How does Process Hollowing simulate IE browser to download files, and what is a key requirement?

Process Hollowing creates a suspended `iexplore.exe` process, clears its memory, writes the payload (e.g., a downloader), restores the context, and resumes execution. The download function uses `InternetOpen` and `InternetOpenUrl` with a custom User-Agent like `RookIE/1.0`. This technique requires careful manipulation of the process's memory and is often used to evade detection by masquerading as a legitimate IE process.