After the SandBox environment boots up, the suspicious sample is loaded into the simulated hard disk.

Inside the simulated environment, the file will execute as it would on a real system, but no code is ever executed on the real CPU, loaded into real memory, or in communication with any other system components. In the emulator, the sample can infect, and delete files, replicate, connect to IRC servers    and URLs, send emails, set up listening ports, or most     any other function imaginable on a real system.

As the emulator simulates the threat, either automatically with Analyzer G2, or controlled by the    Malware Debugger PRO’s debug interface,    behavior is intercepted and converted to forensic intelligence.    Once analysis is complete, the analyst has a map of the damage the threat would cause when allowed to run wild on an unprotected machine.