How does the explorer.exe hijacking technique compare to other COM hijacking methods like CLR hijacking or CAccPropServicesClass hijacking?

CLR hijacking uses environment variables to intercept all .Net program startups, while CAccPropServicesClass hijacking only triggers when Internet Explorer is launched (a passive backdoor). Explorer.exe hijacking via MruPidlList is active because the desktop process starts automatically, making it reliable for system-wide persistence. Each method targets different COM objects but ultimately abuses same-class registry entries. For deeper details on CLR and CAccPropServicesClass methods, refer to the previous articles referenced in Use COM Object hijacking to maintain persistence——Hijack explorer.exe.