3. Your SOC team has detected an anomaly indicating a potential APT attack. This threat actor is known for its stealth and long-term presence within a network to steal sensitive information. Which of the following indicators is MOST likely to suggest an APT presence?