Archive Tool Spawning Shell Processes (Compressed File Exploitation)

Detects shell or LOLBin processes directly spawned by archiving utilities like WinRAR or 7-Zip, behavior associated with code execution via malicious archives similar to WinRAR CVE-2023-38831.