satk0

Hi 7zipers, I am trying my best to detect extraction of password-protected zip file. I refered to this: https://www.socinvestigation.com/windows-event-id-5379-to-detect-malicious-password-protected-file-unlock/ I've configured Group Policy as in here: https://learn.microsoft.com/en-us/answers/questions/1045216/event-5379: Security Settings/Local Policies/Audit Policy/Audit account management Security Settings/Advanced Audit Policy Configuration/Audit Policies/Account Management/Audit User Account...