You may want to check out this article on parent pid spoofing.
https://pentestlab.blog/2020/02/24/parent-pid-spoofing/

is there any reasonable user land way to detect @JohnLaTwC ?

the only the way I can see to detect PPID spoofing is via ETW..

Afaik, UAC will also spoof your parent process by using svchost service name.

reference to what @olliencc and @Omodaka9375 said about parent pid spoofing: https://blog.f-secure.com/detecting-parent-pid-spoofing/

Tüm işlemleri iptal etmek istiyorum