From c103022f40c42a820ec096f5c187f579a08a4955 Mon Sep 17 00:00:00 2001
From: Kendell R <KTibow@users.noreply.github.com>
Date: Tue, 23 Jan 2024 06:39:44 -0800
Subject: [PATCH] add Falcon flag

---
 src/lib/analysis/runAnalysis.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/lib/analysis/runAnalysis.ts b/src/lib/analysis/runAnalysis.ts
index caa8628..5f4bc16 100644
--- a/src/lib/analysis/runAnalysis.ts
+++ b/src/lib/analysis/runAnalysis.ts
@@ -103,6 +103,10 @@ const scan = (file: string, contents: string, state: Analysis) => {
     state.obfuscation["Obfuscator Stringer"] = { file };
   }
 
+  if (contents.includes("Falcon is downloading classes...")) {
+    state.obfuscation["Downloads remote content"] = { file };
+  }
+
   const addFlag = (name: string, data: { link?: string; initialFind: InitialFind }) => {
     if (state.flags[name]) {
       state.flags[name].matches.push(file);