The source analyzes a Kimsuky-linked malicious Word document named as a mutual-divorce intent confirmation application, a lure also associated with North Korea-focused targeting in South Korea. The macro-enabled document displays a divorce form decoy but runs AutoOpen code that writes version.ini under the user’s Microsoft Templates path and launches it with wscript.exe. The script retrieves further code from a Google Drive download URL, establishes persistence through scheduled tasks and follow-on scripts, and ultimately supports QuasarRAT-style remote access behavior including account and system information collection and file transfer. The report provides file hashes for the document and notes network activity to Google infrastructure during payload retrieval.