Fax Service DLL Search Order Hijack (828af599-4c53-4ed2-ba4a-a9f835c434ea)

The Fax service attempts to load ualapi.dll, which is non-existent. An attacker can then (side)load their own malicious DLL using this service.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	Fax Service DLL Search Order Hijack (828af599-4c53-4ed2-ba4a-a9f835c434ea)	Sigma-Rules	1
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	Fax Service DLL Search Order Hijack (828af599-4c53-4ed2-ba4a-a9f835c434ea)	Sigma-Rules	1
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2