The source analyzes a Kimsuky-attributed CHM malware sample named via.chm that was described as built to target journalists. The CHM content abuses an ActiveX shortcut object and JavaScript to run hidden commands, write mini.dat, decode it into mini.vbs with certutil, and register persistence under HKCU\Software\Microsoft\Windows\CurrentVersion\Run. The embedded PowerShell uses a spoofed browser User-Agent, contacts one.bandi.tokyo infrastructure, and contains routines for collecting and uploading data through multipart web requests. The article provides hashes for the sample and highlights the CHM-to-VBS-to-PowerShell chain as the key infection mechanism.