Kimsuky is linked to a malicious MSC file disguised as a South Korean National Assembly advisory about North Korea's new suicide drones. The lure opens a Google Docs decoy while command-line logic downloads files from petssecondchance.larcity.dev into Public Music and Pictures directories, renames them as XML and VBS artifacts, and creates scheduled tasks named TerminalServiceUpdater and TermServiceUpdater. The infection chain uses Microsoft Management Console content to run hidden commands, fetch payloads from CSS-looking paths, and establish persistence through Windows Task Scheduler. The excerpt provides hashes for the MSC sample and multiple file paths and URLs that defenders can use to hunt for related activity.