What are the most common indicators of compromise (IoCs) you would look for when investigating a suspected network intrusion?