Good afternoon... I found a probable issue of VoodooShield. Usually, .lnk files are blocked immediatly after execution. This one, though, was able to start cmd.exe and powershell.exe. After that, it launched wscript. but that was blocked. What do you think? The sample is "orcamento" in this Malware Vault pack https://malwaretips.com/threads/11-08-2017-20.74469/ VirusTotal: Antivirus scan for 779f0e75f2136979a0430c1aefbe0e663ef7762ea270b22bcaa2d1d65d9f6655 at 2017-08-17 05:37:52 UTC - VirusTotal Malware Analysis: Free Automated Malware Analysis Service - powered by VxStream Sandbox - Viewing online file analysis results for 'linkagent.zip'