A Korean malware analysis attributes an SGI Seoul Guarantee-themed CHM lure, sgic_info.chm, to Kimsuky and describes it as a fake insurance-contract notice likely aimed at a Korean logistics-related target. The CHM uses hh.exe to decompile content under C:\Users\Public\Libraries, drops Docs.jse and a decoy sgic_info.html, and runs wscript to continue execution. The JScript applies character substitution/rotation obfuscation, writes persistence-related registry data, and launches PowerShell to download alg.exe from drimby.top/wndfi. The source provides hashes for the CHM and dropped files, making the report useful for tracking Kimsuky CHM-lure tradecraft and associated infrastructure.