ServiceUI.exe can be used as an execution “cradle” to run stuff as SYSTEM via scheduled tasks or a GUI trick. It’s a tiny staging move, but because it’s a legit, Microsoft-signed binary, it can dodge simple execution rules and make detections miss the activity. Full video: https://youtu.be/4caJw0JJ...