RunPE Technique

A common technique malware uses: running the original executable, suspending it, unmapping from the memory, mapping the payload on its place, and running it again.