LOLBAS Process Spawned from Web Browser (Keitaro Malvertising)

Detects popular web browsers spawning child processes that are known LOLBAS binaries, a pattern consistent with Keitaro malvertising campaigns that infect users through malicious ads and phishing pages to deliver multi-stage malware. Covers Chrome, Edge, Firefox, Opera, Brave, and Vivaldi with exclusions for internal browser processes.