...
Checks 1 and 2 can be trivially implemented in Process Monitor. Check 3 is a little more complicated and may result in some false positives if we limit our tool to strictly what can be done with a Process Monitor Filter. But I've created a filter that [Download from Github] that seems to do a pretty good job of making privilege escalation vulnerabilities pretty obvious.
...