In order to maintain its presence on an infected system, malware employs a variety of persistence techniques. Although persistence is a well-known tactic of modern malware, our community lacks a comprehensive understanding of the types and prevalence of techniques adopted by Windows malware. In this paper we present the largest documented set of persistence techniques (72 in total), highlighting their common characteristics and proposing a novel classification. Leveraging our systematization, we then design and implement a unified framework to characterize the adoption of each technique. Our framework (1) detects behavioral patterns that indicate the adoption of known techniques and (2) hunts for undocumented techniques by inspecting suspicious changes to the file system and Registry database. By studying the adoption of persistence techniques across 48,873 detonated Windows malware samples, our study reveals several fundamental insights. For instance, we show that only 55.2% of samples are persistent—contrary to the general expectation that the vast majority of active malware requires persistence. While most samples rely on well-documented techniques, a small portion adopts more exotic approaches. Besides, while persistence detection is generally considered a solved problem, we reveal that industry-standard persistence detection tools produce a significant number of false positives and false negatives. Finally, our investigation results in the discovery of a new persistence technique and two previously undocumented evasion strategies that are actively employed by real-world malware.