Files could be dropped into the Windows Startup folder .
The archive contains a file with a relative path like C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exploit.exe . 22793.rar
The file is a well-known proof-of-concept (PoC) archive used to demonstrate a critical vulnerability in WinRAR (tracked as CVE-2018-20250 ). Files could be dropped into the Windows Startup folder
No complex exploit was needed; the Windows Startup folder handled the execution. 22793.rar
The file is an ACE archive renamed with a .rar extension to trick the user.