conhost.exe
Description: Console Window Host
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.26100.7705
Architecture: 64-bit
Operating System: Windows NT
SHA256: f3dbb469e96320311cd8d6e6ca00dd53
File Size: 988.0 KB
Uploaded At: Feb. 3, 2026, 1:46 a.m.
Views: 30
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
No exported functions.
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x1400b9640)
api-ms-win-core-commandlinetoargv-l1-1-0.dll
- CommandLineToArgvW (Address: 0x1400b9650)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x1400b9670)
- IsDebuggerPresent (Address: 0x1400b9668)
- OutputDebugStringW (Address: 0x1400b9660)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x1400b9680)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x1400b9690)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x1400b96b0)
- SetLastError (Address: 0x1400b96a8)
- SetUnhandledExceptionFilter (Address: 0x1400b96b8)
- UnhandledExceptionFilter (Address: 0x1400b96a0)
api-ms-win-core-file-l1-1-0.dll
- ReadFile (Address: 0x1400b96c8)
- WriteFile (Address: 0x1400b96d0)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1400b96e0)
- DuplicateHandle (Address: 0x1400b96e8)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1400b9708)
- HeapAlloc (Address: 0x1400b9700)
- HeapFree (Address: 0x1400b96f8)
api-ms-win-core-heap-l2-1-0.dll
- GlobalAlloc (Address: 0x1400b9718)
- GlobalFree (Address: 0x1400b9720)
- LocalFree (Address: 0x1400b9728)
api-ms-win-core-heap-obsolete-l1-1-0.dll
- GlobalLock (Address: 0x1400b9748)
- GlobalSize (Address: 0x1400b9740)
- GlobalUnlock (Address: 0x1400b9738)
api-ms-win-core-interlocked-l1-1-0.dll
- InitializeSListHead (Address: 0x1400b9758)
api-ms-win-core-io-l1-1-0.dll
- DeviceIoControl (Address: 0x1400b9768)
api-ms-win-core-io-l1-1-1.dll
- CancelSynchronousIo (Address: 0x1400b9778)
api-ms-win-core-largeinteger-l1-1-0.dll
- MulDiv (Address: 0x1400b9788)
api-ms-win-core-libraryloader-l1-2-0.dll
- FindResourceExW (Address: 0x1400b97e8)
- FreeLibrary (Address: 0x1400b97a0)
- GetModuleFileNameA (Address: 0x1400b97c8)
- GetModuleFileNameW (Address: 0x1400b97a8)
- GetModuleHandleExW (Address: 0x1400b9798)
- GetModuleHandleW (Address: 0x1400b97e0)
- GetProcAddress (Address: 0x1400b97d8)
- LoadLibraryExW (Address: 0x1400b97c0)
- LoadResource (Address: 0x1400b97b8)
- LoadStringW (Address: 0x1400b97d0)
- LockResource (Address: 0x1400b97b0)
api-ms-win-core-libraryloader-l1-2-1.dll
- LoadLibraryW (Address: 0x1400b97f8)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x1400b9818)
- GetACP (Address: 0x1400b9828)
- GetCPInfo (Address: 0x1400b9808)
- GetOEMCP (Address: 0x1400b9820)
- IsValidCodePage (Address: 0x1400b9810)
api-ms-win-core-memory-l1-1-0.dll
- VirtualAlloc (Address: 0x1400b9838)
- VirtualFree (Address: 0x1400b9840)
api-ms-win-core-namedpipe-l1-1-0.dll
- CreatePipe (Address: 0x1400b9850)
api-ms-win-core-path-l1-1-0.dll
- PathCchRemoveExtension (Address: 0x1400b9860)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x1400b9880)
- GetCommandLineW (Address: 0x1400b9878)
- GetEnvironmentVariableW (Address: 0x1400b9870)
- GetStdHandle (Address: 0x1400b9898)
- SearchPathW (Address: 0x1400b9888)
- SetEnvironmentVariableW (Address: 0x1400b9890)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessW (Address: 0x1400b9910)
- CreateThread (Address: 0x1400b98a8)
- DeleteProcThreadAttributeList (Address: 0x1400b9900)
- ExitProcess (Address: 0x1400b98b0)
- ExitThread (Address: 0x1400b98c8)
- GetCurrentProcess (Address: 0x1400b98d0)
- GetCurrentProcessId (Address: 0x1400b98b8)
- GetCurrentThread (Address: 0x1400b9918)
- GetCurrentThreadId (Address: 0x1400b98f0)
- GetProcessTimes (Address: 0x1400b98d8)
- GetStartupInfoW (Address: 0x1400b98e8)
- InitializeProcThreadAttributeList (Address: 0x1400b9920)
- OpenProcessToken (Address: 0x1400b9928)
- ProcessIdToSessionId (Address: 0x1400b98f8)
- SetProcessShutdownParameters (Address: 0x1400b98c0)
- TerminateProcess (Address: 0x1400b98e0)
- UpdateProcThreadAttribute (Address: 0x1400b9908)
api-ms-win-core-processthreads-l1-1-1.dll
- IsProcessorFeaturePresent (Address: 0x1400b9938)
- OpenProcess (Address: 0x1400b9940)
api-ms-win-core-processthreads-l1-1-3.dll
- SetThreadDescription (Address: 0x1400b9950)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x1400b9960)
api-ms-win-core-psapi-l1-1-0.dll
- K32GetModuleFileNameExW (Address: 0x1400b9978)
- QueryFullProcessImageNameW (Address: 0x1400b9970)
api-ms-win-core-realtime-l1-1-0.dll
- QueryUnbiasedInterruptTime (Address: 0x1400b9988)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x1400b9998)
- RegEnumValueW (Address: 0x1400b99b0)
- RegGetValueW (Address: 0x1400b99a8)
- RegOpenCurrentUser (Address: 0x1400b99a0)
- RegOpenKeyExW (Address: 0x1400b99c0)
- RegQueryValueExW (Address: 0x1400b99b8)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x1400b99e0)
- RtlLookupFunctionEntry (Address: 0x1400b99d8)
- RtlVirtualUnwind (Address: 0x1400b99d0)
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
- PathFileExistsW (Address: 0x1400b9a00)
- PathFindFileNameW (Address: 0x1400b99f0)
- PathIsSameRootW (Address: 0x1400b99f8)
api-ms-win-core-sidebyside-l1-1-0.dll
- CreateActCtxW (Address: 0x1400b9a10)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x1400b9a28)
- GetStringTypeW (Address: 0x1400b9a38)
- MultiByteToWideChar (Address: 0x1400b9a30)
- WideCharToMultiByte (Address: 0x1400b9a20)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1400b9ae0)
- AcquireSRWLockShared (Address: 0x1400b9ad0)
- CreateEventExW (Address: 0x1400b9a70)
- CreateEventW (Address: 0x1400b9a60)
- CreateMutexExW (Address: 0x1400b9aa0)
- CreateSemaphoreExW (Address: 0x1400b9ab0)
- DeleteCriticalSection (Address: 0x1400b9a50)
- EnterCriticalSection (Address: 0x1400b9ab8)
- InitializeCriticalSectionAndSpinCount (Address: 0x1400b9a68)
- InitializeCriticalSectionEx (Address: 0x1400b9aa8)
- LeaveCriticalSection (Address: 0x1400b9ac0)
- OpenSemaphoreW (Address: 0x1400b9a98)
- ReleaseMutex (Address: 0x1400b9a88)
- ReleaseSemaphore (Address: 0x1400b9a48)
- ReleaseSRWLockExclusive (Address: 0x1400b9ad8)
- ReleaseSRWLockShared (Address: 0x1400b9ac8)
- ResetEvent (Address: 0x1400b9a80)
- SetEvent (Address: 0x1400b9a78)
- WaitForSingleObject (Address: 0x1400b9a58)
- WaitForSingleObjectEx (Address: 0x1400b9a90)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceBeginInitialize (Address: 0x1400b9af0)
- InitOnceComplete (Address: 0x1400b9af8)
- SignalObjectAndWait (Address: 0x1400b9b08)
- Sleep (Address: 0x1400b9b18)
- WaitOnAddress (Address: 0x1400b9b10)
- WakeByAddressAll (Address: 0x1400b9b00)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemDirectoryW (Address: 0x1400b9b28)
- GetSystemTimeAsFileTime (Address: 0x1400b9b30)
- GetWindowsDirectoryW (Address: 0x1400b9b38)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x1400b9b70)
- CloseThreadpoolWait (Address: 0x1400b9b48)
- CreateThreadpoolTimer (Address: 0x1400b9b60)
- SetThreadpoolTimer (Address: 0x1400b9b78)
- SetThreadpoolWait (Address: 0x1400b9b50)
- WaitForThreadpoolTimerCallbacks (Address: 0x1400b9b68)
- WaitForThreadpoolWaitCallbacks (Address: 0x1400b9b58)
api-ms-win-core-util-l1-1-0.dll
- Beep (Address: 0x1400b9b88)
api-ms-win-crt-private-l1-1-0.dll
- __C_specific_handler (Address: 0x1400b9c88)
- __current_exception (Address: 0x1400b9c90)
- __current_exception_context (Address: 0x1400b9c98)
- __CxxFrameHandler3 (Address: 0x1400b9ca8)
- __CxxFrameHandler4 (Address: 0x1400b9d30)
- __std_terminate (Address: 0x1400b9d28)
- _CxxThrowException (Address: 0x1400b9ca0)
- _o___p__commode (Address: 0x1400b9d20)
- _o___std_exception_copy (Address: 0x1400b9d00)
- _o___std_exception_destroy (Address: 0x1400b9cf8)
- _o___stdio_common_vsprintf_s (Address: 0x1400b9ce0)
- _o___stdio_common_vswprintf (Address: 0x1400b9cd8)
- _o___stdio_common_vswprintf_s (Address: 0x1400b9cd0)
- _o__aligned_free (Address: 0x1400b9cb8)
- _o__aligned_malloc (Address: 0x1400b9cb0)
- _o__callnewh (Address: 0x1400b9d08)
- _o__cexit (Address: 0x1400b9cf0)
- _o__configthreadlocale (Address: 0x1400b9d18)
- _o__configure_wide_argv (Address: 0x1400b9d10)
- _o__crt_atexit (Address: 0x1400b9ce8)
- _o__errno (Address: 0x1400b9cc8)
- _o__exit (Address: 0x1400b9cc0)
- _o__get_wide_winmain_command_line (Address: 0x1400b9b98)
- _o__initialize_onexit_table (Address: 0x1400b9ba0)
- _o__initialize_wide_environment (Address: 0x1400b9ba8)
- _o__invalid_parameter_noinfo (Address: 0x1400b9bb0)
- _o__invalid_parameter_noinfo_noreturn (Address: 0x1400b9bb8)
- _o__purecall (Address: 0x1400b9bc0)
- _o__register_onexit_function (Address: 0x1400b9bc8)
- _o__seh_filter_exe (Address: 0x1400b9bd0)
- _o__set_app_type (Address: 0x1400b9bd8)
- _o__set_fmode (Address: 0x1400b9be0)
- _o__set_new_mode (Address: 0x1400b9be8)
- _o__wcsicmp (Address: 0x1400b9bf0)
- _o__wcsnicmp (Address: 0x1400b9d38)
- _o_calloc (Address: 0x1400b9bf8)
- _o_ceilf (Address: 0x1400b9c00)
- _o_exit (Address: 0x1400b9c08)
- _o_floorf (Address: 0x1400b9c10)
- _o_free (Address: 0x1400b9c18)
- _o_log10 (Address: 0x1400b9c20)
- _o_lround (Address: 0x1400b9c28)
- _o_lroundf (Address: 0x1400b9c30)
- _o_malloc (Address: 0x1400b9c38)
- _o_pow (Address: 0x1400b9c40)
- _o_roundf (Address: 0x1400b9c48)
- _o_strcpy_s (Address: 0x1400b9c50)
- _o_terminate (Address: 0x1400b9c58)
- _o_towlower (Address: 0x1400b9c60)
- _o_towupper (Address: 0x1400b9c68)
- _o_wcscpy_s (Address: 0x1400b9c70)
- _o_wcstol (Address: 0x1400b9c78)
- _o_wcstoul (Address: 0x1400b9c80)
- memcmp (Address: 0x1400b9d40)
- memcpy (Address: 0x1400b9d48)
- memmove (Address: 0x1400b9d50)
api-ms-win-crt-runtime-l1-1-0.dll
- _c_exit (Address: 0x1400b9d78)
- _initterm (Address: 0x1400b9d68)
- _initterm_e (Address: 0x1400b9d70)
- _register_thread_local_exe_atexit_callback (Address: 0x1400b9d60)
api-ms-win-crt-string-l1-1-0.dll
- memset (Address: 0x1400b9d88)
- wcsnlen (Address: 0x1400b9d90)
api-ms-win-crt-time-l1-1-0.dll
- _time64 (Address: 0x1400b9da0)
api-ms-win-eventing-provider-l1-1-0.dll
- EventActivityIdControl (Address: 0x1400b9db8)
- EventRegister (Address: 0x1400b9dc0)
- EventSetInformation (Address: 0x1400b9dc8)
- EventUnregister (Address: 0x1400b9db0)
- EventWriteTransfer (Address: 0x1400b9dd0)
api-ms-win-security-base-l1-1-0.dll
- GetSidSubAuthority (Address: 0x1400b9df0)
- GetSidSubAuthorityCount (Address: 0x1400b9de8)
- GetTokenInformation (Address: 0x1400b9de0)
api-ms-win-shell-shellcom-l1-1-0.dll
- SHCoCreateInstance (Address: 0x1400b9e00)
msvcp_win.dll
- _Query_perf_counter (Address: 0x1400b9eb8)
- _Query_perf_frequency (Address: 0x1400b9f68)
- ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ (Address: 0x1400b9ed8)
- ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ (Address: 0x1400b9e40)
- ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ (Address: 0x1400b9ee8)
- ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ (Address: 0x1400b9ee0)
- ?_Xbad_alloc@std@@YAXXZ (Address: 0x1400b9e88)
- ?_Xbad_function_call@std@@YAXXZ (Address: 0x1400b9f98)
- ?_Xinvalid_argument@std@@YAXPEBD@Z (Address: 0x1400b9fa0)
- ?_Xlength_error@std@@YAXPEBD@Z (Address: 0x1400b9f88)
- ?_Xout_of_range@std@@YAXPEBD@Z (Address: 0x1400b9f90)
- ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ (Address: 0x1400b9e18)
- ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z (Address: 0x1400b9e10)
- ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ (Address: 0x1400b9e50)
- ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ (Address: 0x1400b9f80)
- ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ (Address: 0x1400b9ec8)
- ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ (Address: 0x1400b9f40)
- ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z (Address: 0x1400b9ea8)
- ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z (Address: 0x1400b9e70)
- ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ (Address: 0x1400b9f60)
- ?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ (Address: 0x1400b9f58)
- ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ (Address: 0x1400b9f50)
- ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z (Address: 0x1400b9e60)
- ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ (Address: 0x1400b9e20)
- ?flags@ios_base@std@@QEBAHXZ (Address: 0x1400b9ea0)
- ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ (Address: 0x1400b9e38)
- ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z (Address: 0x1400b9ef8)
- ?good@ios_base@std@@QEBA_NXZ (Address: 0x1400b9e90)
- ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ (Address: 0x1400b9f18)
- ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z (Address: 0x1400b9f38)
- ?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ (Address: 0x1400b9e58)
- ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ (Address: 0x1400b9f48)
- ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ (Address: 0x1400b9e28)
- ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z (Address: 0x1400b9f28)
- ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z (Address: 0x1400b9f70)
- ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z (Address: 0x1400b9f78)
- ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z (Address: 0x1400b9f20)
- ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z (Address: 0x1400b9e30)
- ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z (Address: 0x1400b9ec0)
- ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ (Address: 0x1400b9ef0)
- ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z (Address: 0x1400b9e80)
- ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z (Address: 0x1400b9e68)
- ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ (Address: 0x1400b9f30)
- ?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ (Address: 0x1400b9eb0)
- ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ (Address: 0x1400b9e48)
- ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ (Address: 0x1400b9f00)
- ?uncaught_exceptions@std@@YAHXZ (Address: 0x1400b9e98)
- ?width@ios_base@std@@QEAA_J_J@Z (Address: 0x1400b9e78)
- ?width@ios_base@std@@QEBA_JXZ (Address: 0x1400b9ed0)
- ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z (Address: 0x1400b9f08)
- ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z (Address: 0x1400b9f10)
ntdll.dll
- AlpcGetMessageAttribute (Address: 0x1400b9fd8)
- AlpcInitializeMessageAttribute (Address: 0x1400b9fe8)
- CsrClientCallServer (Address: 0x1400b9fc0)
- NtAlpcConnectPort (Address: 0x1400b9fe0)
- NtAlpcQueryInformationMessage (Address: 0x1400b9fb0)
- NtAlpcSendWaitReceivePort (Address: 0x1400b9fd0)
- NtQueryVolumeInformationFile (Address: 0x1400b9fc8)
- RtlQueryPackageClaims (Address: 0x1400b9fb8)