0x7e28D9889f414B06c19a22A9Bd316f0AC279a4d6

Operator's own Ethereum wallet, derived from a hardcoded BIP-39 recovery phrase ('bench crane defense corn wheel trial news abuse finish better paddle slush') left inside the binary and present in the malware's wallet skip-list. Near-empty test wallet; an OPSEC failure that aids attribution.