lsass.exe
Local Security Authority Process by Microsoft Corporation (Signed)
Version: | 6.0.6000.16386 (vista_rtm.061101-2205) |
MD5: | d09a5da84b7c9ca9b02ebcd7fae41c8d |
SHA1: | 24305bcd2df47c03fe57be10752452d47571b204 |
SHA256: | 6b30679b97388ee0a97569a83eb04aff2a12b542b9e33d831508bfa3e8271da2 |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is lsass.exe?
Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.
Overview
lsass.exe runs as a service under the name Titkosított fájlrendszer (EFS) (KeyIso) with extensive SYSTEM privileges (full administrator access) as a shared service. The file is digitally signed by Microsoft Corporation. This version is designed to run on Windows Vista and is compiled as a 32 bit program.
Details
File name: | lsass.exe |
Publisher: | Microsoft Corporation |
Product name: | Local Security Authority Process |
Description: | Microsoft® Windows® Operating System |
Typical file path: | C:\Windows\System32\lsass.exe |
File version: | 6.0.6000.16386 (vista_rtm.061101-2205) |
Product version: | 6.0.6000.16386 |
Size: | 7.5 KB (7,680 bytes) |
Certificate |
Issued to: | Microsoft Corporation |
Authority (CA): | Microsoft Corporation |
Expiration date: | Friday, June 13, 2014 |
Digital DNA |
Entropy: | 5.983062 |
File packed: | No |
Code language: | Microsoft Visual C++ |
.NET CLR: | No |
More details
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00303984% | |
Kernel CPU: | 0.00141894% | |
User CPU: | 0.00162090% | |
Kernel CPU time: | 130,822 ms/min | |
CPU cycles: | 6,428,920/sec | |
Memory |
Private memory: | 3.59 MB | |
Private (maximum): | 7.61 MB | |
Private (minimum): | 2.53 MB | |
Non-paged memory: | 3.59 MB | |
Virtual memory: | 47.53 MB | |
Virtual memory (peak): | 49.28 MB | |
Working set: | 3.11 MB | |
Working set (peak): | 8.17 MB | |
Page faults: | 6,511/min | |
I/O |
I/O read transfer: | 156.38 KB/sec | |
I/O read operations: | 2,128/sec | |
I/O write transfer: | 120.56 KB/sec | |
I/O write operations: | 1,853/sec | |
I/O other transfer: | 5.17 KB/sec | |
I/O other operations: | 4,037/sec | |
Resource allocations |
Threads: | 11 | |
Handles: | 638 | |
Process properties
Integrety level: | System |
Platform: | 32-bit |
Command line: | C:\Windows\System32\lsass.exe |
Owner: | SYSTEM |
Windows Service |
Service name: | KeyIso |
Display name: | Titkosított fájlrendszer (EFS) |
Description: | “Durch den Start dieses Diensts wird anderen Diensten signalisiert, dass die Sicherheitskontenverwaltung (SAM) bereit ist, Anforderungen anzunehmen. Wenn Sie diesen Dienst deaktivieren, wird verhindert, dass andere Dienste im System benachrichtigt werden, wenn die Sicherheitskontenverwaltung bereit ist. Dies kann wiederum dazu führen, dass diese Dienste nicht korrekt gestartet werden. Dieser Dienst” |
Type: | Win32ShareProcess |
Parent process: | wininit.exe (Windows Start-Up Application by Microsoft) |
Threads
Averages
RPCRT4.dll |
Total CPU: | 0.23404939% | |
Kernel CPU: | 0.19559060% | |
User CPU: | 0.03845879% | |
CPU cycles: | 4,708,542/sec | |
Memory: | 780 KB | |
LSASRV.dll |
Total CPU: | 0.00294440% | |
Kernel CPU: | 0.00260329% | |
User CPU: | 0.00034112% | |
CPU cycles: | 61,744/sec | |
Memory: | 1.19 MB | |
Distribution by Windows OS
OS version | distribution |
Windows 8.1 |
34.50% |
|
Windows 8.1 Pro |
27.00% |
|
Windows 8.1 Single Language |
12.00% |
|
Windows 7 Ultimate |
10.50% |
|
Windows 7 Home Premium |
7.00% |
|
Windows 8.1 Pro with Media Center |
3.00% |
|
Windows 8.1 N |
3.00% |
|
Windows 8.1 Enterprise Evaluation |
3.00% |
|
Distribution by country
United States installs about 39.50% of Local Security Authority Process.
Distribution by PC manufacturer
PC Manufacturer | distribution |
ASUS |
30.23% |
|
Dell |
24.03% |
|
Acer |
17.83% |
|
Lenovo |
13.95% |
|
Hewlett-Packard |
6.98% |
|
Toshiba |
4.65% |
|
Alienware |
2.33% |
|