How does the Shell Extension persistence method hijack explorer.exe startup via COM DLL?

Shell Extension persistence works by registering a malicious COM DLL as a shell extension, which explorer.exe loads automatically during startup. This technique has been used by malware like COMRAT and ZeroAccess rootkit. The Analysis of Windows Backdoor Exploitation Methods in CIA Vault7 RDB notes that it hijacks the normal startup process of explorer.exe, providing a stealthy persistence mechanism.