While struggling to keep my accounts secure over the past few days, I have found the source of a recurring infection. I bought 3 64GB USB C/A flash drives from microcenter a while ago. One of them has been replaced internally with a board that does more than just store data on flash memory.
The first hint was, when I was cycling through flash drives looking for certain data, this drive would not safely eject. No matter what I closed I would have to forcefully remove this drive.
Within seconds of this flash drive being plugged in, all of the processes in task manager show 0 or negative ram used for each application. Network activity indicates data exfiltration.
This worked on both a x64 laptop and an ARM64 surface. My surface has been cleansed, and images of both devices were taken. I still need to fix my x64 laptop, but that may have to wait until tomorrow.
I will try to remember to upload pictures of task manager and the difference in circuit boards between the USB flash drives. I have reported this to the internet crimes complaint center.