## register-xll

This scenario uses Powershell to locate own .ZIP file in user downloads (across %USERPROFILE%), then it unpacks it to %LOCALAPPDATA% and registers unpacked .XLL..

Double click on HTML file to download **zip** and follow infection chain.

Successful infection will result in spawning a calc from unpacked XLL..

To become successfully infected, ZIP named Report.zip needs to be present somewhere in %USERPROFILE% .