2024-01-21 by Matthew W (@0xDeadcell)
Windows being sus? Inconceivable!
Windows executes a suspiciously named DLL export with a name of SusRunTask, and this DLL checks many various Scheduled Task and Autostart execution locations, such as Registry persistence locations and C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\, as well as spawning new processes that are not child processes.