The source analyzes a malicious LNK file assessed as likely Konni activity and disguised as a 2024 application form for North Korean human-rights civic-organization strategic activity support. The shortcut runs heavily obfuscated PowerShell, searches for a matching LNK file, extracts embedded byte ranges, writes and opens a decoy HWPX document, then drops and expands a CAB file under a MicrosoftEdge-themed ProgramData path. The extracted batch logic creates a scheduled task named MicrosoftEdgeEasyUpdate to run every 13 minutes, supporting persistence through a Temp-based batch file. Additional components appear to collect host and user-environment data such as computer name, desktop file listings, document file listings, whoami, systeminfo, and ipconfig output, with referenced infrastructure including a Cafe24-hosted domain and IP address. The lure theme and likely Konni attribution make the activity relevant to DPRK-linked targeting of Korean civil-society and North Korea human-rights communities.