Buster Sandbox Analyzer is a tool that has been designed to analyze the behaviour of processes and the changes made to system and then evaluate if they are malware suspicious. The changes made to system can be of several types: file system changes, registry changes and port changes. A file system change happens when a file is created, deleted or modified. Depending of what type of file has been created (executable, library, javascript, batch, etc) and where was created (what folder) we will be able to get valuable information. Registry changes are those changes made to Windows registry. In this case we will be able to get valuable information from the modified value keys and the new created or deleted registry keys. Port changes are produced when a connection is done outside, to other computers, or a port is opened locally and this port starts listening for incoming connections. From all these changes we will obtain the necessary information to evaluate the "risk" of some of the actions taken by sandboxed applications.