Detects the use of the "iexpress.exe" utility to create self-extracting packages. Attackers have been observed leveraging "iexpress" to dynamically compile packages using ".sed" files. Investigate the command-line options passed to "iexpress," and if a ".sed" file is involved, review its contents and verify its legitimacy....