This detection rule identifies attempts to modify the Windows Registry to set the network profile to 'Private' within the specific registry path HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{GUID}. By changing the Category value to 1, which corresponds to a private network, an adversary may seek to enable less restrictive firewall policies, potentially preparing for lateral movement or other malicious activities. Such modifications can be part of legitimate network configurations, but their occurrence outside established IT protocols—especially in conjunction with signs of abnormal account usage or execution of unsigned binaries—warrants attention as potential indicators of compromise. Regular monitoring for these registry changes, particularly when associated with persistence strategies or irregular administrative actions, is imperative for effective post-exploitation detection and response.