WinRAR/7-Zip Archive Exploitation - Child Executable Detection

Detects execution of binaries or scripts originating from archive tools (WinRAR, 7-Zip, unrar) outside legitimate system paths. Covers the pattern of active 2025 archive vulnerabilities similar to CVE-2023-38831 that allow code execution when interacting with socially-engineered manipulated compressed files.