January 23, 2022 in Autostart (Persistence)
This is a post that should have appeared here at least 10 years ago.
There is an enigmatic Registry entry:
HKLM\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\PeerDist\Extension\PeerdistDllName=peerdist.dll
that I came across many times ago. The problem is that I, frankly, don’t know when it is being used, but it’s yet another locations to keep an eye on, in case the default DLL location has been replaced.
The wininet.dll library is using this location internally in its P2P_PEER_DIST_API::LoadPeerDist function.
Yes, I am not making it any clearer…