What is the AppDomainManager hijacking technique for maintaining persistence in .NET applications?

The AppDomainManager hijacking technique leverages the CLR initialization process to load a custom DLL before a .NET application starts. By setting environment variables (`APPDOMAIN_MANAGER_ASM` and `APPDOMAIN_MANAGER_TYPE`) or using a config file (e.g., `program.exe.config`), attackers can force any managed .NET executable to run a malicious `AppDomainManager` class. This provides a passive backdoor that triggers every time the hijacked program runs, as detailed in Use AppDomainManager to maintain persistence. The technique is similar to other CLR-based persistence methods like Use CLR to maintain persistence.