Yes, this was already mentioned in another thread. Quite clever new technique, if I understood it correctly. Especially because it bypasses hooks of security products. I already asked if it's possible for a product like EXE Radar to simply block processes from starting child processes in suspended state, the developer will look into it.