The main console controls the agent deployment and response process as well as the reporting dashboards, but heavy lifting is done in the Infocyte cloud. That includes hash and DNS lookups, comparing results with outside threat feeds and even sandboxing. Plus, unknown executables can be submitted to Infocyte for analysis. The default scan looks at everything within the detection capabilities of HUNT including processes, modules, drivers, memory scanning, account information, network connections and hooks.