Malware Beaconing from Engineering Workstation to Suspicious VPS Infrastructure

On 13 April 2026, monitoring detected regular HTTPS beaconing every five minutes from ENG-LAPTOP-22 to 91.134.28.77 (/gate/checkin) with a non-standard JA3 fingerprint. Memory analysis revealed process injection into explorer.exe and a dropped DLL at C:\ProgramData\Microsoft\Cache\mscorecache.dll (SHA1: a8cce9b18d4a3c0bf9ddf5727b5a4ae7d1fd7782) installed via a service named "Windows Cache Telemetry", consistent with a remote access trojan providing persistent C2 access; no destructive activity was observed at reporting.