- This paper analyzes the malware variant of samples.exe and its impact on a Windows 10 virtual machine. The
analysis employs Process Monitor (ProcMon) and Regshot as key tools to observe and document malware behavior. ProcMon
tracks real-time events such as registry manipulations and DNS configuration changes, while Regshot captures and compares
pre- and post-infection registry states. As sophisticated information-tracking utilities, like ProcMon and Regshot, have records
at every step of malware operation, some obvious changes to system registry and network settings have been noticed. Key
findings: This virus changes DNS settings. This would have an impact on traffic routing into malicious websites; the turning
off of the real-time protection of the Windows Defender, a normal practice seen in this kind of virus for avoiding detection and
hence assured persistence. Still, more modification in registry locations, especially related to Windows Error Reporting and
Group Policy, hints at the big malware plan to destroy system policies and hide within them. The above steps have uncovered
how strategic malware can threaten the system's stability and network integrity by severely compromising its security. In this
regard, research overemphasizes the desperate need for capable detection mechanisms and proactive security measures that
help overcome this ever-emerging threat in present and modern computer environments.
Keywords - Malware analysis, Registry modifications, DNS settings, ProcMon, Regshot