How does hijacking the MruPidlList COM object allow an attacker to maintain persistence?

The MruPidlList COM object is loaded by shell32.dll, which is called by explorer.exe at system startup. By setting the registry key `HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}` to point to a malicious DLL, an attacker can force explorer.exe to load that DLL every time the user logs in, creating an active backdoor that triggers without user interaction. This technique is detailed in Use COM Object hijacking to maintain persistence——Hijack explorer.exe.