The analysis examines a Kimsuky-linked malicious Word document that uses social engineering to make the victim enable macros and then executes PowerShell from a temporary file. The macro writes and runs code from C:\Windows\Temp\bobo.txt, which downloads flower01.ps1 from mybobo.mygamesonline.org and establishes persistence under the current user's Run key using an Alzipupdate value. The PowerShell script gathers recent-file, program directory, system, and process information into a file named flower01.hwp under the user's roaming profile, then uploads collected data to the command-and-control server. It also includes decoding logic and download functionality for commands from the C2, supporting remote execution, file upload, file download, persistence, and system reconnaissance. The post frames this activity within Kimsuky's long-running espionage targeting of South Korean government, research, academic, and private-sector entities.