A Korean malware analysis links the integration.pdf.lnk sample to Konni, described in the source as a North Korea-linked intrusion group associated with Thallium/APT37 and possibly Kimsuky. The LNK masquerades as a PDF view action and invokes cmd.exe with hidden PowerShell to decode and run a Base64 command. The decoded chain downloads hxxp://2.58.56.124/API481f.zip into the user's AppData folder, extracts AutoIt3.exe and script.a3x, executes the AutoIt script, and deletes the ZIP artifact. The report provides hashes for the LNK, including SHA-256 3a37c34e5b677b4388176fdcb41ce5c8971f6dc82116adc99309ca744c58ba66, and notes broad antivirus detection as of 2024-08-22. The activity matters because it shows PDF-themed LNK delivery, encoded PowerShell staging, and AutoIt-based execution in a Konni-attributed intrusion chain.