lsass.exe
Local Security Authority Process by Microsoft Corporation (Signed)
Version: | 5.1.2600.5512 (xpsp.080413-2113) |
MD5: | 4e09c68586cf236b9853fc7f93f69c62 |
SHA1: | 7e9ae776d0e0ae457db62ebdb0920bffa546af19 |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is lsass.exe?
Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.
Overview
lsass.exe runs as a service under the name Titkosított fájlrendszer (EFS) (KeyIso) with extensive SYSTEM privileges (full administrator access) as a shared service. The file is digitally signed by Microsoft Corporation. This version is installed on Windows XP and is compiled as a 32 bit program.
Details
File name: | lsass.exe |
Publisher: | Microsoft Corporation |
Product name: | Local Security Authority Process |
Description: | Microsoft® Windows® Operating System |
Typical file path: | C:\Windows\System32\lsass.exe |
File version: | 5.1.2600.5512 (xpsp.080413-2113) |
Product version: | 5.1.2600.5512 |
Size: | 13 KB (13,312 bytes) |
Build date: | 4/14/2008 2:31 AM |
Certificate |
Issued to: | Microsoft Corporation |
Authority (CA): | Microsoft Corporation |
Expiration date: | Friday, June 13, 2014 |
Digital DNA |
Entropy: | 5.983062 |
File packed: | No |
Code language: | Microsoft Visual C++ |
.NET CLR: | No |
More details
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
Network connections
[UDP] listens on port 4500
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00176900% | |
Kernel CPU: | 0.00076711% | |
User CPU: | 0.00100188% | |
Kernel CPU time: | 8,563 ms/min | |
Context switches: | 36/sec | |
Memory |
Private memory: | 4.34 MB | |
Private (maximum): | 6.71 MB | |
Private (minimum): | 560 KB | |
Non-paged memory: | 4.34 MB | |
Virtual memory: | 42.65 MB | |
Virtual memory (peak): | 44.33 MB | |
Working set: | 1.91 MB | |
Working set (peak): | 6.71 MB | |
Resource allocations |
Threads: | 21 | |
Handles: | 382 | |
GUI GDI count: | 4 | |
GUI USER count: | 2 | |
Process properties
Integrety level: | Undefined |
Platform: | 32-bit |
Command line: | C:\Windows\System32\lsass.exe |
Owner: | SYSTEM |
Windows Service |
Service name: | KeyIso |
Display name: | Titkosított fájlrendszer (EFS) |
Description: | “Durch den Start dieses Diensts wird anderen Diensten signalisiert, dass die Sicherheitskontenverwaltung (SAM) bereit ist, Anforderungen anzunehmen. Wenn Sie diesen Dienst deaktivieren, wird verhindert, dass andere Dienste im System benachrichtigt werden, wenn die Sicherheitskontenverwaltung bereit ist. Dies kann wiederum dazu führen, dass diese Dienste nicht korrekt gestartet werden. Dieser Dienst” |
Type: | Win32ShareProcess |
Parent process: | winlogon.exe (Microsoft Windows Operating System by Microsoft) |
Threads
Averages
RPCRT4.dll |
Total CPU: | 0.01283595% | |
Kernel CPU: | 0.00942440% | |
User CPU: | 0.00341155% | |
Context switches: | 5/sec | |
Memory: | 588 KB | |
ntdll.dll |
Total CPU: | 0.00127933% | |
Kernel CPU: | 0.00017058% | |
User CPU: | 0.00110875% | |
Memory: | 604 KB | |
ADVAPI32.dll |
Total CPU: | 0.00017059% | |
Kernel CPU: | 0.00004265% | |
User CPU: | 0.00012794% | |
Memory: | 668 KB | |
msvcrt.dll |
Total CPU: | 0.00004265% | |
Kernel CPU: | 0.00000000% | |
User CPU: | 0.00004265% | |
Context switches: | 1/sec | |
Memory: | 352 KB | |
Distribution by Windows OS
OS version | distribution |
Windows 8.1 |
34.50% |
|
Windows 8.1 Pro |
27.00% |
|
Windows 8.1 Single Language |
12.00% |
|
Windows 7 Ultimate |
10.50% |
|
Windows 7 Home Premium |
7.00% |
|
Windows 8.1 Pro with Media Center |
3.00% |
|
Windows 8.1 N |
3.00% |
|
Windows 8.1 Enterprise Evaluation |
3.00% |
|
Distribution by country
United States installs about 39.50% of Local Security Authority Process.
Distribution by PC manufacturer
PC Manufacturer | distribution |
ASUS |
30.23% |
|
Dell |
24.03% |
|
Acer |
17.83% |
|
Lenovo |
13.95% |
|
Hewlett-Packard |
6.98% |
|
Toshiba |
4.65% |
|
Alienware |
2.33% |
|