Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region. - View it on GitHub