A Kimsuky-attributed CHM lure masqueraded as a South Korean National Assembly committee meeting schedule, suggesting targeting of lawmakers, legislative aides, or related personnel. The sample displayed garbled visible content while embedded HTML and CHM ActiveX-style shortcut logic launched PowerShell commands in the background. The script copied a matching temporary file into the user’s AppData directory as Helpstore.exe, created a scheduled task named MicrosoftEdgeUpdateTask to run it one minute later, and loaded a hidden iframe pointing to checker.jetos.com. The excerpt provides hashes for the CHM file, Helpstore.exe, and index.html, and multiple security products detected the sample as a CHM downloader, HTML agent, dropper, or related Windows Trojan.