AhnLab ASEC reported malicious HWP documents tailored to South Korea’s domestic academic conference season, likely exploiting the summer paper-submission period and reusing behavior seen in earlier HWP/EPS malware. The documents displayed little or no normal content and used embedded EPS shellcode to download a BAT script and Base64-encoded CAB archive from resulview.com infrastructure. The CAB contents registered persistence under HKCU\Software\Microsoft\Windows\CurrentVersion\Run, collected host information, uploaded it to hxxp://resulview.com/5hadr/upload.php, and supported additional downloads for follow-on activity. The source does not name an actor, but it provides detection value around HWP/EPS exploitation, repeated shellcode/XOR patterns, and the listed resulview.com C2 paths.