I need to detect, using C++, which process in the system (Windows) modified or deleted a specific file. I created a 'bait' file to simulate a honeypot for testing ransomware.
I would like to identify and return the exact process responsible for this modification or deletion.
I have already tried using ReadDirectoryChangesW, but it doesn't return the process responsible for the modification.