RARLAB removed unacev2.dll entirely to fix the issue.
When a user opens "22793.rar" (or similar ACE-based exploits): 22793.rar
No complex exploit was needed; the Windows Startup folder handled the execution. RARLAB removed unacev2
For years, this was one of the most "reliable" ways for hackers to infect systems because: Users generally trust .rar files. 22793.rar