Scheduled Task Persistence with Suspicious Script Interpreter Payload

Detects scheduled task creation invoking script interpreters or LOLBAS tools (PowerShell, WScript, CertUtil, MSHTA, Rundll32), critical persistence technique found in Falcon IR investigations even on apparently clean hosts after initial triage.