Conduit.Environment.dll

Description: Conduit.Environment [v10.98]

Authors: ©Microsoft Corporation. All rights reserved.

Version: 10.98.2504.14002

Architecture: 64-bit

Operating System: Windows

SHA256: 7553170a84923ec080401f62b45e99fb

File Size: 523.3 KB

Uploaded At: Dec. 3, 2025, 2:41 a.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • BrokerLauncher_Create (Ordinal: 1, Address: 0x1930)
  • BrokerLauncher_DefaultConstruct (Ordinal: 2, Address: 0x1790)
  • BrokerLauncher_Destroy (Ordinal: 3, Address: 0x1ad0)
  • BrokerLauncher_LaunchBrokerAsync (Ordinal: 4, Address: 0x1c50)
  • CallCollectionDeleter (Ordinal: 5, Address: 0x2adf0)
  • CallWideStringDeleter (Ordinal: 6, Address: 0x2ae10)
  • ComputeSystem_ContainsCurrentProcess (Ordinal: 7, Address: 0x8370)
  • ComputeSystem_Create (Ordinal: 8, Address: 0x7dc0)
  • ComputeSystem_Destroy (Ordinal: 9, Address: 0x7f70)
  • ComputeSystem_GetConnectionAddress (Ordinal: 10, Address: 0x85b0)
  • ComputeSystem_GetCredentialManager (Ordinal: 11, Address: 0x8240)
  • ComputeSystem_GetHvSocketAddress (Ordinal: 12, Address: 0x8400)
  • ComputeSystem_GetProcessFactory (Ordinal: 13, Address: 0x7fe0)
  • ComputeSystem_GetUserManager (Ordinal: 14, Address: 0x8110)
  • ConsoleOutputReader_Destroy (Ordinal: 15, Address: 0xa3e0)
  • ConsoleOutputReader_Read (Ordinal: 16, Address: 0xa480)
  • ConsoleOutputReader_ReadAsync (Ordinal: 17, Address: 0xa5f0)
  • ConsoleOutputReader_ReadLineUtf16 (Ordinal: 18, Address: 0xb200)
  • ConsoleOutputReader_ReadLineUtf16Async (Ordinal: 19, Address: 0xb400)
  • ConsoleOutputReader_ReadLineUtf8 (Ordinal: 20, Address: 0xa7e0)
  • ConsoleOutputReader_ReadLineUtf8Async (Ordinal: 21, Address: 0xa9d0)
  • ConsoleOutputReader_ReadToEndUtf16 (Ordinal: 22, Address: 0xb710)
  • ConsoleOutputReader_ReadToEndUtf16Async (Ordinal: 23, Address: 0xb8f0)
  • ConsoleOutputReader_ReadToEndUtf8 (Ordinal: 24, Address: 0xace0)
  • ConsoleOutputReader_ReadToEndUtf8Async (Ordinal: 25, Address: 0xaef0)
  • ConvertErrorMessageToErrorInfo (Ordinal: 26, Address: 0x2ad10)
  • CredentialManager_Create (Ordinal: 27, Address: 0x136e0)
  • CredentialManager_DeleteCredential (Ordinal: 28, Address: 0x13a90)
  • CredentialManager_Destroy (Ordinal: 29, Address: 0x138a0)
  • CredentialManager_ReadCredential (Ordinal: 30, Address: 0x13910)
  • CredentialManager_WriteCredential (Ordinal: 31, Address: 0x139f0)
  • EnvironmentBroker_GetServerRpcIfHandle (Ordinal: 32, Address: 0x18750)
  • LoggedInUser_Destroy (Ordinal: 33, Address: 0x2a4d0)
  • LoggedInUser_GetSessionId (Ordinal: 34, Address: 0x2a7d0)
  • LoggedInUser_GetUserToken (Ordinal: 35, Address: 0x2a540)
  • ProcessFactory_Create (Ordinal: 36, Address: 0x2b7c0)
  • ProcessFactory_Destroy (Ordinal: 37, Address: 0x2b980)
  • ProcessFactory_LaunchProcessAsSystem (Ordinal: 38, Address: 0x2b9f0)
  • ProcessFactory_LaunchProcessAsSystemWithProcessStartInfo (Ordinal: 39, Address: 0x2bae0)
  • ProcessFactory_LaunchProcessAsUser (Ordinal: 40, Address: 0x2bb90)
  • ProcessFactory_LaunchProcessAsUserWithProcessStartInfo (Ordinal: 41, Address: 0x2bcb0)
  • ProcessStartInfo_Create (Ordinal: 42, Address: 0x2e5f0)
  • ProcessStartInfo_Destroy (Ordinal: 43, Address: 0x2e7a0)
  • ProcessStartInfo_GetArguments (Ordinal: 44, Address: 0x2e960)
  • ProcessStartInfo_GetCreateNoWindow (Ordinal: 45, Address: 0x2ecc0)
  • ProcessStartInfo_GetExecutablePath (Ordinal: 46, Address: 0x2e840)
  • ProcessStartInfo_GetMachineTypeAttribute (Ordinal: 47, Address: 0x2edc0)
  • ProcessStartInfo_GetStandardErrorConfig (Ordinal: 48, Address: 0x2eff0)
  • ProcessStartInfo_GetStandardOutputConfig (Ordinal: 49, Address: 0x2eec0)
  • ProcessStartInfo_GetWindowStyle (Ordinal: 50, Address: 0x2eba0)
  • ProcessStartInfo_GetWorkingDirectory (Ordinal: 51, Address: 0x2ea80)
  • ProcessStartInfo_SetArguments (Ordinal: 52, Address: 0x2e9f0)
  • ProcessStartInfo_SetCreateNoWindow (Ordinal: 53, Address: 0x2ed40)
  • ProcessStartInfo_SetExecutablePath (Ordinal: 54, Address: 0x2e8d0)
  • ProcessStartInfo_SetMachineTypeAttribute (Ordinal: 55, Address: 0x2ee40)
  • ProcessStartInfo_SetStandardErrorConfig (Ordinal: 56, Address: 0x2f070)
  • ProcessStartInfo_SetStandardOutputConfig (Ordinal: 57, Address: 0x2ef40)
  • ProcessStartInfo_SetWindowStyle (Ordinal: 58, Address: 0x2ec20)
  • ProcessStartInfo_SetWorkingDirectory (Ordinal: 59, Address: 0x2eb10)
  • Process_Destroy (Ordinal: 60, Address: 0x2afb0)
  • Process_GetExitCode (Ordinal: 61, Address: 0x2b290)
  • Process_GetProcessId (Ordinal: 62, Address: 0x2b030)
  • Process_GetRawWin32Handle (Ordinal: 63, Address: 0x2b560)
  • Process_GetSessionId (Ordinal: 64, Address: 0x2b0d0)
  • Process_GetStandardError (Ordinal: 65, Address: 0x2b490)
  • Process_GetStandardOutput (Ordinal: 66, Address: 0x2b3c0)
  • Process_Terminate (Ordinal: 67, Address: 0x2b330)
  • Process_WaitForExit (Ordinal: 68, Address: 0x2b170)
  • Process_WaitForExitWithTimeout (Ordinal: 69, Address: 0x2b1f0)
  • Session_Destroy (Ordinal: 70, Address: 0x2f2b0)
  • Session_GetDomainName (Ordinal: 71, Address: 0x2f4d0)
  • Session_GetSessionId (Ordinal: 72, Address: 0x2f330)
  • Session_GetSessionName (Ordinal: 73, Address: 0x2f3b0)
  • Session_GetSessionUserToken (Ordinal: 74, Address: 0x2f5f0)
  • Session_GetUserName (Ordinal: 75, Address: 0x2f440)
  • Session_IsActive (Ordinal: 76, Address: 0x2f560)
  • UserManager_Create (Ordinal: 77, Address: 0x2f840)
  • UserManager_Destroy (Ordinal: 78, Address: 0x2fa00)
  • UserManager_GetLoggedInUsers (Ordinal: 79, Address: 0x2fc00)
  • UserManager_GetSessions (Ordinal: 80, Address: 0x2fa70)
  • UserManager_IsUserEnumerationAvailable (Ordinal: 81, Address: 0x2fd90)
  • UserManager_SupportsMultipleSessions (Ordinal: 82, Address: 0x2fe40)
  • UserToken_Destroy (Ordinal: 83, Address: 0x30c80)
  • UserToken_EnableUIAccess (Ordinal: 84, Address: 0x30d00)
  • UserToken_ExpandEnvironmentVariablesForUser (Ordinal: 85, Address: 0x31130)
  • UserToken_GetLinkedToken (Ordinal: 86, Address: 0x31090)
  • UserToken_GetUserSid (Ordinal: 87, Address: 0x31210)
  • UserToken_HasLinkedElevatedToken (Ordinal: 88, Address: 0x30ff0)
  • UserToken_IsElevated (Ordinal: 89, Address: 0x30e10)
  • UserToken_IsMemberOfGroup (Ordinal: 90, Address: 0x30eb0)
  • UserToken_IsSameUserAs (Ordinal: 91, Address: 0x30f50)
  • UserToken_SetIntegrityLevel (Ordinal: 92, Address: 0x30d80)

Imported DLLs & Functions

ADVAPI32.dll
  • AdjustTokenPrivileges (Address: 0x180051018)
  • AllocateAndInitializeSid (Address: 0x1800510c0)
  • CheckTokenMembership (Address: 0x180051090)
  • CopySid (Address: 0x180051078)
  • CreateProcessAsUserW (Address: 0x180051048)
  • CreateWellKnownSid (Address: 0x180051008)
  • CredDeleteW (Address: 0x180051070)
  • CredFree (Address: 0x180051058)
  • CredReadW (Address: 0x180051060)
  • CredWriteW (Address: 0x180051068)
  • DuplicateTokenEx (Address: 0x1800510a0)
  • EqualSid (Address: 0x180051088)
  • EventActivityIdControl (Address: 0x180051098)
  • EventRegister (Address: 0x180051038)
  • EventUnregister (Address: 0x180051030)
  • EventWriteTransfer (Address: 0x180051000)
  • FreeSid (Address: 0x1800510c8)
  • GetLengthSid (Address: 0x180051080)
  • GetSidSubAuthorityCount (Address: 0x1800510b8)
  • GetTokenInformation (Address: 0x1800510a8)
  • ImpersonateSelf (Address: 0x180051028)
  • LookupPrivilegeValueW (Address: 0x180051010)
  • OpenProcessToken (Address: 0x180051050)
  • OpenThreadToken (Address: 0x180051040)
  • RevertToSelf (Address: 0x180051020)
  • SetTokenInformation (Address: 0x1800510b0)
api-ms-win-crt-heap-l1-1-0.dll
  • _callnewh (Address: 0x1800515c0)
  • calloc (Address: 0x1800515c8)
  • free (Address: 0x1800515d8)
  • malloc (Address: 0x1800515d0)
api-ms-win-crt-locale-l1-1-0.dll
  • ___lc_codepage_func (Address: 0x180051620)
  • ___lc_locale_name_func (Address: 0x1800515e8)
  • ___mb_cur_max_func (Address: 0x1800515f8)
  • __pctype_func (Address: 0x180051610)
  • _lock_locales (Address: 0x180051618)
  • _unlock_locales (Address: 0x180051600)
  • localeconv (Address: 0x1800515f0)
  • setlocale (Address: 0x180051608)
api-ms-win-crt-math-l1-1-0.dll
  • _dsign (Address: 0x180051630)
api-ms-win-crt-runtime-l1-1-0.dll
  • _cexit (Address: 0x180051648)
  • _configure_narrow_argv (Address: 0x180051680)
  • _crt_atexit (Address: 0x180051658)
  • _errno (Address: 0x1800516a8)
  • _execute_onexit_table (Address: 0x180051660)
  • _initialize_narrow_environment (Address: 0x180051678)
  • _initialize_onexit_table (Address: 0x180051670)
  • _initterm (Address: 0x1800516a0)
  • _initterm_e (Address: 0x180051650)
  • _invalid_parameter_noinfo (Address: 0x180051698)
  • _invalid_parameter_noinfo_noreturn (Address: 0x180051640)
  • _register_onexit_function (Address: 0x180051668)
  • _seh_filter_dll (Address: 0x180051688)
  • abort (Address: 0x1800516b0)
  • terminate (Address: 0x180051690)
api-ms-win-crt-stdio-l1-1-0.dll
  • __stdio_common_vsprintf (Address: 0x1800516d8)
  • __stdio_common_vsprintf_s (Address: 0x1800516d0)
  • __stdio_common_vswprintf (Address: 0x1800516c8)
  • __stdio_common_vswprintf_s (Address: 0x1800516c0)
api-ms-win-crt-string-l1-1-0.dll
  • _stricmp (Address: 0x180051718)
  • isalnum (Address: 0x180051708)
  • isspace (Address: 0x180051700)
  • strcpy_s (Address: 0x180051720)
  • strncpy_s (Address: 0x180051710)
  • wcscpy_s (Address: 0x1800516f8)
  • wcsncmp (Address: 0x1800516f0)
  • wcsncpy_s (Address: 0x1800516e8)
Conduit.Broker.dll
  • BrokerConnector_CreateBrokerRpcConnectionAsync (Address: 0x180051140)
  • BrokerConnector_Destroy (Address: 0x180051158)
  • BrokerConnector_GetConnectionString (Address: 0x180051148)
  • BrokerManager_DefaultConstruct (Address: 0x180051110)
  • BrokerManager_Destroy (Address: 0x180051118)
  • BrokerManager_GetConnectedClient (Address: 0x180051108)
  • BrokerManagerClient_Create (Address: 0x1800510f0)
  • BrokerManagerClient_CreateBrokerRpcConnection (Address: 0x1800510d8)
  • BrokerManagerClient_CreateNewReference (Address: 0x180051138)
  • BrokerManagerClient_Destroy (Address: 0x180051180)
  • BrokerManagerClient_GetServerAddress (Address: 0x180051128)
  • BrokerManagerClient_MapPath (Address: 0x180051120)
  • BrokerManagerClient_PrepareForExternalBrokerLaunch (Address: 0x180051130)
  • BrokerManagerClient_RepresentsLocalComputeSystem (Address: 0x1800510e8)
  • BrokerRpcConnection_Destroy (Address: 0x180051188)
  • BrokerRpcConnection_GetConnectionAddress (Address: 0x180051168)
  • BrokerRpcConnection_GetConnectionAddressToBrokerManagerFromBroker (Address: 0x180051160)
  • BrokerRpcConnection_GetHvSocketAddress (Address: 0x1800510f8)
  • BrokerRpcConnection_GetRpcBindingHandle (Address: 0x1800510e0)
  • BrokerRpcConnection_IsConnectedToSameBroker (Address: 0x180051100)
  • ConnectionAddress_CreateHvSocketAddress (Address: 0x180051198)
  • ConnectionAddress_CreateLocalAddress (Address: 0x180051190)
  • ConnectionAddress_Destroy (Address: 0x180051150)
  • ConnectionAddress_GetAddressType (Address: 0x180051178)
  • ConnectionAddress_GetHvSocketAddress (Address: 0x180051170)
KERNEL32.dll
  • AcquireSRWLockExclusive (Address: 0x180051428)
  • AcquireSRWLockShared (Address: 0x180051468)
  • AreFileApisANSI (Address: 0x180051300)
  • CancelSynchronousIo (Address: 0x1800511d8)
  • CloseHandle (Address: 0x180051390)
  • CloseThreadpoolCleanupGroup (Address: 0x1800513c8)
  • CloseThreadpoolCleanupGroupMembers (Address: 0x1800513d8)
  • CloseThreadpoolWait (Address: 0x180051498)
  • CloseThreadpoolWork (Address: 0x1800513a8)
  • CreateFileW (Address: 0x180051408)
  • CreatePipe (Address: 0x180051210)
  • CreateProcessW (Address: 0x180051380)
  • CreateThread (Address: 0x180051320)
  • CreateThreadpoolCleanupGroup (Address: 0x1800513e0)
  • CreateThreadpoolWait (Address: 0x180051490)
  • CreateThreadpoolWork (Address: 0x1800513c0)
  • DecodePointer (Address: 0x1800513e8)
  • DeleteCriticalSection (Address: 0x1800513f0)
  • DeleteProcThreadAttributeList (Address: 0x180051378)
  • DisassociateCurrentThreadFromCallback (Address: 0x1800514b0)
  • DuplicateHandle (Address: 0x1800511f8)
  • EncodePointer (Address: 0x1800512b8)
  • EnterCriticalSection (Address: 0x1800512c8)
  • FindClose (Address: 0x180051458)
  • FindFirstFileW (Address: 0x180051450)
  • FormatMessageA (Address: 0x1800514c8)
  • FreeLibrary (Address: 0x180051330)
  • FreeLibraryAndExitThread (Address: 0x180051250)
  • GetCurrentProcess (Address: 0x180051200)
  • GetCurrentProcessId (Address: 0x180051270)
  • GetCurrentThread (Address: 0x180051208)
  • GetCurrentThreadId (Address: 0x1800514b8)
  • GetExitCodeProcess (Address: 0x180051230)
  • GetFileAttributesExW (Address: 0x180051440)
  • GetFileInformationByHandleEx (Address: 0x1800512f8)
  • GetLastError (Address: 0x180051398)
  • GetLocaleInfoEx (Address: 0x1800514d0)
  • GetModuleFileNameW (Address: 0x180051318)
  • GetModuleHandleA (Address: 0x1800511e0)
  • GetModuleHandleExW (Address: 0x180051388)
  • GetModuleHandleW (Address: 0x1800513f8)
  • GetProcAddress (Address: 0x180051368)
  • GetProcessHeap (Address: 0x180051350)
  • GetProcessId (Address: 0x180051220)
  • GetStdHandle (Address: 0x180051358)
  • GetSystemInfo (Address: 0x180051430)
  • GetSystemTimeAsFileTime (Address: 0x1800512d0)
  • GetTickCount64 (Address: 0x180051460)
  • GetVersion (Address: 0x1800511e8)
  • HeapAlloc (Address: 0x180051348)
  • HeapFree (Address: 0x180051340)
  • InitializeCriticalSectionAndSpinCount (Address: 0x180051248)
  • InitializeCriticalSectionEx (Address: 0x180051240)
  • InitializeProcThreadAttributeList (Address: 0x180051360)
  • InitializeSListHead (Address: 0x1800512b0)
  • InitOnceBeginInitialize (Address: 0x1800512d8)
  • InitOnceComplete (Address: 0x1800512e0)
  • InterlockedFlushSList (Address: 0x180051260)
  • IsDebuggerPresent (Address: 0x180051278)
  • IsProcessorFeaturePresent (Address: 0x180051280)
  • LeaveCriticalSection (Address: 0x1800512c0)
  • LoadLibraryExA (Address: 0x180051418)
  • LoadLibraryExW (Address: 0x180051338)
  • LocalFree (Address: 0x1800513d0)
  • MultiByteToWideChar (Address: 0x180051308)
  • OpenProcess (Address: 0x180051328)
  • ProcessIdToSessionId (Address: 0x180051228)
  • QueryPerformanceCounter (Address: 0x1800512f0)
  • QueryPerformanceFrequency (Address: 0x1800512e8)
  • RaiseException (Address: 0x180051400)
  • ReadFile (Address: 0x1800511d0)
  • ReleaseSRWLockExclusive (Address: 0x180051420)
  • ReleaseSRWLockShared (Address: 0x180051470)
  • RtlCaptureContext (Address: 0x1800512a8)
  • RtlLookupFunctionEntry (Address: 0x1800512a0)
  • RtlPcToFileHeader (Address: 0x180051258)
  • RtlUnwindEx (Address: 0x180051268)
  • RtlVirtualUnwind (Address: 0x180051298)
  • SetLastError (Address: 0x1800511f0)
  • SetThreadpoolWait (Address: 0x1800514a0)
  • SetUnhandledExceptionFilter (Address: 0x180051288)
  • SleepConditionVariableSRW (Address: 0x180051478)
  • SleepEx (Address: 0x180051448)
  • SubmitThreadpoolWork (Address: 0x1800513a0)
  • TerminateProcess (Address: 0x180051238)
  • TlsAlloc (Address: 0x1800511a8)
  • TlsFree (Address: 0x1800511c0)
  • TlsGetValue (Address: 0x1800511b0)
  • TlsSetValue (Address: 0x1800511b8)
  • TryAcquireSRWLockExclusive (Address: 0x1800514c0)
  • UnhandledExceptionFilter (Address: 0x180051290)
  • UpdateProcThreadAttribute (Address: 0x180051370)
  • VerifyVersionInfoW (Address: 0x1800513b8)
  • VerSetConditionMask (Address: 0x1800513b0)
  • VirtualProtect (Address: 0x180051410)
  • VirtualQuery (Address: 0x180051438)
  • WaitForSingleObject (Address: 0x180051218)
  • WaitForThreadpoolWaitCallbacks (Address: 0x1800514a8)
  • WaitForThreadpoolWorkCallbacks (Address: 0x1800511c8)
  • WakeAllConditionVariable (Address: 0x180051480)
  • WakeConditionVariable (Address: 0x180051488)
  • WideCharToMultiByte (Address: 0x180051310)
ntdll.dll
  • RtlAnsiStringToUnicodeString (Address: 0x180051730)
  • RtlFreeUnicodeString (Address: 0x180051738)
  • RtlInitAnsiString (Address: 0x180051740)
OLEAUT32.dll
  • SysAllocString (Address: 0x1800514e0)
RPCRT4.dll
  • Ndr64AsyncClientCall (Address: 0x180051580)
  • Ndr64AsyncServerCallAll (Address: 0x180051558)
  • NdrAsyncServerCall (Address: 0x180051560)
  • NdrClientCall3 (Address: 0x180051588)
  • NdrServerCall2 (Address: 0x180051568)
  • NdrServerCallAll (Address: 0x180051590)
  • RpcAsyncCancelCall (Address: 0x180051528)
  • RpcAsyncCompleteCall (Address: 0x180051530)
  • RpcAsyncInitializeHandle (Address: 0x180051520)
  • RpcBindingToStringBindingW (Address: 0x180051508)
  • RpcErrorEndEnumeration (Address: 0x180051548)
  • RpcErrorGetNextRecord (Address: 0x180051538)
  • RpcErrorStartEnumeration (Address: 0x180051540)
  • RpcExceptionFilter (Address: 0x180051578)
  • RpcServerInqBindingHandle (Address: 0x1800514f0)
  • RpcServerInqCallAttributesW (Address: 0x1800514f8)
  • RpcServerSubscribeForNotification (Address: 0x180051518)
  • RpcServerUnsubscribeForNotification (Address: 0x180051570)
  • RpcSsDestroyClientContext (Address: 0x180051550)
  • RpcStringBindingParseW (Address: 0x180051500)
  • RpcStringFreeW (Address: 0x180051510)
USERENV.dll
  • CreateEnvironmentBlock (Address: 0x1800515a8)
  • DestroyEnvironmentBlock (Address: 0x1800515a0)
  • ExpandEnvironmentStringsForUserW (Address: 0x1800515b0)