Windows LOLBAS Multi-Stage Privilege Escalation Chain

Detects chained abuse of native Windows binaries (LOLBAS) used to download, decode, or execute payloads in privilege escalation contexts, a common pattern among APT actors avoiding detectable tooling