Code Execution from Archive Tool (WinRAR/7-Zip Style CVE-2023-38831)

Detects command interpreter and script execution as direct child processes of archive applications. Technique similar to CVE-2023-38831 where user interaction with a malicious file triggers code execution through WinRAR, 7-Zip, or other archive utilities common in corporate environments.