Suspicious Child Processes Spawned from WinRAR

Detects when WinRAR spawns child processes that are command interpreters or known LOLBin binaries, a pattern of archive file vulnerability exploitation similar to CVE-2023-38831 and new WinRAR exploitation variants documented in the Kaspersky Securelist Q2 2025 vulnerability analysis