Executables in the registry.
I've known this for over 8 years now.
What is new to me that they use a microsoft trick so you can not read the code.
Malware writers have been hiding junk in the registry for years now and was one of the way they would reinfect the persons internet browser.