QRLog is a Java RAT found in February 2023 inside an otherwise functional Java QR-code generator, where malicious code in QRCodeWriter.java wrote and executed QRLog.java from a temporary directory. The malware decoded embedded base64 content, checked whether it was running on Windows, Linux, or macOS, staged prefTmp.java and p.dat, and deleted temporary artifacts after execution. Runtime analysis observed network configuration reads, an ICMP request to an external host, temporary directory creation, and Java file execution before CrowdStrike Falcon blocked the activity. The sample polled https://www.git-hub.me/view.php and used GitHub-themed parameters, making the report relevant to DPRK/Chollima developer-targeting malware research.