A Korean malware analysis describes a second Kimsuky-linked MSC sample using the same aerospace lecture request theme but a different hash, including SHA-256 83457462d1885acce9f4e46ad4053d050d3b0c7f3935b61f378e52f0eed5a68b. The MSC runs cmd.exe with a minimized window, downloads a decoy Word document named Grieco Kavanagh Passive Supporters.docx from rem.zoom-meeting.kro.kr, retrieves a payload as %appdata%\pest, writes it to %appdata%\pest.exe, and installs a scheduled task named TemporaryClearStatesesf to run every 58 minutes. It also downloads a manifest from the same 0829_pprb path, while the decoy document presents a lecture invitation about the space economy at a Seoul hotel. The source frames the activity as likely targeting aerospace engineering professors or companies to steal aerospace-related technology.