Wininit.exe starts key background processes within Session 0.
It starts the Service Control Manager (
services.exe), the Local Security
Authority process (
lsaiso.exe for systems with Credential
Guard enabled. Note that prior to Windows 10, the Local Session Manager
lsm.exe) was also started by wininit.exe. As of Windows 10, that
functionality has moved to a service DLL (
lsm.dll) hosted by
Executable’s image path.
A process which spawned the analyzed process.
Created by an instance of `smss.exe` that exits, so tools usually do not provide the parent process name
Expected number of processes running which may normally run on Windows.
Windows account with which the process was launched. This defines what privileges given process has.
Expected time of process to be launched.
Within seconds of boot time