Initial Infection
This attack started the way most attacks start these days.... with a fake captcha prompting the user to press Win + R -> CTL + V -> Enter. (I have written about this previously).
This opens a run dialog box, paste in the contents of the clipboard, and