File details
File name: powershell.exe
Name: Windows PowerShell
Description: Microsoft® Windows® Operating System
Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product version: 6.1.7600.16385
Size: 442 KB
Original file name: PowerShell.EXE.MUI
Windows file protection:
Yes
Resource utilization
 | CPU utilization averages |
Total CPU: 0.0018486141%
Privileged CPU:
0.0006533108%

User CPU:
0.00119530330456%

Privileged CPU time: 358.8 ms
Privileged CPU time /min: 3 ms
CPU cycle count:
601,455,864
CPU cycle count /min: 40,176,467
 | Memory utilization averages |
Committed memory:
181.35 MB
Peak committed memory: 193.23 MB
Paged memory:
22 MB
Peak paged memory: 23.88 MB
Paged system memory:
272.9 KB
Non-paged system memory: 34.97 KB
Working set memory:
25.21 MB
Peak working set memory: 25.35 MB
Min working set memory: 15.97 MB
Private memory:
22 MB
Page faults:
14,405
Page faults /min: 118
 | Process I/O averages |
Total read operations:
54
Read operations /min: 1
Total read transfer: 738.15 KB
Read transfer /min: 6.06 KB
Total write operations:
31
Write operations /min: 1
Total write transfer: 508.78 KB
Write transfer /min: 4.17 KB
Total other operations:
4,680
Other operations /min: 38
Total other transfer: 653.78 KB
Other Transfer /min: 5.36 KB
Resources
Handle count average: 464
Thread count average: 12
Thread resource averages
Total CPU: 0.005916010342%
Privileged CPU: 0.005617690057%
User CPU: 0.000298320285%
CPU Cycle count /sec: 272,032
Context switches /sec: 2
Module memory size: 328 KB
ntdll.dll

Total CPU: 0.002293513800%
Privileged CPU: 0.002293513800%
User CPU: 0.000000000000%
CPU Cycle count /sec: 73,656
Context switches /sec: 1
Module memory size: 1.67 MB
Process details
Runs as (owner): User
Integrety level: System
Windows platform: 64-bit
Runs as a service: Yes
Process Command
powershell.exe -InputFormat None -NoProfile -NoLogo -Command "& {$vpns = @('ok^'); Get-WmiObject Win32_SystemDriver -Filter \"DisplayName like 'TAP-Win%'\" | ForEach-Object {$vpns += 'OpenVPN'}; if (@([System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties().GetActiveTcpConnections() | Where-Object {$_.RemoteEndPoint.Port -eq 1723}).Count) {$vpns += 'PPTP'} if (@([System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties().GetActiveUDPListeners() | Where-Object {
Image hashes
MD5: 92f44e405db16ac55d97e3bfe3b132fa
SHA-1: 04c5d2b4da9a0f3fa8a45702d4256cee42d8c48d
PE image details
File packed: No