How can an attacker use userland registry hijacking for persistence with scheduled tasks?

An attacker can hijack a scheduled task that uses a COM component by modifying the `InprocServer32` subkey under `HKCU:\Software\Classes\CLSID\{CLSID}` where `{CLSID}` corresponds to a scheduled task's COM handler. Setting this key's default value to a malicious DLL path causes the task to load that DLL on logon. This only requires standard user rights because the change synchronizes to `HKCR`. For example, hijacking the `UserTask` scheduled task ({58fb76b9-ac85-4e55-ac04-427593b1d060}) can achieve persistence. This technique is similar to COM object hijacking to maintain persistence——Hijack explorer.exe.