBECKd/nlPE7vUeU4PtcVkVa:3G+n1RI5Eof4zvRDHadPqBEdJne7vDX4 MD5: 313BF72AEEAD3665D189585319598F6B SHA1: AFAA43BBDC2F6342C8D857708241FAFCC56037B4 SHA-256: E501FA689AB669B334F754C482DD7DABB4735B889F143A1C1452FCF582794D21 SHA-512: 8DC1D361D879557189FBA1B7359EF52B00FC22EF58DBCAE82161DB647058261B598FABE68CA614700F82B5463BBD57477F72AC4B3D92BECFBC72B0F27F3055B D Malicious: false Reputation: low IE Cache URL: https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoC1CzjvmyL.woff Preview: wOFF...... j...... GPOS...... x..Z....GSUB...... OS/2...... Y...`e.VDMX...|...... cmap...t...... v.cvt ...... w.....7..fpgm...... z...#v.D.gasp...... !..glyf...... j%?hdmx..80...d..F..|..head..V....6...6....hhea..V...... $....hmtx..V...... kO~Yloca..[...... Ibmaxp..`...... %..name..`...... ^..4.post..a`...... <41.prep..i(...~....s.kEx...t....? M.6...m....=...... t....L...... Kk.5N|O.....^{..._[.I...... i....S|.W\G.....t.. [email protected].]q...c.=vb.W...4 ..5...... m<...:...... "..$_W>..sJ{.R...... W...... ahb).s .q.k9...M.6.. s.9..oN4'.S.Y.bs...\i. ..f.2...f....zk..+1.3".JuV.d<5G~....t.O:j.od.V..reSl6UMPB.%.D....2*C vuB ...).P.%"]).i...`[email protected]]_.A%. ..3..a.]N .|.d<.<.)...3.D%..g....d...w

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ai.0[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 96705 Entropy (8bit): 5.228470338380378 Encrypted: false SSDEEP: 1536:EVpXOWPGHRGUvJEzxPNLgyLuG6XV3yV/QtJ+j1YeO4PFWYit:EVoWPGHRGUvJEzxOMQV3yV/ERaNWYit MD5: 1DD63DE72CF1F702324245441844BE13 SHA1: 58A8BDCDCB398AF7DB424357DF70DF18E7B30E9D SHA-256: 5201C813C37A4168CC5C20C701D4391FD0A55625F97EB9F263A74FB52B52FD0E SHA-512: 532D1E907B433AB97785CF632D9637A957152BAF0BA57879C856CBAA469BFFECA22C4F99485679539944B27068D39E70F7D44282594F999142454DA57329A11B Malicious: false Reputation: low IE Cache URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js Preview: "use strict";var AI,Microsoft,__extends=this&&this.__extends||function(){var i=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||functi on(e,t){for(var n in t)t.hasOwnProperty(n)&&(e[n]=t[n])};return function(e,t){function n(){this.constructor=e}i(e,t),e.prototype=null===t?Object.create(t):(n.prototype=t. prototype,new n)}}();function _endsWith(e,t){var n=e.length,i=n-t.length;return e.substring(0<=i?i:0,n)===t}!function(e){e.ApplicationInsights||(e.ApplicationInsights={})} (Microsoft||(Microsoft={})),function(e){var t;t=function n(){},(e.Telemetry||(e.Telemetry={})).Base=t}(Microsoft||(Microsoft={})),function(e){var t;t=function n(){this.ver=1,this. sampleRate=100,this.tags={}},(e.Telemetry||(e.Telemetry={})).Envelope=t}(Microsoft||(Microsoft={})),function(e){var t;(t=e.ApplicationInsights||(e.ApplicationInsights={}) ).Context||(t.Context={})}(Microsoft||(Microsoft={})),function(e){var t;(t=e.ApplicationInsights||(e.ApplicationInsights={})).Context||(t.Co

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\analytics[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 49153 Entropy (8bit): 5.520906949461031 Encrypted: false SSDEEP: 768:/yR3fYFBLbfs5sP5XqY3TyPnHpl1WY3SoavFVv6PU+CgYUD0lgEw0stZM:/y9gZfl5h3UHpaY3SoRCw0sk MD5: 6DF1787C4BE82D1BB24F8BFFA10C7738 SHA1: 3634E839429E462E49C5F42B75FBFB4BA318AF6D SHA-256: 2CB09C7B3E19BFC41743CA3624EF81C3258D56525647FEAC76AA757E0292627A SHA-512: CB3CE2BCEB61F390298C21E470423CCEB6DD93E648A7DD0467195B11FEF30BF7A086DFF47C4494E2533498D1448C1A22AAB1414C14FD73278F1C92E0F7BC3F9 4 Malicious: false Reputation: low IE Cache URL: https://www.google-analytics.com/analytics.js Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefin ed"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q= {},r=function(){q.TAGGING=q.TAGGING||[];q.TAGGING[1]=!0};var t=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},v=function(a){for(var b in a)if(a. hasOwnProperty(b))return!0;return!1};var x=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i;var y=window,z=document,A=function(a,b){z.addEventListener?z.addEventListene r(a,b,!1):z.attachEvent&&z.attachEvent("on"+a,b)};var B=/:[0-9]+$/,C=function(a,b,c){a=a.split("&");for(var d=0;d

Copyright Joe Security LLC 2021 Page 14 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\cookie-check[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with CRLF line terminators Category: downloaded Size (bytes): 3606 Entropy (8bit): 5.115575146929311 Encrypted: false SSDEEP: 48:dxUgmgDjE88vQmA2mdLthaVql91YIGRH4eFJomlWVNSkxVsxU8Ng6R8sKL:dxHJDq82mdDT67imENS1UZL MD5: 365ECEA1415514A4F602BB98021628B9 SHA1: B3DDE018CC17395FDDB5E451293615D66B9E26CE SHA-256: CF0276F8B158177A542CB04BCF4A797463AA558B51DC1A6E49DDAF544F78BD3B SHA-512: 74C2B9E91B4B4AB38BE8F7F83F9BCC9AF87D2947A9D5DE309E1A0F2D45F5199381CDD375E1CCE1BECABE9FEA9A1415E813262A720BDBF2F107A33FA1A14414 64 Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/bundles/cookie-check?v=a3k4IzlBqwYr6UWLuvASi2QH2fTtyWr76eoIRS_E5M81 Preview: window.ReservantoStorageNeeded=!("cookie"in document&&(document.cookie.length>0||(document.cookie="a").indexOf.call(document.cookie,"a")>-1));window.R eservantoStorageNeeded&&(function(){var i="Reservanto-Store",n={load:function(){throw"[RS] Store.load not implemented";},save:function(){throw"[RS] Store.save not implemented";},implemented:!1},u=!0,e;try{window.localStorage&&window.sessionStorage||(u=!1)}catch(s){u=!1}if(e=!!(window.indexedDB=window.indexedDB||window. mozIndexedDB||window.webkitIndexedDB||window.msIndexedDB)&&!1,u)n.implemented="localStorage",n.load=function(n){var t=window.localStorage[i],r=window. sessionStorage[i],u=t?JSON.parse(t):null,f=r?JSON.parse(r):null;n(f,u)},n.save=function(n,t){window.sessionStorage[i]=JSON.stringify(n);window.localStorage[i]=J SON.stringify(t)};else if(e){n.implemented="indexedDB";var f="Data",t=null,o=function(n){if(t!=null){n(t);return}var r=indexedDB.open(i,1);r.onerror=function(){console.warn(" [RS] Error opening DB: "+r.error.name+" [code:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: dropped Size (bytes): 533 Entropy (8bit): 5.145202877734869 Encrypted: false SSDEEP: 12:jF15QO6ZN6pLqF15QO6ZRoT6pEqF15QO6ZX6pXZY:51SOYNh1SOYsI1SOYXB MD5: 6A5D9F4B69B8730A3B5D907DA546BC1D SHA1: FA0DBCBCF84855F8A1F3A3EC8B2CCCAC37641DAD SHA-256: 245111592A49EAF94531CD3E224A6472E302733BA4243FDE85766BD5A8728699 SHA-512: 2B1C7BF13F8FF872979BBAF1DDBF8F4DD824292176AAF015AE02E7B950F34ECF33492CB80E5DEC14F7147AF51420E550E613A3D25612E0680F53E01DEBF0E9F6 Malicious: false Reputation: low Preview: @font-face {. font-family: 'Ubuntu';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoC1CzjvmyL.woff) format('w off');.}.@font-face {. font-family: 'Ubuntu';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/ubuntu/v15/4iCs6KVjbNBYlgoKcQ7w.woff) form at('woff');.}.@font-face {. font-family: 'Ubuntu';. font-style: normal;. font-weight: 500;. src: url(https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCjC3jvmyL.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\custom-style[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 1521 Entropy (8bit): 5.084225451764173 Encrypted: false SSDEEP: 24:LVxXHAwsozMJ7FozmZbm6gzmL+zEu1shjXD9APiL5m1Xn:JHMJGf0+zEu1shjXDVL5qX MD5: E5A4C176DD8BD384FDC29A278E3119A2 SHA1: EDD317BAB1F0DF0DAF8DE0E72BBBDED2B1F27EDF SHA-256: 5FB1E68CF4D05D2BBBA2E0ECA4F5763BCA8AE9D0B9498B98D5C8A27ADDCAFB2E SHA-512: BEE0982BB257035CC4388729703FB9F69E0D2F3507DE683AC43065425F8EDE286FDC588D670488D8446790DBE6A8E87F8B3468D15F53895FB4F1158D6D5C20ED Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/Style/custom-style.css?id=16503&mgId= Preview: #header{background-color:#737373;}#header, #header h1{color:#ffffff;}@media (max-width: 480px) { #content #inner .step h2 {color:#ffffff;} } #vcalendar table td.hovered{b order-color:rgba(242, 79, 0, .35) !important;background-color:rgba(242, 79, 0, .35) !important;}#vcalendar table td.selected{border-color:#f24f00 !important;background-co lor:#f24f00 !important;}#vcalendar table td.selected .selected-border{background-color:#822B00 !important;}.week-picker .ui-state-active,.week-picker .ui-state-highlight a,.week-picker .ui-widget-content .ui-state-active,.week-picker .ui-widget-header .ui-state-active{background-color:#f24f00 !important;}.blue-button{background-color:#f24 f00 !important;}#footer #footer-menu #nextPage{background-color:#f24f00;}#footer #footer-menu #submitPage{background-color:#f24f00;}.bigbtn{background:none;back ground-color:#f24f00;}a{color:#f24f00;}.payment-methods .method label .p,.payment-methods .method .firefox-bug.p { color: #f24f00;}.payment-methods .method labe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\f[1].txt Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Copyright Joe Security LLC 2021 Page 15 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\f[1].txt File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 36606 Entropy (8bit): 5.497235992375013 Encrypted: false SSDEEP: 384:K49S+7D2RCcqbzAGfn292c3Lxa6I5rDcJcRAeYUAkP/e5KNCsNSDAhcjCSJ1pOu1:7B7jciAat4JGYUAkXusAjebvm48XoU MD5: 645EE2F03A1C6F1C98B0A1E0A7DB00DA SHA1: F93FE04BB5D2E3A1AA7446A4125ED2F9A9BB5BAD SHA-256: C322060C87967C74E8E1469862CAB247AD7AA0C66E35918333904A125EDCF3B3 SHA-512: 2A1D418C15B101AA028F89F176ABD5FEDC21BE38E70D0CD9BC530F593585DCA0A34E4C77AED2A8B8350B5B92509D22F115E7F39828837CF9FF945AE4127EE15 F Malicious: false Reputation: low IE Cache URL: https://www.googleadservices.com/pagead/conversion_async.js Preview: (function(){/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .function aa(a){var b=0;return function(){return b

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon[1].ico Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel Category: downloaded Size (bytes): 17542 Entropy (8bit): 4.455980523177049 Encrypted: false SSDEEP: 192:J2ga2BHtAmaoMuAMStzVGRUydY3hz2mQCC:JhVBHBaoXd2zV6dYRzih MD5: 6D59DD2FFEFA67C9D38728DCB4161120 SHA1: 43A227406D44D5D0907B1C711533929EA068AE3F SHA-256: 00D4B196CA2AB3088340034245C12FE7C6473072CCDD277F913FE9D1A18F17BA SHA-512: E4227F9CAB3016D7DF5AD7BC9D7A0918A4E1C69697D17117E0B2BC6276832504F5DA87250A2974C7513B3A19B8DA7C5D35D0A123EB9B6E7AE62CA118237E8447 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/favicon.ico Preview: ...... 00...... %..F...... %...... 6...... h....@..(...0...`...... <...v...... }...O...... C...... 9......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon[2].ico Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel Category: downloaded Size (bytes): 17542 Entropy (8bit): 4.455980523177049 Encrypted: false SSDEEP: 192:J2ga2BHtAmaoMuAMStzVGRUydY3hz2mQCC:JhVBHBaoXd2zV6dYRzih MD5: 6D59DD2FFEFA67C9D38728DCB4161120 SHA1: 43A227406D44D5D0907B1C711533929EA068AE3F SHA-256: 00D4B196CA2AB3088340034245C12FE7C6473072CCDD277F913FE9D1A18F17BA SHA-512: E4227F9CAB3016D7DF5AD7BC9D7A0918A4E1C69697D17117E0B2BC6276832504F5DA87250A2974C7513B3A19B8DA7C5D35D0A123EB9B6E7AE62CA118237E8447 Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/favicon.ico Preview: ...... 00...... %..F...... %...... 6...... h....@..(...0...`...... <...v...... }...O...... C...... 9......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\gtm[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 98358 Copyright Joe Security LLC 2021 Page 16 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\gtm[1].js Entropy (8bit): 5.531326738043327 Encrypted: false SSDEEP: 1536:izm0NdVQ0i+H7suo6Ni7QSN27sDjd0rrrNSt81z9jKPfSPJ+nj5S+iQakC4HP21T:izm0Ns0E4ABjOrNStu+ixT MD5: CD551E29E2E9C9AE0CD8ACB180994B08 SHA1: C21AEC228627348DC2CDAFD20D7A0EF95BB58D82 SHA-256: C7E0F3D6376633567DE99C72666DD2BC3807DF0AC1593C3620CDAC9D9128D939 SHA-512: 04EF4A31B9F9567C838AFDC16C8468D6DACF8895E06674C52AC36F437E630EB080E2D0254E84A3EEFB468B2C045A974A6DDE6C25161AF28D92CE7A1C74243335 Malicious: false Reputation: low IE Cache URL: https://www.googletagmanager.com/gtm.js?id=GTM-KHSX7TX Preview: .// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"5",. . "macros":[{. "function":"__e". },{. "function":"__u",. "v tp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__u",. "vtp_component":"PATH",. "vtp_enableMultiQueryKey s":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__u",. "vtp_component":"HOST",. "vtp_enableMultiQueryKeys":false,. "vtp_e nableIgnoreEmptyQueryParam":false. },{. "function":"__k",. "vtp_decodeCookie":false,. "vtp_name":"firstPageParams". },{. "function":"__k",. "vtp_decodeCookie":false,. "vtp_name":"referrerUrl". },{. "function":"__gas",. "vtp_cookieDomain":"auto",. "vtp_doubleClick":false,. "vtp_setTrackerNam e":false,. "vtp_useDebugVersion":false,. "vtp_useHashAutoLink":false,. "vtp_decorateFormsAutoLink":false,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\hesu[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 165 x 65, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 10653 Entropy (8bit): 7.942916747182998 Encrypted: false SSDEEP: 192:yvknoEjj5Mlw+feRh8B4HkyQeKGTMcMgf22jjOxQZJS2O9/aBa:ycnoEj+ORhrHkr7GTPMghjC2LSDSBa MD5: E5AFFC95893D656466D760114808788B SHA1: 738D3B51E401CC9B99DB454DE7878079A472F885 SHA-256: F59E3CB826B6A0A216CDA00B2D112480EB5D3290C6D019A0B205C84B237EEB80 SHA-512: 1A79C570DE48824990DEB17BF26318F86F701909CF599E97DDD1C4608B2138A3CA6F5A1F70D41B2EA37D0B58DF85B0DA12ECF51E0DA98B29FD4EC1B628C6923 D Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/Brands/hesu.png Preview: .PNG...... IHDR...... A...... dN....tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp..... HESU_nazev_velky_cmyk

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jqueryform[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 14129 Entropy (8bit): 5.2072355578416705 Encrypted: false SSDEEP: 384:pwXd0TSU8cS8Lt45o43JVxIrIkkH0cFgyOT74fm0q66C3vO:YdSnS8Lt2o436kgyOT74rqz MD5: 3174C0931AA024897C7C46C10960C182 SHA1: 2FADC6E76D0894E21D0D52A1FE915B6A47B2801B SHA-256: 08E1D2C27C053C09784CCC55735B4C0FCC511B86C29C238121AA6D9FE345F7ED SHA-512: E34F5EB24D454EDCE0FD1F3730248C1DD96A2F3C15935F4AF27C69167A2126C8F3ADCAEB056FDB0D4D36A6F5749DF68402636EC250CBC90CF52CD3D8BA9A38 84 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/bundles/jqueryform?v=5Ieue12-UxWyiNr9XuqyfOJUHNNmUCvowjQRmw_lS4Q1 Preview: (function(n){"use strict";function u(t){var i=t.data;t.isDefaultPrevented()||(t.preventDefault(),n(this).ajaxSubmit(i))}function f(t){var r=t.target,u=n(r),f,i,e;if(!u.is("[type=submit], [type=image]")){if(f=u.closest("[type=submit]"),f.length===0)return;r=f[0]}i=this;i.clk=r;r.type=="image"&&(t.offsetX!==undefined?(i.clk_x=t.offsetX,i.clk_y=t.offsetY):typeof n.fn.offset=="function"?(e=u.offset(),i.clk_x=t.pageX-e.left,i.clk_y=t.pageY-e.top):(i.clk_x=t.pageX-r.offsetLeft,i.clk_y=t.pageY-r.offsetTop));setTimeout(function(){i.c lk=i.clk_x=i.clk_y=null},100)}function t(){if(n.fn.ajaxSubmit.debug){var t="[jquery.form] "+Array.prototype.join.call(arguments,"");window.console&&window.console.log?win dow.console.log(t):window.opera&&window.opera.postError&&window.opera.postError(t)}}var i={},r;i.fileapi=n("").get(0).files!==undefined;i.formdata=win dow.FormData!==undefined;r=!!n.fn.prop;n.fn.attr2=function(){if(!r)return this.attr.apply(this,arguments);var n=this.prop.apply(th

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jqueryval[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators

Copyright Joe Security LLC 2021 Page 17 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jqueryval[1].js Category: downloaded Size (bytes): 26696 Entropy (8bit): 5.217472137527993 Encrypted: false SSDEEP: 768:Z3pdABVS5oE94pzfjny+3vT3t0Smf9PonwHLVH7t7j:xpdAVS5oE98Lny+Lt0qwHLVHt MD5: 5E54BB482BC63EB303B3274FE7718A94 SHA1: 03BA63817E62DEEAC1FDF3EA6E8B9C4187AF339C SHA-256: F30F4E516D58EE8C21A6D8EDD7C6B17FA1C41F75F09BD083957E8BC9818242AA SHA-512: E73F1DD1DDC6CC8740B7F94DB2F277A01CA653E945372F1AFFF599976A3E14FA80A131BF1AAF03D232672EF9B94DB500C395DCCB89DEDB184F5A1FC1BF3BD9 77 Malicious: false Reputation: low IE Cache URL: https://managebooking.reservanto.cz/bundles/jqueryval?v=sTM6z75i3uDpVeh__Zai1IpnDnqY9pO-TNy0Ztaw6Y81 Preview: !function(n){"function"==typeof define&&define.amd?define(["jquery"],n):n(jQuery)}(function(n){n.extend(n.fn,{validate:function(t){if(!this.length)return void(t&&t.debug& &window.console&&console.warn("Nothing selected, can't validate, returning nothing."));var i=n.data(this[0],"validator");return i?i:(this.attr("novalidate","novalidate"),i=new n.validator(t,this[0]),n.data(this[0],"validator",i),i.settings.onsubmit&&(this.validateDelegate(":submit","click",function(t){i.settings.submitHandler&&(i.submitButton=t.tar get);n(t.target).hasClass("cancel")&&(i.cancelSubmit=!0);void 0!==n(t.target).attr("formnovalidate")&&(i.cancelSubmit=!0)}),this.submit(function(t){function r(){var u,r;return i.settings.submitHandler?(i.submitButton&&(u=n("").attr("name",i.submitButton.name).val(n(i.submitButton).val()).appendTo(i.currentForm)),r=i. settings.submitHandler.call(i,i.currentForm,t),i.submitButton&&u.remove(),void 0!==r?r:!1):!0}return i.settings.debug&&t.preventDefault(),i.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\loader[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 20765 Entropy (8bit): 5.15946255676868 Encrypted: false SSDEEP: 384:/fNTyC+w4gsZ+VW2GRIOFLUs9Z+EBIxvtrNJArVkH2/oQ:HNTyC+w4gPUDOJe+bvtBqHwQ MD5: DD38C32F264C78131F6342DDCAB241A6 SHA1: 760DDD13458CA10D029610B9A08D621C090AD5B4 SHA-256: 298B4A3A2FE9022F6291EDF2CE8BD6B4208891D9CBC13617A2713DA90CF03C2B SHA-512: 8C066B59EB2B6261FFF4C9530151D01F6D8D4549D906C76759F25DC5BE7E4D20AFD9D630F13E95DD23AD67EBBF5CA2812667755A0BF08B4CFEBD2D355F8442A 6 Malicious: false Reputation: low IE Cache URL: https://www.smartsuppchat.com/loader.js? Preview: !function(t){var e={};function n(o){if(e[o])return e[o].exports;var r=e[o]={i:o,l:!1,exports:{}};return t[o].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=t,n.c=e,n.d=function(t,e,o) {n.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:o})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStrin gTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esMo dule)return t;var o=Object.create(null);if(n.r(o),Object.defineProperty(o,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var r in t)n.d(o,r,function(e){return t[e]} .bind(null,r));return o},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.ha sOwnProperty.call(t,e)},n.p="",n(n.s=4)}([function(t,e,n){"use strict";e.a=function(t){var e=this.constructor;return this.then(fun

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\main.ecff41f3.chunk[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 105107 Entropy (8bit): 5.277337414553549 Encrypted: false SSDEEP: 1536:BqZs9QHGdaJ9elk9TAA5hq7aScYsQzOhc+91tDQzXEyg:BqZ1Gdaalk9Ba7aScYse+xQzUyg MD5: A0A2D42A5133AE8BC1533AC7B2A8AF1A SHA1: CA9671230EF7B09AAD1BAE7F468C73B0847B83D6 SHA-256: 8FE36B5A6DCB28745EFD9BB52EE0FA2873FA3A941218A713E44F54F81F4968E6 SHA-512: 20F98942F37B2FEE1F0DF44125CC2A281B9BC80BEDD2E1A3B00DFE7D0E759BA0953B90B6926F99F774A9F0AF1444A01F70B164C23918042A9093230DF130B453 Malicious: false Reputation: low IE Cache URL: https://widget-v2.smartsuppcdn.com/static/js/main.ecff41f3.chunk.js Preview: (this["webpackJsonpsmartsupp-widget2"]=this["webpackJsonpsmartsupp-widget2"]||[]).push([[1],{10:function(t,e,n){"use strict";var a,r,i,o,c,s,u;n.d(e,"e",(function(){return a})),n.d(e,"f",(function(){return r})),n.d(e,"c",(function(){return i})),n.d(e,"a",(function(){return o})),n.d(e,"g",(function(){return c})),n.d(e,"b",(function(){return s})),n.d(e,"d",(fu nction(){return u})),function(t){t.Initial="INITIAL",t.Loading="LOADING",t.Success="SUCCESS",t.Failure="FAILURE"}(a||(a={})),function(t){t.Initial="INITIAL",t.Failure="FA ILURE",t.NotAllowedAsFirstMessage="NOT_ALLOWED_AS_FIRST_MESSAGE",t.FileTooBig="FILE_TOO_BIG",t.TooManyFiles="TOO_MANY_FILES",t.FilesWerentPr ocessed="FILES_WERENT_PROCESSED",t.BadExtension="BAD_EXTENSION",t.SameMessageTwice="SAME_MESSAGE_TWICE"}(r||(r={})),function(t){t.Initial="I NITIAL",t.Loading="LOADING"}(i||(i={})),function(t){t[t.Good=5]="Good",t[t.Normal=3]="Normal",t[t.Bad=1]="Bad"}(o||(o={})),function(t){t.Disconnect="DISCONNECT" ,t.UploadFailure="UPLOAD_FAILU

Copyright Joe Security LLC 2021 Page 18 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\modal[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators Category: downloaded Size (bytes): 405825 Entropy (8bit): 5.297210157502927 Encrypted: false SSDEEP: 3072:pdkWgoBecZRQzmW42q4UDKlUUSPVqCqoG3cYI70SDzOyAskRsIcQQ3+SuwxMVL3H:fBdZGC/6UNVEmYIHzQQ3XuQMVLSrxS26 MD5: 1BCE51A4C1A4AFB9451339442D3673B7 SHA1: 5844C58BDE5AEA6BD4CB86DDCE8408B3FB0788D8 SHA-256: 5EF973C27297098BBF6C1235AE330AC8BDA9C02423991A85794D36FF452C8479 SHA-512: 2DB66DBA5C3D8EA2C2359759C48823197A2BAEB56C421B7AF6557D0CF443DF01EFFCE8E7E758B802012A2A206391172F22810A2B1ED2F83CBA379BEC523749F 3 Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/bundles/modal?v=slKkD9STRAGXuinb8i_4qdgMJHYy--qzRRE9j_Y8-Dc1 Preview: /*! jQuery v1.9.1 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license..//@ sourceMappingURL=jquery.min.map..*/(function(e,t){var n,r,i=typeof t,o=e.document,a=e .location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t ,r)},x=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,k=/^[\],: {}\s]*$/,E=/(?:^|:|,)(?:\s*\[)+/g,S=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"|true|false|null|-?(?:\d+\.|)\d+(?:[eE][+-]?\d+|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t. toUpperCase()},H=function(e){(o.addEventListener||"load"===e.type||"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventLi stener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mol[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 3540 Entropy (8bit): 5.152445457231866 Encrypted: false SSDEEP: 96:fvf9zWbrwndBIEdB90hSKqHFjvxqqlJqGUPpY:v9zHhUOVROnq MD5: 6A2500DCB5836795A73AF4B0A5717ACF SHA1: 1A2C5C2A111F526DA4DB86EE803BB80B7E557BB1 SHA-256: 63F0258B188AD99981182E9B2155E43805EB09CC39C394A0B8326939B78C9A2F SHA-512: 1A40083CA1382DCC4BAD2AF6A6716BCD8DA01901E458E67537C86163AA06B233585EF2326BF4FAB1437F8FD59599857909A21A4BBC37F0106F4F32402CBD277A Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/Brands/mol.svg Preview: . Generator: Adobe Illustrator 19.2.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\pre[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 165 x 65, 8-bit/color RGB, non-interlaced Category: downloaded Size (bytes): 6371 Entropy (8bit): 7.91008300879586 Encrypted: false SSDEEP: 96:6Y2cLxnF0Ud5OWuBSkPWxEwFDyl4u7sjLq4u4WtYIi60DD9uQ6S/XO41:6wF0UnOs4M1W4uFQlDDMdKj MD5: DA0154FC506DB24E6631C98575D31E41 SHA1: 2788682165B09C79275ABAA9878A43CD9C005428 SHA-256: E0AE42CD6A5D12F211137FD8A1330FBE6ECE5D83B1BFF9BB290C23EEB7A82126 SHA-512: EB5737344A566470ED46DE4789CAAD5AFC59697D3A46166EA46D9D8A90016B85FB9C7A363C1B92998B5ACDC59862DFDBF9F72B8E32EA751F059FBBF9A0AD80 EB Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/Brands/pre.png Preview: .PNG...... IHDR...... A.....?...... tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp..... .+.....WIDATx..].|LW.?w.}2.=...D ,A...h...J..Z....mi.V...o....j)..RE."j.j.AD.YdOf..g..=wn.UK...... 1s.....?.`..B.v.4

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\recorder[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: C source, ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 27915 Entropy (8bit): 5.230210168881213 Encrypted: false SSDEEP: 768:Hfa4hIr38/DsdDrwN4lOgvoYUimC/QMO2DchbE+wHa:Fcy4wN+CYUim7RbE+wHa MD5: 6A70E9AE645369248DC577629E19A4C9 SHA1: 2E198A052109EC672C941D5A00DB5EC9FFD35A01 SHA-256: 9F397390B25FE6C222D12E0FC16E0FDB45B56C1E50EB7BCDC170F4021B329BAD SHA-512: 95751C655EE24497056D874754F72A932070B8C4940EFEDF15D99BD4C122BF88209F50E29FBD47FACA91C3D0827B83E773F2AC24733AEAF12C076CC09EBAB5EF Malicious: false Reputation: low IE Cache URL: https://rec.smartlook.com/recorder.js Preview: !function(){"use strict";var t={329:function(){Array.from||(Array.from=function(){var t=Object.prototype.toString,e=function(e){return"function"===typeof e||"[object Func tion]"===t.call(e)},o=Math.pow(2,53)-1,n=function(t){var e=function(t){var e=Number(t);return isNaN(e)?0:0!==e&&isFinite(e)?(e>0?1:-1)*Math.floor(Math.abs(e)):e}(t);return Math.min(Math.max(e,0),o)};return function(t){var o=this,r=Object(t);if(null==t)throw new TypeError("Array.from requires an array-like object - not null or undefined");var i,s=arguments.length>1?arguments[1]:void 0;if("undefined"!==typeof s){if(!e(s))throw new TypeError("Array.from: when provided, the second argument must be a function" );arguments.length>2&&(i=arguments[2])}for(var a,c=n(r.length),u=e(o)?Object(new o(c)):new Array(c),d=0;d

Copyright Joe Security LLC 2021 Page 20 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\3.18bcfc90.chunk[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 656757 Entropy (8bit): 5.326915094481051 Encrypted: false SSDEEP: 6144:DIn8rvvDHJPPRB9/djXndZGAMkTsz3sc4kJo+pj8xQyfaeOH8gjqh8NKqSpPWt8d:MT448ggsHGwul0j4 MD5: A277D9BAC316E7DEE65ADBF01A41C774 SHA1: 00FB37C368F5AB136D376782D7F494AF01A93C1B SHA-256: 44D6A8618311E1D06D779B2203BC4497A00E1DE3FDA295CF4AE38F7E99B60713 SHA-512: 1C3A255F5CD93E65F9906563A4552FAF0F700FF201E362582A07505CABBEAC0A565D80595FD70F634C7A2A5499B49461B2886D5B4AFBD2F9807B0DC5763094C8 Malicious: false Reputation: low IE Cache URL: https://widget-v2.smartsuppcdn.com/static/js/3.18bcfc90.chunk.js Preview: /*! For license information please see 3.18bcfc90.chunk.js.LICENSE.txt */.(this["webpackJsonpsmartsupp-widget2"]=this["webpackJsonpsmartsupp-widget2"]||[]).push([[3], [function(e,t,n){"use strict";e.exports=n(432)},function(e,t,n){"use strict";var r=this&&this.__createBinding||(Object.create?function(e,t,n,r){void 0===r&&(r=n),Object.defin eProperty(e,r,{enumerable:!0,get:function(){return t[n]}})}:function(e,t,n,r){void 0===r&&(r=n),e[r]=t[n]}),o=this&&this.__exportStar||function(e,t){for(var n in e)"defau lt"===n||Object.prototype.hasOwnProperty.call(t,n)||r(t,e,n)};Object.defineProperty(t,"__esModule",{value:!0}),t.createVisitorClient=t.createAgentClient=t.SocketError=void 0;var i=n(269),a=n(154);Object.defineProperty(t,"SocketError",{enumerable:!0,get:function(){return a.SocketError}});var u=n(284);o(n(284),t),o(n(269),t),o(n(496),t),o(n (497),t),o(n(153),t),t.createAgentClient=function(e){return new i.AgentClient(e)},t.createVisitorClient=function(e){return new u.VisitorClient(e)}},fu

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\4iCv6KVjbNBYlgoCxCvjvmyL[1].woff

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 65876, version 1.1 Category: downloaded Size (bytes): 65876 Entropy (8bit): 7.993615292274266 Encrypted: true SSDEEP: 1536:/Iixw+H+KwGpLwvIC/pDV7VvbVx/iqrhgk:/IixdHnp1WIe7Vvpx/RrhL MD5: 660D1259C3794D60DC7BCF447A260B15 SHA1: 26B8A1303464547D7BEAF26935302A9C06AF2FA1 SHA-256: 692782CF854CC7C1A203D376875A9B2D615760B17C0ADE14D4FA3BBA78BB0748 SHA-512: 3CCE988E07C4A9DCA9E85C7AC2AA5899E74867E68424B004105560AAB5ECABCEFA804D589CE34D699D5D1A45BB5A35FF1A06E08BC61358F73E181E01B378CA F1 Malicious: false Reputation: low IE Cache URL: https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCxCvjvmyL.woff Preview: wOFF...... T...... GPOS...... K..qD1s..GSUB...... OS/2...... Y...`gy..VDMX...P...... cmap.. <...... v.cvt ..!X...... fpgm..!....z...#v.D.gasp..%T...... glyf..%d...... ?QChdmx...4...{..Fx..l.head...... 6...6....hhea...... $....hmtx...... n^.loca...... maxp...... &..name...... ^..4.post...\...... mV.prep...... 8...... x...t...... W...3.l..9...0s...239...f.c.....z.:}....rm).y.....N.tW.p...'.gd]...v;.~..h.....Yd...... Gd.v..I...K..9....e5sc.r....U./.9y.7.,/_...v.9...Y...y.8..U?..)7G..&k.s..;.K.K....*5W.i..tt1.C9.#8..8...... ]. .a..w.;....s....bw...].nt...u..W.....1...c....d..4Re.v.$..q.y...... [.{..^..W..9.d:9Z&.K.."fk~....K...ti..m&....y.Z...4iN.....i.%...l^..%...K....K..k..r%..Q...... ]..A\..C6.ZY&kdP.d..lW.K.S..E{.I.U2 .d.d...);IZN..Q }L..j..$TU.P. C..I.~ !C:.870...... z.O..G....T0.p0..q..Q.R^..C....?C... [email protected]^m.M#2.T..3^.|..O..T...OA.i.....?.b=%[email protected]...@.#I9i.d

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\51e4a9a7-b660-4911-81e8-dd3d82596687[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 782 Entropy (8bit): 7.5700876479223655 Encrypted: false SSDEEP: 12:6v/7KkqS8rdARapjZtCyPFl7Yg4DShjuWljzBDyB6D2sloXi9QYpesOVV50TGswL:7ddARUtCyFlSWUWlnlY0FOVwTGsBC MD5: CFDF20D4AADCEA9EC60F3927006BF40F SHA1: EF356646DBE012B9A733A79B0E5215F356206338 SHA-256: 9146931545FDAA906A8B6EE21B4AB91665013645A324CEE0F1971F8D62EE0D15 SHA-512: 94FEC10E7010C3AF4A0722250A923A10ED5944F8655E7A190B08B8EF096A04DF99A70CD4C88CCBD3BC3E87C9999A99C36769E6A1EF43BF694852243458D13D31 Malicious: false Reputation: low IE Cache URL: https://merchant.reservanto.cz/Content/Settings/016000/16503/4269/51e4a9a7-b660-4911-81e8-dd3d82596687.png Preview: .PNG...... IHDR...2...2...... ?...... gAMA...... a.....pHYs..."..."...... tEXtSoftware.Adobe ImageReadyq.e<....IDAThC..j.A..;."".}[email protected].$..n.[....[.AD.....Z"q.N..f&.8]}..jz... ..R=SN..4=...... T.1.2n.?B...... #.$3.Q...#..s.!P{WO6.B...... K.z...w/..kqM.F...8....P..5.(..0GY...C.....Zl/.N.wImo.....j..[oU.p.X...C.e-.6B..]HQ...... E...... H/f.^.xF..lJ.7.Rw.3.._( ...O..X..7.(.b.m...(...D..$...\.#....y....}..5.tM..b.(.|...[.|.y..2...... r.8...{...[.}.}..#.B.....(>..!!...?.^(..C..G.....S.z4O..3&.C....$..1bB..S%.P....Yu...:...... N.:<.1..n.YG_3.F...V...s$.p~L&...... S)e.2C...A..Q...... D#$...... X...... x.2..X...... JG."'..n..\..|.....>...'....Bm#d_...I.xe..K.H...C.`ab{...w.d.)dg..k...C=nG....O.S!..T...... *..u...... IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\alza[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Copyright Joe Security LLC 2021 Page 21 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\alza[1].svg Category: downloaded Size (bytes): 5352 Entropy (8bit): 4.384215534052814 Encrypted: false SSDEEP: 96:hvfsOjzP1zDfcwqEzP1z1oOjzP1zt50z5cSwBVPk+jJDtC/G5J:xsOvtfcwq+DoOvlui7ZzC/G5J MD5: 1066E608613DE49D07E0294AF54C37D1 SHA1: 6A442D62326AEEA88AADB1375D00C98CAF84B51C SHA-256: 3F08C3C1B3B7DCA3D94BE2035F6F3CF47A303BF58EA31CFE5EF8DA20B998A0B9 SHA-512: D6659D94BB779EE878E82008795C165914BB8FF91D71D9CB923DD1B21910308D397C1899CFC0E608040D505BE365D3200EDAD9D501B091D678174AA4BB0EAFB0 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/Brands/alza.svg Preview: . Generator: Adobe Illustrator 20.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bodybody[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 165 x 65, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 3806 Entropy (8bit): 7.773532815615652 Encrypted: false SSDEEP: 96:VY28hqY0+8BHvm1tEIqosc7dD+J3DGMjJe:V0qY05hrc7dD+FDjJe MD5: 7AEA172F99C9F00F37D002437286A52B SHA1: F59264DFB9F016D433B81FBF4B4304A85CEB0964 SHA-256: 5BB36A9F068168D75ED412507DFC7D13432F295106E4A67AF4C5121FD3DA41EF SHA-512: 08F2B57D9F9C96135BDDDCFE7C46FC65D4E6BB4B33481FB41EE2889FE2E7EFB94B44719B72A6A1AFA9912D935F00590B314AE2AAA4C8219FFFF0A00F09DA367 8 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/Brands/bodybody.png Preview: .PNG...... IHDR...... A...... dN....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp..... h....RIDATx..\.P....[.. (...T.*.....?...T.NRb...... bG'...I.c&F.iAcB.ik4Z.X..4..-...T..#P.h~."....4...^..w....`..~3;.

Copyright Joe Security LLC 2021 Page 22 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bodyexpress[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 231841 Entropy (8bit): 5.894319037609896 Encrypted: false SSDEEP: 3072:KpKdEiDQGEjg4mJOhscAQ9OPhGXRAwELhDV1u1JljkodCYB:KpKiiDLYJQOm+cPwXuVL5VQJl MD5: 7910E9FE8F01B0658D895830A02B7F79 SHA1: 579E2EF828F19D046083A4F5BB8417B8EA78BC93 SHA-256: 883AA6498B06681D99ED546918F05C355AE3C29BE0E8DDCE08B28A1B0C53955B SHA-512: 8F44F460920A6EEEB55F854F98A9CE81BBD0709CA9326A9511C7683067D9D3B9E389292A56DFB740656B5323BB34EF4275CC775D46EC7DDF2552A2EE27E4FCB E Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/Brands/bodyexpress.svg Preview: .. Generator: Adobe Illustrator 13.0.0, SVG Export Plug-In -->....]>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\cez[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 79 x 65, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 2522 Entropy (8bit): 7.601845971432091 Encrypted: false SSDEEP: 48:7ewqQNn2xaJJ3F1G0YZ/82B/jY+NIhJ/ADePhAL4Yf1RCPcmGWt:7SY2418NZ8q/jIhJ/AD3DmPKWt MD5: FA847C2540904F995EA8D90214088AEC SHA1: F5311B75644AFC8C04E6CB844B0E5FD9FAA860A1 SHA-256: 9B865C1E1CB29415382C009D322844BAFE5C3C41524E795C97443BF1B547300C SHA-512: E8EF995CDF9F51699ED49F75A28ACD01A3C5BA1100C8419FDE09E3DAA2E11D1DA21ACDCF3716CA63785EE96ABBA674EB792F96FFA2C3A1E249E74A5A32FB7 7C0 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/Brands/cez.png Preview: .PNG...... IHDR...O...A...... >...... tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp..... .]%b...NIDATx..\.l.U.. g....VJ@..).(J...."j#.@<....GJ0..h...#.h...... +.r.bL<. FC.DQS1"..=.v...... dV....v...2.^....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: dropped Size (bytes): 901 Entropy (8bit): 5.172057328802435 Encrypted: false SSDEEP: 24:51SY3QYNcp1SY3QYXi+1SOYNh1SOYXH1SOYN72:qY3QWc6Y3Qg+OWSOgEOC2 MD5: 7FCA0067B1448561E48877C8DFAA433A SHA1: 6F63F52FFC40694E4725AC07916B872EF1CEE722 SHA-256: 2DA4F53E621F3F66A7298EA7FEA5AD94C42761A6A7A08F639EDC158DF36C386F SHA-512: 9E14D554DEC21DFBC30BB189B46477FED10E07191535E39F42E5239C834CC39E7EFFAC5221FA3765D00C2A19545CBDFA6D2203406657944F6924D00BC6AB1C91 Malicious: false Reputation: low Preview: @font-face {. font-family: 'Ubuntu';. font-style: italic;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/ubuntu/v15/4iCp6KVjbNBYlgoKejZftVyBN4c.woff) format ('woff');.}.@font-face {. font-family: 'Ubuntu';. font-style: italic;. font-weight: 500;. src: url(https://fonts.gstatic.com/s/ubuntu/v15/4iCp6KVjbNBYlgoKejYHtFyBN4c.woff) format('woff');.}.@font-face {. font-family: 'Ubuntu';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoC1CzjvmyL.w off) format('woff');.}.@font-face {. font-family: 'Ubuntu';. font-style: normal;. font-weight: 500;. src: url(https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCj C3jvmyL.woff) format('woff');.}.@font-face {. font-family: 'Ubuntu';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVj bNBYlgoCxCvjvmyL.woff) format('woff');.}.

Copyright Joe Security LLC 2021 Page 23 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\csslayout[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 7505 Entropy (8bit): 5.256317860291646 Encrypted: false SSDEEP: 96:4GzukwvA/vgezEGb8rOwPCeBXwcdXuvehOveUtz8pL/2svNCzQhMqNE13:RTD/T9b8aeDj1aloVFsQ6qNE3 MD5: 4E7CB81E3D2DA231E78E860E107C875F SHA1: 535475FA98226C99B6C41B2A502E8F956F44CCEF SHA-256: 88E1D9134C24C534365AB3AEAC8A42823C012297E982248948276211607F8FDE SHA-512: D5219140FD83D0E02D923EC6C25EF7AC1A50754AE8E442AC58233AE011A47B9D90691D934FE29A6238D27332092F393B5DBAC439EC491DA846D9D3AB4B4E4F68 Malicious: false Reputation: low IE Cache URL: https://managebooking.reservanto.cz/bundles/csslayout?v=5--CNPwI8vMQpaZrR6TUxxAiNqzDOlTIpR14uQWgbk41 Preview: *{margin:0;padding:0;border:0}body{font-family:'Ubuntu',sans-serif;font-weight:300;color:#1a1a1a;font-size:13px}button{font-family:'Ubuntu',sans-serif;font-weight:500;font- size:13px}a{color:#06bdc4;font-size:13px}input[type=text],input[type=password],textarea,select{border:1px solid #e2e2e2;padding:5px;vertical-align:middle}.blue-button{b ackground:#09c1cd;color:#fff;padding:7px 10px;margin-right:15px;-webkit-border-radius:4px;-moz-border-radius:4px;-ms-border-radius:4px;border-radius:4px}.blue-b utton:hover,.blue-button:active,.blue-button:focus{color:#fff;text-decoration:none}.blue-button.arrow{background:#09c1cd url("/Images/next-bg-arrow.png") right center no- repeat;padding:7px 30px 7px 10px!important}.rowoffset{padding-top:12px}.managebooking .container-fluid{padding:0}.managebooking .row{margin:0}.managebooking .ca ption{font-weight:100}.managebooking .bigvalue{font-weight:bold;font-size:20px}.managebooking .strongvalue{font-weight:bold;font-size:16px}.managebooking h5{col or:#06bdc4

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\csssite[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: downloaded Size (bytes): 2434 Entropy (8bit): 4.95572761275747 Encrypted: false SSDEEP: 48:Xo3zVESKZKRqKBB7nrMynedjih53DDduh:XyES41gnBnedjeHQh MD5: 290062E00228AC9F2FBBB31B7F2D0D36 SHA1: E2751A40BCD34CDF8460316559DD5C5907585AE2 SHA-256: A9BEAF1BF435D33279EEA0990D511FAAA392F9ADD71C9462FD696000B1ED7837 SHA-512: 4CECE7DDF3CAED7451EA22FEBA426BEA6185C583CE22C2E981B79CE814B79941A4D8AFC22F925F71497DD36B524E83A1CD05E5ABC4A3501B9DF4A580B4BFC DAA Malicious: false Reputation: low IE Cache URL: https://managebooking.reservanto.cz/bundles/csssite?v=DvuFOt7WYietYpG9lOeU7l_uoO7VQOTi8DPEyH2FMaM1 Preview: input,select,textarea{max-width:280px}.checkbox input[type="checkbox"]{position:relative;margin-left:0;margin-right:5px;top:2px}.two-inputs{margin-left:-15px;margin-right:- 15px;max-width:340px}#customer-birthday select{margin-bottom:10px}span.expiration{color:gray;font-size:12px}.field-validation-error{color:red}.pass-status{width:20px;he ight:20px;display:inline-block;margin:-7px 3px}.pass-status.unknown{background-color:#ffa500}.pass-status.unknown::after{content:"?";color:#fff;font-size:20px;float:left; margin:-4px 6px;font-weight:500}.pass-status.error{background-color:red}.pass-status.error::after{content:"X";color:#fff;font-size:20px;float:left;margin:-4px 4px;font-we ight:500}.pass-status.confirmed{background-color:green}.pass-status.confirmed::after{content:".";color:#fff;font-size:20px;float:left;margin:-4px 3px;font-weight:500}#form- chooseCourseOrAppointment{height:100%}#form-chooseCourseOrAppointment .text-info{margin-bottom:20px;font-size:18px}#form-chooseCourseOrAppointment

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\facebook[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 50 x 50, 8-bit/color RGBA, interlaced Category: downloaded Size (bytes): 4162 Entropy (8bit): 7.891720629612276 Encrypted: false SSDEEP: 96:oAsSDZ/I09Da01l+gmkyTt6Hk8nTdjHqWvqjTrqi+asWyUIjvZF:ESDS0tKg9E05T5HBv03qDasWy7vz MD5: 43123DBCFFE0BCABA6B4E0DC87857E40 SHA1: F34D41C34DD01920EC63F375D825A4DDC30878C4 SHA-256: 0DA14CD47DCA5D39AC622CD2E0EAFD6CE2FB2FDB44C0A781CAE5B5BA8EC39FC6 SHA-512: 1BF2C117780B8397DDCA29E43474E4D1D4F94A065E46A13C3AE42DE96B15049D39B0A357618F2DE3E5EE94744E1ABC0456D205F1D115F3225F3EE2E199EA01AF Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/facebook.png Preview: .PNG...... IHDR...2...2.....i8.'....pHYs...... OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...... Q,...... !...... {.k...... >...... H3Q5...B...... @..$p....d!s.#...~<<+".....x.....M..0.....B.\[email protected]..@F....&S....`.cb..P-.`'...... {..[.!...... e.D.h;...V.E.X0..fK.9..-.0IWfH...... 0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q .WW..([email protected]...... x.....6..._-..."[email protected]~..,/...;..m..%..h^[email protected].~<.5..j>.{.-.]c..K'.Xt...... o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,...... `6.B$..B.B.d..r`)..B(...*`/[email protected]..=p..a...(....A...a!..b.X#...... !.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1...... r..=.6...h..>C.0....3.l0...B.8,..c."...... V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.n R#.,..4H.#...dk..9.,

Copyright Joe Security LLC 2021 Page 24 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 539 x 129, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 47610 Entropy (8bit): 7.985915153234564 Encrypted: false SSDEEP: 768:AlelJmZNguq4ehUzaNR9Zl8LEqWTXTuhcWP02KwooOVt94+ZsIYfLeakJIziyH:AlelJGxfaNR9ZleJWLqs7woo2zYqakJg MD5: A440F67EA5F41C0DE691E49128817CFE SHA1: 32A89232E001024D2920BDA41C7644CD1647DC49 SHA-256: 1A891BD61736C8B498686BDFE036468F9A66062471C37A53352F82CE5A758A5F SHA-512: AF975FEDDE72081011E57350B071C7375BF5443AD6AA816AF3999F6FC18997771BFACBAE5A84A75FA586DFAAD2116522F11E285542AA2C4A5919832CC3CFA3F A Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/logo.png Preview: .PNG...... IHDR...... iEx.....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp..... &.XE...*IDATx..].`TU..{z.$...B...... +.Xp.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\modernizr[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 11095 Entropy (8bit): 5.237754788592151 Encrypted: false SSDEEP: 192:Ge9ZNR5GciQ3M1l8I3WsIYbXjP4lr8hvK3ozLZUnT:L9ZNRB3M1l82WqXjPYrEyUZUT MD5: EFEAC4BCC64C045F413F90CEBA3F836E SHA1: F6E4AF16612D2C740E0D62440FCE784290EAB928 SHA-256: 9E83216908224FFBC39992A5E60F93CA21B8E2240BA28025BA679C4B70F7112D SHA-512: 8D0B20E90EB1DE8E68918C9306DEE3CE0453CB176D463D1061FBE50FAC804FFA0C3682DA42A6C53B99CBDC2F3C1809744A64538BD47CCF68865C1774BADED8 78 Malicious: false Reputation: low IE Cache URL: https://managebooking.reservanto.cz/bundles/modernizr?v=inCVuEFe6J4Q07A0AcRsbJic_UE5MwpRMNGcOtk94TE1 Preview: window.Modernizr=function(n,t,i){function a(n){c.cssText=n}function vt(n,t){return a(y.join(n+";")+(t||""))}function h(n,t){return typeof n===t}function v(n,t){return!!~(""+n).inde xOf(t)}function lt(n,t){var u,r;for(u in n)if(r=n[u],!v(r,"-")&&c[r]!==i)return t=="pfx"?r:!0;return!1}function yt(n,t,r){var f,u;for(f in n)if(u=t[n[f]],u!==i)return r===!1?n[f]:h(u,"functi on")?u.bind(r||t):u;return!1}function f(n,t,i){var r=n.charAt(0).toUpperCase()+n.slice(1),u=(n+" "+ot.join(r+" ")+r).split(" ");return h(t,"string")||h(t,"undefined")?lt(u,t):(u=(n+" "+st.join(r+" ")+r).split(" "),yt(u,t,i))}function pt(){u.input=function(i){for(var r=0,u=i.length;r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\next-bg-arrow[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 19 x 12, 8-bit/color RGBA, interlaced Category: downloaded Size (bytes): 331 Entropy (8bit): 5.885012313811662 Encrypted: false SSDEEP: 6:6v/lhPoktO/6T3AYfvl7smUQX/hlvti3B7T8Jonr9X/+HmuAmXZYirp:6v/73tO/6Tl7s0X/hlvtidT8mnxX25pB MD5: 96DE0AEEE831A114E15E40C928F75E23 SHA1: A9CEBEADC0C7D3F8DDE1B656BA2D27E6138D6CD5 SHA-256: 0BB6865087E0D7969284045536489BF55FB20FE5CD3A125611226B125AF4CA6D SHA-512: 26603586A5EFF171C458528B068C102B08CD7A5B7AEF1BAFF14CA248A44166D88577CA85BA64C84C7789D2677FC9595F463D42F3756808C94037A3CAF1A0679E Malicious: false Reputation: low IE Cache URL: https://managebooking.reservanto.cz/Images/next-bg-arrow.png Preview: .PNG...... IHDR...... pHYs...... cHRM..z%...... u0...`..:....o._.F....IDATx.b..../...f...... 3...... s....?...!...... g```.)...... B.CPp/...3...... j&6.l.^...... e``...... D...... b. ...<...$B....s.^.....[....?D...... 9...a...... "C.%.....b.X.(r.r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\povodi_moravy[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Copyright Joe Security LLC 2021 Page 25 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\povodi_moravy[1].svg File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 13997 Entropy (8bit): 4.745963363056005 Encrypted: false SSDEEP: 192:/k5KtGX84ymQowoX0KHYFxD7pziuTUnL1/u2WYgH4l/Q0oJmR/y:s5KUlngT+/jAH47TFy MD5: 2602EC233704A687FCEFF38B01205CEF SHA1: 78A3DFAC538D4290A6BA07C474C175154F134AFF SHA-256: EDFF73DFC8702551391AF1D25852ADC3F4A9EAE73F3C2C9C497FD4AD6CE6FEE5 SHA-512: 6C0F964FD6D659366043ADE27D8D3B56549343DFDFF2321C19EF74568FA208465B319B864E29AB9F6C6E73B497716FD1002DBE39D1BB1519F922E373BA058EE9 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/Brands/povodi_moravy.svg Preview: . Created with Inkscape (http://www.inkscape.org/) -->... . .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\retargeting[1].gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Category: downloaded Size (bytes): 43 Entropy (8bit): 2.9889835948335506 Encrypted: false SSDEEP: 3:CUnaaatxl7/lHh/:clf/ MD5: 968C3AD2C1183FEE0BF0DD479F7904B7 SHA1: 1D770800ECB05EB9133F9B51620C9E4349656859 SHA-256: 3331A0486CB3E8A75C8C2FDF02BF80FD8FE2B811DFE5C7B4AA892D38BFCF604A SHA-512: 6135BEB6606C4214EEFFE51559E127F77F0BBB271370EB9B4DC57D55EC7E86D848400AA8449F1412B28FE11175573B2148AB7B06F201DCA8E17EE8E8D7D767A9 Malicious: false Reputation: low IE Cache URL: https://c.seznam.cz/retargeting?id=110468&category=&itemId=&url=https%3A%2F%2Fwww.reservanto.cz%2F Preview: GIF89a...... !...... ,...... D..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\trophy_gold[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 110 x 110, 8-bit/color RGBA, interlaced Category: downloaded Size (bytes): 11935 Entropy (8bit): 7.967690308910829 Encrypted: false SSDEEP: 192:QS60TnKDJYXAlOoqwbu8M1/tqQFqt70ZjxyF5surKxPYUoVrIiusji4PDVx9d3YY:3h2XtRc147rSw2oVFu4d7Vx9d3cRS MD5: CC9092883B52CD39072088E7165A20CB SHA1: FFB557901E27158A58E6DD7A426776ED253CE168 SHA-256: E6C910F7F7286B4D9F329C37DC648F6D0E9D283051C09F6EA10A085BE3247B68 SHA-512: 73D421FC59D6B9658D8954393FEB1C7DC9593D2BFD88EB3890BD4160FE9A41A42F2870872D8A7904684F53220E6B7552403133F28FDC226682C0AF78B72C7EE4 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/trophy_gold.png Preview: .PNG...... IHDR...n...n...... \.m....pHYs...... cHRM..z%...... u0...`..:....o._.F...%IDATx.|..jUQ...9.x.....K.+I..h...... U.B.!./. b...m..BL#vi.\..9{...}...... c.,.....s.]...R..<.)... ..P.eu}..!".".;...5....:*.L>~..f.V-....y..4o...B.....Ki.$...V.9O.Dc.G_ .H...S.aV.\...85.$.ky..U..N...... 9:...+e..-.jC.VYA*N.+..G...n.n.....0)...v.....u..n...'(.f.L.S.*...=.._.....CK9.3.u...[.... 9_.m....=.WJ....G..F#(@l-z...}.)...... f...... }<|...... @.~.{...... ?..a...3....De#...J4J.Bn!.>.B.Vh.....lD"*.Fb.d. .?....;3.{~..3...... =.<.I._. I...... ]...<....we...tv.M.2..,..E...... ByK$.}5.?..l .x..~.uq.![...... &DV...... <.O.....}p..&...rl.i...WO.5.`..y.y0py~....o.|....(...-zE.;|l@...... q....n....},I...4#...{$...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\twitter[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 50 x 50, 8-bit/color RGBA, interlaced Category: downloaded Size (bytes): 4481 Entropy (8bit): 7.903121088559281 Encrypted: false Copyright Joe Security LLC 2021 Page 26 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\twitter[1].png SSDEEP: 96:oAsSDZ/I09Da01l+gmkyTt6Hk8nTBCvo5FORRYYOVmH+:ESDS0tKg9E05TB7ayYe MD5: 999D792C169A2044D4892D269DEFF823 SHA1: 60FCFD7FF57A015089D327E91A644A63A743B93D SHA-256: 6AF1331B44D03A793554537A60FFA774C578104B08412659AC80938771244C28 SHA-512: 7B389E579AFB703AA91FAD7A4F742F7939206474ED37672D5D5CE8AF1EBC46E6E698ECCB994A6CFFC75CBDC97B0B31A4C7162F5F2ADA54A112C96DA61F9305 11 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/twitter.png Preview: .PNG...... IHDR...2...2.....i8.'....pHYs...... OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...... Q,...... !...... {.k...... >...... H3Q5...B...... @..$p....d!s.#...~<<+".....x.....M..0.....B.\[email protected]..@F....&S....`.cb..P-.`'...... {..[.!...... e.D.h;...V.E.X0..fK.9..-.0IWfH...... 0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q .WW..([email protected]...... x.....6..._-..."[email protected]~..,/...;..m..%..h^[email protected].~<.5..j>.{.-.]c..K'.Xt...... o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,...... `6.B$..B.B.d..r`)..B(...*`/[email protected]..=p..a...(....A...a!..b.X#...... !.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1...... r..=.6...h..>C.0....3.l0...B.8,..c."...... V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.n R#.,..4H.#...dk..9.,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ubuntu-medium[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 153436, version 1.1 Category: downloaded Size (bytes): 153436 Entropy (8bit): 7.957866299387676 Encrypted: false SSDEEP: 3072:ytoNNPNk/pb8TeoE+d+3POHo/Ic52T3QTUFxXqYZuMf8:yCD29ot9Hc52E4FSQ8 MD5: C155BB52A3E55BCA43F92E9BDE81BC81 SHA1: F0A3ABEE06D4B0358F98061E9FF3FB2E0AA74494 SHA-256: 2CB5E850AD387BCD797FD93BDD1A01B3937B3B10696548360B8C40C7E9AA9AFA SHA-512: F2F8A0E12E075B8D8B585B432B431239A32497B2BF4B0C3239E65B199A9439CD8146ECCF28BED682639938DBC7E0FDC1F4D2D1FC3F546A64BF04D092C1FE6D7 2 Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/Content/fonts/ubuntu-medium.woff Preview: wOFF...... W\...... FFTM...l...... ].9bOS/2...... [...`...cmap...... 1...6X.0.cvt ...... h.#fpgm...... #v.D.gasp...$...... glyf...4...... A..ZeYhead...... 2...6.. ..hhea...... !...$....hmtx...... ,,.a,kern.....t...:.."..loca..Cx...... c.maxp..H...... Aname..H0...... }..5jpost..M....:...... prep..U...._....m'...... o1.....^...... k.x.c`frd...... B3. e.d....fcafcbfby...?.A!...\.}....8>00s.wg.`^.W..a~.#H..V....F.<....x....o.A.....J.t.>.?..nm-Ekiu...w.kj.*H--EQK+..V..."zA..n$}....!q!...... o.y2...... #Ig..{..z..G._...C$..X.K...... #.U..T. ..\*Ze.\U..U.jTM.Y.D;.O?>cY6..MP\...5.&T... .."4!.&lV..!..w...... *...l...#....w..}.o.G..|i...f.Yk.gD.....w...K|l...e .;...u..O..=.#...._.L_..'[email protected]"q._{.E4... b.%.x.H$.dRH%.t2....2.. .,F2..![..8.C....$&.G>S(.."...4.3..f2.Rf3...c>.X."..D...Ts...... \....unr.[4r..4q..<.!.<...i...y...Y..VI..H.ktm...... M.O+...wk...O..2.k3K..:vj]..*.7..Sb$V.%I.$...{edI..H..u..%A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ubuntu[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 160724, version 1.1 Category: downloaded Size (bytes): 160724 Entropy (8bit): 7.950393788629613 Encrypted: false SSDEEP: 3072:Y7iB7K/hrmBfISjh/RTnxoYflPndR8y///////yFOF2k2jjjjjjjjjjjjjjjjjji:PamlIi/RDyY9PdRJFIjjjjjjjjjjjjju MD5: BD40E3067838F39B65185CE62E47AF78 SHA1: D896179BA2DA3E4DB5726D0FE67DCD60F3ECC6EE SHA-256: EC07EA386519CC24D707010C8FAD8738D974F273E627D5F793A2A4ED3BDDF897 SHA-512: EED87B2576B2E2E9F6EE1CE043FFE66EB09F8E2548587D1C276116C02F3D8CBB31564889EA007136298984CC249052634490CAC21ADA5E6CEEDA02CF0235083F Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/Content/fonts/ubuntu.woff Preview: wOFF...... s...... FFTM...l...... ]..4OS/2...... \...`.6.|cmap...... 1...6X.0.cvt ...... -$$.fpgm...... #v.D.gasp...... glyf...... e...&.head...T...2...6.V..hhea...... !...$...~hmtx...... d...,..hwkern...... u...<.8Y.loca.._,...... Dmaxp..c...... Oname..c....C...._.:post..i(...:...... prep..qd...n....AF...... o1...... X.....k.x.c`f2f...... B3.e. g....feafcbfby...?.A!...\.}....8>00s.wg.`^.W..a~.#P...V....F..p..x....o.A.....J.t.>.?..nm-Ekiu...w.kj.*H--EQK+..V..."zA..n$}....!q!...... o.y2...... #Ig..{..z..G._...C$..X.K...... #.U..T... \*Ze.\U..U.jTM.Y.D;.O?>cY6..MP\...5.&T... .."4!.&lV..!..w...... *...l...#....w..}.o.G..|i...f.Yk.gD.....w...K|l...e .;...u..O..=.#...._.L_..'[email protected]"q._{.E4... b.%.x.H$.dRH%.t2....2.. .,F2..![..8.C....$&.G>S(.."...4.3..f2.Rf3...c>.X."..D...Ts...... \....unr.[4r..4q..<.!.<...i...y...Y..VI..H.ktm...... M.O+...wk...O..2.k3K..:vj]..*.7..Sb$V.%I.$...{edI..H..u..%A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\4iCs6KVjbNBYlgoKcQ7w[1].woff

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 78660, version 1.1 Category: downloaded Size (bytes): 78660 Entropy (8bit): 7.9956159913857 Encrypted: true

Copyright Joe Security LLC 2021 Page 27 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\4iCs6KVjbNBYlgoKcQ7w[1].woff

SSDEEP: 1536:S2nVnjAg/wvWXZavLlJBz7VqHy/uOuMJq6gLcvBJw9D7jbkOshp:S2nt5gWpavxJBz7wTOQ9D7kOsX MD5: EB54A705D8AD04A0AB6A79E5FB4EE4E8 SHA1: AA2CBBDA3A7CE36D6981C4D1A0A8EDF60DD7F9A0 SHA-256: D63377327DF0CBEEAD33AF7869EC16622754D1CE3180B73AF9FB09DC286982D3 SHA-512: 06E5C461544F19F442824DC7C99C7343314FCC30D90682D2B318AB81051C7CD9FCEBA7DAE3B4FC33A1191546BD7C4239FAC43D6C05DBA211936D4B8C5FD6F65 8 Malicious: false Reputation: low IE Cache URL: https://fonts.gstatic.com/s/ubuntu/v15/4iCs6KVjbNBYlgoKcQ7w.woff Preview: wOFF...... 3D...... lT...... GPOS...... v.]A..GSUB...... OS/2...... [...`fM..VDMX...$...... cmap...... v.cvt ...... -$$.fpgm...... z...#v.D.gasp..$H...... glyf..$X....._.g.EJhdmx...... \..F..K.2head...p...6...6...'hhea...... $....hmtx...... r.loca..#T...... Bhmaxp..(T...... %..name..(t...... v..6Upost..),...... )prep..0...._....AF ..x.L.%T.P..g.s.....N.....P..z&..w....g.M..2...... 9?1....A...O...... n:.....'F.ig....~....A....3+...... `..[.b..t....H.....X.].W.:*..R..SF.u]).~...G....\..]...... e&...2V..5.c.....v...\.&Ox.k._... .J...C>..C...... F.]..~(./.).)._~...D.E.D.D....D.DSD.,.&.%.O...._...G}.c....a.~....enE.CIX.S..13V....Pffff.^...c....r...... }.\.{z.d4Z../.q.Q.hw.3...... N" 6.(P!K.2.m.....I...J.:."S..dH.f.9 y4....Y'.A.Ab..S.4K.kH.:.4.NIc..\..o.u...2.D..M.29.m.H.m...-..G...4%.9.,..:.99.p.P.6.@}..Bj...... R.....J...Ww.".~..B.v.Y_w..].u.[...... Q~....|i..M...... yX.L..&...Z.h..'

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\4iCv6KVjbNBYlgoCjC3jvmyL[1].woff

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 71304, version 1.1 Category: downloaded Size (bytes): 71304 Entropy (8bit): 7.993334334125074 Encrypted: true SSDEEP: 1536:oO+JkDsV85wRcRb/GK87hcZRKdsWCyXP4ba6vlIl:oJJAsV8iRcd/G17hc7GTXP4/9Il MD5: 0A22463AE8CD4ACDC06DC18666B5D598 SHA1: 1FB4833F03284B8573A46319933987C6F264ABA9 SHA-256: 8526C88F28B9A99483D0313A64B733C5290B88EF3B53BE28333FB9BF6087ED12 SHA-512: A0DDC76149807AF45E9CE189CE160A14839931E12959DFF91639DF98106C7A8692A4FF2BB2AC7CB170B08000AF2D1852193304436D99D8FC994E9867984A5E5B Malicious: false Reputation: low IE Cache URL: https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCjC3jvmyL.woff Preview: wOFF...... B...... GPOS...... v.,..>GSUB...|...... OS/2...... Z...`f...VDMX...... B.,cmap...... v.cvt ...... h.#fpgm...... z...#v.D.gasp..$...... glyf..$ ...... 66.F..hdmx...... F.....head...... 6...6...bhhea...... $....hmtx...... j2loca...... maxp...... %..name...... d..5.post...t...... prep...,...Y....m'..x.L.3`DA.....b[Ul.m .M.>m.c7..7.}.o...b.5..1.1.....n...t...a...... (4)..NW.`/le.&...z\e.J..L}..cgN^...S...Bf.\..X..q.M..3TP.`.L...5.Z...2..Z..9.k.!...D4b..f.c.,).").2).r)...... i...N.n....q"G.C`..$..=...].. p.E0.#\K5oLC...... z2.d."....&.L...F.$...... e...n...B....b.,....(|...f..../...;.....g.$...yV..Y..n.w.\....[%Rs.&.5*.65.....IT)..I..! 1..G&]9..gN9l.P!.K.IR...Z0K.iRg.2...J.U...... ).Ht.Z...t..GB....K.. R.{Lh...I..9..)Q.BE...{.$...{.i..KLD...<_.q.?b...5...u....2..QW...u.G}.q...KZ4.....f.q....9|i..f.r95..W.+>vb2bM.c%!;.Q/h...... [.f...... =bb9.G4.<.G.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Modal[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: downloaded Size (bytes): 28882 Entropy (8bit): 5.312040279152201 Encrypted: false SSDEEP: 384:P5gtEdh8dml8xg1s3TmIyw+ssvVKOby4infmVBwvh:P5gtiGdml8u1EwrVd+MBwvh MD5: CA262E8637E1D245AFE03199E83AFCB8 SHA1: A7CF1DF7AD6AD638A1C326270853389CF6B099A0 SHA-256: 7D39350D7FF259E04B3CC26DA73E88B33672E3F6D0A55901EE2F55E8E8363624 SHA-512: 4EDBE7755D6E7A0CE30C3E341D927FF118CD42264F125BB690A4A5920E9F1D1401580F956C239E55C8EED0E0CF5F937047A3EF0047288699CF90C9138C2A1975 Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/Modal?id=16503 Preview: .... [if lt IE 7]> .. [if IE 7]> .. [if IE 8]> .. [if gt IE 8]> >.... .............................. .(U...0.IDATx..]...U.. U].y:M....q.A....U1 ...... a..5~..9..].U...Q.$...009w.....j..I...e...... ;...^..TU...V<}%.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\asset-manifest[1].json Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 1528 Entropy (8bit): 4.859226613486628 Encrypted: false SSDEEP: 24:ly0ARpQ+yZgnbMu6nbOL4LTLzwLz3L7LiLSMLSvVV3K61+/+bXcdFLHeuLHetLAz:lyddMSCOkHPwPJHvVV3M2bXWauapMuGR MD5: 12C3F68F60D0ED76034376940764C88A SHA1: 4DC9A3FD75A2A6D95559844A3135076A3DA4C7F4 SHA-256: C44552B3A88866975E70A76C9F546B0B8E456C182344AEED710A4ACA83E5A48F SHA-512: 42E360F23FF74A8105C442469CAFEB43462AFCA97D7CD5ECC2FE9569995F2A09E78EE54B89AA3C7371CAE37BA5E2813360CEF5A7A737F031A81087E1362CFF65 Malicious: false Reputation: low IE Cache URL: https://widget-v2.smartsuppcdn.com/asset-manifest.json Preview: {. "files": {. "static/js/0.f236e9dd.chunk.js": "/static/js/0.f236e9dd.chunk.js",. "static/js/0.f236e9dd.chunk.js.map": "/static/js/0.f236e9dd.chunk.js.map",. "main.js": "/static/js/main.ecff41f3.chunk.js",. "main.js.map": "/static/js/main.ecff41f3.chunk.js.map",. "runtime-main.js": "/static/js/runtime-main.705201c9.js",. "runtime-main.js. map": "/static/js/runtime-main.705201c9.js.map",. "static/js/3.18bcfc90.chunk.js": "/static/js/3.18bcfc90.chunk.js",. "static/js/3.18bcfc90.chunk.js.map": "/static/js/3.18bcf c90.chunk.js.map",. "static/js/4.3f4d1d17.chunk.js": "/static/js/4.3f4d1d17.chunk.js",. "static/js/4.3f4d1d17.chunk.js.map": "/static/js/4.3f4d1d17.chunk.js.map",. "static /js/5.0e68d40f.chunk.js": "/static/js/5.0e68d40f.chunk.js",. "static/js/5.0e68d40f.chunk.js.map": "/static/js/5.0e68d40f.chunk.js.map",. "static/js/6.4986ab7e.chunk.js": "/st atic/js/6.4986ab7e.chunk.js",. "static/js/6.4986ab7e.chunk.js.map": "/static/js/6.4986ab7e.chunk.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bootstrap[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 31069 Entropy (8bit): 5.09827769705936 Encrypted: false SSDEEP: 768:Ika4AR8Y00A1ztkBXJsSdWsCIC/vIeDEanqUyTVi9hMcSuVUXRrXSG0:+JEZQZs4T9TVAMcSuVUXRY MD5: BA643FCCB39C2A7FCB3A8D46ADEB19F7 SHA1: 43B7BFFACF88E858D5B3D921A0E74EF7D8199BC1 SHA-256: 0C477768D9D0FAD3F16C9A5A43644A5D0B8556181940A8646C7901E6DC2A8279 SHA-512: 56C8CFDDB2F94CA2FD32F6BD6E48F900A4B280410FE1860594768A7923B02B347FA618C97661776326A8E9F211529D45950622BDDB4F21878E40ED06D4645589 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/bundles/bootstrap?v=2Fz3B0iizV2NnnamQFrx-NbYJNTFeBJ2GM05SilbtQU1 Preview: if(!jQuery)throw new Error("Bootstrap requires jQuery");+function(n){"use strict";function t(){var i=document.createElement("bootstrap"),t={WebkitTransition:"webkitTransi tionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"},n;for(n in t)if(void 0!==i.style[n])return{end:t[n]}}n.fn.e mulateTransitionEnd=function(t){var i=!1,u=this,r;n(this).one(n.support.transition.end,function(){i=!0});return r=function(){i||n(u).trigger(n.support.transition.end)},setTimeout(r ,t),this};n(function(){n.support.transition=t()})}(window.jQuery);+function(n){"use strict";var i='[data-dismiss="alert"]',t=function(t){n(t).on("click",i,this.close)},r;t.prototyp e.close=function(t){function f(){i.trigger("closed.bs.alert").remove()}var u=n(this),r=u.attr("data-target"),i;r||(r=u.attr("href"),r=r&&r.replace(/.*(?=#[^\s]*$)/,""));i=n(r);t&&t .preventDefault();i.length||(i=u.hasClass("alert")?u:u.parent());i.trigger(t=n.Event("close.bs.alert"));t.isDefaultPreve

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\css[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: downloaded Size (bytes): 127565 Entropy (8bit): 5.160779374261109 Encrypted: false SSDEEP: 1536:mpFAeBNWEg+ps1VlMxZP3sguCDxXPk/8WnM:oqlMxZP3sguCDxXPkEWM Copyright Joe Security LLC 2021 Page 29 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\css[1].css MD5: FF77C54C4ED8FD6A135DB4E38CB7D67D SHA1: 4B7B3A33BB23CC0E025CE86FE1F760599D3E3F49 SHA-256: AAEF6A629C07617EFDF35741EF05ECCB0F260B312820CB22C3A9443307373E39 SHA-512: CF23886628C8818E9E3A5108DF5C4D16E78DC6F0BDDED250961CE9EE3F1462DF054CCB87BA946BEA63DE2693FF3AD23AF135E335D7BAD61855710569F6296CC 7 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Content/css?v=7UPhcZf0Bghsf7x3yhdYw2BQiJs2ZQZlpbCa6BrKX_41 Preview: article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,video{display:inline-block}audio:not([controls]){display: none;height:0}[hidden]{display:none}html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}a:focus{outline:thin dotted}a:active ,a:hover{outline:0}h1{margin:.67em 0;font-size:2em}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}hr{height:0;-moz-box-sizing:content- box;box-sizing:content-box}mark{color:#000;background:#ff0}code,kbd,pre,samp{font-family:monospace,serif;font-size:1em}pre{white-space:pre-wrap}q{quotes:"." "." "." "." }small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hi dden}figure{margin:0}fieldset{padding:.35em .625em .75em;margin:0 2px;border:1px solid silver}legend{padding:0;border:0}button,input,select,te

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\cssbootstrap[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: downloaded Size (bytes): 141489 Entropy (8bit): 5.156579827468792 Encrypted: false SSDEEP: 768:fkkbNQbIHpRa865+dI6yHH5MqFeEYRttnbdbF2k3+k1trKjncpA6A6QYaQ:XbNQMKSI6yHH5MqQRvb2K2nclAU MD5: E8B0CD0A93EDE6A95A446C3EAC5CB16B SHA1: FD21BC64F1FCA8E55EC34FDEB408CC2DF93D33FD SHA-256: 13F5983A419BC790DA53FDEA8A1B9EA119A47A4F7007AAD1CD35279EE388B901 SHA-512: E28531259957CFD643745135890FC681ACD597DD698978D888204A5A95545D3229B6CDA282BAE65DAB95A8104EA37D2F65F959E013930CF444DB72B883952624 Malicious: false Reputation: low IE Cache URL: https://managebooking.reservanto.cz/Content/bundles/cssbootstrap?v=uXfI6oS7lioX0CXwKd2-Xo8wK77O3jncouu7KhWT2Y41 Preview: html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,n av,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{di splay:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em ;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-.5em} sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font- family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:n

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[1].ico Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel Category: downloaded Size (bytes): 17542 Entropy (8bit): 4.455980523177049 Encrypted: false SSDEEP: 192:J2ga2BHtAmaoMuAMStzVGRUydY3hz2mQCC:JhVBHBaoXd2zV6dYRzih MD5: 6D59DD2FFEFA67C9D38728DCB4161120 SHA1: 43A227406D44D5D0907B1C711533929EA068AE3F SHA-256: 00D4B196CA2AB3088340034245C12FE7C6473072CCDD277F913FE9D1A18F17BA SHA-512: E4227F9CAB3016D7DF5AD7BC9D7A0918A4E1C69697D17117E0B2BC6276832504F5DA87250A2974C7513B3A19B8DA7C5D35D0A123EB9B6E7AE62CA118237E8447 Malicious: false Reputation: low IE Cache URL: https://managebooking.reservanto.cz/favicon.ico Preview: ...... 00...... %..F...... %...... 6...... h....@..(...0...`...... <...v...... }...O...... C...... 9......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ff-uk[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 165 x 65, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 6099 Entropy (8bit): 7.887943082715701 Encrypted: false SSDEEP: 96:VY2PBw20TF6jPxZmfUO/ZpMUkyFQTszGtV3/fbVhCyjOf/xcgA/HEhzHARVKKjX1:V3Bw2OIDxcfU4Zp5tFQTszIVXbVHo9pM MD5: 80218BAC558A3B4B6B282E5E57C99DFB

Copyright Joe Security LLC 2021 Page 30 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ff-uk[1].png SHA1: 0ED0A82F1883531C82A286EF47C3E7118CD6E2BE SHA-256: E029B19FFE0B87C0061BF152F993C8E096BD176086E8621FFC0B83C10B07934E SHA-512: DEA86894238FD9FB2FDBCFBC3D01C12B314FFCF6F4C57668EF9F5337CE7E698745FA7ED0E6BD251E7D94A6483D351B4B2CCACE0063F3FA503C7F003BACBA05 1B Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/Brands/ff-uk.png Preview: .PNG...... IHDR...... A...... dN....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp..... c...... GIDATx....T..oU .....BC/.l.H.\..!"n.....c....g.I.8N&..l..L..&.q.f3...A.4...M...M..Z].U.}.w.Q,.<..p?.w......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fm-vse[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 165 x 65, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 10838 Entropy (8bit): 7.951181784664308 Encrypted: false SSDEEP: 192:VD+bWvFSUmf2XJPqMVKa+vHaOk3DsjoNGDmSH+lqqgZf:VDeaFef+yAKnvyAjOGaC+l+f MD5: 124D4AA2F885D982D2034BB3EA33718B SHA1: AE42C388D1AD806E9B9A37CE47994EA453C1ED3D SHA-256: 735FF1E56E2AB8717F94B2C90A0B94DC2241EF6CE90637575FE89EE272709884 SHA-512: 8093993678D3CD32F7F6B6D343B57A29838EBCCBAF11B6B82AEADE0C511C28FB2692C9EB900F08A86D2CE5DA65C23964B5B82E4FC711AD081FDF7992658C41E 5 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/Brands/fm-vse.png Preview: .PNG...... IHDR...... A...... dN....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp..... i+\...&.IDATx..}...U...... _.K...... L."...... 8....TD~...a..q.ATD@0$.UD6A@...... H.Iw.;...... :I.....b..R...s.s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\footerlogo[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 129 x 31, 8-bit/color RGBA, interlaced Category: downloaded Size (bytes): 7472 Entropy (8bit): 7.9538832941077136 Encrypted: false SSDEEP: 192:TSDS0tKg9E05TcaEfXu1yMbnBa79OJS+hnU:GJXE05LwXu1yWnAROE+JU MD5: D5E2F3C8A3AB72877AB54615F2BCB97A SHA1: 2C5380D5052C100CEECDD10C48AC479A95F75E79 SHA-256: 992033107CBBB0DDE008F61E09ADF1AA7E32545E20D6FEEF3E065E18D6ECA43E SHA-512: 8B7FB8BE1B9E42762E2E1CA5878790D26ADCEC4299A343FB124C245858469BF587696500A1E00C316A3A7C19E69DC9AA35EEF227FFAD13DC6A807E7CEA34714 F Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/footerlogo.png Preview: .PNG...... IHDR...... pHYs...... OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...... Q,...... !...... {.k...... >...... H3Q5...B...... @..$p....d!s.#...~<<+".....x.....M..0.....B.\[email protected]..@F....&S....`.cb..P-.`'...... {..[.!...... e.D.h;...V.E.X0..fK.9..-.0IWfH...... 0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q. WW..([email protected]...... x.....6..._-..."[email protected]~..,/...;..m..%..h^[email protected].~<.5..j>.{.-.]c..K'.Xt...... o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,...... `6.B$..B.B.d..r`)..B(...*`/[email protected]..=p..a...(....A...a!..b.X#...... !.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1...... r..=.6...h..>C.0....3.l0...B.8,..c."...... V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR #.,..4H.#...dk..9.,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\gopay-banner[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 64 x 17, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 3395 Entropy (8bit): 7.7579499527186435

Copyright Joe Security LLC 2021 Page 31 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\gopay-banner[1].png Encrypted: false SSDEEP: 48:jSwqQNn2x6lJ3tSOFEDPk+aWaezRt0E/kaI7cEvK3gJ6tLMZViYbiR5o8o:jGY2yS4BWaogi3gJhViYbZf MD5: DA3B7FAD23EEB03D3B1867E98F90365E SHA1: D3C9467EC0DC23F1C26F5EC77009A030D95BD75A SHA-256: 6F3C26D978D53D253CE12CFD93C0DB3530DD197F8F2178DA107BFA6230761E6A SHA-512: FB9B27F83FAEBDE90A77841A0930B0B51A63B742289F6D5146F4E7C5651BAC78F6FD37EE2998ED13F4EAD481D2BFC391BFAD80ACD2DA770BD25E60966481339 1 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/gopay-banner.png Preview: .PNG...... IHDR...@...... m...... tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp..... .3S.....IDATx..X{p...... K.....P...D.....2v.3>">.tZ.X...3..-....g:.3...Ze...... P[.QH%$.!...!..w...... (V;.i.G.Yr.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: downloaded Size (bytes): 93078 Entropy (8bit): 5.273004558568183 Encrypted: false SSDEEP: 1536:5XFpLCKR5iY4/1BaU2Zau0w6DPcD8AS/1emVZZkcsuDBgVsQd1nUWfOls0rq:lLknJqnsmuHrq MD5: C9BC8E10C89356F670361584F8EE04C6 SHA1: 17D3121738746D039FC79354C409096958E3E53D SHA-256: 8E36A92B48CE8C4A823F7703AE2B1D91A96BAF49A3C5C20FA0441DF4C20BB3EC SHA-512: DB8648834CB8F1CFF272ABFC33034CBF179D4E085F1E89813F748DCE670D112814AF3EE077E49369F0E015434341FFAA6F7CD6E95647742347E1B348037504D7 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/bundles/jquery?v=FVs3ACwOLIVInrAl5sdzR2jrCDmVOWFbZMY6g6Q0ulE1 Preview: (function(n,t){function gt(n){var t=n.length,r=i.type(n);return i.isWindow(n)?!1:1===n.nodeType&&t?!0:"array"===r||"function"!==r&&(0===t||"number"==typeof t&&t>0&&t-1 in n)}function te(n){var t=ni[n]={};return i.each(n.match(s)||[],function(n,i){t[i]=!0}),t}function ur(n,r,u,f){if(i.acceptData(n)){var h,o,c=i.expando,l=n.nodeType,s=l?i.cache:n,e=l ?n[c]:n[c]&&c;if(e&&s[e]&&(f||s[e].data)||u!==t||"string"!=typeof r)return e||(e=l?n[c]=b.pop()||i.guid++:c),s[e]||(s[e]=l?{}:{toJSON:i.noop}),("object"==typeof r||"function"==type of r)&&(f?s[e]=i.extend(s[e],r):s[e].data=i.extend(s[e].data,r)),o=s[e],f||(o.data||(o.data={}),o=o.data),u!==t&&(o[i.camelCase(r)]=u),"string"==typeof r?(h=o[r],null==h&& (h=o[i.camelCase(r)])):h=o,h}}function fr(n,t,r){if(i.acceptData(n)){var e,o,s=n.nodeType,u=s?i.cache:n,f=s?n[i.expando]:i.expando;if(u[f]){if(t&&(e=r?u[f]:u[f].data)){for(i.isArr ay(t)?t=t.concat(i.map(t,i.camelCase)):(t in e)?t=[t]:(t=i.camelCase(t),t=(t in e)?[t]:t.split(" ")),o=t.length;o--;)del

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\logo-footer[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 125 x 30, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 7270 Entropy (8bit): 7.948654497818332 Encrypted: false SSDEEP: 192:JSGpuhRYTRrspBWtVVaBue5QXtRE3U1c2ruxfBi1b85X7fb2y:wYuhO9XTVaDafEQc2ydI1b8RLiy MD5: 381E01C8E69DEE91AE72829BCC9B5F35 SHA1: 8CA56916B37069863210A7D925FA9A7655E9E05F SHA-256: C9B7889CC4E8CD9288B47EC3175CEB94562856F7B74660B56CF3FEF113D54945 SHA-512: 660DDE8F993C651040AFB079872C7D05FC7304D0A03CEBCC7B6BF51DA08F2AE1C359CEEB972696C95A5AF67D5F363CD26A121D8B316CE4A050620954EA342A2 B Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/Images/logo-footer.png Preview: .PNG...... IHDR...}...... pHYs...... cHRM..z%...... u0...`..:....o._.F....IDATx..zgt.e.....K...;...PBh...... '..8.|..7...... eD.AA..8 [email protected].!}...... 8s...... c..y .v=.}_w.^y.E\O(.BBB.:.n.@.+.jjjf...y}.lI...7..'.x..sp:..(.~dY..#`.X IRg_....CW.g....+.....a@.....%.C...... D$.A{{.Uc..._.z+rss.w...... B.$.B.7.1l.0P...aPW[...Z.,.c.j..#G..]w...U...... B.x. ..lFYY.j....<$Q.\.!0.....`.L...G....j...N.>}.$I.(eff..5.G...}...... _..)..t.R....7....;...... ^}...... G...... _.._..R.Dmm..>...@ ....KK.Lmoo...... /\.....<...... B.J%...&.[...`0..pkVV.kK. N3.L.+**...... {....B.h..%S}..-4M..3...... z...d.C.u.1f.....+ ...j....._.lZjjjU4..;.x....o...k./.B...F..F.....-.2..pj(.J`..%. .. Cn.y.N.A8.FT...`0...... A..$I.p..A...`0K..NR.sQ!*\.(J..+)..& ...... EQ....V.\.....t...i....%.R3a....!.={...... E.,...p.....'..M....=.....,.`....h!. 6'..a..R...*77..eYa.A...... DQ...... $..E....(..P.B IR4..].(Jf....s.dY..w..-,,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\newsletter-back[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 152 x 163, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 29027

Copyright Joe Security LLC 2021 Page 32 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\newsletter-back[1].png Entropy (8bit): 7.984240133839831 Encrypted: false SSDEEP: 768:T1XdvzjKKSmrAoqPLW135DfWtYseH9VIFI1H0:TRdv3KKSmUPL85D+tYxHK+H0 MD5: 4549E1CF3D7F8221419FD390001009D0 SHA1: F8D260B9EABC5B4DBCAF1EBCEF127121D214144A SHA-256: A5AB6951705283FB1EE0777422C736303DF0513659DC7A5B1B79019CBF9502D0 SHA-512: 4E6BE7D7CA36099AA28A243F51B72D7EB5B3D4DA308C35913AD8367E07A752876A482815F45A3CAFA5036A683D8DC1A2118EFABAD3357A7A903A10FD5F8BE48 B Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/newsletter-back.png Preview: .PNG...... IHDR...... v..O....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp..... %.....m.IDATx....%.u.. .U/[email protected]...... ^.}d.^....dR..U.$R.H.. @....s.....r...... W...P....9

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\next-bg-arrow[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 19 x 12, 8-bit/color RGBA, interlaced Category: downloaded Size (bytes): 331 Entropy (8bit): 5.885012313811662 Encrypted: false SSDEEP: 6:6v/lhPoktO/6T3AYfvl7smUQX/hlvti3B7T8Jonr9X/+HmuAmXZYirp:6v/73tO/6Tl7s0X/hlvtidT8mnxX25pB MD5: 96DE0AEEE831A114E15E40C928F75E23 SHA1: A9CEBEADC0C7D3F8DDE1B656BA2D27E6138D6CD5 SHA-256: 0BB6865087E0D7969284045536489BF55FB20FE5CD3A125611226B125AF4CA6D SHA-512: 26603586A5EFF171C458528B068C102B08CD7A5B7AEF1BAFF14CA248A44166D88577CA85BA64C84C7789D2677FC9595F463D42F3756808C94037A3CAF1A0679E Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/Images/next-bg-arrow.png Preview: .PNG...... IHDR...... pHYs...... cHRM..z%...... u0...`..:....o._.F....IDATx.b..../...f...... 3...... s....?...!...... g```.)...... B.CPp/...3...... j&6.l.^...... e``...... D...... b. ...<...$B....s.^.....[....?D...... 9...a...... "C.%.....b.X.(r.r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\pays-logo-small[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 47 x 17, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 6002 Entropy (8bit): 5.013503224940115 Encrypted: false SSDEEP: 96:pSDZ/I09Da01l+gmkyTt6Hk8nTbkEDFYf0A:pSDS0tKg9E05TYED+f0A MD5: 885AD82533B4EA1EDB3E6765368CD97B SHA1: B9BBBE4691C270A97BDC76BDEB28A36D7CE55478 SHA-256: A16E34D74407FA3E5ABB22D856FF796F64E774850CA5022BCC1E00480F7DB8A8 SHA-512: DFFEFDDBB6244B3DE123B079C2543DAB8A19F205F445A82556A6759D23A6630B480CA6A5FBAD8EBA4272F4741BFC927DF4288003B5812CA4F558F040ACEE37F 3 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/Brands/pays-logo-small.png Preview: .PNG...... IHDR.../...... MW.q....pHYs...... OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...... Q,...... !...... {.k...... >...... H3Q5...B...... @..$p....d!s.#...~<<+".....x.....M..0.....B.\[email protected]..@F....&S....`.cb..P-.`'...... {..[.!...... e.D.h;...V.E.X0..fK.9..-.0IWfH...... 0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q .WW..([email protected]...... x.....6..._-..."[email protected]~..,/...;..m..%..h^[email protected].~<.5..j>.{.-.]c..K'.Xt...... o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,...... `6.B$..B.B.d..r`)..B(...*`/[email protected]..=p..a...(....A...a!..b.X#...... !.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1...... r..=.6...h..>C.0....3.l0...B.8,..c."...... V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.n R#.,..4H.#...dk..9.,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\power-fitness[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 165 x 65, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 6225 Entropy (8bit): 7.91188652236517

Copyright Joe Security LLC 2021 Page 33 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\power-fitness[1].png Encrypted: false SSDEEP: 96:VY2KfA0stMA2VBDEsktmshoqgGcsmd+jWfjceVpYbb42aWgXJftSiRG1xhRCrvR:VCILWnBs0f/ZbcevYbzRgXFtSistCrJ MD5: 1B71F02475EA02C7DF060BB914702B97 SHA1: D783DF7F8CD551BB4F62E2BA5A7F030AB8A1B212 SHA-256: D56ECB8EB0765A7A73E70B9C171EFD28A8D501A340DA0E2004FBA882FE276834 SHA-512: D38A40E428688BC2B34283BF882580A5FF7C83200EFA53DAE597E64345341D33289219A94E786E72BD861CCF6A50855CF85264CC3D5A21CC6CC50A56FBBC9181 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/Brands/power-fitness.png Preview: .PNG...... IHDR...... A...... dN....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp..... ...R....IDATx..].x...= .dC*$..!t.%..PQQ.i....Q....{.X0..>....aA....**"M....[$.I.T...{.e6.d7Y4..s..;w..._g.(.`.De..y.L.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\reservanto-booking.tracking[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 2378 Entropy (8bit): 5.2611673875185625 Encrypted: false SSDEEP: 48:mSaqSZcSJTCpUEwoAKN2A+ewFGLs7tUb7EU8sI:5SFCpUbpY2DYLs6b7a MD5: E15128007193912EE28525E29351D4E1 SHA1: 1554837D2E86F5064DC50B2A21D546B9CF083AFC SHA-256: DA82A665FB2699CBFD1E5CA0DEE733243D782498B1BEE0BBCCFF7E4C20CF0B14 SHA-512: 15A38A9353EC5C9E0E20F0C02C6D5C774CFFBED71B5C5EA6FA80E2A1E0BE3787EB37CC5A30037E5312216AF20D25A4443793B13ED240A9B8F3187DD979DE96C C Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/Script/reservanto-booking.tracking.js?id=16503 Preview: var Booking=Booking||{};Booking.TrackingConfig={currency:"CZK",fbId:null,adWordsId:null,adWordsLabel:null,gaIds:["UA-34826998-7"],sklikId:null};var Booking=Booking|| {};Booking.TrackingConfig=Booking.TrackingConfig||{currency:null,gaIds:[],fbId:null,adWordsId:null,adWordsLabel:null,sklikId:null};Booking.Tracking=function(n){var t= {},i=function(n,t,i,r){var u,f;if(ga)for(u=0;u

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\s-time-icon[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 14 x 14, 8-bit/color RGBA, interlaced Category: downloaded Size (bytes): 3239 Entropy (8bit): 7.8662076593026 Encrypted: false SSDEEP: 48:z/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODhdtSx1qD:zSDZ/I09Da01l+gmkyTt6Hk8nThXVD MD5: 42B2EC15F35E74E0B2AFB82F1F6DDD66 SHA1: 315D3E883BF04D94B3D91658F3B3E93B37E63075 SHA-256: 73D3CA1F2E20EB602837DE505FE2D67BB11CBE4F58689C25CF67C78E79DFCD11 SHA-512: 8F08FE4CAA563C5499C1F230B6F8E22A809D57B28FBCCB53FCA49C6FF70DE6C2474F96758385A12472D975E57812ADCB8A984C62BF4B30A7F0E940932292B9F6 Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/Images/s-time-icon.png Preview: .PNG...... IHDR...... hO.G....pHYs...... OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...... Q,...... !...... {.k...... >...... H3Q5...B...... @..$p....d!s.#...~<<+".....x.....M..0.....B.\[email protected]..@F....&S....`.cb..P-.`'...... {..[.!...... e.D.h;...V.E.X0..fK.9..-.0IWfH...... 0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q .WW..([email protected]...... x.....6..._-..."[email protected]~..,/...;..m..%..h^[email protected].~<.5..j>.{.-.]c..K'.Xt...... o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,...... `6.B$..B.B.d..r`)..B(...*`/[email protected]..=p..a...(....A...a!..b.X#...... !.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1...... r..=.6...h..>C.0....3.l0...B.8,..c."...... V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.n R#.,..4H.#...dk..9.,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ubuntu-bold[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 167140, version 1.1 Category: downloaded

Copyright Joe Security LLC 2021 Page 34 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ubuntu-bold[1].woff Size (bytes): 167140 Entropy (8bit): 7.965338714181205 Encrypted: false SSDEEP: 1536:weJNmPd4TK3uWP9Lz6/TpLKMVVekzUluf7h0rVdA1JMXlDDDDDDDDDDDDDDDDDD+:hJN9MuWP9/s9KAekKuTw2h000mXxW07n MD5: 5BF2A5A0A226217E4842BBE766B95D20 SHA1: E5D98798E834DF9FBD4BCBE99F299BAC80C6C03C SHA-256: 72934CFD7AE7FF84EC3349B5CCAB1D0B13A7676F1085DDAB7E2162ACE76664D2 SHA-512: 439511965C6BE8E65EB67F177C9961B7E9BE955A04A00545CE31D81420DD3D0F314CD50A07EA0DC0A25652F6CB4E583CD06C786D3446FF0A781D55475F241A9F Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/Content/fonts/ubuntu-bold.woff Preview: wOFF...... >...... FFTM...l...... ]..(OS/2...... \...`.b.cmap...... 1...6X.0.cvt ...... fpgm...... #v.D.gasp...(...... glyf...8...... L..]8head...0...3...6.s..hhea... d...!...$....hmtx...... `...,LiW.kern...... |...|:..Iloca..yd...... S..maxp..}...... 7name..~....O...."..1post...l...:...... prep...... ;...... o1...... X.....k.x.c`f.g...... B3.e.`..... `afcbfby...?.A!...\.}....8>00s.wg.`^.W..a~.#P...V....F.2y.wx....o.A.....J.t.>.?..nm-Ekiu...w.kj.*H--EQK+..V..."zA..n$}....!q!...... o.y2...... #Ig..{..z..G._...C$..X.K...... #.U..T...\*Ze.\ U..U.jTM.Y.D;.O?>cY6..MP\...5.&T... .."4!.&lV..!..w...... *...l...#....w..}.o.G..|i...f.Yk.gD.....w...K|l...e .;...u..O..=.#...._.L_..'[email protected]"q._{.E4... b.%.x.H$.dRH%.t2....2.. .,F2..! [..8.C....$&.G>S(.."...4.3..f2.Rf3...c>.X."..D...Ts...... \....unr.[4r..4q..<.!.<...i...y...Y..VI..H.ktm...... M.O+...wk...O..2.k3K..:vj]..*.7..Sb$V.%I.$...{edI..H..u..%A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\2GXCYCVG.htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: downloaded Size (bytes): 19198 Entropy (8bit): 5.5089230530995685 Encrypted: false SSDEEP: 384:E+VlqZOmEERP3wn+fQF0RVlJGiSysZsRiJOp08kGc5pVuAFBfG:E+VlaOmEEQIQlbX8kGc5BFk MD5: CECA9B0ED08A2C5A9E4DDA8E9A8DE42B SHA1: 820E6039295953B338CFB3F630717C9E31FD2D69 SHA-256: 565EC356EF6A2202DC7698DC4F2B939E9183C47F0FE1CCFD9B2E1108B36BA152 SHA-512: A3553F105CDFB325CAB1F4FFC186668EBE8FF82D08317F190B91828EEDD0422D34D54E17F26BA4098F2FD5748F8517EDE1BAEFED7E1ECB5608F684EC17D465F B Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/ Preview: ...............................Online rezerva.ní systém zdarma | ....Reservanto.cz............... Google Tag Manager -->....<

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\4iCp6KVjbNBYlgoKejYHtFyBN4c[1].woff

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 78300, version 1.1 Category: downloaded Size (bytes): 78300 Entropy (8bit): 7.994913724062199 Encrypted: true SSDEEP: 1536:nQ3wSn7TaafCtjHQDXFJGGmJMVMHcqVFAZUtxjdrdnLqFqC0G12:Za7TaaKtjSXFJBgV6ZUfhdnLRV MD5: B1F9134EB44CA007F916B98F59F88353 SHA1: BD2DAF5C6C6708C129332255335C556676D515D6 SHA-256: 95D3D64C335899CCD0129358C6C180393187F57B316185ED0191D684776F0FE3 SHA-512: A2FF238E0546A63A9EE71A933D2E3827A6E22AAD43F7016D927AAD5DB0107BF2905E03E02408DAD50375F1E0D5BCF9D0B827885097C8527DBF2E56419111A5F3 Malicious: false Reputation: low IE Cache URL: https://fonts.gstatic.com/s/ubuntu/v15/4iCp6KVjbNBYlgoKejYHtFyBN4c.woff Preview: wOFF...... 1...... u(...... GPOS...... j..}.pw..GSUB...... *..%OS/2...... Z...`f..kVDMX...D...... cmap.. ,...... v.cvt ..!D...... [.#fpgm..!....z...#v.D.gasp..%H...... glyf..%X...... b~.5..hdmx...`...... Fx..g head...|...6...6.J..hhea...... #...$....hmtx...... 7loca.."...... s...maxp..'...... )..name..'...... !.:.post..(...... -..nxprep..0....Y....m$..x...t...... 3!.$X..!8.,..u_...^wwwww...... \$$.$.....NO..00.dXy..N.TWUw.U.Lc..,..]....D../..F&.t.+o..r.....M`..._~...s....T.v..s.l.....*..U..~....t...... w..1..u..4...:m..F...... e.M.)l`...2.5..j-.a..... v...... +.4.f.i7....Ls.9.0...s...\e.1.2..;.....<.UyI...... r3kY.:n1...r.6.\..))M.R.yZ.[.~[..[uy+....V?u...UT.6?.|.4Z..y.c.d?F..:..E.kz%.0..-Q.s!H.1...Cv.H..Y.G.!...:=...... S%u.{.(!B.#I.... K...g).!\l..@:....tzls.p...h..Z..sKe...... ,i..e..YD..a..c..p..2....1....j?...... !.(..RzJ..c...2...... X...C..8.....$@[email protected]+CM--...&...... ^q..KSDA...Q....>...!.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\4iCp6KVjbNBYlgoKejZftVyBN4c[1].woff

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 88704, version 1.1 Category: downloaded Size (bytes): 88704

Copyright Joe Security LLC 2021 Page 35 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\4iCp6KVjbNBYlgoKejZftVyBN4c[1].woff

Entropy (8bit): 7.994220819029219 Encrypted: true SSDEEP: 1536:+ajeepuZbebis90b2vgP/ceWCFo9qpdDlDW0kfH7LnxMOkTmv219iiNgChFvWQ10:+ajeXbhs9wP/ce3F7mH7VNOviiNgqFWN MD5: 559D8AF553C6D30BE2E4EA22BE4F2D13 SHA1: DE1165F80AA55E1A10D8755EB731A404962E99F7 SHA-256: 3A6CA87B8129C2EF3CE16DE80BC178EF6A2DD02FF71A52E7D8735B82FAEBF8BC SHA-512: BEA515865345EE1268126582718A97BE762206BA3F33B8929A04498499E8E13330B0725169CF9DDB60A21F8ED1E5CCC00C41F4F904C9AA38A9BFAE513168C8ED Malicious: false Reputation: low IE Cache URL: https://fonts.gstatic.com/s/ubuntu/v15/4iCp6KVjbNBYlgoKejZftVyBN4c.woff Preview: wOFF...... Z...... GPOS...... y....*GSUB...h...... *..%OS/2...P...Y...`e.:VDMX...... cmap..#...... v.cvt ..$...... fpgm..%@...z...#v.D.gasp..(...... glyf..(...... hdmx..'....U..Fx*:.ahead..F4...6...6.f..hhea..Fl...#...$....hmtx..F...... 5...loca..KT...... maxp..PX...... '..name..Px...... :Hpost..Q8...... y.prep..Y....z....Xh. x...p[G.....T14rQM...... pRf.0)._...77~V\.M...... ;7....0..s...8..#)[email protected].~.nG.t...... @...... @..yO.g...9}.....w.....Q....X..0.~...-..|ovE.../....z .1Y.{&.Q..Nx,.*...... f.. <.H..[.[.[...... ;.;..{.....>.~.d".D...J....E..('../...... ";[.`....LO....-..EV..b.)..".0.f...... _,.o... ..R...EJDlV.Y<...$...|.7...>....Y.....dn.8...... g..F...... ).&.. A..|2.I.Z#E.lj..I..]...~Y e.h0...8...... |.dn.....D..i<...@...%..XN>k.%N...r...... 8.c}...I....j..F:.MiK.~.s.c./.@.@#...$5J#....4...... [email protected]...).jj...p.. .%.2C...\=.;....2.w\.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\809ce55600814ee47cbdb82a46a1654879a9375f[1].json Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: downloaded Size (bytes): 4798 Entropy (8bit): 5.248422282760691 Encrypted: false SSDEEP: 96:/uLNTTCt0wxmGIWZdjrhNxB8fRIOUE6UDn:/uxTinaWjhN8WOUAn MD5: 5B54AC5B9DA2DDF9E8D9C2113255A685 SHA1: 1B97CC70C55B81EF6AE2D09FABCB1082846643B9 SHA-256: 1EEDDAA577A44BBD0AFB173CEA301CF766682105D34055FE4CF07E34D53FF7B5 SHA-512: FA0EEB32C12A9A0D8B6F6510BBD7097B9494B6269EF89D404440455670D2BF5EE87D4957AA32E0C56467D02DD8F27115779FE60DCD586E680684E4C258B418A4 Malicious: false Reputation: low IE Cache URL: https://bootstrap.smartsuppchat.com/widget/809ce55600814ee47cbdb82a46a1654879a9375f.json Preview: {"widgetVersion":2,"host":"websocket-visitors.smartsupp.com","packageName":"basic","logoUrl":"","logoSrc":"","smartlook":{"key":"30859689db224e33b0850be8f7825fb 6230f40f0","enabled":false,"serverHost":"manager.smartlook.com","scriptUrl":"https://rec.smartlook.com/recorder.js"},"lang":"cs","orientation":"right","ratingEnabled":tru e,"hideWidget":false,"hideOfflineChat":false,"requireLogin":true,"emailControl":true,"nameControl":true,"numberControl":false,"privacyNoticeEnabled":true,"privacyNoticeUr l":"","privacyNoticeCheckRequired":false,"groupSelectEnabled":false,"color":"#0DBFC7","buttonStyle":"bubble","internalAnalyticsEnabled":false,"translates":{"cs":{"agentRa ting.all.placeholder":"Dejte n.m feedback","agentRating.bad.formText":"To n.s mrz. .. Co bylo .patn.?","agentRating.good.formText":"D.kujeme .. Co bylo p..nosn.?","agentR ating.normal.formText":"D.kujeme .. Co m..eme zlep.it?","agentTransfer.defaultText":"Agent","agentTransfer.joined":"se p.ipojil(a)","agentTr

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Check-white[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 1117 Entropy (8bit): 6.384554368084494 Encrypted: false SSDEEP: 24:Jy1he91Wwjx82lY2T3ouVXPCaK4FyJ3VFgKeqGt6tP0eHbQZ+Qu7Y6:JwqQNn2xtPCE0J3fEqNtb72+Q0Y6 MD5: 2A077D638E76DD315FF8586B3788ECDE SHA1: 0A356FFB846887B8E558E8A9C9B58B4CC965892F SHA-256: 7980D25D8950A81FCF28DA1BECE47E240B95F2204379F2E2D9FD5188C9524F24 SHA-512: E781E88ED226C374DE13263476856484D4C29F49B69DBB1CFA6D35AFD68F73D916D7979A14F5DB6753FEB207D557BC63D2EEAEE04D31B9F3D158CB78DA456D7 2 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/Check-white.png Preview: .PNG...... IHDR...... a....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp..... ...... IDATx.b...?.....E...... x3..`...... C@...$h6...P.%0qb5...g....r.h.@..<..`3....a.A.PAW."B..6.&dI. ....b.Y.".#.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\SecretKey[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: downloaded Size (bytes): 6356 Copyright Joe Security LLC 2021 Page 36 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\SecretKey[1].htm Entropy (8bit): 5.544968301965152 Encrypted: false SSDEEP: 96:Ls0SW21jgfWmOFrczdz736EonvnLgVuYCr6LKlEKb06a:g0SW21jantBH6EovLgVuPLEKc MD5: 2C38594681A6FD697CAEA061333E37AC SHA1: 3E672F47A06F4480ED6B5F1E1D0AC6A760071787 SHA-256: 0D129C5DDEA8D6398C5C231FE783A03E0C5B08E63637DC586128DF00B1712873 SHA-512: D3D0AFE8090945C0523AAD39D47ED13A0C9A16BDADA68001A4E83CBBFEF8555665FCA5E6F1522452BF292B1FE4D46853858A0DDF68BB24E83F8707D7A04EFF8 F Malicious: false Reputation: low IE Cache URL: https://managebooking.reservanto.cz/Account/SecretKey?type=NewAccount&secretKey=3d428529-925c-4bc2-8634-dfe869521dd8 Preview: ...... ................ The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->............................... ...... -IDATx..]..\U... .j.5.t....d..M.t .....a@\X.T.....A..9 ..x..d.. .dQdMd5.d#k'.N:....;.....Ju..T.tR.....W..}...~

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bootstrap[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 48146 Entropy (8bit): 5.1273698084444215 Encrypted: false SSDEEP: 768:pRKBv8fpnWJJFTNHNl+3/vNwJryVU6cufXv4clFxGA0xcVzhKSPkP4gzRkZRg:38FI3N/UifgclFg+5Rg MD5: 8C97F5B55BD67A6C4ABB7F687DC24A62 SHA1: 87916422E470DF9A9E10E23A867D1354AA314E32 SHA-256: 1FB7E75347A08118B3A9EA1AD0F8920654BBDD959AF4D6E8506A0F8A466D8D1A SHA-512: AAF6030E3454C33FA23A39E2A9265AD3F546840651397A412D9EC236D2E2C6F64493F1C161EA9B6105804F6A21F8966966A66BA5F3EF5B2F87D93BBA3ADFBC5A Malicious: false Reputation: low IE Cache URL: https://managebooking.reservanto.cz/bundles/bootstrap?v=95ow_jXEHRPUd4_6PYE9qYEhjIyGZmAJvrAZ9HkZ7u41 Preview: if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(n){"use strict";var t=n.fn.jquery.split(" ")[0].split(".");if(t[0]<2&&t[1]<9||1==t [0]&&9==t[1]&&t[2]<1)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher");}(jQuery);+function(n){"use strict";function t(){var i=document.cre ateElement("bootstrap"),n={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};fo r(var t in n)if(void 0!==i.style[t])return{end:n[t]};return!1}n.fn.emulateTransitionEnd=function(t){var i=!1,u=this,r;n(this).one("bsTransitionEnd",function(){i=!0});return r=funct ion(){i||n(u).trigger(n.support.transition.end)},setTimeout(r,t),this};n(function(){n.support.transition=t();n.support.transition&&(n.event.special.bsTransitionEnd={bindT ype:n.support.transition.end,delegateType:n.support.transition.end,handle:function(t){if(n(t.target).is(this))return t.handleObj.h

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\display-normal[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 445 x 390, 8-bit/color RGBA, non-interlaced Copyright Joe Security LLC 2021 Page 37 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\display-normal[1].png Category: downloaded Size (bytes): 90812 Entropy (8bit): 7.989181962327638 Encrypted: false SSDEEP: 1536:5osxlgvhhB7soBGyXOkrcjCuPGsTg5Ieb2HsaOnTWu+MHcTz5co4xmen6RaQ:DgfBIYv7p5Ieb2Hqau+MHcTzb4xmen6/ MD5: 729DDB321AECD709DE64774ABCE9193E SHA1: 011382F361107C0CAD5064E72137215A40AC3C0C SHA-256: C2C0C6557CADE405ADED79296C9BE4607094A717B266166AA4DDC69E3A8DA713 SHA-512: 28D1AD33C254BAF04930358065D29F742DA01A951090D08C63426744AE246D9BA5409C41372F2F4F1F728BCD16E6F244286CE9305428B7D0DC1403C32AE05D71 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/display-normal.png Preview: .PNG...... IHDR...... _*....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp..... ..Wv.._0IDATx....%U.6.V..sO...A.. [email protected].(...s...... ].~..... (."9).0.L...n....s.[}...==.=C...[9.s...p..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\header-bg-lg[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 990 x 327, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 46038 Entropy (8bit): 7.944216836412552 Encrypted: false SSDEEP: 768:/vMfPfWLzvkQ/oKgp8pZmeaFd/8me4r8E7n91fBXgbGJkiDagVktdzZe:/EXeMQzzHs/FFQE7n91fBXAKDgde MD5: 574B80D94A930E4B548862E0FBF9B995 SHA1: A36F80C69875BFE8BB072C4067887B6273AD9232 SHA-256: E1AFD465099394136B728262274A146B7DE6EF8C4712DE9F06279073764D9F28 SHA-512: 818990BBCF04A8386EB277A4E4A270F252221486BEDA9CF485506F0EF19788B1C687FAF829267EAAB77C4EA92F0B00D42E10D03707CC44A1465C8C008B0EBE1B Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/header-bg-lg.png Preview: .PNG...... IHDR...... G.....W...... tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp..... T.:.....IDATx..i.,Iv.v...ezzf...9...... $...#i.@H

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jquery[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 91396 Entropy (8bit): 5.258561970253318 Encrypted: false SSDEEP: 1536:XP7b6AYEkrzEQqFVcxAtINAWsMS0d13ZXu+yQWOy6D+0qxC/zfqhykeogr:H4xsMjhTJvqQ1 MD5: 95F7B3114067751D0F08901FD4BCD4A3 SHA1: 825C9A76784B3F4114CEE16A8E63870A171F449B SHA-256: 11CF0783D12E3AE8085246CCE926FC6D27762BB5AD98FEC131F74F315620B3CA SHA-512: 26FB1ABB469B58069571121D1CA4B03851FB641BE6803EAA0C0C631FE9E576B826BEFB61AB4627937EC5F982D8BD506E3C5B90B171FD518FDED6F25DB73E1C5 A Malicious: false Reputation: low IE Cache URL: https://managebooking.reservanto.cz/bundles/jquery?v=bqc7vjEC030ugWBtHlsGZKguK7ODNh23_Dq-bUGvs0E1 Preview: !function(n,t){"object"==typeof module&&"object"==typeof module.exports?module.exports=n.document?t(n,!0):function(n){if(!n.document)throw new Error("jQuery requires a window with a document");return t(n)}:t(n)}("undefined"!=typeof window?window:this,function(n,t){function ri(n){var t="length"in n&&n.length,r=i.type(n);return"fu nction"===r||i.isWindow(n)?!1:1===n.nodeType&&t?!0:"array"===r||0===t||"number"==typeof t&&t>0&&t-1 in n}function ui(n,t,r){if(i.isFunction(t))return i.grep(n,function(n,i) {return!!t.call(n,i,n)!==r});if(t.nodeType)return i.grep(n,function(n){return n===t!==r});if("string"==typeof t){if(ef.test(t))return i.filter(t,n,r);t=i.filter(t,n)}return i.grep(n,function(n) {return ft.call(t,n)>=0!==r})}function ur(n,t){while((n=n[t])&&1!==n.nodeType);return n}function of(n){var t=fi[n]={};return i.each(n.match(c)||[],function(n,i){t[i]=!0}),t}function ht( ){u.removeEventListener("DOMContentLoaded",ht,!1);n.removeEventListener("load",ht,!1);i.ready()}function v(){Object.defi

Copyright Joe Security LLC 2021 Page 38 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\loader[1].gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 24 x 24 Category: downloaded Size (bytes): 8202 Entropy (8bit): 7.3731653113972735 Encrypted: false SSDEEP: 192:H8Tv5jhva1rGBDzs/XO+MHCUm4r4P8RK7:cjUCG/uCUoPgK MD5: 41849228FEA12F1EFB63C03E97AAFE5A SHA1: 06C7B209BF5CF5737D5CF05E81829E166EC441BF SHA-256: 7C9B8130D4864A4800D22B8B62F4F6331DB65B75A5364A28AEE5CC88193E3150 SHA-512: 5A7822A9DC595D5A0D0C501D3125B236220C31FA54DE9C2249183F38C0C69DAE29C177B17AE0B977DC931F6721247B2B6B5BA2EAD405DA8E54DF8AA5F4657963 Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/Images/loader.gif Preview: GIF89a...... DFD...... $&$dfd...... TVT...... 464|~|...... ,.,lnl...... \^\...LNL...... <><...... LJL...... ,*,ljl...... \Z\...... 424trt...... $"$dbd...DBD...... !..NETS CAPE2.0.....!.....9.,...... p..|[email protected]...(....E(M.A[.;Y...m.P.6t9.5...).}vF.wB4.5|}O+.eB%...^0.#9.8r.C.4'+..3.^...6$..P+..8.]...... P. .).O...!...... 9.*..8..*.4...... w.!/../ B# ..'.../.9..6..#.".D/).*..I0cF./...x.aD..0".01....&*T...... Z.`0...... B../A..!.....7.,...... DFD...... $"$dfd...... 424...TVTtvt...... ,*,...... TRTlnl...<:<...\^\|~|...... LJL...... $&$ljl...... 464\Z\|z|...... ,.,...... px.)2...0...a..4L+.....f..k...j.a.(.T.Q..D.Gg...... P3).iB%Y..P..0p..$.a.0.7.+...D30...+..a)%...%.Q.%...... Q.5.'.P5.....3...... B).5/.(.7...%,..3..)7....%".B..'O.....B..-..022.D(hx .N...P..E...... `...... !@..*.D @C..{.`. aAAH...E...!.....9.,...... DBD....dbd$&$...TRT...... 46

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\management-icon[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 12 x 12, 8-bit/color RGBA, interlaced Category: downloaded Size (bytes): 3050 Entropy (8bit): 7.85164755626461 Encrypted: false SSDEEP: 48:U/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODJx0U5DeP5:USDZ/I09Da01l+gmkyTt6Hk8nTn5KB MD5: FDB5F8028D6ACA3DA70D4746DC17D7F4 SHA1: 6751BA2B72DAF9D3A6A01F9200599058769B5EE0 SHA-256: B8C5C21D1EC73426BF2F339E60E5F70331211541ADEBDF0DD498E8A04C814298 SHA-512: 6D91B58DD5BDAD1190206AC05A7CBC94C84DCF5C1EFBA7F1A6B345DBA89F944522A100A07CE87FECF2E29F863E10C8D93E3F44791AF1199FA3EE28A8EA314D E4 Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/Images/management-icon.png Preview: .PNG...... IHDR...... !rlq....pHYs...... OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...... Q,...... !...... {.k...... >...... H3Q5...B...... @..$p....d!s.#...~<<+".....x.....M..0.....B.\[email protected]..@F....&S....`.cb..P-.`'...... {..[.!...... e.D.h;...V.E.X0..fK.9..-.0IWfH...... 0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q .WW..([email protected]...... x.....6..._-..."[email protected]~..,/...;..m..%..h^[email protected].~<.5..j>.{.-.]c..K'.Xt...... o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,...... `6.B$..B.B.d..r`)..B(...*`/[email protected]..=p..a...(....A...a!..b.X#...... !.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1...... r..=.6...h..>C.0....3.l0...B.8,..c."...... V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.n R#.,..4H.#...dk..9.,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\merchant-style[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 987 Entropy (8bit): 5.060097451543382 Encrypted: false SSDEEP: 12:LrZxvUkvpozm98gzm9lko+z/+BDRoRsp2+Ji1tMC3Dli1tggg+LsVDBDrLglQnKI:LVxXvpozm6gzmL+lqshjXDp5Ln MD5: D06B052167BB0FEFC79F90CC22065E06 SHA1: 65F43B067CD26E8ACCBD901464DE3DCC750D59D0 SHA-256: 4230C94698C0752DD0500AC0A310196A8408C0FC1B99C5B9343966F660ECBEDA SHA-512: 767946E526029983C4ED58ABA6B682EF29372A4138DE86D13C66DB4888E1E9C65E01C0121D7E968616605E3281A20F0F652E65AB65D6ED3A1CD92B4291B41F22 Malicious: false Reputation: low IE Cache URL: https://managebooking.reservanto.cz/Style/merchant-style.css?merchantId=16503 Preview: #header{background-color:#737373;}#header, #header h1{color:#ffffff;}.week-picker .ui-state-active,.week-picker .ui-widget-content .ui-state-active,.week-picker .ui-widget- header .ui-state-active{background-color:#f24f00 !important;}.blue-button.arrow{background-color:#f24f00;}.blue-button{background-color:#f24f00;}#footer #footer-menu #n extPage{background-color:#f24f00;}.bigbtn{background:none;background-color:#f24f00;}a{color:#f24f00;}.payment-methods .method label .p,.payment-methods .method .firefox-bug.p { color: #f24f00;}.payment-methods .method label span label,.payment-methods .method label span label:first-line,.payment-methods .method span.firefox- bug label,.payment-methods .method span.firefox-bug label:first-line { color: #f24f00;}.checkbox label .information{ color: #f24f00; }#header .logo{pointer-events:n one;cursor:default;background-image:url("/Content/Settings/016000/16503/4269/51e4a9a7-b660-4911-81e8-dd3d82596687.png");}#footer #footer-logo{display:block;}

Copyright Joe Security LLC 2021 Page 39 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\modal[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with CRLF line terminators Category: downloaded Size (bytes): 55610 Entropy (8bit): 5.383813223313377 Encrypted: false SSDEEP: 768:0Tn4d2dpXnih6Hs70sv1ZmeuM/3lYkVkfz/Nq7sd:ynLC6HsAsvWeuM/3lYe0T9d MD5: E277E6153E5637AB5F871EA363ED9904 SHA1: 878B6508ABB8D1BCE76CDC411D49C92F713F671F SHA-256: 385578564C09A8793015D2988F106E5CA71D0A3F455FC0F5F35ABEC61B23C0AB SHA-512: 3CB25C044182D6DAAD017FF75CAD15E6B5ED56EFDB4A5F06CC803C502D6F28276E4F3853300280B9F004A915E774C822015876E9BF532F0CA84E026BB86BD06B Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/Content/modal?v=2J78wdBb_Z0uRxSHWfAfhBeChmCL2hOYC38YeQo2oYU1 Preview: *{margin:0;padding:0;border:0;}body{font-family:'Ubuntu',sans-serif;font-weight:300;color:#1a1a1a;background-color:#fff;}button{font-family:'Ubuntu',sans-serif;font-weigh t:500;font-size:13px;}.clickable{cursor:pointer;}.disabled{color:#808080!important;}a{color:#06bdc4;font-size:13px;}.ui-datepicker a{font-size:inherit;}#header{height:70p x;background-color:#06bdc4;}#header h1{color:#fff;font-size:22px;padding:22px;font-weight:300;text-transform:uppercase;float:left;}#header .logo{display:block;float:right ;height:64px;width:159px;margin:3px;background-image:url("/Images/logo.png");background-position:center;background-repeat:no-repeat;}#content{overflow:auto;posi tion:absolute;top:70px;bottom:62px;width:100%;}#content #inner #onetoone-step-service .section-title{display:none;}#content #inner #errorMSG{height:60px;background- color:#e14e31;color:#fff;font-size:14px;font-weight:400;display:table;width:100%;position:absolute;z-index:5;}#content #inner #errorMSG p{display:table-cell;vertical-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\poska-hp[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: [TIFF image data, little-endian, direntries=9, manufacturer=NIKON CORPORATION, model=NIKON D600, orientation=upper-left, xresolution=151, yresolution=159, resol utionunit=2, software=Adobe Photoshop CC 2014 (Macintosh), datetime=2015:05:19 13:10:42], baseline, precision 8, 400x300, frames 3 Category: downloaded Size (bytes): 128661 Entropy (8bit): 7.902727733443726 Encrypted: false SSDEEP: 3072:xcdvvQ5cdvv9Oxzlyt1NfbXVAtWA1VVTi7HqFEJkOMMGKPOL:x+45+l8o1tSwAtTCHMEFMMpWL MD5: CCF439AC3630E8987A6CB28A945A56C0 SHA1: F79C7A530CA35AA9B71B277D02E51DAF3F03F58C SHA-256: 2323A2809A497E7828A7259C3B2356D460C1208CFE397CE6FCD70C69BE12B546 SHA-512: 06CC6FB1702968898ED3785DBAA00CFEBCBFA22031865C4D15225906EB78C1D929D10857A6C2263EDC739830424550F6D752DE86C7979B03CBC7D6DCE6D17548 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/poska-hp.jpg Preview: ...... JFIF.....,.,...."xPhotoshop 3.0.8BIM...... T..Z...%G..Z...%G..Z...%G..Z...%G..Z...%G..Z...%G...... 7..20150514..<..102918+00008BIM.%...... b~cA.c^....I..O.8BIM.:...... printOutput...... PstSbool.....Inteenum....Inte....Img ....printSixteenBitbool.....printerNameTEXT...... printProofSetupObjc.....P.r.o.o.f. .S.e.t.u.p...... proofSetup...... Bltn enum....builtinProof....proofCMYK.8BIM.;.....-...... printOutputOptions...... Cptnbool.....Clbrbool.....RgsMbool.....CrnCbool.....CntCbool.....Lblsbool.....Ngtvbool.....Eml Dbool.....Intrbool.....BckgObjc...... RGBC...... Rd doub@o...... Grn doub@o...... Bl doub@o...... BrdTUntF#Rlt...... Bld UntF#Rlt...... RsltUntF#Pxl@r...... vectorDatabool.....PgPsenum....PgPs....PgPC....LeftUntF#Rlt...... Top UntF#Rlt...... Scl UntF#Prc@Y...... cropWhenPrintingbool.....cropRectBottomlong...... cropRectLeftlong...... cropRectRightlong...... cropRectToplong.....8BIM...... ,...... ,....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\poska-included[1].png

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 286 x 268, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 69533 Entropy (8bit): 7.992326504991442 Encrypted: true SSDEEP: 1536:LIP2vrS/zg6z+dsiFE+t4VRyGzYmrGS/6ca0HXoEQ:u2uLhz+dVFsVEGDGSCca8JQ MD5: 843BFEC9CFC1F0C2376757A885DE2715 SHA1: 10FF94C890D552B382944622253C10487EDD13C2 SHA-256: 2525107CC52AABFFCB291208781433B595DDCDBBD1502DD90FB0D2B196BE872C SHA-512: 2B2CBE3C29907005C2F886B9BC06E2F468916417A8CB64DC4CA3AE5C11FFCB34D800F3273CA64531F533A63146B7AF5C8050E75ADEB0BE4F546BCDFD35998BF 1 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/poska-included.png Preview: .PNG...... IHDR...... F....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp..... .(...... IDATx..}.`.....]..%[..q. .L1..&..;..P...$... [email protected] ...1`...{..z.....9wg....eP...... w..r.`.F.q..

Copyright Joe Security LLC 2021 Page 40 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\refreshtherapy[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 165 x 65, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 4475 Entropy (8bit): 7.832274680529957 Encrypted: false SSDEEP: 96:VY2o1xn1dN1xY1bOJxJSIOPe+DDBN7yVDC/itaHeU1vK08IUVzPx9fvHc:VA1B1z1K16P2eoDP7ypMWQ1DYVN9fU MD5: 126390822800F19ABEB53AD9EC7C8C60 SHA1: 287CA0FB6025F111DFF1DF800FE2914B81B8C0FB SHA-256: 30F028E9F15874E24E7CA8D566829F4828B35292149299C92D93483D550E5E2D SHA-512: EF5CBAC4B4B92E2B7F08034A0016432FD2AB9810226D1857A3B4FF802F0E302DB2D517179FB9B0094486D9CD35048B1CB6939DB20D45205C81FC62DB56797BCA Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/Brands/refreshtherapy.png Preview: .PNG...... IHDR...... A...... dN....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp..... .&...... IDATx..].tTe.. ..7B...!!.B.PB(.,.6TtWW]..V....q.X...U..PiQ.K..(..JBz#....;...... #...33.y..{...... 'X}..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\runtime-main.705201c9[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 2434 Entropy (8bit): 5.257893964746574 Encrypted: false SSDEEP: 48:Ea6GwiTE6/RudG4Ah/p+f/KKfmcMkWX6oFPfku:Ea6GbzRu4Zn+3rWX69u MD5: 4C37823860884E9EB282AC664BC57A39 SHA1: F280AB4492853E4760BF15FB9023BA6631B083D6 SHA-256: 7D2DB6A82780E953446E48EEAD16C3379EE85916F3E6F7F0535BE9FDECE0A566 SHA-512: 4B632E901981A76838024E1F4CC558A767D23B519F8EB2065C6F65DDD2A2A4E38C747A969E681876063F8527DB72784532870E2A18431AEC25CD68BA93F87046 Malicious: false Reputation: low IE Cache URL: https://widget-v2.smartsuppcdn.com/static/js/runtime-main.705201c9.js Preview: !function(e){function t(t){for(var n,a,i=t[0],c=t[1],f=t[2],s=0,p=[];s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\s-check-icon[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 20 x 20, 8-bit/color RGBA, interlaced Category: downloaded Size (bytes): 3410 Entropy (8bit): 7.8762241358011496 Encrypted: false SSDEEP: 48:g/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODPyKBq9Jkq:gSDZ/I09Da01l+gmkyTt6Hk8nTP66A MD5: E96C3827886E8C599D81AB70876423A9 SHA1: E463466EA8423694D39601C75518E889C68B74BC SHA-256: 5C58CD945DC2FE3F23C632163AB4E1E6FC50215AD15F634B38A9E6FA292FBC4D SHA-512: 4CF0D5653851B753EE0E1AC7A029BE75D81E077367A1304F8CE6492937B0EFAD77BEDAD19C83A78558E09931471B1D72721A7672B6FA8C08D524B730C65D747A Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/Images/s-check-icon.png Preview: .PNG...... IHDR...... -.....pHYs...... OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...... Q,...... !...... {.k...... >...... H3Q5...B...... @..$p....d!s.#...~<<+".....x.....M..0.....B.\[email protected]..@F....&S....`.cb..P-.`'...... {..[.!...... e.D.h;...V.E.X0..fK.9..-.0IWfH...... 0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q .WW..([email protected]...... x.....6..._-..."[email protected]~..,/...;..m..%..h^[email protected].~<.5..j>.{.-.]c..K'.Xt...... o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,...... `6.B$..B.B.d..r`)..B(...*`/[email protected]..=p..a...(....A...a!..b.X#...... !.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1...... r..=.6...h..>C.0....3.l0...B.8,..c."...... V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.n R#.,..4H.#...dk..9.,

Copyright Joe Security LLC 2021 Page 41 of 56 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ubuntu-light[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 151732, version 1.1 Category: downloaded Size (bytes): 151732 Entropy (8bit): 7.978055953646096 Encrypted: false SSDEEP: 3072:iq8Duv8aK0wMSlTRXQ0W5BIFNBqIAmoDSNsbrgiX/vfI:iqxK0wM4NG5BAum+SNs8OQ MD5: 26DC73E50131D7C6E3F842C4F799866A SHA1: 1940953020803C2620816FF5A302B1DAA8FB5FF5 SHA-256: 9BC1D3DE39099C0DEDDF3AD57957B388C85CDDD63026A3FC9AF79F8D4470D227 SHA-512: ADEEFED37AE1D34916D06892BD7EC4C1CE13184D5B2C5772C92672E96CC876B17CBB2C5B4A431A73A27BB8650ED29225108F94A263AAF7F31AC1AA81A31048 A2 Malicious: false Reputation: low IE Cache URL: https://booking.reservanto.cz/Content/fonts/ubuntu-light.woff Preview: wOFF...... P...... (...... FFTM...l...... ]..-OS/2...... [...`....cmap...... 1...6X.0.cvt ...... ~.....7..fpgm...... #v.D.gasp...... !..glyf...0...... x....head.."....2...6.Y..hhea.. #$...!...$....hmtx..#H...|...,..r.kern..'...... Yf.p6.loca..<...... 3#.maxp..AH...... Oname..Ah...... wH..post..F....:.....,..prep..O(...... s.kE...... o1...... X.....k.x.c`fRg.a`e``...... 2X0...r3.0.113.<``...... @....3..w...%.{....1.u.2m..)00...o.P.x....o.A.....J.t.>.?..nm-Ekiu...w.kj.*H--EQK+..V..."zA..n$}....!q!...... o.y2...... #Ig..{..z..G._...C$..X.K...... #.U.. T...\*Ze.\U..U.jTM.Y.D;.O?>cY6..MP\...5.&T... .."4!.&lV..!..w...... *...l...#....w..}.o.G..|i...f.Yk.gD.....w...K|l...e .;...u..O..=.#...._.L_..'[email protected]"q._{.E4... b.%.x.H$.dRH%.t2.. ..2.. .,F2..![..8.C....$&.G>S(.."...4.3..f2.Rf3...c>.X."..D...Ts...... \....unr.[4r..4q..<.!.<...i...y...Y..VI..H.ktm...... M.O+...wk...O..2.k3K..:vj]..*.7..Sb$V.%I.$...{edI..H..u..%A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\upol[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 165 x 65, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 4183 Entropy (8bit): 7.820676087110976 Encrypted: false SSDEEP: 48:rwqQNn2xfSJ3JCs1z5IBh1m1Yq+kYN0M5plB6EPBpJMibv78mhK2o2dVYBypbEq8:VY2JKRzUMqq7gDPBEwvRo2Pd6BkXJm MD5: 40579784DED6889EF96F0E59E8BABA7C SHA1: B404E2E6910E561DE10323FD46691D9B6950107B SHA-256: 2E86F204872CE6CCA1CB669534A931DF2F68D2FD9862A1804ACD3797BDECAFAE SHA-512: 7E82EA80DF8C13CFC0DC76749B45BB8BC47753513B540B7FE9AAD405606FF64FFC39949D9D8338E6E399C2531806573AB0F5C46A89689C5AAB3308F40611A2B1 Malicious: false Reputation: low IE Cache URL: https://www.reservanto.cz/Images/Brands/upol.png Preview: .PNG...... IHDR...... A...... dN....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp..... ...... IDATx..]..UU... {..3<.W.....R..d..P..<.,.k...)j...... eAYf`.Q<..A.LD@.@@..^1....g...;....;....af.k}...>......

C:\Users\user\AppData\Local\Temp\~DF5734641864431A69.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 13029 Entropy (8bit): 0.4813817344888996 Encrypted: false SSDEEP: 24:c9lLh9lLh9lIn9lIn9lobF9loh9lW0lW/sNO+e:kBqoIq00lW/sNO+e MD5: 23D870D4F01D155E36D097562F3071E3 SHA1: 54A6B9EC41A20268E62F09892BDA22BBBF61A798 SHA-256: 6EA3AEBB4AA092405EDD8DD11ECEB14C7A9F1A240A273E3C6958A2D623C217F4 SHA-512: 1B9CF2E441246351E3C7D6B30544A1B2284BE72D53D4B2AFD9626CC2CC8DEF7CD4C753CCBD3697E77B38808A90AE8A46A882042F914CCF485C02C5EB52B181F 0 Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......

C:\Users\user\AppData\Local\Temp\~DF67884A2BDFFFD9BE.TMP Process: C:\Program Files\internet explorer\iexplore.exe

Copyright Joe Security LLC 2021 Page 42 of 56 C:\Users\user\AppData\Local\Temp\~DF67884A2BDFFFD9BE.TMP File Type: data Category: dropped Size (bytes): 61824 Entropy (8bit): 1.1540279251013952 Encrypted: false SSDEEP: 192:kBqoxKAuqR+zN/2dGl2s2Ct2R2v2M2p2Ct2R2v2M2t82Mh2BXX42K+CA20tXABnH:kBqoxKAuqR+zN/2dGRyumIX2etEnH MD5: F130E6C376AE18ACD1EAD7A008198A5F SHA1: DF863D05D4A89E7E802F6740C2B7DF016E98F547 SHA-256: 00A10A8280BC02F80AAB2016DC4582FB8A6AE8A7930CFBE2D51CD1EEB9BD046E SHA-512: D7918E753F43ADFCA5D1182ED0047AE733875A5ADD92C920D7FFF5750968ED7D1A8C9DB1DC6C3E12BBA33AB1A4AA6CF7DEEC349BDF8A7AEAC374F2A178741 907 Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......

C:\Users\user\AppData\Local\Temp\~DF81A44BF37001FCE1.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 25441 Entropy (8bit): 0.27918767598683664 Encrypted: false SSDEEP: 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab MD5: AB889A32AB9ACD33E816C2422337C69A SHA1: 1190C6B34DED2D295827C2A88310D10A8B90B59B SHA-256: 4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA SHA-512: BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6 Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......

Static File Info

No static file info

Network Behavior

Network Port Distribution

Total Packets: 105 • 53 (DNS) • 443 (HTTPS)

Copyright Joe Security LLC 2021 Page 43 of 56 TCP Packets

Timestamp Source Port Dest Port Source IP Dest IP May 1, 2021 11:42:30.903923035 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:30.904176950 CEST 49721 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:30.955730915 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:30.955775976 CEST 443 49721 217.16.185.201 192.168.2.3 May 1, 2021 11:42:30.955919027 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:30.955981970 CEST 49721 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:30.966654062 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:30.966712952 CEST 49721 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.034301996 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.034353971 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.034384966 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.034414053 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.034440041 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.034451962 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.034795046 CEST 443 49721 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.034837961 CEST 443 49721 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.034868002 CEST 443 49721 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.034924984 CEST 49721 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.034970045 CEST 49721 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.034976006 CEST 49721 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.071455002 CEST 49721 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.071527958 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.077488899 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.077632904 CEST 49721 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.077810049 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.128212929 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.128257990 CEST 443 49721 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.128277063 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.128294945 CEST 443 49721 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.128379107 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.128448963 CEST 49721 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.128470898 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.128482103 CEST 49721 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.130033016 CEST 49721 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.130269051 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.130500078 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.130608082 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.151310921 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.151369095 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.151403904 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.151439905 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.151501894 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.151550055 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.172153950 CEST 443 49721 217.16.185.201 192.168.2.3

Copyright Joe Security LLC 2021 Page 44 of 56 Timestamp Source Port Dest Port Source IP Dest IP May 1, 2021 11:42:31.179893017 CEST 443 49721 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.180078030 CEST 49721 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.218043089 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.218590021 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.218811989 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.218903065 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.218996048 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.219089985 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.219185114 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.219258070 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.234457970 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.234500885 CEST 443 49721 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.270193100 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.270234108 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.271496058 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.275909901 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.275969028 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.275994062 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.276000023 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.276025057 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.276046991 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.276051044 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.276091099 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.276107073 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.276130915 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.276144028 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.276169062 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.276185989 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.276209116 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.276222944 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.276235104 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.276259899 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.276262045 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.276304960 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.276315928 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.277708054 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.277762890 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.277786970 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.277801037 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.277810097 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.277838945 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.277856112 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.277877092 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.277889967 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.277924061 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.277928114 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.277967930 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.277976990 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.278004885 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.278012991 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.278032064 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.278057098 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.278085947 CEST 49720 443 192.168.2.3 217.16.185.201 May 1, 2021 11:42:31.329251051 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.329293013 CEST 443 49720 217.16.185.201 192.168.2.3 May 1, 2021 11:42:31.329328060 CEST 443 49720 217.16.185.201 192.168.2.3

UDP Packets

Timestamp Source Port Dest Port Source IP Dest IP May 1, 2021 11:42:23.557001114 CEST 57544 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:23.605791092 CEST 53 57544 8.8.8.8 192.168.2.3 May 1, 2021 11:42:24.323616982 CEST 55984 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:24.380918980 CEST 53 55984 8.8.8.8 192.168.2.3

Copyright Joe Security LLC 2021 Page 45 of 56 Timestamp Source Port Dest Port Source IP Dest IP May 1, 2021 11:42:25.835119009 CEST 64185 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:25.886991024 CEST 53 64185 8.8.8.8 192.168.2.3 May 1, 2021 11:42:26.810590982 CEST 65110 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:26.859590054 CEST 53 65110 8.8.8.8 192.168.2.3 May 1, 2021 11:42:27.679650068 CEST 58361 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:27.728555918 CEST 53 58361 8.8.8.8 192.168.2.3 May 1, 2021 11:42:28.444948912 CEST 63492 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:28.493738890 CEST 53 63492 8.8.8.8 192.168.2.3 May 1, 2021 11:42:29.290380001 CEST 60831 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:29.339457989 CEST 53 60831 8.8.8.8 192.168.2.3 May 1, 2021 11:42:29.847094059 CEST 60100 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:29.907099962 CEST 53 60100 8.8.8.8 192.168.2.3 May 1, 2021 11:42:30.071259975 CEST 53195 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:30.120078087 CEST 53 53195 8.8.8.8 192.168.2.3 May 1, 2021 11:42:30.822490931 CEST 50141 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:30.893975973 CEST 53 50141 8.8.8.8 192.168.2.3 May 1, 2021 11:42:31.021570921 CEST 53023 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:31.073743105 CEST 53 53023 8.8.8.8 192.168.2.3 May 1, 2021 11:42:31.216721058 CEST 49563 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:31.276288033 CEST 53 49563 8.8.8.8 192.168.2.3 May 1, 2021 11:42:31.504266977 CEST 51352 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:31.557173967 CEST 53 51352 8.8.8.8 192.168.2.3 May 1, 2021 11:42:32.058449030 CEST 59349 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:32.109019041 CEST 53 59349 8.8.8.8 192.168.2.3 May 1, 2021 11:42:32.596920013 CEST 57084 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:32.645597935 CEST 53 57084 8.8.8.8 192.168.2.3 May 1, 2021 11:42:34.071968079 CEST 58823 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:34.120790005 CEST 53 58823 8.8.8.8 192.168.2.3 May 1, 2021 11:42:34.940337896 CEST 57568 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:34.989079952 CEST 53 57568 8.8.8.8 192.168.2.3 May 1, 2021 11:42:35.785410881 CEST 50540 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:35.834120989 CEST 53 50540 8.8.8.8 192.168.2.3 May 1, 2021 11:42:36.558657885 CEST 54366 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:36.608954906 CEST 53 54366 8.8.8.8 192.168.2.3 May 1, 2021 11:42:37.423865080 CEST 53034 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:37.475642920 CEST 53 53034 8.8.8.8 192.168.2.3 May 1, 2021 11:42:38.439855099 CEST 57762 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:38.491756916 CEST 53 57762 8.8.8.8 192.168.2.3 May 1, 2021 11:42:39.337097883 CEST 55435 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:39.385885000 CEST 53 55435 8.8.8.8 192.168.2.3 May 1, 2021 11:42:47.568908930 CEST 50713 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:47.638108969 CEST 53 50713 8.8.8.8 192.168.2.3 May 1, 2021 11:42:49.254735947 CEST 56132 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:49.325014114 CEST 53 56132 8.8.8.8 192.168.2.3 May 1, 2021 11:42:49.885082006 CEST 58987 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:49.933881044 CEST 53 58987 8.8.8.8 192.168.2.3 May 1, 2021 11:42:49.957690954 CEST 56579 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:49.987159967 CEST 60633 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:49.992954016 CEST 61292 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:50.018233061 CEST 53 56579 8.8.8.8 192.168.2.3 May 1, 2021 11:42:50.064174891 CEST 53 60633 8.8.8.8 192.168.2.3 May 1, 2021 11:42:50.067301989 CEST 53 61292 8.8.8.8 192.168.2.3 May 1, 2021 11:42:50.384424925 CEST 63619 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:50.388756037 CEST 64938 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:50.396858931 CEST 61946 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:50.408435106 CEST 64910 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:50.440274954 CEST 53 64938 8.8.8.8 192.168.2.3 May 1, 2021 11:42:50.441783905 CEST 53 63619 8.8.8.8 192.168.2.3 May 1, 2021 11:42:50.445578098 CEST 53 61946 8.8.8.8 192.168.2.3 May 1, 2021 11:42:50.483700037 CEST 53 64910 8.8.8.8 192.168.2.3 May 1, 2021 11:42:50.553911924 CEST 52123 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:50.609889030 CEST 56130 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:50.618937969 CEST 53 52123 8.8.8.8 192.168.2.3 May 1, 2021 11:42:50.652404070 CEST 56338 53 192.168.2.3 8.8.8.8

Copyright Joe Security LLC 2021 Page 46 of 56 Timestamp Source Port Dest Port Source IP Dest IP May 1, 2021 11:42:50.686978102 CEST 53 56130 8.8.8.8 192.168.2.3 May 1, 2021 11:42:50.698338032 CEST 59420 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:50.701128960 CEST 53 56338 8.8.8.8 192.168.2.3 May 1, 2021 11:42:50.755136013 CEST 53 59420 8.8.8.8 192.168.2.3 May 1, 2021 11:42:50.944103956 CEST 58784 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:50.949373007 CEST 63978 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:50.992666960 CEST 53 58784 8.8.8.8 192.168.2.3 May 1, 2021 11:42:51.006583929 CEST 53 63978 8.8.8.8 192.168.2.3 May 1, 2021 11:42:51.337780952 CEST 62938 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:51.386604071 CEST 53 62938 8.8.8.8 192.168.2.3 May 1, 2021 11:42:51.436954975 CEST 55708 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:51.485562086 CEST 53 55708 8.8.8.8 192.168.2.3 May 1, 2021 11:42:56.054375887 CEST 56803 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:56.111598969 CEST 53 56803 8.8.8.8 192.168.2.3 May 1, 2021 11:42:59.840836048 CEST 57145 53 192.168.2.3 8.8.8.8 May 1, 2021 11:42:59.903655052 CEST 53 57145 8.8.8.8 192.168.2.3 May 1, 2021 11:43:00.452984095 CEST 55359 53 192.168.2.3 8.8.8.8 May 1, 2021 11:43:00.509975910 CEST 53 55359 8.8.8.8 192.168.2.3 May 1, 2021 11:43:00.846155882 CEST 58306 53 192.168.2.3 8.8.8.8 May 1, 2021 11:43:00.852909088 CEST 57145 53 192.168.2.3 8.8.8.8 May 1, 2021 11:43:00.894862890 CEST 53 58306 8.8.8.8 192.168.2.3 May 1, 2021 11:43:00.912734985 CEST 53 57145 8.8.8.8 192.168.2.3 May 1, 2021 11:43:01.460052013 CEST 55359 53 192.168.2.3 8.8.8.8 May 1, 2021 11:43:01.517443895 CEST 53 55359 8.8.8.8 192.168.2.3 May 1, 2021 11:43:01.904331923 CEST 57145 53 192.168.2.3 8.8.8.8 May 1, 2021 11:43:01.967529058 CEST 53 57145 8.8.8.8 192.168.2.3 May 1, 2021 11:43:02.475517035 CEST 55359 53 192.168.2.3 8.8.8.8 May 1, 2021 11:43:02.532495975 CEST 53 55359 8.8.8.8 192.168.2.3 May 1, 2021 11:43:04.063282013 CEST 57145 53 192.168.2.3 8.8.8.8 May 1, 2021 11:43:04.115211964 CEST 53 57145 8.8.8.8 192.168.2.3 May 1, 2021 11:43:04.491343021 CEST 55359 53 192.168.2.3 8.8.8.8 May 1, 2021 11:43:04.548521042 CEST 53 55359 8.8.8.8 192.168.2.3 May 1, 2021 11:43:05.604571104 CEST 64124 53 192.168.2.3 8.8.8.8 May 1, 2021 11:43:05.676619053 CEST 53 64124 8.8.8.8 192.168.2.3

DNS Queries

Timestamp Source IP Dest IP Trans ID OP Code Name Type Class May 1, 2021 11:42:30.822490931 CEST 192.168.2.3 8.8.8.8 0x8128 Standard query managebook A (IP address) IN (0x0001) (0) ing.reservanto.cz May 1, 2021 11:42:47.568908930 CEST 192.168.2.3 8.8.8.8 0x7c54 Standard query managebook A (IP address) IN (0x0001) (0) ing.reservanto.cz May 1, 2021 11:42:49.254735947 CEST 192.168.2.3 8.8.8.8 0xa9f7 Standard query www.reserv A (IP address) IN (0x0001) (0) anto.cz May 1, 2021 11:42:49.987159967 CEST 192.168.2.3 8.8.8.8 0x3f10 Standard query www.smarts A (IP address) IN (0x0001) (0) uppchat.com May 1, 2021 11:42:49.992954016 CEST 192.168.2.3 8.8.8.8 0xd6e0 Standard query rec.smartl A (IP address) IN (0x0001) (0) ook.com May 1, 2021 11:42:50.388756037 CEST 192.168.2.3 8.8.8.8 0x1640 Standard query c.imedia.cz A (IP address) IN (0x0001) (0) May 1, 2021 11:42:50.396858931 CEST 192.168.2.3 8.8.8.8 0x899b Standard query bootstrap. A (IP address) IN (0x0001) (0) smartsuppc hat.com May 1, 2021 11:42:50.408435106 CEST 192.168.2.3 8.8.8.8 0x33aa Standard query dc.service A (IP address) IN (0x0001) (0) s.visualst udio.com May 1, 2021 11:42:50.553911924 CEST 192.168.2.3 8.8.8.8 0x3d3e Standard query stats.g.do A (IP address) IN (0x0001) (0) ubleclick.net May 1, 2021 11:42:50.609889030 CEST 192.168.2.3 8.8.8.8 0x9a30 Standard query widget-v2. A (IP address) IN (0x0001) (0) smartsuppc dn.com May 1, 2021 11:42:50.652404070 CEST 192.168.2.3 8.8.8.8 0xf8df Standard query c.seznam.cz A (IP address) IN (0x0001) (0) May 1, 2021 11:42:50.698338032 CEST 192.168.2.3 8.8.8.8 0x3881 Standard query googleads. A (IP address) IN (0x0001) (0) g.doubleclick.net May 1, 2021 11:42:50.949373007 CEST 192.168.2.3 8.8.8.8 0x6137 Standard query www.google.de A (IP address) IN (0x0001) (0)

Copyright Joe Security LLC 2021 Page 47 of 56 Timestamp Source IP Dest IP Trans ID OP Code Name Type Class May 1, 2021 11:42:51.337780952 CEST 192.168.2.3 8.8.8.8 0x99dc Standard query websocket- A (IP address) IN (0x0001) (0) visitors.s martsupp.com May 1, 2021 11:42:51.436954975 CEST 192.168.2.3 8.8.8.8 0x45f8 Standard query booking.re A (IP address) IN (0x0001) (0) servanto.cz May 1, 2021 11:42:56.054375887 CEST 192.168.2.3 8.8.8.8 0xc2c8 Standard query merchant.r A (IP address) IN (0x0001) (0) eservanto.cz

DNS Answers

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class May 1, 2021 8.8.8.8 192.168.2.3 0x8128 No error (0) managebook 217.16.185.201 A (IP address) IN (0x0001) 11:42:30.893975973 ing.reserv CEST anto.cz May 1, 2021 8.8.8.8 192.168.2.3 0x7c54 No error (0) managebook 217.16.185.201 A (IP address) IN (0x0001) 11:42:47.638108969 ing.reserv CEST anto.cz May 1, 2021 8.8.8.8 192.168.2.3 0xa9f7 No error (0) www.reserv 217.16.185.201 A (IP address) IN (0x0001) 11:42:49.325014114 anto.cz CEST May 1, 2021 8.8.8.8 192.168.2.3 0x4f2f No error (0) sni1gl.wpc 152.199.21.175 A (IP address) IN (0x0001) 11:42:50.018233061 .gammacdn.net CEST May 1, 2021 8.8.8.8 192.168.2.3 0x3f10 No error (0) www.smarts 1161431244.rsc.cdn77.or CNAME IN (0x0001) 11:42:50.064174891 uppchat.com g (Canonical CEST name) May 1, 2021 8.8.8.8 192.168.2.3 0x3f10 No error (0) 1161431244 89.187.165.8 A (IP address) IN (0x0001) 11:42:50.064174891 .rsc.cdn77.org CEST May 1, 2021 8.8.8.8 192.168.2.3 0xd6e0 No error (0) rec.smartl 1610534878.rsc.cdn77.or CNAME IN (0x0001) 11:42:50.067301989 ook.com g (Canonical CEST name) May 1, 2021 8.8.8.8 192.168.2.3 0xd6e0 No error (0) 1610534878 89.187.165.7 A (IP address) IN (0x0001) 11:42:50.067301989 .rsc.cdn77.org CEST May 1, 2021 8.8.8.8 192.168.2.3 0x1640 No error (0) c.imedia.cz 77.75.79.33 A (IP address) IN (0x0001) 11:42:50.440274954 CEST May 1, 2021 8.8.8.8 192.168.2.3 0x1640 No error (0) c.imedia.cz 77.75.77.33 A (IP address) IN (0x0001) 11:42:50.440274954 CEST May 1, 2021 8.8.8.8 192.168.2.3 0x899b No error (0) bootstrap. 3.120.69.250 A (IP address) IN (0x0001) 11:42:50.445578098 smartsuppc CEST hat.com May 1, 2021 8.8.8.8 192.168.2.3 0x899b No error (0) bootstrap. 35.158.158.175 A (IP address) IN (0x0001) 11:42:50.445578098 smartsuppc CEST hat.com May 1, 2021 8.8.8.8 192.168.2.3 0x899b No error (0) bootstrap. 3.120.72.169 A (IP address) IN (0x0001) 11:42:50.445578098 smartsuppc CEST hat.com May 1, 2021 8.8.8.8 192.168.2.3 0x33aa No error (0) dc.service dc.applicationinsights.mic CNAME IN (0x0001) 11:42:50.483700037 s.visualst rosoft.com (Canonical CEST udio.com name) May 1, 2021 8.8.8.8 192.168.2.3 0x33aa No error (0) dc.applica global.in.ai.monitor.azure. CNAME IN (0x0001) 11:42:50.483700037 tioninsigh com (Canonical CEST ts.azure.com name) May 1, 2021 8.8.8.8 192.168.2.3 0x33aa No error (0) global.in. global.in.ai.privatelink.mo CNAME IN (0x0001) 11:42:50.483700037 ai.monitor nitor.azure.com (Canonical CEST .azure.com name) May 1, 2021 8.8.8.8 192.168.2.3 0x33aa No error (0) global.in. dc.trafficmanager.net CNAME IN (0x0001) 11:42:50.483700037 ai.private (Canonical CEST link.monit name) or.azure.com May 1, 2021 8.8.8.8 192.168.2.3 0x3d3e No error (0) stats.g.do stats.l.doubleclick.net CNAME IN (0x0001) 11:42:50.618937969 ubleclick.net (Canonical CEST name) May 1, 2021 8.8.8.8 192.168.2.3 0x3d3e No error (0) stats.l.do 173.194.76.155 A (IP address) IN (0x0001) 11:42:50.618937969 ubleclick.net CEST May 1, 2021 8.8.8.8 192.168.2.3 0x3d3e No error (0) stats.l.do 173.194.76.157 A (IP address) IN (0x0001) 11:42:50.618937969 ubleclick.net CEST May 1, 2021 8.8.8.8 192.168.2.3 0x3d3e No error (0) stats.l.do 173.194.76.156 A (IP address) IN (0x0001) 11:42:50.618937969 ubleclick.net CEST May 1, 2021 8.8.8.8 192.168.2.3 0x3d3e No error (0) stats.l.do 173.194.76.154 A (IP address) IN (0x0001) 11:42:50.618937969 ubleclick.net CEST

Copyright Joe Security LLC 2021 Page 48 of 56 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class May 1, 2021 8.8.8.8 192.168.2.3 0x9a30 No error (0) widget-v2. 1746822127.rsc.cdn77.or CNAME IN (0x0001) 11:42:50.686978102 smartsuppc g (Canonical CEST dn.com name) May 1, 2021 8.8.8.8 192.168.2.3 0x9a30 No error (0) 1746822127 89.187.165.7 A (IP address) IN (0x0001) 11:42:50.686978102 .rsc.cdn77.org CEST May 1, 2021 8.8.8.8 192.168.2.3 0xf8df No error (0) c.seznam.cz 77.75.78.60 A (IP address) IN (0x0001) 11:42:50.701128960 CEST May 1, 2021 8.8.8.8 192.168.2.3 0xf8df No error (0) c.seznam.cz 77.75.76.60 A (IP address) IN (0x0001) 11:42:50.701128960 CEST May 1, 2021 8.8.8.8 192.168.2.3 0x3881 No error (0) googleads. 142.250.185.226 A (IP address) IN (0x0001) 11:42:50.755136013 g.doubleclick.net CEST May 1, 2021 8.8.8.8 192.168.2.3 0x6137 No error (0) www.google.de 142.250.186.35 A (IP address) IN (0x0001) 11:42:51.006583929 CEST May 1, 2021 8.8.8.8 192.168.2.3 0x99dc No error (0) websocket- 35.158.253.187 A (IP address) IN (0x0001) 11:42:51.386604071 visitors.s CEST martsupp.com May 1, 2021 8.8.8.8 192.168.2.3 0x99dc No error (0) websocket- 52.59.62.195 A (IP address) IN (0x0001) 11:42:51.386604071 visitors.s CEST martsupp.com May 1, 2021 8.8.8.8 192.168.2.3 0x99dc No error (0) websocket- 52.28.32.113 A (IP address) IN (0x0001) 11:42:51.386604071 visitors.s CEST martsupp.com May 1, 2021 8.8.8.8 192.168.2.3 0x99dc No error (0) websocket- 35.157.25.238 A (IP address) IN (0x0001) 11:42:51.386604071 visitors.s CEST martsupp.com May 1, 2021 8.8.8.8 192.168.2.3 0x99dc No error (0) websocket- 52.58.46.49 A (IP address) IN (0x0001) 11:42:51.386604071 visitors.s CEST martsupp.com May 1, 2021 8.8.8.8 192.168.2.3 0x99dc No error (0) websocket- 52.57.82.17 A (IP address) IN (0x0001) 11:42:51.386604071 visitors.s CEST martsupp.com May 1, 2021 8.8.8.8 192.168.2.3 0x99dc No error (0) websocket- 18.192.231.49 A (IP address) IN (0x0001) 11:42:51.386604071 visitors.s CEST martsupp.com May 1, 2021 8.8.8.8 192.168.2.3 0x99dc No error (0) websocket- 18.184.104.180 A (IP address) IN (0x0001) 11:42:51.386604071 visitors.s CEST martsupp.com May 1, 2021 8.8.8.8 192.168.2.3 0x45f8 No error (0) booking.re 217.16.185.201 A (IP address) IN (0x0001) 11:42:51.485562086 servanto.cz CEST May 1, 2021 8.8.8.8 192.168.2.3 0xc2c8 No error (0) merchant.r 217.16.185.201 A (IP address) IN (0x0001) 11:42:56.111598969 eservanto.cz CEST

HTTPS Packets

Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest May 1, 2021 152.199.21.175 443 192.168.2.3 49744 CN=sni1e6ffgl.wpc.edgecast CN=DigiCert SHA2 Thu Apr Thu Apr 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.104063988 cdn.net, OU=SecOps, Secure Server CA, 16 21 49195-49200- 424db3a98c CEST O="Verizon Digital Media O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- Services, Inc.", L=Los CN=DigiCert Global CEST CEST 49187-49192- Angeles, ST=California, Root CA, 2020 Fri 2022 49191-49162- C=US CN=DigiCert SHA2 OU=www.digicert.com, Mar 08 Wed 49161-49172- Secure Server CA, O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- O=DigiCert Inc, C=US CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 May 1, 2021 152.199.21.175 443 192.168.2.3 49743 CN=sni1e6ffgl.wpc.edgecast CN=DigiCert SHA2 Thu Apr Thu Apr 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.127003908 cdn.net, OU=SecOps, Secure Server CA, 16 21 49195-49200- 424db3a98c CEST O="Verizon Digital Media O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- Services, Inc.", L=Los CN=DigiCert Global CEST CEST 49187-49192- Angeles, ST=California, Root CA, 2020 Fri 2022 49191-49162- C=US CN=DigiCert SHA2 OU=www.digicert.com, Mar 08 Wed 49161-49172- Secure Server CA, O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- O=DigiCert Inc, C=US CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- 24,0

Copyright Joe Security LLC 2021 Page 49 of 56 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 May 1, 2021 89.187.165.7 443 192.168.2.3 49748 CN=1610534878.rsc.cdn77.o CN=R3, O=Let's Tue Apr Mon Jul 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.151148081 rg CN=R3, O=Let's Encrypt, Encrypt, C=US 20 19 49195-49200- 424db3a98c CEST C=US CN=DST Root CA X3, 23:18:57 23:18:57 49199-49188- O=Digital Signature CEST CEST 49187-49192- Trust Co. 2021 2021 49191-49162- Wed Oct Wed 49161-49172- 07 Sep 29 49171-157-156- 21:21:40 21:21:40 61-60-53-47- CEST CEST 10,0-10-11-13- 2020 2021 35-16-23-24- 65281,29-23- CN=R3, O=Let's Encrypt, CN=DST Root CA X3, Wed Oct Wed 24,0 C=US O=Digital Signature 07 Sep 29 Trust Co. 21:21:40 21:21:40 CEST CEST 2020 2021 May 1, 2021 89.187.165.7 443 192.168.2.3 49747 CN=1610534878.rsc.cdn77.o CN=R3, O=Let's Tue Apr Mon Jul 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.151341915 rg CN=R3, O=Let's Encrypt, Encrypt, C=US 20 19 49195-49200- 424db3a98c CEST C=US CN=DST Root CA X3, 23:18:57 23:18:57 49199-49188- O=Digital Signature CEST CEST 49187-49192- Trust Co. 2021 2021 49191-49162- Wed Oct Wed 49161-49172- 07 Sep 29 49171-157-156- 21:21:40 21:21:40 61-60-53-47- CEST CEST 10,0-10-11-13- 2020 2021 35-16-23-24- 65281,29-23- CN=R3, O=Let's Encrypt, CN=DST Root CA X3, Wed Oct Wed 24,0 C=US O=Digital Signature 07 Sep 29 Trust Co. 21:21:40 21:21:40 CEST CEST 2020 2021 May 1, 2021 89.187.165.8 443 192.168.2.3 49746 CN=*.smartsuppchat.com CN=RapidSSL TLS DV Wed Fri Dec 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.153609991 CN=RapidSSL TLS DV RSA RSA Mixed SHA256 Dec 02 31 49195-49200- 424db3a98c CEST Mixed SHA256 2020 CA-1, 2020 CA-1, O=DigiCert 01:00:00 00:59:59 49199-49188- O=DigiCert Inc, C=US Inc, C=US CN=DigiCert CET CET 49187-49192- Global Root CA, 2020 2021 49191-49162- OU=www.digicert.com, Thu Jul Thu Jun 49161-49172- O=DigiCert Inc, C=US 16 01 49171-157-156- 14:25:27 01:59:59 61-60-53-47- CEST CEST 10,0-10-11-13- 2020 2023 35-16-23-24- 65281,29-23- CN=RapidSSL TLS DV RSA CN=DigiCert Global Thu Jul Thu Jun 24,0 Mixed SHA256 2020 CA-1, Root CA, 16 01 O=DigiCert Inc, C=US OU=www.digicert.com, 14:25:27 01:59:59 O=DigiCert Inc, C=US CEST CEST 2020 2023 May 1, 2021 89.187.165.8 443 192.168.2.3 49745 CN=*.smartsuppchat.com CN=RapidSSL TLS DV Wed Fri Dec 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.154386044 CN=RapidSSL TLS DV RSA RSA Mixed SHA256 Dec 02 31 49195-49200- 424db3a98c CEST Mixed SHA256 2020 CA-1, 2020 CA-1, O=DigiCert 01:00:00 00:59:59 49199-49188- O=DigiCert Inc, C=US Inc, C=US CN=DigiCert CET CET 49187-49192- Global Root CA, 2020 2021 49191-49162- OU=www.digicert.com, Thu Jul Thu Jun 49161-49172- O=DigiCert Inc, C=US 16 01 49171-157-156- 14:25:27 01:59:59 61-60-53-47- CEST CEST 10,0-10-11-13- 2020 2023 35-16-23-24- 65281,29-23- CN=RapidSSL TLS DV RSA CN=DigiCert Global Thu Jul Thu Jun 24,0 Mixed SHA256 2020 CA-1, Root CA, 16 01 O=DigiCert Inc, C=US OU=www.digicert.com, 14:25:27 01:59:59 O=DigiCert Inc, C=US CEST CEST 2020 2023

Copyright Joe Security LLC 2021 Page 50 of 56 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest May 1, 2021 3.120.69.250 443 192.168.2.3 49754 CN=*.smartsuppchat.com CN=Amazon, Sat May Wed 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.539670944 CN=Amazon, OU=Server OU=Server CA 1B, 30 Jun 30 49195-49200- 424db3a98c CEST CA 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 14:00:00 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA CEST CEST 49187-49192- O=Amazon, C=US 1, O=Amazon, C=US 2020 2021 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23- ST=Arizona, C=US May 25 31 24,0 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CN=Amazon Root CA Thu Oct Sun Oct CA 1B, O=Amazon, C=US 1, O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034 May 1, 2021 3.120.69.250 443 192.168.2.3 49753 CN=*.smartsuppchat.com CN=Amazon, Sat May Wed 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.540009975 CN=Amazon, OU=Server OU=Server CA 1B, 30 Jun 30 49195-49200- 424db3a98c CEST CA 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 14:00:00 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA CEST CEST 49187-49192- O=Amazon, C=US 1, O=Amazon, C=US 2020 2021 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23- ST=Arizona, C=US May 25 31 24,0 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CN=Amazon Root CA Thu Oct Sun Oct CA 1B, O=Amazon, C=US 1, O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034

Copyright Joe Security LLC 2021 Page 51 of 56 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest May 1, 2021 77.75.79.33 443 192.168.2.3 49752 CN=c.imedia.cz CN=R3, CN=R3, O=Let's Sun Apr Sat Jul 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.565335989 O=Let's Encrypt, C=US Encrypt, C=US 04 03 49195-49200- 424db3a98c CEST CN=DST Root CA X3, 08:01:09 08:01:09 49199-49188- O=Digital Signature CEST CEST 49187-49192- Trust Co. 2021 2021 49191-49162- Wed Oct Wed 49161-49172- 07 Sep 29 49171-157-156- 21:21:40 21:21:40 61-60-53-47- CEST CEST 10,0-10-11-13- 2020 2021 35-16-23-24- 65281,29-23- CN=R3, O=Let's Encrypt, CN=DST Root CA X3, Wed Oct Wed 24,0 C=US O=Digital Signature 07 Sep 29 Trust Co. 21:21:40 21:21:40 CEST CEST 2020 2021 May 1, 2021 77.75.79.33 443 192.168.2.3 49751 CN=c.imedia.cz CN=R3, CN=R3, O=Let's Sun Apr Sat Jul 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.567523956 O=Let's Encrypt, C=US Encrypt, C=US 04 03 49195-49200- 424db3a98c CEST CN=DST Root CA X3, 08:01:09 08:01:09 49199-49188- O=Digital Signature CEST CEST 49187-49192- Trust Co. 2021 2021 49191-49162- Wed Oct Wed 49161-49172- 07 Sep 29 49171-157-156- 21:21:40 21:21:40 61-60-53-47- CEST CEST 10,0-10-11-13- 2020 2021 35-16-23-24- 65281,29-23- CN=R3, O=Let's Encrypt, CN=DST Root CA X3, Wed Oct Wed 24,0 C=US O=Digital Signature 07 Sep 29 Trust Co. 21:21:40 21:21:40 CEST CEST 2020 2021 May 1, 2021 173.194.76.155 443 192.168.2.3 49758 CN=*.g.doubleclick.net, CN=GTS CA 1O1, Tue Apr Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.735626936 O=Google LLC, L=Mountain O=Google Trust 13 06 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 12:11:12 12:11:11 49199-49188- CN=GTS CA 1O1, CN=GlobalSign, CEST CEST 49187-49192- O=Google Trust Services, O=GlobalSign, 2021 2021 49191-49162- C=US OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, CN=GlobalSign, Thu Jun Wed 24,0 O=Google Trust Services, O=GlobalSign, 15 Dec 15 C=US OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 May 1, 2021 173.194.76.155 443 192.168.2.3 49757 CN=*.g.doubleclick.net, CN=GTS CA 1O1, Tue Apr Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.735734940 O=Google LLC, L=Mountain O=Google Trust 13 06 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 12:11:12 12:11:11 49199-49188- CN=GTS CA 1O1, CN=GlobalSign, CEST CEST 49187-49192- O=Google Trust Services, O=GlobalSign, 2021 2021 49191-49162- C=US OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, CN=GlobalSign, Thu Jun Wed 24,0 O=Google Trust Services, O=GlobalSign, 15 Dec 15 C=US OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 May 1, 2021 89.187.165.7 443 192.168.2.3 49759 CN=*.smartsuppcdn.com CN=RapidSSL TLS DV Tue Nov Sun Dec 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.770912886 CN=RapidSSL TLS DV RSA RSA Mixed SHA256 03 05 49195-49200- 424db3a98c CEST Mixed SHA256 2020 CA-1, 2020 CA-1, O=DigiCert 01:00:00 00:59:59 49199-49188- O=DigiCert Inc, C=US Inc, C=US CN=DigiCert CET CET 49187-49192- Global Root CA, 2020 2021 49191-49162- OU=www.digicert.com, Thu Jul Thu Jun 49161-49172- O=DigiCert Inc, C=US 16 01 49171-157-156- 14:25:27 01:59:59 61-60-53-47- CEST CEST 10,0-10-11-13- 2020 2023 35-16-23-24- 65281,29-23- CN=RapidSSL TLS DV RSA CN=DigiCert Global Thu Jul Thu Jun 24,0 Mixed SHA256 2020 CA-1, Root CA, 16 01 O=DigiCert Inc, C=US OU=www.digicert.com, 14:25:27 01:59:59 O=DigiCert Inc, C=US CEST CEST 2020 2023

Copyright Joe Security LLC 2021 Page 52 of 56 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest May 1, 2021 89.187.165.7 443 192.168.2.3 49760 CN=*.smartsuppcdn.com CN=RapidSSL TLS DV Tue Nov Sun Dec 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.772732973 CN=RapidSSL TLS DV RSA RSA Mixed SHA256 03 05 49195-49200- 424db3a98c CEST Mixed SHA256 2020 CA-1, 2020 CA-1, O=DigiCert 01:00:00 00:59:59 49199-49188- O=DigiCert Inc, C=US Inc, C=US CN=DigiCert CET CET 49187-49192- Global Root CA, 2020 2021 49191-49162- OU=www.digicert.com, Thu Jul Thu Jun 49161-49172- O=DigiCert Inc, C=US 16 01 49171-157-156- 14:25:27 01:59:59 61-60-53-47- CEST CEST 10,0-10-11-13- 2020 2023 35-16-23-24- 65281,29-23- CN=RapidSSL TLS DV RSA CN=DigiCert Global Thu Jul Thu Jun 24,0 Mixed SHA256 2020 CA-1, Root CA, 16 01 O=DigiCert Inc, C=US OU=www.digicert.com, 14:25:27 01:59:59 O=DigiCert Inc, C=US CEST CEST 2020 2023 May 1, 2021 77.75.78.60 443 192.168.2.3 49762 CN=c.seznam.cz CN=R3, CN=R3, O=Let's Sun Mar Sat Jun 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.816628933 O=Let's Encrypt, C=US Encrypt, C=US 21 19 49195-49200- 424db3a98c CEST CN=DST Root CA X3, 16:00:43 17:00:43 49199-49188- O=Digital Signature CET CEST 49187-49192- Trust Co. 2021 2021 49191-49162- Wed Oct Wed 49161-49172- 07 Sep 29 49171-157-156- 21:21:40 21:21:40 61-60-53-47- CEST CEST 10,0-10-11-13- 2020 2021 35-16-23-24- 65281,29-23- CN=R3, O=Let's Encrypt, CN=DST Root CA X3, Wed Oct Wed 24,0 C=US O=Digital Signature 07 Sep 29 Trust Co. 21:21:40 21:21:40 CEST CEST 2020 2021 May 1, 2021 77.75.78.60 443 192.168.2.3 49761 CN=c.seznam.cz CN=R3, CN=R3, O=Let's Sun Mar Sat Jun 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.819175959 O=Let's Encrypt, C=US Encrypt, C=US 21 19 49195-49200- 424db3a98c CEST CN=DST Root CA X3, 16:00:43 17:00:43 49199-49188- O=Digital Signature CET CEST 49187-49192- Trust Co. 2021 2021 49191-49162- Wed Oct Wed 49161-49172- 07 Sep 29 49171-157-156- 21:21:40 21:21:40 61-60-53-47- CEST CEST 10,0-10-11-13- 2020 2021 35-16-23-24- 65281,29-23- CN=R3, O=Let's Encrypt, CN=DST Root CA X3, Wed Oct Wed 24,0 C=US O=Digital Signature 07 Sep 29 Trust Co. 21:21:40 21:21:40 CEST CEST 2020 2021 May 1, 2021 142.250.185.226 443 192.168.2.3 49764 CN=*.g.doubleclick.net CN=GTS CA 1C3, Tue Apr Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.861999989 CN=GTS CA 1C3, O=Google Trust 13 06 49195-49200- 424db3a98c CEST O=Google Trust Services Services LLC, C=US 12:36:35 12:36:34 49199-49188- LLC, C=US CN=GTS Root CN=GTS Root R1, CEST CEST 49187-49192- R1, O=Google Trust O=Google Trust 2021 2021 49191-49162- Services LLC, C=US Services LLC, C=US Thu Aug Thu Sep 49161-49172- CN=GlobalSign Root 13 30 49171-157-156- CA, OU=Root CA, 02:00:42 02:00:42 61-60-53-47- O=GlobalSign nv-sa, CEST CEST 10,0-10-11-13- C=BE 2020 Fri 2027 Fri 35-16-23-24- Jun 19 Jan 28 65281,29-23- 02:00:42 01:00:42 24,0 CEST CET 2020 2028 CN=GTS CA 1C3, CN=GTS Root R1, Thu Aug Thu Sep O=Google Trust Services O=Google Trust 13 30 LLC, C=US Services LLC, C=US 02:00:42 02:00:42 CEST CEST 2020 2027 CN=GTS Root R1, CN=GlobalSign Root Fri Jun Fri Jan O=Google Trust Services CA, OU=Root CA, 19 28 LLC, C=US O=GlobalSign nv-sa, 02:00:42 01:00:42 C=BE CEST CET 2020 2028 May 1, 2021 142.250.185.226 443 192.168.2.3 49763 CN=*.g.doubleclick.net CN=GTS CA 1C3, Tue Apr Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 11:42:50.862540960 CN=GTS CA 1C3, O=Google Trust 13 06 49195-49200- 424db3a98c CEST O=Google Trust Services Services LLC, C=US 12:36:35 12:36:34 49199-49188- LLC, C=US CN=GTS Root CN=GTS Root R1, CEST CEST 49187-49192- R1, O=Google Trust O=Google Trust 2021 2021 49191-49162- Services LLC, C=US Services LLC, C=US Thu Aug Thu Sep 49161-49172- CN=GlobalSign Root 13 30 49171-157-156- CA, OU=Root CA, 02:00:42 02:00:42 61-60-53-47- O=GlobalSign nv-sa, CEST CEST 10,0-10-11-13- C=BE 2020 Fri 2027 Fri 35-16-23-24- Jun 19 Jan 28 65281,29-23- 02:00:42 01:00:42 24,0 CEST CET 2020 2028

Copyright Joe Security LLC 2021 Page 53 of 56 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest CN=GTS CA 1C3, CN=GTS Root R1, Thu Aug Thu Sep O=Google Trust Services O=Google Trust 13 30 LLC, C=US Services LLC, C=US 02:00:42 02:00:42 CEST CEST 2020 2027 CN=GTS Root R1, CN=GlobalSign Root Fri Jun Fri Jan O=Google Trust Services CA, OU=Root CA, 19 28 LLC, C=US O=GlobalSign nv-sa, 02:00:42 01:00:42 C=BE CEST CET 2020 2028 May 1, 2021 142.250.186.35 443 192.168.2.3 49768 CN=www.google.de CN=GTS CA 1C3, Tue Apr Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 11:42:51.115411043 CN=GTS CA 1C3, O=Google Trust 13 06 49195-49200- 424db3a98c CEST O=Google Trust Services Services LLC, C=US 12:41:49 12:41:48 49199-49188- LLC, C=US CN=GTS Root CN=GTS Root R1, CEST CEST 49187-49192- R1, O=Google Trust O=Google Trust 2021 2021 49191-49162- Services LLC, C=US Services LLC, C=US Thu Aug Thu Sep 49161-49172- CN=GlobalSign Root 13 30 49171-157-156- CA, OU=Root CA, 02:00:42 02:00:42 61-60-53-47- O=GlobalSign nv-sa, CEST CEST 10,0-10-11-13- C=BE 2020 Fri 2027 Fri 35-16-23-24- Jun 19 Jan 28 65281,29-23- 02:00:42 01:00:42 24,0 CEST CET 2020 2028 CN=GTS CA 1C3, CN=GTS Root R1, Thu Aug Thu Sep O=Google Trust Services O=Google Trust 13 30 LLC, C=US Services LLC, C=US 02:00:42 02:00:42 CEST CEST 2020 2027 CN=GTS Root R1, CN=GlobalSign Root Fri Jun Fri Jan O=Google Trust Services CA, OU=Root CA, 19 28 LLC, C=US O=GlobalSign nv-sa, 02:00:42 01:00:42 C=BE CEST CET 2020 2028 May 1, 2021 142.250.186.35 443 192.168.2.3 49767 CN=www.google.de CN=GTS CA 1C3, Tue Apr Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 11:42:51.115559101 CN=GTS CA 1C3, O=Google Trust 13 06 49195-49200- 424db3a98c CEST O=Google Trust Services Services LLC, C=US 12:41:49 12:41:48 49199-49188- LLC, C=US CN=GTS Root CN=GTS Root R1, CEST CEST 49187-49192- R1, O=Google Trust O=Google Trust 2021 2021 49191-49162- Services LLC, C=US Services LLC, C=US Thu Aug Thu Sep 49161-49172- CN=GlobalSign Root 13 30 49171-157-156- CA, OU=Root CA, 02:00:42 02:00:42 61-60-53-47- O=GlobalSign nv-sa, CEST CEST 10,0-10-11-13- C=BE 2020 Fri 2027 Fri 35-16-23-24- Jun 19 Jan 28 65281,29-23- 02:00:42 01:00:42 24,0 CEST CET 2020 2028 CN=GTS CA 1C3, CN=GTS Root R1, Thu Aug Thu Sep O=Google Trust Services O=Google Trust 13 30 LLC, C=US Services LLC, C=US 02:00:42 02:00:42 CEST CEST 2020 2027 CN=GTS Root R1, CN=GlobalSign Root Fri Jun Fri Jan O=Google Trust Services CA, OU=Root CA, 19 28 LLC, C=US O=GlobalSign nv-sa, 02:00:42 01:00:42 C=BE CEST CET 2020 2028 May 1, 2021 35.158.253.187 443 192.168.2.3 49769 CN=*.smartsupp.com CN=Amazon, Thu Dec Sun Jan 771,49196- 57f3642b4e37e28f5cbe30 11:42:51.599916935 CN=Amazon, OU=Server OU=Server CA 1B, 24 23 49195-49200- 20c9331b4c CEST CA 1B, O=Amazon, C=US O=Amazon, C=US 01:00:00 00:59:59 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA CET CET 49187-49192- O=Amazon, C=US 1, O=Amazon, C=US 2020 2022 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23- ST=Arizona, C=US May 25 31 24,0 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CN=Amazon Root CA Thu Oct Sun Oct CA 1B, O=Amazon, C=US 1, O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025

Copyright Joe Security LLC 2021 Page 54 of 56 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034

Code Manipulations

Statistics

Behavior

• iexplore.exe • iexplore.exe

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 3728 Parent PID: 792

General

Start time: 11:42:29 Start date: 01/05/2021 Path: C:\Program Files\internet explorer\iexplore.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding Imagebase: 0x7ff6a7870000 File size: 823560 bytes MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596 Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low

File Activities

Copyright Joe Security LLC 2021 Page 55 of 56 Source File Path Access Attributes Options Completion Count Address Symbol

Source File Path Offset Length Value Ascii Completion Count Address Symbol

Source File Path Offset Length Completion Count Address Symbol

Registry Activities

Source Key Path Completion Count Address Symbol

Source Key Path Name Type Data Completion Count Address Symbol

Source Key Path Name Type Old Data New Data Completion Count Address Symbol

Analysis Process: iexplore.exe PID: 68 Parent PID: 3728

General

Start time: 11:42:30 Start date: 01/05/2021 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Wow64 process (32bit): true Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3728 CREDAT:17410 /prefetch:2 Imagebase: 0x990000 File size: 822536 bytes MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low

File Activities

Source File Path Access Attributes Options Completion Count Address Symbol

Source File Path Offset Length Value Ascii Completion Count Address Symbol

Source File Path Offset Length Completion Count Address Symbol

Registry Activities

Source Key Path Completion Count Address Symbol

Source Key Path Name Type Data Completion Count Address Symbol

Source Key Path Name Type Old Data New Data Completion Count Address Symbol

Disassembly

Copyright Joe Security LLC 2021 Page 56 of 56