A Kimsuky-attributed Windows MSC file is presented as a Twitch and LootLabs event lure and uses a Microsoft Word icon to make the console file appear legitimate. The embedded task launches PowerShell with a hidden window and downloads a remote script from oshi.at, which then reconstructs hex-encoded binary content. The script writes the payload as RfQK.mp3 in the Common Documents folder, renames it to RfQK.exe, and starts it through conhost.exe to reduce user visibility. The excerpt provides MD5, SHA-1, and SHA-256 hashes, making the sample useful for tracking Kimsuky lure themes, MSC abuse, and script-based payload staging.