xampp log location

C:\xampp\apache\logs\access

looking at the log, you may discover client side attack by observing useragent strings if the browser is old.

https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/windows/browser/firefox_smil_uaf.md