During a penetration test, a tester identifies traditional antivirus running on the exploited server. Which of the following techniques would BEST ensure persistence in a post-exploitation phase?
A. Shell binary placed in C:windowstemp
B. Modified daemons
C. New user creation
D. Backdoored executables