What registry keys are commonly used for COM hijacking targeting explorer.exe, and why is this considered an active backdoor compared to other methods?

The primary keys are `HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}` (MruPidlList) and `HKCU\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}` (used by ZeroAccess). Unlike passive backdoors such as hijacking CAccPropServicesClass (which only triggers when IE starts), hijacking explorer.exe is active because explorer.exe runs automatically at system boot, ensuring the backdoor executes on every startup. This method is covered in Use COM Object hijacking to maintain persistence——Hijack CAccPropServicesClass and MMDeviceEnumerator.