tria.ge

dealing with a potential rootkit so a few weeks ago i got an in the wild hijackloader, but i have recently done a full system wipe via deleting all windows partitions and downloading windows from a clean USB. I had done a triage scan on the malware to see what its generally doing, tho am now inspecting it more closely and looking up what the things its doing actually mean. there was one activity in the signatures tab in particular that really threw me off, that being "suspicious behavior: LoadsDrive" with 5 instances of the pid value being 4 and one instance of a pid's value being 676. now i dont know what this means at all, but after some research, a malware interacting with PID 4 like that could apparently signal a potential attempt at adding a rootkit, but could also mean other stuff. For those who are smarter than me, is it likely for the malware to have added a rootkit in this case, and if so, does having deleted all windows partitions and stuff put me in the clear? i will link the full report here incase anyone feels like checking it out as it probably has further details about what the malwares doing: [https://tria.ge/260508-nnp5jsbt9l/behavioral1](https://tria.ge/260508-nnp5jsbt9l/behavioral1)