This approach of antivirus evasion aims to inject malicious code into a benign process’s memory. A common way to do this on Windows is to use OpenProcess to obtain a handle of an accessible process. Using the handle, the attacker can allocate memory in that process with APIs such as VirtualAllocEX. The malicious code could be injected into the allocated process with WriteProcessMemory. The code can then be executed with CreateRemoteThread.