Cassiel wrote:@ EP_X0FF
I have run the sample in my VM and I noticed some strange things. If I run it outside BSA it will set the autorun part, if I run it inside BSA it won't.
There are the "usual" registry changes but there is nothing being added to the run key. It is like it puts itself to sleep and then can no longer continue.
Probably it activity restricted by sandbox. Why you want to run malware in VM + Sandboxie?