Added new COM Hijack related registries

[swachchhanda000]

Adding registry paths already used in existing Sigma rules for better coverage and consistency.

Refs:

1. TreatAs: https://grep.app/search?f.repo.pattern=sigma&q=%5CTreatAs
2. DelegateExecute: https://grep.app/search?f.repo.pattern=sigma&q=\DelegateExecute
3. LocalServer32: https://grep.app/search?f.repo.pattern=sigma&q=\LocalServer32\

[Copilot]

Pull Request Overview

This PR enhances COM hijack detection by standardizing the event classification and expanding monitored registry paths.

• Replaced T1122 entries with the more specific T1546.015 classification.
• Added registry keys LocalServer32, TreatAs, ScriptletURL, and DelegateExecute for broader COM hijack coverage.
• Applied these updates in both the regular and block-mode Sysmon export configurations.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
sysmonconfig-export.xml	Updated COM hijack entries to T1546.015 and added new registry keys
sysmonconfig-export-block.xml	Mirrored T1546.015 updates and new registry paths in block config

Comments suppressed due to low confidence (2)

sysmonconfig-export.xml:725

• Add a comment or reference (e.g., MITRE ATT&CK link or detailed blog post) explaining why the ScriptletURL key is monitored, matching the style of the other entries.

			<TargetObject name="T1546.015" condition="end with">\ScriptletURL\(Default)</TargetObject>

sysmonconfig-export-block.xml:682

• Include a descriptive comment or reference for the ScriptletURL registry path to clarify its inclusion and align with the existing comments on other COM hijack keys.

			<TargetObject name="T1546.015" condition="end with">\ScriptletURL\(Default)</TargetObject>