A Korean analysis attributes a malicious LNK file disguised as a CRS report PDF to North Korea's Reaper, also known as APT37. The shortcut searches for PowerShell, locates an embedded payload by file size, extracts and opens a decoy PDF, then writes panic.dat under the public directory and para.dat plus price.bat under the temp directory. The follow-on PowerShell logic loads panic.dat into executable memory with kernel32 APIs such as GlobalAlloc, VirtualProtect and CreateThread. The lure and loader details make the sample relevant to APT37 tracking, especially Korean-language document themes and script-based execution from LNK containers.