I found a computer with Ransomware alert this morning - see below detail information from SEC
I was able to logon to that PC and captured the following information in event log.
But, is there a report that I can get more meaningful information, such as entry point, time stamped detection & recovery processes, and etc?
Mitigation CryptoGuard
Platform 6.1.7601/x64 v583 06_2d
PID 5632
Application C:\Windows\SysWOW64\rundll32.exe
Description Windows host process (Rundll32) 6.1
Filename C:\Windows\SysWOW64\rundll32.exe
C:\Users\Carrie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWWUUWOZ\adient_logo[1].png
C:\Users\Carrie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWWUUWOZ\2715.25010.1080p[1].jpg
C:\Users\Carrie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOEX9GC9\AmX6FVRMz8gDDn2SvFKV2d.SB0[1].jpg
Process Trace
1 C:\Windows\SysWOW64\rundll32.exe [5632]
"C:\Windows\System32\rundll32.exe" C:\Windows\DOWNLO~1\CACHEC~1.DLL,Run BROWSER:MSIE URL:gateboy.jatco.co.jp
2 C:\Windows\System32\rundll32.exe [5576]
"C:\Windows\System32\rundll32.exe" C:\Windows\DOWNLO~1\CACHEC~1.DLL,Run BROWSER:MSIE URL:gateboy.jatco.co.jp
3 C:\Windows\explorer.exe [3188]
4 C:\Windows\System32\userinit.exe [4724]
5 C:\Windows\System32\winlogon.exe [656]
winlogon.exe
Thumbprint
eee746c7dd41646f922cd8a6a0ead1e4b5f2ce175432bf9d539824de8056431e
Exploit prevention
This thread was automatically locked due to age.