.. / System

Star

• Image Path: N/A
• Parent Process: None
• Number of Instances: 1
• User Account: SYSTEM
• Start Time: Boot time

The System process responsible for most kernel-mode threads. Modules run under System are primarily drivers (.sys files), but also include several important DLLs as well as the kernel executable, ntoskrnl.exe

Image Path

Executable’s image path.

N/A for system.exe - Not generated from an executable image

Parent Process

A process which spawned the analyzed process.

None

Number of Instances

Expected number of processes running which may normally run on Windows.

One

User Account

Windows account with which the process was launched. This defines what privileges given process has.

Local System

Start Time

Expected time of process to be launched.

At boot time