HfA`y!@~ڣ @ڣ AϢ[@~QQ^ _j21~CA AAAAAAAAAAAAAAAAAAAAAAAAA|ApAhA`AAXAPAHA<A4A(AAAAAAA AAAAAAAAAAlAXAHA4A,A$AAA AAAAAAAAAAAA AAApA\ALA8A$AAAAAAlkAlkAlkAlkAlkAnA A"A$ApkAlA$AAb@b@b@b@b@b@b@b@b@b@ ..nA}A}A}A}A}A}A}A}A}AnA}A}A}A}A}A}A}AnA A A A.A.?AVCDriverControl@@A.?AVCAtlException@ATL@@A.?AVHTTPMBAMDownload@@A.?AVCControlWatchdogDriver@@A.?AVCHTTPMBAMDownload@@A.?AVexception@std@@A.?AVbad_alloc@std@@A.?AVbad_exception@std@@ Hh`ixj    pfptk^e MBAM_DRIVERMZ@ !L!This program cannot be run in DOS mode. $K]\(@(@ (@ 5'RichPELVN  > 5P2PNp80QQ@P0.textp02 h.rdataTP6@H.data`:@PAGEp< `INIT > .reloc:H@BV3ʅtf9tFFJuuW^t |+ʉÃ'̋UW3t;U vW| E'_]̋USVW؋33t!9E tftfAACCNM GuuIIOz3fMt9_^[]̋UQQeS]EPSEQ|pVWp` Pjt`? t2 EFQFE HF `F`M$Qt`E$P_^E[̋Vp` Pt``tP ` t`^%$P39`̋UVp`W3 P `t`t5SPt ;]t uu t `RI [t`$P_^]̋US]V3u3=Wp` P `t`qtN9^t3uЋ$P_^[]̋U8SQVWuE3PuuӍEEЍEPhEPEuE@u؉u Qu EPӋ=QEPVVjEPu=#t uQ3jEPE tLEPu EVjPuׅ|/Ftu"~vF PEPӃ}t EPEVuQE_^[̋VW3|`t P&r_^̋UV3|`tPuQYYur3^]3@̋USVu3ۈ];+8``W=QSEPSEP׍EP~WFfEf+3fFfMffEPMQSPEs 9]EPEPPNf|A\uh7EPPN+QN APuPfFf+ fESEPPPuux`;t0PuQYYt QQt V uEu'E_2^[̋UQeS28``u2z} t/EPu Q| uM$QtE}tVuu2+Vux`tPVQYYtV^[̋US3W9]8``txu;tjV5Qh9WYYu8h49WYYu*h8WYYuhh8WYYuh7WYYtQPuW^2_[]̋UVu ffh:UY2ҋ0P3^]̋UVu ffh&:#Y2ҋ0P3^]̋US3V]9]tuOV)E;t SVPj=t;;uWEPh]vD.|aSEPQEPuuQ;vH|"EPt SvD#EP8PF8Pt SvD;tz_9]tu^[̋UE#u E u33@]̋UE7u Eu33@]̋UU 3tvW|EMhj ] ̋UU VW}VWE|EU V+Ѝ GEj_^] ̋UQQVW5Q3|`hv<EP֍EP|`h<EP֍EP`h;EP֍EPzh;h";`fh;h\:`RPf@@fu+SB:ȋÍPf0@@fu+4t6VWVP`ǍHf@@fu+f|G\th7V5`SV5`W[_^̋USVu F`X@ - "WtxuYh<=``Yu````QPt0 =``u"f2ҋΉ~0P_^[]=``uh<eY``L==``th<CYQPnt`` h<Y3^̡x`tPc%x`V=Vh=yuVh=ju2^ãx`x^̋U5`uj@P]̋U}tuHPt juDP]̋UM3 ;u 0EEEEEEEPEPu EuMLP jhR(E3ۉ]܉]]9]9] EPSSu=TP׉E=u}9]txEuu;t4EPuVu׉E;|F@@fFh7VPVE9]|#E 03@Ëe}tuEEE̋UQQS]V3uu;tf93t C;t"f8\t9u tEPu ;ƉEWj_t; EtWjVQ3fFf~F_trEtHf8tBPVPfv2Nf|A\t"tf;t Cf8\th7VPEt&f;v {t}|SVXPEE}tu}|E0 tVE^[ ̋USVu W33SVfEfE]fEfE]Q}f9t-WEPEp0\Pf9]WEPw7\Pf9]f9]tzEMDfFPFtWh >VP؅|2=XPEPV׋؅|h7VP؅| EPV׋؅}vjVQ_^[ ̋UQQuEPQuEu P`P ̋UQ E%"EM̋UE"]̋UQSVW3ۅtVStjSVj }t̅ 3҉UF |;M w x;} sBU;rY]3t=i|2 ǍH@u+@P3t׊ B@u3UEt iL2 tV_^[ jhRP<u 3;9~}Q؋F tP;uwv9_;_F0 HtHuyF F F ߋN!N!v!J pP;u@vlPP;t-9x u(;Xt#F0tF v&3@ËeE3jhR|xPPPeEtpptju u =x`u3@ËeEd ̋UQeEPu Q|ut H tIH j0hR3}}P<r37}u;E +t#Ht HtHHttHHuEPv6+ EP6>9}u9} }} E PWvh?WhvP;EE EE@EȋFEЉ}ԍEPSEP Q;|Ku =QjEPjvvu|PEu׃}|F(M؉^ EE"u3@ËeE EE ̋U`SVW Q%`3CE`P:w4h`hQu|5`} 5`jlj`f9ECh?tPpPE!jEEXfE\ E$>PEMU]Mf}QEEEEEEhh`EPE`Pu h>HYJu h>3Y u h> Yu hf> YVh6>YY|r=Pׄujh!P3l`|Gׄu h"P|0:w*jh`juEPh>"P h>Y_^[̡`V3;t P5`` ` tQPP5`5`h`;t PP5h`95l`t jh!Ph"P5l`3^̋UM jX tv…|[W}v ‹U3f @ES3Vt#U++Ѝ 7t ftf@@NuuHH3f^[_]̋USVu3W3fEfE}fEfE};Mf9>D9} ;WEPQ3fEFfEPOE; EPEPv65\P֋=Ph7EP׋XPEPEPӍEPEPuuh7EP׍EPEPӍEPEPuuu#EMDAf0rf9wfEf}sjEPh$?Gth7EPfu׍EPEPӍEPEPhEPP؅|}tu uPM$QuZ _^[̋U,eSVW}Pu]&EPEPhSP3;}wQjEPEPhEPMEME@]܉MMPEjEPPj0hu|PuEQ}3ɋEE;ttf9H0vn3ff@2M fAffFP3F}tCu VPNf|A\tE@4f8\t h7VPE0PVXPEM$Q}@@P}tuPsPWph8?WQYYtRj\PPYYt>E HfNfCffFPiFu VPWVPi} G]fFt{tfKfffNFPFt4eWVPt$Ctf8\t h7VPSVXPE}tuE_^[̋ULSQV3!EWPu EfEfEӋu=\PEԋFE؍EPEPv6f}Efx:jREt fEfEfEPuu 3fEfffEPE؅tBh?EPPVEPXPu EPEPEPuujEPh?\twEPEPuu3f;EtWEPEt?fEfEfEPuu u EPEPEP+uEdEEt3f9uDjEPh?twEPEPuuf9ut)jEPh?tEPEPEP1EPEP;| u EPEPEPuf9ujEPh?0u@f9ujEPhr?u"f9usjEPhf?[3fEfEhN?EPuӍẺEEPhEPEuE@uĉuP;3fEPfME;tZPEPEPuӋ#uBuM3fEEDfEPE;tEPEPuӋuQ;|nf9uthEMf|A\tEf8\th7EPPEPEPXPEPEP`;| u EPEPEPu9uHu;fE֋u fFPFEPVP3_^[̋UQQV3VEPQEPu|;VEPPPEDPstEPuhVur^jLhS P<39}zEPWWju5P֋؁uLuE;t3MQuPju֋;5u u u}WEPQWEPWtP0hu|PEPjEPWu֋;} PjY3}EPuPeutlV=HPׄt_vtEVׄt>F<;ƍ<0rjF8PWPfF:fE։}fF8fEu EPE3 3@Ëe]EM$QEPPP̋UQVW3G`t h?.YuEPjV|4ut F@@@tfjF "_u_^ ̋UQW3G`t h@YP<v3@9VuEPjVG|"utfjF "_u^_ ̋UQW3G`t h:@KYP<v3@9VuEPjV|"utfjF "_u^_ ̋UQW3G`t h:@YP<v3@?VuEPjVg|(~(tutfjF "_u/^_ ̐jh8S|3ۉ]P<w<8``t4u;t0vlPPo;t9^tF;t0SPS{}"uEuuu V~3@ËeE2F̋UQSPVW@`2+Ã`PEP(P`~2 `@` `fȤPuP_^[̋UQVWPEPa(P=P@`ȤPudP_^%P%4P% ]D$T$UL$)qqq( ]UVWS33333[_^]ËjK33333USVWjjh7QQ_^[]Ul$RQt$ ]SQ` SQ`L$ KCk UQPXY]Y[%P%P% P%P%P%P; `űUQMj5`5`uh(Q\\MACHINE\SOFTWARE\WOW6432NODE\MALWAREBYTES' ANTI-MALWARE\MACHINE\SOFTWARE\MALWAREBYTES' ANTI-MALWARE\MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MBAMCHAMELEON\MACHINE\SYSTEM\CONTROLSET002\SERVICES\MBAMCHAMELEON\MACHINE\SYSTEM\CONTROLSET001\SERVICES\MBAMCHAMELEONmbamchameleon!IRP_MJ_CREATE mbamchameleon!IRP_MJ_CLOSE MALWAREBYTES\Registry\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData\Registry\Machine\SYSTEM\CurrentControlSet\Services\mbamchameleonProtected\SystemRoot\System32\DRIVERS\MBAMCHAMELEON.SYS\SystemRoot\System32\DRIVERS\MBAMSWISSARMY.SYS\SystemRoot\System32\DRIVERS\MBAM.SYSmbamchameleon!Hello mbamchameleon!Enable mbamchameleon!Unload \Registry\Machine\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\Registry\Machine\SOFTWARE\Malwarebytes' Anti-MalwareInstallPath\\Filter Version is not supported. Register Callback Function Failed with 0x%08x Status Allocate Memory Failed. Status Invalid ParameterStatus Filter Instance Altitude Collision Register Callback Function Successful...... 400900Filter Version is correct. Partition\Partition\SystemRootWINNTWINDOWSSystemRootLanmanRedirectorDevice??\??\mbamchameleon!MBpPreOperationCreate: Entered mbamchameleon!MBpPreOperationSetSecurity: Entered mbamchameleon!MBpPreOperationSetInformation: Entered xdN .ʄ*>Nfzȅڅ&>Zr̆2JfƇ؇2L\t؈j`F(2ʃԉVNU8R88021(18PQlppppH`RRSDS8O`E\%Kc:\work\mbamwa~1\FLT\binfre_wlh_x86\i386\mbamchameleon32.pdb4x6k!o!!!##u0y033eGrAN@D UQQXhpEPQEPhPEpdPx`tP %x`FShpY`t h(qY3`t hRqcY3`t hqEY`t hq)Ymbamchameleon!Unloaded \DosDevices\MBAMCHAMELEONmbamchameleon!MBpInstanceSetup: Entered mbamchameleon!MBpInstanceQueryTeardown: Entered mbamchameleon!MBpInstanceTeardownStart: Entered mbamchameleon!MBpInstanceTeardownComplete: Entered USVu3W5d`x```p``z赚谖h貳=QE$́PF8F@FpF4p׍EPSSj"EPSVP;ÉE}Ph]EYYFhrEP׍EPEPP;}WhF,YYudP V迢23_^[̡`N@t;uP5``u`У`̋U]mbamchameleon!IoCreateSymbolicLink = 0x%x \DosDevices\MBAMCHAMELEONmbamchameleon!IoCreateDevice = 0x%x \Device\devMBAMCHAMELEONmbamchameleon!DriverEntry ̜ʈ0PFPlȉPxdN .ʄ*>Nfzȅڅ&>Zr̆2JfƇ؇2L\t؈j`F(2ʃԉAObfDereferenceObjectIoGetCurrentProcessPsLookupProcessByProcessIdZwCloseZwQueryValueKeyZwOpenKey_RtlInitUnicodeStringwcsstrExGetPreviousModeRtlUpcaseUnicodeStringwcsncatRtlAppendUnicodeToStringRtlCopyUnicodeStringmemsetIofCompleteRequest<DbgPrint@RtlFreeUnicodeStringZwQuerySystemInformationmExAllocatePoolWithTagExFreePoolWithTagMmIsAddressValidZwOpenProcessqPsGetCurrentProcessId5ObQueryNameStringRtlAppendUnicodeStringToStringFsRtlDissectName%RtlEqualUnicodeStringIoDeleteDeviceIoDeleteSymbolicLinktIoThreadToProcessPsThreadTypePsProcessTypeuPsGetCurrentThreadId7ObReferenceObjectByHandle4ObOpenObjectByPointer5CmRegisterCallbackExPsSetLoadImageNotifyRoutinePsSetCreateProcessNotifyRoutineEx;ObRegisterCallbacks,ObGetFilterVersionPsRemoveLoadImageNotifyRoutine@ObUnRegisterCallbacks7CmUnRegisterCallback RtlVolumeDeviceToDosName IoGetDeviceObjectPointerwcschrIoFileObjectTypeZwOpenFileIoCreateSymbolicLinkIoCreateDeviceZwQuerySymbolicLinkObjectZwOpenSymbolicLinkObject~memcpyKeLeaveCriticalRegionBKeUnstackDetachProcess`ProbeForRead9KeStackAttachProcessKeEnterCriticalRegionZwQueryInformationProcessKeInsertQueueApc?KeTickCountntoskrnl.exeRtlUnwind_KfReleaseSpinLock\KfAcquireSpinLockPKeGetCurrentIrql]KfLowerIrqlTKeRaiseIrqlToDpcLevelHAL.dllFltUnregisterFilterFltStartFilteringFltRegisterFilterFltReleaseFileNameInformationWFltGetFileNameInformationFLTMGR.SYSKeBugCheckEx0000111;1D1J1V1n1v1{1111111111 2 2(2N2V2\2a22222333334)4444444 55!5a5z555566 6.6<6J6X6g66666o77788888999 9%9/94999_99999:!:+:7:>:]:{::::::::::; ;;!;3;M;X;v;;;;=>W>>>>>>>?? _0j000*17111112A2T22%323K33333333 44*444:4B4T4^4|444444444555(575=5P5^5d5m55555555555555555677 7*7I777778;8]88888#9D9K9Y9e999999<:R:Y:a:::;;E;P;;&>>>>>??7?????0 00K00000041<1H111122(22222)32383C3I3X3_3f3o3v33333333333444644p5555 67C7L7r7~777777777P8X1l11111111,202222222 33,303L3P3p(00'03080H0X0n0v000000080 0$0+010E0P0Z0b0i0p0w00000000111$1+1p0] *H N0J1 0 +0h +7Z0X03 +70%  <<<Obsolete>>>0!0 +p)֫?Xߠe009% 0a.+M|0  *H 0_1 0 UUS10U VeriSign, Inc.1705U .Class 3 Public Primary Certification Authority0  061108000000Z 211107235959Z01 0 UUS10U VeriSign, Inc.10U VeriSign Trust Network1:08U 1(c) 2006 VeriSign, Inc. - For authorized use only1E0CUU%705+++ `HB `HE0  *H Z YbNY8Nfӭ m>J c^.*g3 *׉V#:YE5[fPmWxWKɎ~ƽ00 a 0  *H 01 0 UUS10U Washington10URedmond1 0U Microsoft Corporation1)0'U Microsoft Code Verification Root0  060523170129Z 160523171129Z0_1 0 UUS10U VeriSign, Inc.1705U .Class 3 Public Primary Certification Authority00  *H 0\Y@WjE@ 3X%*Dx#}֬cEr'Luq9OBu Ǝ o#_p)6Ɇ籚 S=}$E3vqdLe.hE#00U  00U 06 +7)0'+7щNלӿn0 U0U00U{wߞ ?.iw0 +7 CrossCA0U#0b ![Cn TPkҖq0UUN0L0JHFDhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0  *H F;Eu~_CFˊGAt9QG{W2|?B!JCJo\KџLUn %qNg˂׎U7>n.aAHu,(I$s%<̈ (LeT^,Q:G<5ITJK}yϿ5\9QDD4*\;)N7~uմ nl#qgqNt LX^m9ˆ?2mב6Gx'*hONg?-@ aH1s FVI) ڣ`TY(TfLۦg.Q{49AŒh&$ 灎 -/HoSIdx] U&ﺍѥ/Zka3b$v/C|4$(UuN1+gc׫s Y?*Eb[/9_sG*CbU==&}bU֔4Me0x0`cW%I1#@40  *H 01 0 UUS10U VeriSign, Inc.10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)101.0,U%VeriSign Class 3 Code Signing 2010 CA0  110524000000Z 130604235959Z01 0 UUS10U California10USan Jose1!0U Malwarebytes Corporation1>0<U 5Digital ID Class 3 - Microsoft Software Validation v21!0UMalwarebytes Corporation0"0  *H 0 Wmn)J?]m'1fk}ꚁտƳU6 ^uQ?BKx{,|LXơ|Q^g3q' '"u3C.|Wݱ{5Ƙcv7II cY[55Z5JLxծ=~ayk0m^Z7 +C  P~e^z92OnPLtN{{0w0 U00U0@U9070531/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0DU =0;09 `HE0*0(+https://www.verisign.com/rpa0U% 0 +0q+e0c0$+0http://ocsp.verisign.com0;+0/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0U#0ϙ{&KɎ&ҧ0 `HB0 +700  *H #2qEH_6tھ