Living-off-the-Land Persistence via Suspicious Scheduled Task Creation

Identifies scheduled task creation via schtasks.exe with suspicious parameters such as encoded execution, temporary path references, or remote download, a LOTL technique documented in The Hacker Recipes for maintaining post-exploitation persistence