"iexplore.exe" wrote bytes "b033f06e" to virtual address "0x7754917C" (part of module "IERTUTIL.DLL") "iexplore.exe" wrote bytes "60d2f36e" to virtual address "0x75DB1D7C" (part of module "SHEL元2.DLL") "iexplore.exe" wrote bytes "a035f06e" to virtual address "0x76FA131C" (part of module "SHLWAPI.DLL") "iexplore.exe" wrote bytes "b033f06e" to virtual address "0x001F70C0" "iexplore.exe" wrote bytes "b033f06e" to virtual address "0圆DFBF6A0" (part of module "IEFRAME.DLL") "iexplore.exe" wrote bytes "b033f06e" to virtual address "0x77581100" (part of module "MSCTF.DLL") "iexplore.exe" wrote bytes "a035f06e" to virtual address "0x7754B0CC" (part of module "IERTUTIL.DLL") "iexplore.exe" wrote bytes "b033f06e" to virtual address "0x76AF11BC" (part of module "GDI32.DLL") "iexplore.exe" wrote bytes "60cdf36e" to virtual address "0x75DB1E14" (part of module "SHEL元2.DLL") "iexplore.exe" wrote bytes "b033f06e" to virtual address "0x778117CC" (part of module "ADVAPI32.DLL") "iexplore.exe" wrote bytes "b033f06e" to virtual address "0x745A1250" (part of module "UXTHEME.DLL")
"iexplore.exe" wrote bytes "a035f06e" to virtual address "0x745A139C" (part of module "UXTHEME.DLL") "iexplore.exe" wrote bytes "a035f06e" to virtual address "0x76A01064" (part of module "IMM32.DLL") "iexplore.exe" wrote bytes "60d2f36e" to virtual address "0x76FA13B8" (part of module "SHLWAPI.DLL") "iexplore.exe" wrote bytes "b033f06e" to virtual address "0x76FA11B8" (part of module "SHLWAPI.DLL") "iexplore.exe" wrote bytes "b033f06e" to virtual address "0x76A214E0" (part of module "USER32.DLL") "iexplore.exe" wrote bytes "b033f06e" to virtual address "0x76E51164" (part of module "USP10.DLL") "iexplore.exe" wrote bytes "a035f06e" to virtual address "0x77581298" (part of module "MSCTF.DLL") "usb_1_.txt" has type "UTF-8 Unicode text" "favicon_3_.ico" has type "PNG image data 16 x 16 4-bit colormap non-interlaced" Installs hooks/patches the running process
Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources. Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager.