How does the Gootkit Banking Trojan achieve persistence without administrator privileges?

The Gootkit Banking Trojan exploits a unique backdoor startup method that leverages the IEAK Group Policy mechanism. By adding a registry entry under `HKEY_CURRENT_USER\Software\Microsoft\Ieak\GroupPolicy\PendingGPOs` pointing to a specially crafted `.inf` file, the trojan ensures that when `explorer.exe` starts, it loads the pending GPO and executes the commands defined in the `.inf` file. This technique requires only standard user permissions, as detailed in the Analysis of Backdoor Exploitation in Gootkit Banking Trojan.