A: You will generally be OpenProcess, Allocation of Virtual Memory, writing a payload to that memory then creating threads to execute that payload. There's several methods, and generally you watch those system calls to detect them.