https://ired.team/miscellaneous-reversing-forensics/windows-kernel/manipulating-activeprocesslinks-to-unlink-processes-in-userland