The Korean analysis attributes a VBS malware sample named Consent Form_Princeton Study.vbs to Kimsuky and documents hashes for the script. The malware opens a Princeton-themed Google Drive lure while collecting battery and process information, checking for curl, and contacting grekop.online infrastructure. Its script manipulates browser and mail shortcuts, downloads a follow-on video.vbs payload to C:\Users\Public\Videos, establishes persistence through the HKCU Command Processor AutoRun registry value, and POSTs collected status data to the C2 endpoint. The excerpt shows the lure content was only social-engineering cover for a Windows script chain rather than the substance of the malware report.