[ CreateToolhelp32Snapshot ]
https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-createtoolhelp32snapshot
take note of 1st param TH32CS_SNAPTHREAD

[ THREADENTRY32 structure ]
https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/ns-tlhelp32-threadentry32

[ Thread32Next ]
https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-thread32next

[ SuspendThread ]
https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-suspendthread

[ CONTEXT structure ]
https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-context

[ GetThreadContext ]
https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-getthreadcontext

[ SetThreadContext ]
https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-setthreadcontext

[ ResumeThread ]
https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-resumethread

References from Malware Development and Reverse Engineering 1 - the Basics 
=============================================================================

[ PROCESSENTRY32 structure ]
https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/ns-tlhelp32-processentry32

[ Process32First ]
https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-process32first

[ Process32Next ]
https://docs.microsoft.com/en-us/windows/win32/api/tlhelp32/nf-tlhelp32-process32next

[ Taking a Snapshot and Viewing Processes ]
https://docs.microsoft.com/en-us/windows/win32/toolhelp/taking-a-snapshot-and-viewing-processes

[ VirtualAllocEx ]*
https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualallocex

[ WriteProcessMemory ]*
https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-writeprocessmemory

[ CreateRemoteThread ]*
https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createremotethread

[ OpenProcess ]*
https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess

[ Process Security and Access Rights - Used in 1st param of OpenProcess ]
https://docs.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights

*signature APIs in Remote Process Injection Malware
- if you see these, it means the malware has process injection capabilities