This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Where is the Exploit prevention log file located"

I found a computer with Ransomware alert this morning - see below detail information from SEC

I was able to logon to that PC and captured the following information in event log.

But, is there a report that I can get more meaningful information, such as entry point, time stamped detection & recovery processes, and etc?

Mitigation CryptoGuard

Platform 6.1.7601/x64 v583 06_2d

PID 5632

Application C:\Windows\SysWOW64\rundll32.exe

Description Windows host process (Rundll32) 6.1

Filename C:\Windows\SysWOW64\rundll32.exe

C:\Users\Carrie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWWUUWOZ\adient_logo[1].png

C:\Users\Carrie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWWUUWOZ\2715.25010.1080p[1].jpg

C:\Users\Carrie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOEX9GC9\AmX6FVRMz8gDDn2SvFKV2d.SB0[1].jpg

Process Trace

1 C:\Windows\SysWOW64\rundll32.exe [5632]

"C:\Windows\System32\rundll32.exe" C:\Windows\DOWNLO~1\CACHEC~1.DLL,Run BROWSER:MSIE URL:gateboy.jatco.co.jp

2 C:\Windows\System32\rundll32.exe [5576]

"C:\Windows\System32\rundll32.exe" C:\Windows\DOWNLO~1\CACHEC~1.DLL,Run BROWSER:MSIE URL:gateboy.jatco.co.jp

3 C:\Windows\explorer.exe [3188]

4 C:\Windows\System32\userinit.exe [4724]

5 C:\Windows\System32\winlogon.exe [656]

winlogon.exe

Thumbprint

eee746c7dd41646f922cd8a6a0ead1e4b5f2ce175432bf9d539824de8056431e

Exploit prevention

This thread was automatically locked due to age.