A Korean malware write-up analyzes a Windows LNK sample attributed to Kimsuky and assessed as likely designed to steal login information. The evidence includes file hashes for the shortcut, obfuscated command-line content embedded in the LNK, and Windows shortcut metadata rather than a benign document workflow. Defenders should treat the sample as DPRK-linked credential-theft activity, pivot on the published MD5, SHA-1, and SHA-256 values, and monitor for suspicious shortcut execution chains that launch command interpreters or scripted payloads.