The source analyzes a Konni-attributed ZIP-delivered LNK malware lure using Korean tax and explanatory-material document names. The malicious LNK was unusually large and contained an obfuscated PowerShell command that ran hidden, decoded hex-encoded script content, extracted embedded payload data from the shortcut, and wrote files under public user directories. The chain produced document decoys and launched a VBS script from a public documents/start path, while removing staging artifacts to reduce visibility. The article links Konni to North Korea-associated activity and provides MD5, SHA-1, and SHA-256 hashes for the LNK sample.