Process hollowing is a technique used by malware to evade detection by injecting malicious code into a legitimate process. This technique involves creating a new instance of a legitimate process and replacing its original code with the malicious payload.

The process is the following:

• CreateProcess: in a suspended mode with the CreationFlag at 0x0000 0004.
• …