Scanning the Windows files for possible persistence mechanisms I came across a few interesting strings inside the Natural Language Development Platform 6 library (NaturalLanguage6.dll):
Quick google exercise followed and I found this post in Russian that explains that these are actual Registry entries – by changing them the author was able to use Russian morphology modules for searches on Sharepoint.
Now that I had an idea what it is, I was curious if the entries are used on Windows 10.
Procmon with boot logging enabled confirmed that it is the case – the C:\WINDOWS\system32\SearchIndexer.exe process looks for the DLLOverridePath entries under the following locations (language may vary on non-English OS versions):
Since the overridden locations are loaded via LoadLibrary, it is yet another persistence location to look at.