Beyond good ol’ Run key, Part 118

October 4, 2019 in Anti-Forensics, Autostart (Persistence)

In my last post I mentioned mso.dll. This DLL hides a lot of secrets.

One of them is the Microsoft’s own version of AirDrop that is configured via a following Registry entry:

HKLM\SOFTWARE\Microsoft\AirDrop
DllName=<DLL Name>

I have never used / tested it, but it’s yet another location to check.

Share this :)

Comments are closed.