During dynamic analysis of a suspicious binary, you observe it calling CreateRemoteThread targeting explorer.exe.What technique is most likely being used?