The Korean analysis attributes a large malicious LNK file themed around Hyundai data recovery and procedure establishment to Kimsuky, while noting uncertainty about how the lure content was obtained. The shortcut contains PowerShell that searches for an oversized LNK, extracts an embedded decoy PDF, XOR-decrypts an executable and manifest, and writes them to the hidden system-marked directory C:\tempcaches. Persistence is created with two scheduled tasks: one runs C:\tempcaches\ms.exe every 10 minutes and another invokes wscript against c:\tempcaches\cache.vbs every 11 minutes, after which the original LNK is removed. The analysis provides file hashes, dropped paths, task names, and relevant Windows logging sources, making the sample useful for detecting Kimsuky-style LNK execution, payload extraction, and scheduled-task persistence.