decompiled unsorted

2022-06-23 10:12:39 -04:00 · 2022-06-23 10:12:39 -04:00 · 76b6708944
parent c89740987c
commit 76b6708944
19667 changed files with 344161 additions and 0 deletions
--- a/decompiled_unsorted/1.luac.dec
+++ b/decompiled_unsorted/1.luac.dec
@ -0,0 +1,52 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 1.luac 
+
+-- params : ...
+-- function num : 0
+if epcode[1] ~= 232 then
+  return mp.CLEAN
+end
+if epcode[6] ~= 163 then
+  return mp.CLEAN
+end
+if epcode[11] ~= 199 then
+  return mp.CLEAN
+end
+if epcode[12] ~= 5 then
+  return mp.CLEAN
+end
+if epcode[21] ~= 104 then
+  return mp.CLEAN
+end
+if epcode[22] ~= 0 then
+  return mp.CLEAN
+end
+if epcode[23] ~= 2 then
+  return mp.CLEAN
+end
+if epcode[24] ~= 0 then
+  return mp.CLEAN
+end
+if epcode[25] ~= 0 then
+  return mp.CLEAN
+end
+if epcode[134] ~= 45 then
+  return mp.CLEAN
+end
+if epcode[143] ~= 114 then
+  return mp.CLEAN
+end
+if pehdr.NumberOfSections ~= 4 then
+  return mp.CLEAN
+end
+if peattributes.isexe ~= true then
+  return mp.CLEAN
+end
+;
+(mp.readprotection)(false)
+local l_0_0 = (mp.readfile)((pe.foffset_rva)((pesecs[pehdr.NumberOfSections]).VirtualAddress), 832)
+if (mp.crc32)(-1, l_0_0, 1, 832) ~= 3485187017 then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10.luac.dec
+++ b/decompiled_unsorted/10.luac.dec
@ -0,0 +1,27 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10.luac 
+
+-- params : ...
+-- function num : 0
+if pehdr.NumberOfSections ~= 5 then
+  return mp.CLEAN
+end
+if pehdr.SizeOfImage ~= 819200 then
+  return mp.CLEAN
+end
+if (mp.readu_u32)(headerpage, 649) ~= 1936487470 then
+  return mp.CLEAN
+end
+if (mp.readu_u32)(headerpage, 685) ~= 3221225536 then
+  return mp.CLEAN
+end
+;
+(mp.readprotection)(false)
+local l_0_0 = (mp.readfile)((pe.foffset_rva)(pehdr.AddressOfEntryPoint), 23)
+;
+(mp.writeu_u32)(l_0_0, 17, 0)
+if (mp.crc32)(-1, l_0_0, 1, 23) ~= 1897054316 then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/100.luac.dec
+++ b/decompiled_unsorted/100.luac.dec
@ -0,0 +1,16 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 100.luac 
+
+-- params : ...
+-- function num : 0
+if not (mp.get_mpattribute)("MpIsVBScriptAMSIScan") and not (mp.get_mpattribute)("MpIsJScriptAMSIScan") and not (mp.get_mpattribute)("MpIsPowerShellAMSIScan") then
+  return mp.CLEAN
+end
+local l_0_0 = {}
+local l_0_1 = (mp.get_contextdata)(mp.CONTEXT_DATA_AMSI_OPERATION_PPID)
+;
+(table.insert)(l_0_0, l_0_1)
+;
+(MpCommon.SetPersistContextNoPath)("amsidetct", l_0_0, 120)
+return mp.CLEAN
+
--- a/decompiled_unsorted/1000.luac.dec
+++ b/decompiled_unsorted/1000.luac.dec
@ -0,0 +1,14 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 1000.luac 
+
+-- params : ...
+-- function num : 0
+local l_0_0 = (string.lower)((bm.get_imagepath)())
+if l_0_0 then
+  if (string.find)((string.lower)(l_0_0), "\\program files", 1, true) or (string.find)((string.lower)(l_0_0), "teamviewer", 1, true) or (string.find)((string.lower)(l_0_0), "\\steam", 1, true) or (string.find)((string.lower)(l_0_0), "torrent.exe", 1, true) or (string.find)((string.lower)(l_0_0), "game", 1, true) then
+    return mp.CLEAN
+  end
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10000.luac.dec
+++ b/decompiled_unsorted/10000.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10000.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.ismsil == true and peattributes.isdll == false then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10001.luac.dec
+++ b/decompiled_unsorted/10001.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10001.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isdll and peattributes.hasexports then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10002.luac.dec
+++ b/decompiled_unsorted/10002.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10002.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PACKED_WITH:[CMDEmbedded]") then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10003.luac.dec
+++ b/decompiled_unsorted/10003.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10003.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isexe and peattributes.is_delphi then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10004.luac.dec
+++ b/decompiled_unsorted/10004.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10004.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("HSTR:Exception:Mimikatz.A") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10005.luac.dec
+++ b/decompiled_unsorted/10005.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10005.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("HSTR:Exception:Mimikatz.A") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10006.luac.dec
+++ b/decompiled_unsorted/10006.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10006.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isexe == true and peattributes.x86_image == true then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10007.luac.dec
+++ b/decompiled_unsorted/10007.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10007.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10008.luac.dec
+++ b/decompiled_unsorted/10008.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10008.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("SIGATTR:Win32/CompinjWindow") then
+  return mp.INFECTED
+end
+return mp.LOWFI
+
--- a/decompiled_unsorted/10009.luac.dec
+++ b/decompiled_unsorted/10009.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10009.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isexe == true and peattributes.x86_image == true then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/1001.luac.dec
+++ b/decompiled_unsorted/1001.luac.dec
@ -0,0 +1,14 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 1001.luac 
+
+-- params : ...
+-- function num : 0
+local l_0_0 = (string.lower)((bm.get_imagepath)())
+if l_0_0 then
+  if (string.find)((string.lower)(l_0_0), "\\program files", 1, true) or (string.find)((string.lower)(l_0_0), "teamviewer", 1, true) or (string.find)((string.lower)(l_0_0), "\\steam", 1, true) or (string.find)((string.lower)(l_0_0), "torrent.exe", 1, true) or (string.find)((string.lower)(l_0_0), "game", 1, true) then
+    return mp.CLEAN
+  end
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10010.luac.dec
+++ b/decompiled_unsorted/10010.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10010.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10011.luac.dec
+++ b/decompiled_unsorted/10011.luac.dec
@ -0,0 +1,8 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10011.luac 
+
+-- params : ...
+-- function num : 0
+(pe.mmap_patch_va)(pevars.sigaddr + 24, "\1850\000\000\000\144")
+return mp.INFECTED
+
--- a/decompiled_unsorted/10012.luac.dec
+++ b/decompiled_unsorted/10012.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10012.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isexe == true and peattributes.x86_image == true then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10013.luac.dec
+++ b/decompiled_unsorted/10013.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10013.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isexe == true and peattributes.x86_image == true then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10014.luac.dec
+++ b/decompiled_unsorted/10014.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10014.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10015.luac.dec
+++ b/decompiled_unsorted/10015.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10015.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isexe == true and peattributes.x86_image == true then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10016.luac.dec
+++ b/decompiled_unsorted/10016.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10016.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10017.luac.dec
+++ b/decompiled_unsorted/10017.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10017.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isexe == true and peattributes.x86_image == true then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10018.luac.dec
+++ b/decompiled_unsorted/10018.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10018.luac 
+
+-- params : ...
+-- function num : 0
+if pehdr.SizeOfImage > 135168 and pehdr.SizeOfImage < 143360 then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10019.luac.dec
+++ b/decompiled_unsorted/10019.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10019.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/1002.luac.dec
+++ b/decompiled_unsorted/1002.luac.dec
@ -0,0 +1,32 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 1002.luac 
+
+-- params : ...
+-- function num : 0
+is_in_program_files = function(l_1_0)
+  -- function num : 0_0
+  if (string.match)(l_1_0, "%a:\\program files") ~= nil then
+    return true
+  else
+    return false
+  end
+end
+
+is_clickonce_app = function(l_2_0)
+  -- function num : 0_1
+  if (string.match)(l_2_0, "\\appdata\\local\\apps\\2.0\\") ~= nil then
+    return true
+  else
+    return false
+  end
+end
+
+local l_0_0 = (string.lower)((mp.PathToWin32Path)((bm.get_imagepath)()))
+if is_in_program_files(l_0_0) then
+  return mp.CLEAN
+end
+if is_clickonce_app(l_0_0) then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10020.luac.dec
+++ b/decompiled_unsorted/10020.luac.dec
@ -0,0 +1,8 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10020.luac 
+
+-- params : ...
+-- function num : 0
+(pe.mmap_patch_va)(pevars.sigaddr + 35, "é\a\000\000\144")
+return mp.INFECTED
+
--- a/decompiled_unsorted/10021.luac.dec
+++ b/decompiled_unsorted/10021.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10021.luac 
+
+-- params : ...
+-- function num : 0
+if not (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10022.luac.dec
+++ b/decompiled_unsorted/10022.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10022.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10023.luac.dec
+++ b/decompiled_unsorted/10023.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10023.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10024.luac.dec
+++ b/decompiled_unsorted/10024.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10024.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10025.luac.dec
+++ b/decompiled_unsorted/10025.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10025.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("CURE:Virus:Win32/Expiro.EK1") then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10026.luac.dec
+++ b/decompiled_unsorted/10026.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10026.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.no_security and peattributes.isexe then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10027.luac.dec
+++ b/decompiled_unsorted/10027.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10027.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.no_security and peattributes.isexe then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10028.luac.dec
+++ b/decompiled_unsorted/10028.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10028.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10029.luac.dec
+++ b/decompiled_unsorted/10029.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10029.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.no_security and peattributes.isexe then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/1003.luac.dec
+++ b/decompiled_unsorted/1003.luac.dec
@ -0,0 +1,33 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 1003.luac 
+
+-- params : ...
+-- function num : 0
+if (this_sigattrlog[1]).matched then
+  local l_0_0 = nil
+  l_0_0 = (this_sigattrlog[1]).utf8p2
+  if l_0_0 == nil then
+    return mp.CLEAN
+  end
+  if (string.find)(l_0_0, "-k", 1, true) or (string.find)(l_0_0, "UnistackSvcGroup", 1, true) then
+    return mp.CLEAN
+  end
+  local l_0_1 = (bm.get_imagepath)()
+  if l_0_1 ~= nil and (string.lower)((string.sub)(l_0_1, -4)) == ".dll" then
+    return mp.CLEAN
+  end
+  local l_0_2 = (bm.get_current_process_startup_info)()
+  if l_0_2.integrity_level < MpCommon.SECURITY_MANDATORY_SYSTEM_RID then
+    local l_0_3, l_0_4 = (bm.get_process_relationships)()
+    for l_0_8,l_0_9 in ipairs(l_0_3) do
+      if l_0_9.image_path ~= nil and (mp.bitand)(l_0_9.reason_ex, 1) == 1 and (string.find)(l_0_9.image_path, "windows\\system32\\svchost.exe", 1, true) then
+        return mp.CLEAN
+      end
+    end
+    return mp.INFECTED
+  end
+end
+do
+  return mp.CLEAN
+end
+
--- a/decompiled_unsorted/10030.luac.dec
+++ b/decompiled_unsorted/10030.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10030.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.no_security and peattributes.isexe then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10031.luac.dec
+++ b/decompiled_unsorted/10031.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10031.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10032.luac.dec
+++ b/decompiled_unsorted/10032.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10032.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10033.luac.dec
+++ b/decompiled_unsorted/10033.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10033.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.no_security and peattributes.isexe then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10034.luac.dec
+++ b/decompiled_unsorted/10034.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10034.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PACKED_WITH:[aPLib_034_mem]") then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10035.luac.dec
+++ b/decompiled_unsorted/10035.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10035.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10036.luac.dec
+++ b/decompiled_unsorted/10036.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10036.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10037.luac.dec
+++ b/decompiled_unsorted/10037.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10037.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.no_security and peattributes.isexe then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10038.luac.dec
+++ b/decompiled_unsorted/10038.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10038.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("AGGREGATOR:CheckInstalledAV") then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10039.luac.dec
+++ b/decompiled_unsorted/10039.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10039.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.no_security and peattributes.isexe then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/1004.luac.dec
+++ b/decompiled_unsorted/1004.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 1004.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.ismsil == true then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10040.luac.dec
+++ b/decompiled_unsorted/10040.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10040.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10041.luac.dec
+++ b/decompiled_unsorted/10041.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10041.luac 
+
+-- params : ...
+-- function num : 0
+if mp.HSTR_WEIGHT > 2 then
+  (mp.set_mpattribute)("HSTR:Nivdort.AE1")
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10042.luac.dec
+++ b/decompiled_unsorted/10042.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10042.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isdll and peattributes.no_security then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10043.luac.dec
+++ b/decompiled_unsorted/10043.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10043.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.amd64_image then
+  (mp.changedetectionname)(805306485)
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10044.luac.dec
+++ b/decompiled_unsorted/10044.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10044.luac 
+
+-- params : ...
+-- function num : 0
+if pehdr.SizeOfImage > 56320 and pehdr.SizeOfImage < 57856 then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10045.luac.dec
+++ b/decompiled_unsorted/10045.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10045.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10046.luac.dec
+++ b/decompiled_unsorted/10046.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10046.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10047.luac.dec
+++ b/decompiled_unsorted/10047.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10047.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.amd64_image then
+  (mp.changedetectionname)(805306481)
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10048.luac.dec
+++ b/decompiled_unsorted/10048.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10048.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isexe and peattributes.no_security then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10049.luac.dec
+++ b/decompiled_unsorted/10049.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10049.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/1005.luac.dec
+++ b/decompiled_unsorted/1005.luac.dec
@ -0,0 +1,14 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 1005.luac 
+
+-- params : ...
+-- function num : 0
+GetRuleInfo = function()
+  -- function num : 0_0
+  local l_1_0 = {}
+  l_1_0.Name = "Aplha Test for ASR in Block Mode"
+  l_1_0.Description = "Generic ASR Block mode use for unit testing"
+  return l_1_0
+end
+
+
--- a/decompiled_unsorted/10050.luac.dec
+++ b/decompiled_unsorted/10050.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10050.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10051.luac.dec
+++ b/decompiled_unsorted/10051.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10051.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isexe and peattributes.no_security then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10052.luac.dec
+++ b/decompiled_unsorted/10052.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10052.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10053.luac.dec
+++ b/decompiled_unsorted/10053.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10053.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10054.luac.dec
+++ b/decompiled_unsorted/10054.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10054.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isexe and peattributes.no_security then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10055.luac.dec
+++ b/decompiled_unsorted/10055.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10055.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isexe and peattributes.no_security then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10056.luac.dec
+++ b/decompiled_unsorted/10056.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10056.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10057.luac.dec
+++ b/decompiled_unsorted/10057.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10057.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10058.luac.dec
+++ b/decompiled_unsorted/10058.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10058.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10059.luac.dec
+++ b/decompiled_unsorted/10059.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10059.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("NID:Adware:Win32/Linkury.A1") then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/1006.luac.dec
+++ b/decompiled_unsorted/1006.luac.dec
@ -0,0 +1,14 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 1006.luac 
+
+-- params : ...
+-- function num : 0
+GetRuleInfo = function()
+  -- function num : 0_0
+  local l_1_0 = {}
+  l_1_0.Name = "Block execution of potentially obfuscated scripts"
+  l_1_0.Description = "Windows Defender Exploit Guard detected either obfuscated JavaScript, VBScript, or macro code."
+  return l_1_0
+end
+
+
--- a/decompiled_unsorted/10060.luac.dec
+++ b/decompiled_unsorted/10060.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10060.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isexe and peattributes.hasexports then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10061.luac.dec
+++ b/decompiled_unsorted/10061.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10061.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("SIGATTR:ExCheckInstalledAV") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/decompiled_unsorted/10062.luac.dec
+++ b/decompiled_unsorted/10062.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10062.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("RPF:MsilOverlappingMethods") then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10063.luac.dec
+++ b/decompiled_unsorted/10063.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10063.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isdll and peattributes.no_exports then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10064.luac.dec
+++ b/decompiled_unsorted/10064.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10064.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isdll and peattributes.hasexports then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10065.luac.dec
+++ b/decompiled_unsorted/10065.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10065.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.ismsil == true and peattributes.isdll == false then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10066.luac.dec
+++ b/decompiled_unsorted/10066.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10066.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isexe and peattributes.hasexports then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10067.luac.dec
+++ b/decompiled_unsorted/10067.luac.dec
@ -0,0 +1,8 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10067.luac 
+
+-- params : ...
+-- function num : 0
+(pe.mmap_patch_va)(pevars.sigaddr + 13, "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>\144")
+return mp.INFECTED
+
--- a/decompiled_unsorted/10068.luac.dec
+++ b/decompiled_unsorted/10068.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10068.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isdll == true and peattributes.hasexports == true then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10069.luac.dec
+++ b/decompiled_unsorted/10069.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10069.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isdll == true and peattributes.hasexports == true then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/1007.luac.dec
+++ b/decompiled_unsorted/1007.luac.dec
@ -0,0 +1,14 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 1007.luac 
+
+-- params : ...
+-- function num : 0
+GetRuleInfo = function()
+  -- function num : 0_0
+  local l_1_0 = {}
+  l_1_0.Name = "Block Office applications from creating executable content"
+  l_1_0.Description = "Windows Defender Exploit Guard detected the Office application creating executable content."
+  return l_1_0
+end
+
+
--- a/decompiled_unsorted/10070.luac.dec
+++ b/decompiled_unsorted/10070.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10070.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.ismsil and peattributes.no_security then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10071.luac.dec
+++ b/decompiled_unsorted/10071.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10071.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("SIGATTR:GetSystemTimeBailout") then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10072.luac.dec
+++ b/decompiled_unsorted/10072.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10072.luac 
+
+-- params : ...
+-- function num : 0
+(mp.set_mpattribute)("do_exhaustivehstr_rescan")
+;
+(pe.reemulate)()
+return mp.INFECTED
+
--- a/decompiled_unsorted/10073.luac.dec
+++ b/decompiled_unsorted/10073.luac.dec
@ -0,0 +1,8 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10073.luac 
+
+-- params : ...
+-- function num : 0
+(pe.mmap_patch_va)(pevars.sigaddr + 68, "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>\144")
+return mp.INFECTED
+
--- a/decompiled_unsorted/10074.luac.dec
+++ b/decompiled_unsorted/10074.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10074.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isdll == true and peattributes.hasexports == true then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10075.luac.dec
+++ b/decompiled_unsorted/10075.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10075.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isdll == true and peattributes.hasexports == true then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10076.luac.dec
+++ b/decompiled_unsorted/10076.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10076.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isdll == true and peattributes.hasexports then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10077.luac.dec
+++ b/decompiled_unsorted/10077.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10077.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isdll == true and peattributes.hasexports == true then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10078.luac.dec
+++ b/decompiled_unsorted/10078.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10078.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.ismsil and peattributes.no_security then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10079.luac.dec
+++ b/decompiled_unsorted/10079.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10079.luac 
+
+-- params : ...
+-- function num : 0
+if (pe.isdynamic_va)(pevars.sigaddr) then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/1008.luac.dec
+++ b/decompiled_unsorted/1008.luac.dec
@ -0,0 +1,14 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 1008.luac 
+
+-- params : ...
+-- function num : 0
+GetRuleInfo = function()
+  -- function num : 0_0
+  local l_1_0 = {}
+  l_1_0.Name = "Use advanced protection against ransomware"
+  l_1_0.Description = "Windows Defender Exploit Guard detected execution of file that exhibit characteristics similar to ransomware"
+  return l_1_0
+end
+
+
--- a/decompiled_unsorted/10080.luac.dec
+++ b/decompiled_unsorted/10080.luac.dec
@ -0,0 +1,8 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10080.luac 
+
+-- params : ...
+-- function num : 0
+(pe.mmap_patch_va)(pevars.sigaddr + 13, "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>\144")
+return mp.INFECTED
+
--- a/decompiled_unsorted/10081.luac.dec
+++ b/decompiled_unsorted/10081.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10081.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("CERT:PUA:Win32/FusionCore.AB") then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10082.luac.dec
+++ b/decompiled_unsorted/10082.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10082.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isdll == true and peattributes.hasexports == true then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10083.luac.dec
+++ b/decompiled_unsorted/10083.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10083.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isdll == true and peattributes.hasexports == true then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10084.luac.dec
+++ b/decompiled_unsorted/10084.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10084.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isdll == true and peattributes.hasexports == true then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10085.luac.dec
+++ b/decompiled_unsorted/10085.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10085.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.isdll == true and peattributes.hasexports == true then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10086.luac.dec
+++ b/decompiled_unsorted/10086.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10086.luac 
+
+-- params : ...
+-- function num : 0
+if peattributes.no_security and peattributes.ismsil then
+  return mp.INFECTED
+end
+return mp.CLEAN
+
--- a/decompiled_unsorted/10087.luac.dec
+++ b/decompiled_unsorted/10087.luac.dec
@ -0,0 +1,10 @@
+-- Decompiled using luadec 2.2 rev: 895d923 for Lua 5.1 from https://github.com/viruscamp/luadec
+-- Command line: 10087.luac 
+
+-- params : ...
+-- function num : 0
+if (mp.get_mpattribute)("PEPCODE:HasDigitalSignature") then
+  return mp.CLEAN
+end
+return mp.INFECTED
+
--- a/Show More
+++ b/Show More