Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 1.38%
6.3.9600.16384 (winblue_rtm.130821-1623) 5.29%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.07%
6.2.9200.16384 (win8_rtm.120725-1247) 2.17%
6.2.9200.16384 (win8_rtm.120725-1247) 11.30%
6.2.9200.16384 (win8_rtm.120725-1247) 11.45%
6.2.9200.16384 (win8_rtm.120725-1247) 0.43%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.07%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.14%
6.1.7600.16385 (win7_rtm.090713-1255) 3.70%
6.1.7600.16385 (win7_rtm.090713-1255) 1.88%
6.1.7600.16385 (win7_rtm.090713-1255) 4.13%
6.1.7600.16385 (win7_rtm.090713-1255) 1.81%
6.1.7600.16385 (win7_rtm.090713-1255) 2.10%
6.1.7600.16385 (win7_rtm.090713-1255) 0.29%
6.1.7600.16385 (win7_rtm.090713-1255) 4.35%
6.1.7600.16385 (win7_rtm.090713-1255) 0.14%
6.1.7600.16385 (win7_rtm.090713-1255) 0.43%
6.1.7600.16385 (win7_rtm.090713-1255) 2.03%
6.1.7600.16385 (win7_rtm.090713-1255) 0.58%
6.1.7600.16385 (win7_rtm.090713-1255) 0.80%
6.1.7600.16385 (win7_rtm.090713-1255) 1.88%
6.1.7600.16385 (win7_rtm.090713-1255) 20.80%
6.1.7600.16385 (win7_rtm.090713-1255) 0.58%
6.1.7600.16385 (win7_rtm.090713-1255) 1.30%
View more

Relationships

Parent process
Related files

PE structurePE file structure

Show functions
Import table
api-ms-win-core-apiquery-l1-1-0.dll
ApiSetQueryApiSetPresence
api-ms-win-core-com-l1-1-0.dll
CoUninitialize, CoInitializeEx, CoCreateInstance
api-ms-win-core-delayload-l1-1-1.dll
DelayLoadFailureHook, ResolveDelayLoadedAPI
api-ms-win-core-errorhandling-l1-1-0.dll
SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetLastError
api-ms-win-core-errorhandling-l1-1-1.dll
UnhandledExceptionFilter, GetLastError, SetUnhandledExceptionFilter
api-ms-win-core-file-l1-1-1.dll
CreateFileA, CreateFileW, ReadFile, SetFilePointer
api-ms-win-core-file-l1-2-0.dll
ReadFile, CreateFileW, SetFilePointer, CreateFileA
api-ms-win-core-handle-l1-1-0.dll
CloseHandle
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalFree, GlobalLock, GlobalSize, GlobalUnlock, LocalReAlloc, GlobalAlloc, GlobalFree, LocalAlloc
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedExchange, InterlockedCompareExchange, InterlockedDecrement, InterlockedIncrement
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedDecrement, InterlockedIncrement, InterlockedCompareExchange, InterlockedExchange
api-ms-win-core-kernel32-legacy-l1-1-0.dll
GetStartupInfoA
api-ms-win-core-libraryloader-l1-1-1.dll
GetModuleFileNameW, GetModuleHandleW, LockResource, FindResourceExW, LoadResource, GetModuleHandleA, FreeLibrary, LoadLibraryExW, GetProcAddress
api-ms-win-core-localization-l1-1-1.dll
GetCPInfo, GetACP, IsValidCodePage, GetOEMCP
api-ms-win-core-localization-l1-2-0.dll
IsValidCodePage, GetACP, GetCPInfo, GetOEMCP
api-ms-win-core-localregistry-l1-1-0.dll
RegGetValueW
api-ms-win-core-memory-l1-1-1.dll
VirtualProtect, VirtualQuery, VirtualAlloc
api-ms-win-core-privateprofile-l1-1-0.dll
GetPrivateProfileStringW
api-ms-win-core-processenvironment-l1-1-0.dll
GetEnvironmentVariableW, ExpandEnvironmentStringsW, GetCommandLineW, SetEnvironmentVariableW
api-ms-win-core-processenvironment-l1-2-0.dll
GetCommandLineW, ExpandEnvironmentStringsW, SetEnvironmentVariableW, GetEnvironmentVariableW
api-ms-win-core-processthreads-l1-1-1.dll
GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, CreateThread, GetCurrentProcess, TerminateProcess, SetProcessShutdownParameters
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-registry-l1-1-0.dll
RegGetValueW
api-ms-win-core-sidebyside-l1-1-0.dll
CreateActCtxW
api-ms-win-core-string-l1-1-0.dll
MultiByteToWideChar, WideCharToMultiByte, GetStringTypeW
api-ms-win-core-string-obsolete-l1-1-0.dll
lstrlenW, lstrlenA
api-ms-win-core-synch-l1-1-1.dll
Sleep
api-ms-win-core-synch-l1-2-0.dll
Sleep
api-ms-win-core-sysinfo-l1-1-1.dll
GetSystemDirectoryW, GetTickCount, GetVersionExW, GetSystemInfo, GetSystemTimeAsFileTime, GetSystemDirectoryA
api-ms-win-core-sysinfo-l1-2-0.dll
GetSystemInfo, GetVersionExW, GetSystemDirectoryW, GetSystemDirectoryA, GetTickCount, GetSystemTimeAsFileTime
api-ms-win-core-util-l1-1-0.dll
Beep
api-ms-win-legacy-kernel32-l1-1-0.dll
GetStartupInfoA
api-ms-win-obsolete-kernel32-l1-1-0.dll
GlobalLock, GlobalUnlock, GetPrivateProfileStringW, GlobalSize
api-ms-win-obsolete-kernelbase-l1-1-0.dll
LocalAlloc, lstrlenW, LocalReAlloc, GlobalAlloc, GlobalFree, lstrlenA, LocalFree
gdi32.dll
DeleteDC, GetDIBits, BitBlt, GetObjectW, SelectObject, CreateCompatibleDC, CreateDIBitmap, PatBlt, InvertRgn, CombineRgn, CreateRectRgn, StretchDIBits, SelectPalette, CreateCompatibleBitmap, GdiFullscreenControl, GdiFlush, PolyPatBlt, GetStockObject, SetBkColor, SetTextColor, SetDCBrushColor, GetNearestColor, DeleteObject, GetTextExtentPoint32W, GetTextMetricsW, EnumFontFamiliesExW, CreateDCW, GetTextFaceW, SetFontEnumeration, GetDeviceCaps, GetRegionData, GetRgnBox, PolyTextOutW, GetCurrentObject, SetBkMode, RealizePalette, SetSystemPaletteUse, GetStringBitmapW, CreateSolidBrush, TranslateCharsetInfo, GetCharWidth32W, CreateBitmap, SetBitmapBits, GetBitmapBits, StretchBlt, CreateFontIndirectW, SetDIBitsToDevice
imm32.dll
ImmGetCompositionStringW, ImmGetGuideLineW, ImmGetContext, ImmGetOpenStatus, ImmGetConversionStatus, ImmReleaseContext, ImmAssociateContextEx, ImmAssociateContext, ImmTranslateMessage, ImmNotifyIME, ImmGetProperty, ImmGetCandidateListW
kernel32.dll
CreateFileA, GlobalFree, GlobalLock, GlobalSize, GlobalUnlock, GetStringTypeW, GetSystemDirectoryA, GetModuleHandleW, GetACP, CreateThread, InterlockedExchange, Sleep, InterlockedCompareExchange, GetStartupInfoA, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, lstrlenA, LockResource, InterlockedIncrement, InterlockedDecrement, GetVersionExW, VirtualProtect, LoadResource, VirtualAlloc, GetSystemInfo, VirtualQuery, LocalAlloc, LocalFree, LocalReAlloc, FindResourceExW, IsValidCodePage, GetCurrentProcessId, GetCurrentThreadId, GetLastError, CreateActCtxW, GetModuleFileNameW, SetEnvironmentVariableW, GetEnvironmentVariableW, CloseHandle, SetFilePointer, ReadFile, MultiByteToWideChar, FreeLibrary, LoadLibraryExW, ExpandEnvironmentStringsW, GetPrivateProfileStringW, CreateFileW, GetCommandLineW, SetProcessShutdownParameters, GetProcAddress, LoadLibraryW, GetSystemDirectoryW, WideCharToMultiByte, GetCPInfo, lstrlenW, Beep, GetCurrentThread, GetOEMCP, GlobalAlloc
msvcrt.dll
DllMain
ntdll.dll
RtlPrefixUnicodeString, RtlIntegerToUnicodeString, RtlUnicodeToMultiByteSize, RtlInitializeCriticalSectionAndSpinCount, RtlConsoleMultiByteToUnicodeN, RtlDosSearchPath_U, ShipAssert, RtlExitUserProcess, NtReplyWaitReceivePort, NtCreatePort, RtlOpenCurrentUser, NtEnumerateValueKey, NtQueryValueKey, RtlCreateTagHeap, NtOpenKey, NtAcceptConnectPort, NtWaitForMultipleObjects, NtSetInformationProcess, RtlReAllocateHeap, RtlInitCodePageTable, RtlUnicodeToMultiByteN, RtlMultiByteToUnicodeN, RtlCustomCPToUnicodeN, RtlOemToUnicodeN, RtlUnicodeToOemN, RtlExitUserThread, RtlInitUnicodeString, RtlUnicodeStringToInteger, NtSetEvent, NtCreateEvent, NtDuplicateObject, NtClearEvent, RtlDeleteCriticalSection, RtlInitializeCriticalSection, NtOpenProcess, NtQueryInformationProcess, NtVdmControl, NtReleaseMutant, NtWaitForSingleObject, NtCreateMutant, NtUnmapViewOfSection, NtReadVirtualMemory, RtlEnterCriticalSection, RtlLeaveCriticalSection, NtReplyPort, RtlCompareUnicodeString, RtlSizeHeap, DbgPrintEx, RtlAllocateHeap, NtCreateSection, RtlFreeHeap, NtMapViewOfSection, NtClose, RtlGetCriticalSectionRecursionCount, NtOpenDirectoryObject, NtQueryVolumeInformationFile, RtlInitializeSRWLock, RtlReleaseSRWLockExclusive, RtlAcquireSRWLockExclusive, NtDeviceIoControlFile
ole32.dll
CoUninitialize, CoCreateInstance, CoInitializeEx
user32.dll
SetProcessDPIAware, GetForegroundWindow, WindowFromPoint, SetCursor, SendMessageTimeoutW, TrackPopupMenuEx, UnpackDDElParam, CreateIconFromResourceEx, ReuseDDElParam, CreateWindowExW, GetDC, GetSystemMenu, SetActiveWindow, LoadCursorW, KillTimer, ReleaseDC, DestroyWindow, GetKeyboardLayout, SetTimer, ScrollDC, SetScrollInfo, GetWindowRect, MapWindowPoints, MonitorFromRect, GetClientRect, GetMonitorInfoW, ClientToScreen, AdjustWindowRectEx, GetCaretBlinkTime, GetWindowTextW, SetWindowTextW, NotifyWinEvent, MapVirtualKeyW, VkKeyScanW, CloseClipboard, InvalidateRect, GetClipboardData, OpenClipboard, ReleaseCapture, RegisterClassExW, LoadIconW, LoadImageW, EnumDisplaySettingsW, BeginPaint, DrawIcon, EndPaint, DefWindowProcW, SetWindowPos, EnableMenuItem, LoadMenuW, AppendMenuW, SetMenuItemInfoW, ShowWindow, MessageBoxW, GetKeyboardState, ToUnicodeEx, GetMessageW, DispatchMessageW, UnhookWindowsHookEx, RegisterWindowMessageW, SetWindowsHookExW, SetCapture, SetClipboardData, EmptyClipboard, GetKeyState, PrivateExtractIconExW, EnterReaderModeHelper, TranslateMessageEx, ConsoleControl, GetWindowLongW, GetWindowPlacement, SetWindowPlacement, SystemParametersInfoW, ActivateKeyboardLayout, GetKeyboardLayoutNameA, GetKeyboardLayoutNameW, CopyIcon, DestroyIcon, DialogBoxParamW, EndDialog, GetDlgItemTextW, IsDlgButtonChecked, SendNotifyMessageW, SetWindowLongW, SendDlgItemMessageW, CheckRadioButton, PtInRect, ScreenToClient, GetSystemMetrics, SendMessageW, PostMessageW, LoadStringW, GetCursorPos, IsIconic

conhost.exe

Console Window Host by Microsoft

Remove conhost.exe
Version:   6.1.7600.16385 (win7_rtm.090713-1255)
MD5:   448bf22538f1dfcb3412ae2b1cf123a9
SHA1:   aff7cf714c04695b597e81dbfee9d3a5cc7c6265
SHA256:   35d652ae19a93fe1dcf920aeddf6470e2c8eee8ff409e5735a329727e464e268
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is conhost.exe?

conhost.exe is the new host process for console windows. Previously those were handled by csrss.exe which is the “Client Server Runtime Process”, a process running with system-level privileges. Starting with Windows Vista, Microsoft made some very substantial improvements and changes in regard to security. One of those changes was that applications running in different “levels” or as different users weren't allowed to exchange data freely.

About conhost.exe (from Microsoft)

ConHost (Console Host) runs in the same security context as its associated console application. Instead of issuing an LPC request to CSRSS for message-handling, the request goes to ConHost. As a res

DetailsDetails

File name:conhost.exe
Publisher:Microsoft Corporation
Product name:Console Window Host
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\conhost.exe
Original name:CONHOST.EXE.MUI
File version:6.1.7600.16385 (win7_rtm.090713-1255)
Product version:6.1.7600.16385
Size:330.5 KB (338,432 bytes)
Digital DNA
PE subsystem:Windows GUI
Entropy:6.501326
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00456579%
0.028634%
Kernel CPU:0.00456532%
0.013761%
User CPU:0.00000047%
0.014873%
Kernel CPU time:3,015 ms/min
100,923,805ms/min
CPU cycles:5,035/sec
17,470,203/sec
Context switches:1/sec
284/sec
Memory
Private memory:1.47 MB
21.59 MB
Private (maximum):2.7 MB
Private (minimum):2.5 MB
Non-paged memory:1.47 MB
21.59 MB
Virtual memory:34.48 MB
140.96 MB
Virtual memory (peak):39.97 MB
169.69 MB
Working set:2.5 MB
18.61 MB
Working set (peak):3.51 MB
37.95 MB
Page faults:943/min
2,039/min
I/O
I/O read transfer:3 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O other transfer:0 Bytes/sec
448.09 KB/min
I/O other operations:1/sec
1,671/min
Resource allocations
Threads:1
12
Handles:34
600
GUI GDI count:22
103
GUI GDI peak:24
142
GUI USER count:2
49
GUI USER peak:2
71

BehaviorsProcess properties

Integrety level:System
Platform:64-bit
Command lines:
  • \??\C:\Windows\System32\conhost.exe "-17459934811049941781-894476726-80941085-20457005719912535382115017432-27408784
  • \??\C:\Windows\System32\conhost.exe "425386536-18893813372257561811388596212-1501836705-8188536371863084090-1484067842
  • \??\C:\Windows\System32\conhost.exe "869876614-218987487808829396-2417641047705005541172941834-18311569581196532575
  • \??\C:\Windows\System32\conhost.exe "-1016336651846274703-1648553-2110588063982519686-438048314-837290864-715730283
  • \??\C:\Windows\System32\conhost.exe "17665198791750955303-1789893720-846432328-805583643-8151760161453267810164407924
  • \??\C:\Windows\System32\conhost.exe "-376717331332618516-82316602418358038-1605792363375579617-1729168774-231360554
  • \??\C:\Windows\System32\conhost.exe "-78909358-1468955545-16813708081579911207151075061-609790579-363282403301836617
  • (50 more)
Owner:SYSTEM
Parent process:csrss.exe (Client Server Runtime Process by Microsoft)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 21.50%
Windows 8.1 17.00%
Windows 8.1 Pro 14.00%
Windows 8 10.50%
Windows 8.1 Single Language 7.50%
Windows 8 Pro 7.00%
Windows 7 Home Premium 5.00%
Windows 8 Single Language 3.50%
Windows 8.1 Pro with Media Center 3.00%
Windows 7 Professional 3.00%
Windows 8 Enterprise N 2.50%
Windows 7 Starter 1.50%
Windows 8.1 Enterprise Evaluation 1.00%
Windows 7 Home Basic 1.00%
Windows Developer Preview 0.50%
Windows 8.1 Enterprise 0.50%
Windows 8 Pro with Media Center 0.50%
Windows 8 Enterprise 0.50%

Distribution by countryDistribution by country

United States installs about 25.13% of Console Window Host.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Lenovo 19.15%
Dell 18.44%
ASUS 18.44%
Toshiba 9.22%
Hewlett-Packard 8.16%
Acer 8.16%
Intel 6.38%
Sony 4.96%
Alienware 2.84%
NEC 1.42%
American Megatrends 1.06%
Samsung 0.71%
Medion 0.71%
GIGABYTE 0.35%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE