lsass.exe
Local Security Authority Process by Microsoft Corporation (Signed)
| Version: | 5.1.2600.5512 (xpsp.080413-2113) | 
| MD5: | ff1805d5daf41625af5282750d4a3700 | 
| SHA1: | 8d5740626e8fe493fa9a2d5ddba4547a88c48da1 | 
| SHA256: | e4ee950a8fe3da7f486459d30bd2f9eb06d96b188bd6b9ba505e465625f74a2d | 
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is lsass.exe?
Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.
Overview
lsass.exe runs as a service under the name Titkosított fájlrendszer (EFS) (KeyIso) within the local user context as a shared service. The file is digitally signed by Microsoft Corporation. This version is installed on Windows XP and is compiled as a 32 bit program.
 Details
Details
| File name: | lsass.exe | 
| Publisher: | Microsoft Corporation | 
| Product name: | Local Security Authority Process | 
| Description: | Microsoft® Windows® Operating System | 
| Typical file path: | C:\Windows\System32\lsass.exe | 
| File version: | 5.1.2600.5512 (xpsp.080413-2113) | 
| Product version: | 5.1.2600.5512 | 
| Size: | 13 KB (13,312 bytes) | 
| Certificate | 
| Issued to: | Microsoft Corporation | 
| Authority (CA): | Microsoft Corporation | 
| Expiration date: | Friday, June 13, 2014 | 
| Digital DNA | 
| Entropy: | 5.983062 | 
| File packed: | No | 
| Code language: | Microsoft Visual C++ | 
| .NET CLR: | No | 
More details
 Behaviors
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
Network connections
[UDP] listens on port 4500
 Resource utilization
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
| CPU | 
| Total CPU: | 0.00089140% |  | 
| Kernel CPU: | 0.00040964% |  | 
| User CPU: | 0.00048176% |  | 
| Kernel CPU time: | 36,875 ms/min |  | 
| Context switches: | 1/sec |  | 
| Memory | 
| Private memory: | 5.34 MB |  | 
| Private (maximum): | 7.65 MB |  | 
| Private (minimum): | 546 KB |  | 
| Non-paged memory: | 5.34 MB |  | 
| Virtual memory: | 45.23 MB |  | 
| Virtual memory (peak): | 46.98 MB |  | 
| Working set: | 2.19 MB |  | 
| Working set (peak): | 7.65 MB |  | 
| Page faults: | 93,397/min |  | 
| I/O | 
| I/O read transfer: | 1.63 KB/sec |  | 
| I/O read operations: | 18/sec |  | 
| I/O write transfer: | 1.76 KB/sec |  | 
| I/O write operations: | 16/sec |  | 
| I/O other transfer: | 566 Bytes/sec |  | 
| I/O other operations: | 54/sec |  | 
| Resource allocations | 
| Threads: | 21 |  | 
| Handles: | 410 |  | 
| GUI GDI count: | 5 |  | 
| GUI USER count: | 2 |  | 
 
 Process properties
Process properties
| Integrety level: | Undefined | 
| Platform: | 32-bit | 
| Command line: | C:\Windows\System32\lsass.exe | 
| Owner: | User | 
| Windows Service | 
| Service name: | KeyIso | 
| Display name: | Titkosított fájlrendszer (EFS) | 
| Description: | “Durch den Start dieses Diensts wird anderen Diensten signalisiert, dass die Sicherheitskontenverwaltung (SAM) bereit ist, Anforderungen anzunehmen. Wenn Sie diesen Dienst deaktivieren, wird verhindert, dass andere Dienste im System benachrichtigt werden, wenn die Sicherheitskontenverwaltung bereit ist. Dies kann wiederum dazu führen, dass diese Dienste nicht korrekt gestartet werden. Dieser Dienst” | 
| Type: | Win32ShareProcess | 
| Parent process: | winlogon.exe (by Microsoft) | 
 Distribution by Windows OS
Distribution by Windows OS
| OS version | distribution | 
| Windows 8.1 | 34.50% |  | 
| Windows 8.1 Pro | 27.00% |  | 
| Windows 8.1 Single Language | 12.00% |  | 
| Windows 7 Ultimate | 10.50% |  | 
| Windows 7 Home Premium | 7.00% |  | 
| Windows 8.1 Pro with Media Center | 3.00% |  | 
| Windows 8.1 N | 3.00% |  | 
| Windows 8.1 Enterprise Evaluation | 3.00% |  | 
 Distribution by country
Distribution by country
United States installs about 39.50% of Local Security Authority Process.
 Distribution by PC manufacturer
Distribution by PC manufacturer
| PC Manufacturer | distribution | 
| ASUS | 30.23% |  | 
| Dell | 24.03% |  | 
| Acer | 17.83% |  | 
| Lenovo | 13.95% |  | 
| Hewlett-Packard | 6.98% |  | 
| Toshiba | 4.65% |  | 
| Alienware | 2.33% |  |