AppUserModule fills user information from the PID of an application
Details
On Linux, it uses the /proc/\OpenProcessToken, GetTokenInformation and LookupAccountSidW.
On windows, even if the agent is run as administrator, it may not have the required privileges to scan some processes like wininit.exe, services.exe.