>SSDT State
>Shadow
>Processes
>Drivers
>Stealth
>Hooks
ntkrnlpa.exe+0x000A878A, Type: Inline - RelativeJump 0x81EDD78A [ntkrnlpa.exe]
[1240]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC [shimeng.dll]
[1240]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170 [shimeng.dll]
[1240]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414 [shimeng.dll]
[1240]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300 [shimeng.dll]
[1840]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x77AE4C4A [unknown_code_page]
[1840]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x77AE4CCA [unknown_code_page]
[1840]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x77AE4E0A [unknown_code_page]
[3800]psqltray.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC [shimeng.dll]
[3800]psqltray.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170 [shimeng.dll]
[3800]psqltray.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00406090 [shimeng.dll]
[3800]psqltray.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414 [shimeng.dll]
[3800]psqltray.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300 [shimeng.dll]
[3800]psqltray.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8 [shimeng.dll]
[608]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x77AE4C4A [unknown_code_page]
[608]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x77AE4CCA [unknown_code_page]
[608]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x77AE4E0A [unknown_code_page]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)