pF@HPAGETJ `INIT N .reloclZ@BH\$H|$L3ILٺWDL;t IvDD;|*IDL;tf99t HHuH;tML+DLD;|RIK CDI+t6HI+H+NL;t f;tHfIHH;uH;u HAzf9H\$H|$AHHXHhHp WH HP3HHX@;H 4Pn?S(KAeGrA$Pn?HH;t7H0HL$@HH?HW HGCD؉_H!PHHPHL$@>OH Ow?Hl$8Ht$HH\$0H _H(H O>OH OHtHHHOB ߊbOH SOH(H%?H\$WH 3HHu3HH !O[>ЈOHLOHXHtHC H9{t3HuH N>HH\$0H _H(H NHt H%NH-H !-<HuH,H y-$HtHNH(HHXHhHpHx ATH0H=\N3HH;t H/HHuDC(H 0N3+H-HL$ >HL$  H-HL$ HM>HL$ H-HL$ HMi>HL$ H8.H Q.HM5H.H .HMHH;3IH=r/IAeGrAfHHHQIfHHAL$DЋ<HLHVMH;tNHwEHHH+HH;tf;tfAHIHuH;uIfA+LM3IHfHf|N\tL.HIkLLL.HIRHb H\$@Hl$HHt$PH|$XH0A\HHXHpWHHHHH3HX <HD$PLD$`H$HD$pD$`0H\$hD$x@H$H$(;;HL$0H<H$L$L\$(DCHT$0E3ɉ\$ :=#tH$:3$AeGrAH:HH;tmH$H$HT$0HD$(LAt$ C:;|4tu(9_v#HW HL$@;H9\$Ht HL$@ HHH$:HL$I[IsI_H\$WH HJH Ht H#HHuH\$0H _H\$Ht$WH H3H=JHHtH\9HuHr3H\$0Ht$8H _øH\$Ht$WH@3HH;m8IaHL$03:HL$ 3:HwH;tHT$0H_ ; D$0AeGrAf+f\$ fGffD$"8DD$"3HHD$(&H9\$(HT$0HL$ 8D HG IfB|X\uH+HL$ 9G+HLcHGHHHL$(I9GHT$ f+HL$ E3fD$ 9HL$(j;uHHH;t2HL$(7H;t"7Hs9:t HH;uHL$(2H\$PHt$XH@_H\$WH Hd$82HHHt5HT$8H9x#HL$8HL$8Hn7tKHu2BH=HHtHuH"HHtH6HtHH\$0H _H\$WH 3H;8GHH;H)H6H;uTHB*H6H;u?H*Hl6H;u*H+HW6H;uHS+HB6H;t G6H˺H;DʊH2H\$0H _@SH b0Hb8H r+H 3H53H [@SH b0Hb8H Z+Ht 3H53H [Hl$Ht$WH HHHh "QH F+ =FuFPF'5HHqH JFHt H%8FH 9FHtN6H%&FH EHtd5H%E=EH 5H 5%E=cEu"Hf8k=IEuH @*4EsB=&EtH =* :4HHtD H ) 3Hn83HΉ~04Hl$0Ht$8H _H\$Ht$WHp3HtHӹAeGrA3HHtE3DHAI@ =tHH$HGPHHd$Hd$XHd$PHd$`Hd$hHd$8LL$0LD$@H$D$@0HD$0.4HL$ 34H$HT$ kH$2x3=CtHWXHL$ $t HOP39HL$ 2%=qCtHWXHO8t HOP3?t HHtH7L\$pI[Is I_HAeGrAH%2Ht"SH He3t 3H2H [H\$Ht$WH0HHL$ 33H|3HT$ H;HT$ HL$ E3l3D\$ NAAeGrAIcH1HH;u3ZL$ HHw9LD$(H;t!EfD;tHfDIHHH;uH;uHf0HL$(HH\$@Ht$HH0_HHXHpHx ATH0LHH``HHLHE331؉D$ =u}D$PtuHD$P^HHD$(HtHLL$PDD$PHH_1؉D$ x GHfGH#H1H' \$ xI<$HL$(Ht\$ H\$@Ht$HH|$XH0A\H\$Hl$VWATAUAVH E3MLHAILt$PII;tfD91tHAI;t(f8\t"I;tHT$PIH|$PA;ƋAI;tD#II;tLAeGrAIԹ/3HH1HNfD6fDfHNI;t|I;tQfD97tKHHC/fD96v9HFHf|H\t'I;tfD93t HCf8\tH"H0I;t&fD93v L9stA;|HH/I;tHA;|Iu I;tHtH\$XHl$`H A^A]A\_^H\$VWATHLHE AvHH$HD$ E3E3AQX/=ut$AeGrAW.HHtJH$HD$ D$LǺH /؅IHHmc=XH$3HL$82/Hd$(H$HD$ E3L-MHd. H$HD$ A0LD$x3Ha.؅y-3DB0HL$HvHT$HH$s.H$Ht{H4.tnH_ Ht_H .tRHChH;sH<HS`HAH,D[bfD\$:H|$@C`fD$8IHL$8PD$03ۉ\$0 \$0H$y,HL$H -,H$HİA\_^H\$UVATHHE3H3HλfDd$@fDd$BLd$H-LD$PHT$0omoHL$ l$`D$ ,AT$f9T$0HD$8fx:JAeGrA+HD$HI;tL$0HT$8fL$BfL$@LHEAeGrAffDd$`fD$b+HD$hI;tOHP!HL$`,HL$`H,LD$PHT$@HL$`LHL$HHL$hDH!HL$ z,HT$0HL$ A+A:(D$PLD$PHT$0HL$ fD$ +D$0fD;tйAeGrA*HD$HI;yL$0HT$8fL$BfL$@LHbLD$PHT$@HL$`LHL$H0fD9d$0JHL HL$ +HT$0HL$ A*A:(D$PLD$PHT$0HL$ fD$ *fD9d$0tEH HL$ [+HT$0HL$ A`*A:tLD$PHT$@HL$PHT$@HL$`A;ċ{fD9d$0HHL$ *HT$0HL$ A)A:upfD9d$0NHHL$ *HT$0HL$ A)A:u:fD9d$0HHL$ *HT$0HL$ A)A:HlH$fDd$ fDd$"Ld$(=*H$LD$pH$D$p0Ld$xH$DŽ$@L$L$ )A;ċVAeGrAfT$"fDd$ i(HD$(I;H$L$HT$ (=#uhHL$(D$Pf$AeGrAfDd$ ffD$"'HD$(I;tH$L$HT$ ((H$y'A;D$ fA;tyHD$(Hf|H\tHD$Xf8\tH`HL$ (HT$PHL$ (HT$@HL$ A;ċ|#LD$PHT$@HL$ LHL$HHL$(I;D$bAeGrAHfF'HT$`HHF&3H$HİA\^]HHXUVWH`3HHfhfhHhfhfhHhf9)H;HH3'WMAeGrAfT$"fl$ f&HD$(H;oLD$@HT$0HL$PD$P'H= HL$ Hl'HT$0HL$ &LD$@HT$0(l$@fl$PHL$P&HL$ H.'HT$0HL$ &LD$@HT$0(l$@fl$PHL$P&D\$0AfAr2HL$8AHf|A0r f|A9wfDfD\$0fAsHHL$P&HT$0HL$PA%@:t#HL$ Hf\$0~&HT$0HL$ %L$L$HL$ %;ŋ|&H$H;tH%H$$HL$(X H$H`_^]LI[IkIsWATAUAVAWHAE3IILLAL|$0D A:yMKLD$0$A;LL$HLD$XHL$8D|$(L|$8D$X0L|$`D$p@Lt$hL|$xL$D$ %A;NjL{$HL$8HD$0ME3ɋL|$(HD$ y$HL$8l#A;HL$0I;fD9yXfD;AZAeGrAfAEffSd#AHCI;tVIH#DHCI\fB9TXt HD$0HH`f9tHH^$HT$0HHX#HL$0"A;AAAeGrAAL$I"HI;EMNIHHtPHwGIIvfD85L+HL+II;tAfA;t fIHuI;uI+fD:HH!I;trHH\/"LI;tUEMAeGrAfDKAVfAfS "HCI;IH!IH/#AAMfKI;tL9}tEffAfCSAeGrA!HCI;tEIHAT!I;t1HEI;t(\f9tHEH"HH"I;tHL$I[0Ik8Is@IA_A^A]A\_HHXHhHpHx ATHPE3HH3HIAfD`fD`L`fD`fD`L`)"fD9&tGoEHT$ HL$@LD$@!fD9d$ oHT$0HL$@LD$@\!L$ fA;D$0fA;fAeGrAffWG HGI;tnHHv!A;ċ|AHT$ H A;ċ|,HHJ!A;ċ|HT$0H A;ċ}HOe3H*!Hl$hHt$pH|$xH\$`HPA\H\$WH HD <H~HzsH=[0eHHSH iH;HKH.H9x$H;xHK u u ur r  r3фx+t;;HC HC 0 HC HC 0 HC 0HC 0 HC HC 0 HC HC 0 HC 0HC 0 fH7H;uZHKX HHtCxu=H;xt7HC uu ru uu3Ʉt HC 333H\$0H _H\$WH0IH  Ht4=G.HSHK0HHd$ 3H\$(H &.`".LS.IHL$ HtLHQHt9H9:u,HuMtIH$.HHH-HHL$(H HL$ 믊H -kH=-uH\$@H0_H(Hd$HHHT$H( xHL$H"Ht HtɉHH(HHXHpWHIH3Hx D <r3L;;t{tdtMt6turL$HVH\L$HVHFH$I4H$I"H$IH$ItH$H;@:H|$PH|$HHD$HHD$0@|$(HFHD$ A?E3HN;D$`0HD$HHD$hD$x@HHD$pHF(H$H$LD$`HL$P;|gHL$HH|$(HD$XHD$ E3LFV8HL$PHL$P;|'HNHHD$XHF<|$@ "|$@H$/ |$@L$I[IsI_H\$Ht$H|$ATHH%W+HD+D <w:L"+HsH؅x H +؅y H *uA*fA;H CHLHH H$H$H$H$H$HHL$0L\$pD$xfD$BDŽ$fDd$@H`*H)ol$0HD$XHD$pHL$@l$HHD$`G؅uH "Q=u H =j u H YVu H eBH y4D u H 3S3<)x]D uH ؅xBD <w:Hd$(H`)HT$0H E3LHD$  H L$I[IsI{ IA\H\$WH H)t H \LD$HH}x>HL$HIt&HGHHHA@tHg G"HL$HGH\$0H _H\$WH H|(t H D :wNb~ƙڙ*B|hP2oNXHSHA8 :9 9h@RtĀRSDSЦ/BFpJgc:\work\mbamwa~1\FLT\binfre_wlh_amd64\amd64\mbamchameleon64.pdbBb  2020d42 p  4 2p  4 2pJ;+122 tdT 4  dT4p4 p `P4 `P 4 p`J;N### t d 4RJ;a  d 4R pd 4 r pd4 pd T42p  t4R0 T 4 2 p `d4 p t d T 4R d4 pJ;*455  4 RpJ;233 t"d!4  dT2 p  4 p2-+] feGrATTSkStS8UcTlSS TXS`2S8iSpS[Ud(U  H SP 0T8> TD !U!$\T$)HT)+8T+r/Tx/0T02S23|U33S36PU6y8U89S 99S9:S ::S::S`;>U>?UmUtSSĀSS4US@SH0H蒑HHL$ HL$ HKH HtҝH%H 蛺H0[H(!t H u3H(H(t H M3H(H(t H %H(H(t H $H(\DosDevices\MBAMCHAMELEONmbamchameleon!Unloaded mbamchameleon!MBpInstanceSetup: Entered mbamchameleon!MBpInstanceQueryTeardown: Entered mbamchameleon!MBpInstanceTeardownStart: Entered mbamchameleon!MBpInstanceTeardownComplete: Entered H\$WH`H%6H% H%VHH 蜂/H o謪HLԉHH6HgHHHL$@HGhL_pVL\$pLD$@A"L\$03HD$(d$ ؅yH O*MHmHL$PHT$@HL$P؅yH HL$pۿH3H\$xH`_HH2-+HtH;u/H H HH3HH#HDHzHHxH(LLIIH(Rmbamchameleon!DriverEntry \Device\devMBAMCHAMELEONmbamchameleon!IoCreateDevice = 0x%x \DosDevices\MBAMCHAMELEONmbamchameleon!IoCreateSymbolicLink = 0x%x (R0PښPv`ҕ&<Tlxؖ*BVnؗ4NfzΘ .>Nb~ƙڙ*B|hP2RtlUpcaseUnicodeStringPsLookupProcessByProcessId.RtlInitUnicodeStringExGetPreviousModeRtlAppendUnicodeToStringZwQuerySystemInformationUwcsncatKeReleaseSpinLockRtlFreeUnicodeStringZwcsstrZwQueryValueKeyIoGetCurrentProcessqZwCloseIofCompleteRequestRtlCopyUnicodeStringObfDereferenceObject<DbgPrintZwOpenKeyKeAcquireSpinLockRaiseToDpcPwcschr\IoThreadToProcessmExAllocatePoolWithTag:ProbeForReadPsProcessTypeRtlVolumeDeviceToDosNameObRegisterCallbacksIoDeleteSymbolicLinkExFreePoolWithTagKeLeaveCriticalRegionPsSetLoadImageNotifyRoutineObUnRegisterCallbacksZwQuerySymbolicLinkObject5CmRegisterCallbackExIoDeleteDeviceObGetFilterVersionRtlEqualUnicodeStringZwOpenSymbolicLinkObject&KeUnstackDetachProcessKeEnterCriticalRegionObQueryNameStringIoFileObjectTypeIoGetDeviceObjectPointerPsSetCreateProcessNotifyRoutineExRtlAppendUnicodeStringToStringObReferenceObjectByHandlePsRemoveLoadImageNotifyRoutinePsThreadTypeZwOpenProcessFsRtlDissectNameZwQueryInformationProcessIoCreateSymbolicLinkPPsGetCurrentThreadIdKPsGetCurrentProcessIdhMmIsAddressValidIoCreateDeviceZwOpenFile7CmUnRegisterCallbackObOpenObjectByPointerKeStackAttachProcessKeBugCheckExntoskrnl.exeFltUnregisterFilterFltRegisterFilterFltStartFilteringWFltGetFileNameInformationFltReleaseFileNameInformationFLTMGR.SYS __C_specific_handlerPHhp0] *H N0J1 0 +0h +7Z0X03 +70%  <<<Obsolete>>>0!0 +2ι?P1g΢{oe009% 0a.+M|0  *H 0_1 0 UUS10U VeriSign, Inc.1705U .Class 3 Public Primary Certification Authority0  061108000000Z 211107235959Z01 0 UUS10U VeriSign, Inc.10U VeriSign Trust Network1:08U 1(c) 2006 VeriSign, Inc. - For authorized use only1E0CUU%705+++ `HB `HE0  *H Z YbNY8Nfӭ m>J c^.*g3 *׉V#:YE5[fPmWxWKɎ~ƽ00 a 0  *H 01 0 UUS10U Washington10URedmond1 0U Microsoft Corporation1)0'U Microsoft Code Verification Root0  060523170129Z 160523171129Z0_1 0 UUS10U VeriSign, Inc.1705U .Class 3 Public Primary Certification Authority00  *H 0\Y@WjE@ 3X%*Dx#}֬cEr'Luq9OBu Ǝ o