backgroundTaskHost.exe

• File Path: C:\Windows\SysWOW64\backgroundTaskHost.exe
• Description: Background Task Host

Hashes

Type	Hash
MD5	8B50BFD5811304543479B20D0A281C56
SHA1	B834F10A9249D648076425DFEBB9702C9B2E4192
SHA256	5A2F7C3BD5B63E15465CC5159BEEE66332C86A95C5C554DE7953E5C1C6944E3C
SHA384	7734DE88C9F0DAA50F1048ECF0D62258B436E6288175C0B1EC569E0B5C3AF7EC6A16CEAC5EE79F3693C32AFB219DFF23
SHA512	B6C987369B50AA1D975DE30B133C7ED4B3269549F559C9B7D3439EF907423FF7320F77BB0239C28C48457429C3C5BF7C21B6B70A8B5D611B5E157D5D7E0392A9
SSDEEP	192:sD6XRv2LYVpnXqK9to2AbeQHWHRWjeGWIsD1S8f4DBQABJtGnUkc67lqnajX8QCP:QLapnnorHWxWqGWvD1IDBRJtGnMolz8z
IMP	B01956F70C2FC1C81D9AF197F35D4D75
PESHA1	C909915BED32ED2B9D5AEE7EDEF9070DC9FBF912
PE256	19FE01CD6176A395C473F7426C563F970D0A33A56CB98ABD23C471AC92A10561

Runtime Data

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\backgroundTaskHost.exe

Signature

• Status: Signature verified.
• Serial: 330000026551AE1BBD005CBFBD000000000265
• Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: backgroundTaskHost.exe
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 32-bit

File Scan

• VirusTotal Detections: 0/68
• VirusTotal Link: https://www.virustotal.com/gui/file/5a2f7c3bd5b63e15465cc5159beee66332c86a95c5c554de7953e5c1c6944e3c/detection/

File Similarity (ssdeep match)

File	Score
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe	44
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-file-l1-1-0.dll	35
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-core-processenvironment-l1-1-0.dll	38
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\arm\api-ms-win-crt-filesystem-l1-1-0.dll	38
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\x86\api-ms-win-core-util-l1-1-0.dll	36
C:\Program Files (x86)\Windows Kits\10\Redist\10.0.19041.0\ucrt\DLLs\x86\api-ms-win-crt-conio-l1-1-0.dll	36
C:\Windows\system32\69fe178f-26e7-43a9-aa7d-2b616b672dde_eventlogservice.dll	43
C:\Windows\system32\AppVClientPS.dll	29
C:\Windows\system32\AppVSentinel.dll	44
C:\Windows\system32\AppVTerminator.dll	36
C:\Windows\system32\avrt.dll	32
C:\Windows\system32\backgroundTaskHost.exe	47
C:\Windows\system32\bootstr.dll	43
C:\Windows\system32\BOOTVID.DLL	41
C:\Windows\system32\computelibeventlog.dll	43
C:\Windows\system32\csrss.exe	33
C:\Windows\system32\DefaultDeviceManager.dll	40
C:\Windows\system32\DeviceCensus.exe	29
C:\WINDOWS\system32\DeviceCensus.exe	29
C:\Windows\system32\dllhost.exe	35
C:\Windows\system32\downlevel\api-ms-win-base-util-l1-1-0.dll	43
C:\Windows\system32\downlevel\api-ms-win-core-com-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-comm-l1-1-0.dll	44
C:\Windows\system32\downlevel\api-ms-win-core-console-l1-1-0.dll	46
C:\Windows\system32\downlevel\api-ms-win-core-datetime-l1-1-0.dll	46
C:\Windows\system32\downlevel\api-ms-win-core-datetime-l1-1-1.dll	44
C:\Windows\system32\downlevel\api-ms-win-core-debug-l1-1-0.dll	44
C:\Windows\system32\downlevel\api-ms-win-core-debug-l1-1-1.dll	44
C:\Windows\system32\downlevel\api-ms-win-core-delayload-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll	43
C:\Windows\system32\downlevel\api-ms-win-core-errorhandling-l1-1-1.dll	43
C:\Windows\system32\downlevel\api-ms-win-core-fibers-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-core-fibers-l1-1-1.dll	49
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-2-0.dll	43
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-2-1.dll	43
C:\Windows\system32\downlevel\API-MS-Win-core-file-l2-1-0.dll	41
C:\Windows\system32\downlevel\API-MS-Win-core-file-l2-1-1.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-handle-l1-1-0.dll	58
C:\Windows\system32\downlevel\api-ms-win-core-heap-l1-1-0.dll	55
C:\Windows\system32\downlevel\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll	47
C:\Windows\system32\downlevel\api-ms-win-core-interlocked-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-io-l1-1-0.dll	46
C:\Windows\system32\downlevel\api-ms-win-core-io-l1-1-1.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-kernel32-legacy-l1-1-0.dll	44
C:\Windows\system32\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll	40
C:\Windows\system32\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll	46
C:\Windows\system32\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll	44
C:\Windows\system32\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll	44
C:\Windows\system32\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll	43
C:\Windows\system32\downlevel\api-ms-win-core-localization-l1-2-0.dll	30
C:\Windows\system32\downlevel\api-ms-win-core-localization-l1-2-1.dll	41
C:\Windows\system32\downlevel\API-MS-Win-core-localization-obsolete-l1-2-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-0.dll	44
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-1.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-2.dll	44
C:\Windows\system32\downlevel\api-ms-win-core-namedpipe-l1-1-0.dll	47
C:\Windows\system32\downlevel\api-ms-win-core-privateprofile-l1-1-0.dll	47
C:\Windows\system32\downlevel\api-ms-win-core-privateprofile-l1-1-1.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-processenvironment-l1-1-0.dll	46
C:\Windows\system32\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll	43
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-1.dll	44
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-2.dll	43
C:\Windows\system32\downlevel\api-ms-win-core-processtopology-obsolete-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-profile-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-core-realtime-l1-1-0.dll	50
C:\Windows\system32\downlevel\api-ms-win-core-registry-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-registry-l2-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-rtlsupport-l1-1-0.dll	44
C:\Windows\system32\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-shutdown-l1-1-0.dll	43
C:\Windows\system32\downlevel\api-ms-win-core-stringansi-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-string-l1-1-0.dll	46
C:\Windows\system32\downlevel\API-MS-Win-core-string-l2-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-core-stringloader-l1-1-1.dll	44
C:\Windows\system32\downlevel\API-MS-Win-core-string-obsolete-l1-1-0.dll	43
C:\Windows\system32\downlevel\api-ms-win-core-synch-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-synch-l1-2-0.dll	43
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-1-0.dll	47
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-2-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-2-1.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-l1-2-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-legacy-l1-1-0.dll	43
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll	44
C:\Windows\system32\downlevel\api-ms-win-core-timezone-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-url-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-core-util-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-core-version-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-wow64-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-core-xstate-l1-1-0.dll	43
C:\Windows\system32\downlevel\API-MS-Win-core-xstate-l2-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-crt-conio-l1-1-0.dll	43
C:\Windows\system32\downlevel\api-ms-win-crt-convert-l1-1-0.dll	43
C:\Windows\system32\downlevel\api-ms-win-crt-environment-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-crt-filesystem-l1-1-0.dll	46
C:\Windows\system32\downlevel\api-ms-win-crt-heap-l1-1-0.dll	44
C:\Windows\system32\downlevel\api-ms-win-crt-locale-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-crt-math-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-crt-multibyte-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-crt-process-l1-1-0.dll	43
C:\Windows\system32\downlevel\api-ms-win-crt-runtime-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-crt-stdio-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-crt-string-l1-1-0.dll	30
C:\Windows\system32\downlevel\api-ms-win-crt-time-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-crt-utility-l1-1-0.dll	43
C:\Windows\system32\downlevel\API-MS-Win-devices-config-L1-1-0.dll	36
C:\Windows\system32\downlevel\API-MS-Win-devices-config-L1-1-1.dll	36
C:\Windows\system32\downlevel\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-eventing-consumer-l1-1-0.dll	46
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Controller-L1-1-0.dll	44
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Legacy-L1-1-0.dll	41
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Provider-L1-1-0.dll	43
C:\Windows\system32\downlevel\API-MS-Win-EventLog-Legacy-L1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-security-base-l1-1-0.dll	27
C:\Windows\system32\downlevel\api-ms-win-security-cryptoapi-l1-1-0.dll	46
C:\Windows\system32\downlevel\API-MS-Win-Security-Lsalookup-L2-1-0.dll	43
C:\Windows\system32\downlevel\API-MS-Win-Security-Lsalookup-L2-1-1.dll	43
C:\Windows\system32\downlevel\API-MS-Win-security-lsapolicy-l1-1-0.dll	41
C:\Windows\system32\downlevel\API-MS-Win-security-provider-L1-1-0.dll	44
C:\Windows\system32\downlevel\api-ms-win-security-sddl-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-service-core-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-service-core-l1-1-1.dll	41
C:\Windows\system32\downlevel\api-ms-win-service-management-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-service-management-l2-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-service-private-l1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-service-private-l1-1-1.dll	44
C:\Windows\system32\downlevel\api-ms-win-service-winsvc-l1-1-0.dll	43
C:\Windows\system32\downlevel\api-ms-win-shcore-stream-l1-1-0.dll	40
C:\Windows\system32\drivers\UMDF\SDFLauncher.dll	38
C:\Windows\system32\DriverStore\FileRepository\halextpl080.inf_amd64_15251233835ef753\HalExtPL080.dll	36
C:\Windows\system32\DriverStore\FileRepository\sdflauncher.inf_amd64_1ea082c6cf8f6982\SDFLauncher.dll	38
C:\Windows\system32\dsrole.dll	33
C:\Windows\system32\HalExtPL080.dll	36
C:\Windows\system32\IME\IMETC\IMTCTRLN.DLL	32
C:\Windows\system32\IME\SHARED\IMEDICAPICCPS.DLL	40
C:\Windows\system32\IME\SHARED\IMESEARCHPS.DLL	35
C:\Windows\system32\kd.dll	40
C:\Windows\system32\kd_02_1af4.dll	49
C:\Windows\system32\kd_07_1415.dll	33
C:\Windows\system32\kdnet_uart16550.dll	40
C:\Windows\system32\kdstub.dll	40
C:\Windows\system32\ksuser.dll	35
C:\Windows\system32\microsoft-windows-battery-events.dll	40
C:\Windows\system32\microsoft-windows-hal-events.dll	32
C:\Windows\system32\microsoft-windows-sleepstudy-events.dll	44
C:\Windows\system32\msdmo.dll	25
C:\Windows\system32\NDKPing.exe	33
C:\Windows\system32\oobe\FirstLogonAnim.exe	47
C:\Windows\system32\pcwum.dll	40
C:\Windows\system32\prproc.exe	36
C:\Windows\system32\psapi.dll	35
C:\Windows\system32\ResetEngine.exe	33
C:\WINDOWS\system32\ResetEngine.exe	35
C:\WINDOWS\system32\ScriptRunner.exe	35
C:\Windows\system32\setupetw.dll	32
C:\Windows\system32\sfc.dll	43
C:\Windows\system32\SlideToShutDown.exe	33
C:\Windows\system32\smphost.dll	32
C:\Windows\system32\spwizres.dll	41
C:\Windows\system32\streamci.dll	29
C:\Windows\system32\ttdloader.dll	41
C:\Windows\system32\UtilityVmSysprep.dll	36
C:\Windows\system32\uxlibres.dll	43
C:\Windows\system32\VmApplicationHealthMonitorProxy.dll	36
C:\Windows\system32\wbem\Microsoft.AppV.AppVClientWmi.dll	25
C:\Windows\system32\winnsi.dll	30
C:\Windows\system32\wshhyperv.dll	35
C:\Windows\system32\wshunix.dll	32
C:\Windows\system32\wuauclt.exe	35
C:\Windows\SysWOW64\AppVClientPS.dll	36
C:\Windows\SysWOW64\AppVSentinel.dll	44
C:\Windows\SysWOW64\AppVTerminator.dll	32
C:\Windows\SysWOW64\avrt.dll	40
C:\Windows\SysWOW64\backgroundTaskHost.exe	57
C:\Windows\SysWOW64\backgroundTaskHost.exe	46
C:\Windows\SysWOW64\BOOTVID.DLL	33
C:\Windows\SysWOW64\CameraSettingsUIHost.exe	29
C:\Windows\SysWOW64\DefaultDeviceManager.dll	40
C:\Windows\SysWOW64\dllhost.exe	35
C:\Windows\SysWOW64\downlevel\api-ms-win-base-util-l1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-com-l1-1-0.dll	46
C:\Windows\SysWOW64\downlevel\api-ms-win-core-comm-l1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-console-l1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-datetime-l1-1-0.dll	52
C:\Windows\SysWOW64\downlevel\api-ms-win-core-datetime-l1-1-1.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-debug-l1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-debug-l1-1-1.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-delayload-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll	46
C:\Windows\SysWOW64\downlevel\api-ms-win-core-errorhandling-l1-1-1.dll	46
C:\Windows\SysWOW64\downlevel\api-ms-win-core-fibers-l1-1-0.dll	46
C:\Windows\SysWOW64\downlevel\api-ms-win-core-fibers-l1-1-1.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-2-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-2-1.dll	46
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-file-l2-1-0.dll	44
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-file-l2-1-1.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-handle-l1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-heap-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-interlocked-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-io-l1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-io-l1-1-1.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll	44
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll	49
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll	46
C:\Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-localization-l1-2-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-localization-l1-2-1.dll	46
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-localization-obsolete-l1-2-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-1.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-2.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-namedpipe-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-privateprofile-l1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-privateprofile-l1-1-1.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processenvironment-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-1.dll	47
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-2.dll	46
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processtopology-obsolete-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-profile-l1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-realtime-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l2-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-rtlsupport-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shutdown-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-stringansi-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-string-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-string-l2-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll	43
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-string-obsolete-l1-1-0.dll	46
C:\Windows\SysWOW64\downlevel\api-ms-win-core-synch-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-synch-l1-2-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-2-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-2-1.dll	54
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-l1-2-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-legacy-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-timezone-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-url-l1-1-0.dll	49
C:\Windows\SysWOW64\downlevel\api-ms-win-core-util-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-version-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-wow64-l1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-xstate-l1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-xstate-l2-1-0.dll	46
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-conio-l1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-convert-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-environment-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-filesystem-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-heap-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-locale-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-math-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-multibyte-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-process-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-runtime-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-stdio-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-string-l1-1-0.dll	27
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-time-l1-1-0.dll	46
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-utility-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\API-MS-Win-devices-config-L1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\API-MS-Win-devices-config-L1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-eventing-consumer-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Controller-L1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Legacy-L1-1-0.dll	58
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Provider-L1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\API-MS-Win-EventLog-Legacy-L1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-security-base-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-security-cryptoapi-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\API-MS-Win-Security-Lsalookup-L2-1-0.dll	49
C:\Windows\SysWOW64\downlevel\API-MS-Win-Security-Lsalookup-L2-1-1.dll	46
C:\Windows\SysWOW64\downlevel\API-MS-Win-security-lsapolicy-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\API-MS-Win-security-provider-L1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-security-sddl-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-service-core-l1-1-0.dll	46
C:\Windows\SysWOW64\downlevel\api-ms-win-service-core-l1-1-1.dll	47
C:\Windows\SysWOW64\downlevel\api-ms-win-service-management-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-service-management-l2-1-0.dll	46
C:\Windows\SysWOW64\downlevel\api-ms-win-service-private-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-service-private-l1-1-1.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-service-winsvc-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-shcore-stream-l1-1-0.dll	43
C:\Windows\SysWOW64\dsrole.dll	32
C:\Windows\SysWOW64\fltLib.dll	35
C:\Windows\SysWOW64\IME\IMETC\IMTCTRLN.DLL	33
C:\Windows\SysWOW64\IME\SHARED\imecfmps.dll	38
C:\Windows\SysWOW64\IME\SHARED\IMEDICAPICCPS.DLL	35
C:\Windows\SysWOW64\IME\SHARED\IMESEARCHPS.DLL	35
C:\Windows\SysWOW64\ksuser.dll	30
C:\Windows\SysWOW64\LocationFrameworkPS.dll	40
C:\Windows\SysWOW64\pcwum.dll	38
C:\Windows\SysWOW64\psapi.dll	33
C:\Windows\SysWOW64\sfc.dll	43
C:\Windows\SysWOW64\smphost.dll	24
C:\Windows\SysWOW64\ttdloader.dll	41
C:\Windows\SysWOW64\uxlibres.dll	46
C:\Windows\SysWOW64\wbem\Microsoft.AppV.AppVClientWmi.dll	24
C:\Windows\SysWOW64\winnsi.dll	35
C:\Windows\SysWOW64\wshhyperv.dll	35
C:\Windows\SysWOW64\wshunix.dll	36

Possible Misuse

The following table contains possible examples of backgroundTaskHost.exe being misused. While backgroundTaskHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
sigma	image_load_abusing_azure_browser_sso.yml	- '\BackgroundTaskHost.exe'	DRL 1.0
sigma	proc_access_win_in_memory_assembly_execution.yml	- '\backgroundTaskHost.exe'	DRL 1.0
sigma	proc_access_win_in_memory_assembly_execution.yml	- 'C:\WINDOWS\system32\backgroundTaskHost.exe'	DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.