If you CreateProcess then IMMEDIATELY NtSuspendProcess, the process is created then suspended while not even fully initialised (only its image and NTDLL.DLL are loaded and in the module list).
It is also not appearing in the task manager process lists, neither in the Processes tab, nor in the Details tab.
It does appear in Process Hacker (non-admin, without its kernel driver) so the process can still be found from other user-mode processes, but it’s interesting that task manager doesn’t list it.
Using Process32First and Process32Next to enumerate all the processes as recommended by Microsoft does show the process, so it’s certainly the way the task manager itself lists the processes that is faulty, not the API functions themselves.
Might be useful to hide a process from the default task manager, or to investigate further to know more about the cause of that oddity?
I don’t think I’ll follow the white rabbit on that one any time soon though.