ASEC found a malicious HWP document disguised as a COVID-19 relief fund personal-information consent form, apparently edited from a legitimate original document. The file used a malicious EPS object containing encoded PostScript and shellcode, reusing malicious RTF and shellcode components previously observed in a cover-letter-themed lure. The shellcode attempted to download additional payloads from gozdeelektronik[.]net paths ending in movie.png and movie.jpg and inject them into explorer.exe, but the payloads were unavailable during analysis. The activity shows continued reuse of older HWP/EPS exploitation techniques and infrastructure patterns, with impact limited on fully patched HWP versions because the EPS vulnerability had been patched in 2017.