# IoCs For the emulation of IOCs, there are twenty-six different options of indicators that can be tested, which are described below. 1. Process creation: A new process will be created. 2. A process changed a file creation time: A process will explicitly change a file creation time. 3. Network Connection: A new network connection event will be created. 4. Disable firewall: The firewall will be disabled. 5. Process terminated: A process is ended. It is necessary to specify the PID of the process to be stopped. 6. Driver Loaded: A driver is loaded in the system. 7. Image Loaded: A module is loaded into a process. 8. CreateRemoteThread: A process will create a thread in another process. 9. RawAccessRead: A process will perform read operations from the unit using the denotation. 10. ProcessAccess: A process will open another process. 11. FileCreate: A new file is created. 12. RegistryEvent (Object create and remove): An operation of creation or deletion of Registry key and value is performed. 13. RegistryEvent (Value Set): The modification of a Registry value is performed. 14. RegistryEvent (Key and Value Rename: The renaming of a registry value is performed. 15. FileCreateStreamHash: A named file stream is created. 16. ServiceConfigurationChange: A configuration change is made. 17. PipeEvent - Pipe Created: A named pipe is created. 18. Pipe Connected: A connection of a named pipe is made. 19. WmiEvent - WmiEventFilter activity detected: A WMI filter event will be registered. 20. WmiEventConsumer activity detected: A WMI consumer will be logged. 21. WmiEvent - WmiEventConsumerToFilter activity detected: A WMI consumer shall join a filter. 22. DNSEvent - DNS query: A process will execute a DNS query. 23. File Deletion Event: A file will be removed. 24. ClipboardChange - New content in the clipboard: Changes will be made to the contents of the system clipboard. For more information: --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.reveald.com/technical-documentation/admin-guides/epiphany-validation-engine-users-guide/chapter-3-eve-platform/navigation-tabs/emulation-control/ioc-validation/iocs.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.