DEMO Read-only showcase seeded with synthetic data. Sign-in, reviewing, rules, retention and alerts are disabled. Browse every page and session freely. Install on your fleet →
Session

demo-critical-exfil

claude-code on staging-ci-01 · 20s · first 2026-04-22 20:14:21 · last 2026-04-22 20:14:41
Notes 0

No notes yet. Leave the first one so the next reviewer inherits the context.

Timeline · 7 of 12 events

  1. 2026-04-22
  2. 20:14
    • 20:14:25 file_open Opened C:\Users\ci\.aws\credentials pid 9900 sensitive
    • 20:14:26 file_open Opened C:\Users\ci\.ssh\id_rsa pid 9900 sensitive
    • 20:14:27 dns DNS lookup pastebin.com pid 9900
    • 20:14:29 file_write Wrote C:\Users\ci\AppData\Local\Temp\svc-updater.exe pid 9900
    • 20:14:33 registry_set Wrote registry \REGISTRY\USER\S-1-5-21-1000\Software\Microsoft\Windows\CurrentVersion\Run\SvcUpdater · run key pid 9100
    • 20:14:35 udp_connect UDP send 185.220.101.42:4444 (udp) pid 9100
    • 20:14:36 udp_connect UDP send 45.137.21.9:53413 (udp) pid 9100