## unzip-then-run

This scenario uses Powershell to unpack ZIP archive lying around (into %LOCALAPPDATA%), then it changes directory there and runs NisSrv.exe..

Double click on HTML file to download **iso** and follow infection chain.

Successful infection will result in spawning a calc from mpclient.dll sideloaded into NisSrv.exe.