- com_hijack - loads a demo DLL via COM hijacking
- extension_hijack - hijacks extensions handlers in order to run a demo app while the file with the given extension is opened
- shim_persist - installs a shim that injects a demo DLL into explorer.exe
Demos of various (also non standard) persistence methods used by malware
Demos of various (also non standard) persistence methods used by malware