Potential DLL Sideloading Of Non-Existent DLLs From System Folders (6b98b92b-4f00-4f62-b4fe-4d1920215771)

Detects DLL sideloading of system DLLs that are not present on the system by default (at least not in system directories). Usually this technique is used to achieve UAC bypass or privilege escalation.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Potential DLL Sideloading Of Non-Existent DLLs From System Folders (6b98b92b-4f00-4f62-b4fe-4d1920215771)	Sigma-Rules	1
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2