A WooriCard-themed LNK sample is assessed by the source as likely Konni-linked, with caution, and is aimed at users of Woori Bank/Woori Card security-mail workflows. The shortcut runs obfuscated batch logic to launch hidden PowerShell, locate a specifically sized LNK file, extract an embedded WooriCard_20231108.html phishing page, and display a fake encrypted mail prompt requesting birthdate or business-registration information. A second embedded payload is expanded from a CAB file into C:\Users\Public\Libraries and runs avtue483.bat, which inventories files from Desktop, Documents, Downloads, Music, Pictures, and Videos. The excerpt also describes an upload helper that posts collected files with the computer name to a remote data endpoint, making the lure both a credential-phishing and host-reconnaissance chain.