backgroundTaskHost.exe

• File Path: C:\Windows\system32\backgroundTaskHost.exe
• Description: Background Task Host

Hashes

Type	Hash
MD5	9B19B73580F7813DAD7C7C4671D004E5
SHA1	361F4FA0AC1F35043B3DE941BEAB5EED375668B9
SHA256	51EAC3C367791FF55DD56684D8438A0017C72F023B4AEA1C09A56DC0E7573AAC
SHA384	BA41969F6C3DF2E4D369CAE13F4C5EC47E5A5CC2839DD820A4313A849C947E4C0507C7DF39B313316B15A8A6113DC53E
SHA512	A99D9DAC62C9F680F6075C4E0B64F5F03C37448AC9EE43D6B03E54CBFA5B1DEEE5779760C69623FAA1D5B61EC81D40723E3AD85ED4E521A402A8089BD034E389
SSDEEP	384:edaovOa6xblcWrHqLWqGWPD1IDBRJ1WI1x4leE:jmx4HqpRI1P8I3S
IMP	D2ACF1CBC4A6DB14A34C687B9362D66B
PESHA1	F89AD6F5378F071D7AF0E45D9CFDBF41868091D3
PE256	65F90D419375DD059ECD928922589D7FA3496C1C81D09521FE8C5A19EFDD9D7E

Runtime Data

Loaded Modules:

Path
C:\Windows\system32\backgroundTaskHost.exe
C:\Windows\System32\combase.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\ucrtbase.dll

Signature

• Status: Signature verified.
• Serial: 330000026551AE1BBD005CBFBD000000000265
• Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: backgroundTaskHost.exe
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 64-bit

File Scan

• VirusTotal Detections: 0/69
• VirusTotal Link: https://www.virustotal.com/gui/file/51eac3c367791ff55dd56684d8438a0017c72f023b4aea1c09a56dc0e7573aac/detection/

File Similarity (ssdeep match)

File	Score
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe	38
C:\Windows\system32\69fe178f-26e7-43a9-aa7d-2b616b672dde_eventlogservice.dll	35
C:\Windows\system32\AppVClientPS.dll	30
C:\Windows\system32\AppVSentinel.dll	35
C:\Windows\system32\AppVTerminator.dll	36
C:\Windows\system32\avrt.dll	36
C:\Windows\system32\backgroundTaskHost.exe	49
C:\Windows\system32\bootstr.dll	33
C:\Windows\system32\BOOTVID.DLL	33
C:\Windows\system32\computelibeventlog.dll	33
C:\Windows\system32\DefaultDeviceManager.dll	36
C:\Windows\system32\DeviceCensus.exe	30
C:\WINDOWS\system32\DeviceCensus.exe	30
C:\Windows\system32\dllhost.exe	38
C:\Windows\system32\downlevel\api-ms-win-base-util-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-core-com-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-comm-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-console-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-datetime-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-datetime-l1-1-1.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-debug-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-debug-l1-1-1.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-delayload-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-errorhandling-l1-1-1.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-fibers-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-fibers-l1-1-1.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-2-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-2-1.dll	33
C:\Windows\system32\downlevel\API-MS-Win-core-file-l2-1-0.dll	36
C:\Windows\system32\downlevel\API-MS-Win-core-file-l2-1-1.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-handle-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-heap-l1-1-0.dll	38
C:\Windows\system32\downlevel\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-interlocked-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-io-l1-1-0.dll	43
C:\Windows\system32\downlevel\api-ms-win-core-io-l1-1-1.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-kernel32-legacy-l1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll	35
C:\Windows\system32\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll	35
C:\Windows\system32\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-localization-l1-2-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-core-localization-l1-2-1.dll	38
C:\Windows\system32\downlevel\API-MS-Win-core-localization-obsolete-l1-2-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-0.dll	43
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-1.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-2.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-namedpipe-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-privateprofile-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-privateprofile-l1-1-1.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-processenvironment-l1-1-0.dll	43
C:\Windows\system32\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-0.dll	30
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-1.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-2.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-processtopology-obsolete-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-profile-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-realtime-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-registry-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-registry-l2-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-rtlsupport-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-shutdown-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-core-stringansi-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-string-l1-1-0.dll	43
C:\Windows\system32\downlevel\API-MS-Win-core-string-l2-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-stringloader-l1-1-1.dll	35
C:\Windows\system32\downlevel\API-MS-Win-core-string-obsolete-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-synch-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-synch-l1-2-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-2-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-2-1.dll	32
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-l1-2-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-legacy-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-timezone-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-url-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-util-l1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-core-version-l1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-core-wow64-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-xstate-l1-1-0.dll	35
C:\Windows\system32\downlevel\API-MS-Win-core-xstate-l2-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-crt-conio-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-crt-convert-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-crt-environment-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-crt-filesystem-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-crt-heap-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-crt-locale-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-crt-math-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-crt-multibyte-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-crt-process-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-crt-runtime-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-crt-stdio-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-crt-string-l1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-crt-time-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-crt-utility-l1-1-0.dll	40
C:\Windows\system32\downlevel\API-MS-Win-devices-config-L1-1-0.dll	36
C:\Windows\system32\downlevel\API-MS-Win-devices-config-L1-1-1.dll	36
C:\Windows\system32\downlevel\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-eventing-consumer-l1-1-0.dll	32
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Controller-L1-1-0.dll	35
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Legacy-L1-1-0.dll	38
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Provider-L1-1-0.dll	35
C:\Windows\system32\downlevel\API-MS-Win-EventLog-Legacy-L1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-security-base-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-security-cryptoapi-l1-1-0.dll	38
C:\Windows\system32\downlevel\API-MS-Win-Security-Lsalookup-L2-1-0.dll	38
C:\Windows\system32\downlevel\API-MS-Win-Security-Lsalookup-L2-1-1.dll	41
C:\Windows\system32\downlevel\API-MS-Win-security-lsapolicy-l1-1-0.dll	33
C:\Windows\system32\downlevel\API-MS-Win-security-provider-L1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-security-sddl-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-service-core-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-service-core-l1-1-1.dll	36
C:\Windows\system32\downlevel\api-ms-win-service-management-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-service-management-l2-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-service-private-l1-1-0.dll	30
C:\Windows\system32\downlevel\api-ms-win-service-private-l1-1-1.dll	35
C:\Windows\system32\downlevel\api-ms-win-service-winsvc-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-shcore-stream-l1-1-0.dll	38
C:\Windows\system32\drivers\UMDF\SDFLauncher.dll	29
C:\Windows\system32\DriverStore\FileRepository\sdflauncher.inf_amd64_1ea082c6cf8f6982\SDFLauncher.dll	29
C:\Windows\system32\dsrole.dll	32
C:\Windows\system32\IME\IMETC\IMTCTRLN.DLL	29
C:\Windows\system32\IME\SHARED\IMEDICAPICCPS.DLL	35
C:\Windows\system32\IME\SHARED\IMESEARCHPS.DLL	35
C:\Windows\system32\kd.dll	36
C:\Windows\system32\kd_02_1af4.dll	40
C:\Windows\system32\kd_07_1415.dll	30
C:\Windows\system32\kdnet_uart16550.dll	30
C:\Windows\system32\kdstub.dll	35
C:\Windows\system32\ksuser.dll	32
C:\Windows\system32\microsoft-windows-battery-events.dll	35
C:\Windows\system32\microsoft-windows-hal-events.dll	32
C:\Windows\system32\microsoft-windows-sleepstudy-events.dll	40
C:\Windows\system32\msdmo.dll	29
C:\Windows\system32\NDKPing.exe	29
C:\Windows\system32\oobe\FirstLogonAnim.exe	36
C:\Windows\system32\pcwum.dll	29
C:\Windows\system32\prproc.exe	35
C:\Windows\system32\psapi.dll	36
C:\Windows\system32\ResetEngine.exe	38
C:\WINDOWS\system32\ResetEngine.exe	36
C:\WINDOWS\system32\ScriptRunner.exe	32
C:\Windows\system32\setupetw.dll	44
C:\Windows\system32\sfc.dll	32
C:\Windows\system32\SlideToShutDown.exe	30
C:\Windows\system32\smphost.dll	22
C:\Windows\system32\spwizres.dll	43
C:\Windows\system32\streamci.dll	33
C:\Windows\system32\ttdloader.dll	50
C:\Windows\system32\UtilityVmSysprep.dll	29
C:\Windows\system32\uxlibres.dll	38
C:\Windows\system32\VmApplicationHealthMonitorProxy.dll	27
C:\Windows\system32\wbem\Microsoft.AppV.AppVClientWmi.dll	29
C:\Windows\system32\winnsi.dll	30
C:\Windows\system32\wshhyperv.dll	38
C:\Windows\system32\wshunix.dll	32
C:\Windows\system32\wuauclt.exe	27
C:\Windows\SysWOW64\AppVClientPS.dll	35
C:\Windows\SysWOW64\AppVSentinel.dll	38
C:\Windows\SysWOW64\AppVTerminator.dll	33
C:\Windows\SysWOW64\avrt.dll	35
C:\Windows\SysWOW64\backgroundTaskHost.exe	47
C:\Windows\SysWOW64\BOOTVID.DLL	32
C:\Windows\SysWOW64\CameraSettingsUIHost.exe	27
C:\Windows\SysWOW64\DefaultDeviceManager.dll	25
C:\Windows\SysWOW64\dllhost.exe	33
C:\Windows\SysWOW64\downlevel\api-ms-win-base-util-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-com-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-comm-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-console-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-datetime-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-datetime-l1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-debug-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-debug-l1-1-1.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-delayload-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-errorhandling-l1-1-1.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-fibers-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-fibers-l1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-2-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-2-1.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-file-l2-1-0.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-file-l2-1-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-handle-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-heap-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll	47
C:\Windows\SysWOW64\downlevel\api-ms-win-core-interlocked-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-io-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-io-l1-1-1.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll	36
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-localization-l1-2-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-localization-l1-2-1.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-localization-obsolete-l1-2-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-1.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-2.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-namedpipe-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-privateprofile-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-privateprofile-l1-1-1.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processenvironment-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-1.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-2.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processtopology-obsolete-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-profile-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-realtime-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l2-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-rtlsupport-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shutdown-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-stringansi-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-string-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-string-l2-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-string-obsolete-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-synch-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-synch-l1-2-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-2-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-2-1.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-l1-2-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-legacy-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-timezone-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-url-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-util-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-version-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-wow64-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-xstate-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-xstate-l2-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-conio-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-convert-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-environment-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-filesystem-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-heap-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-locale-l1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-math-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-multibyte-l1-1-0.dll	30
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-process-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-runtime-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-stdio-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-string-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-time-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-utility-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\API-MS-Win-devices-config-L1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\API-MS-Win-devices-config-L1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-eventing-consumer-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Controller-L1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Legacy-L1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Provider-L1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\API-MS-Win-EventLog-Legacy-L1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-security-base-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-security-cryptoapi-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-Security-Lsalookup-L2-1-0.dll	36
C:\Windows\SysWOW64\downlevel\API-MS-Win-Security-Lsalookup-L2-1-1.dll	36
C:\Windows\SysWOW64\downlevel\API-MS-Win-security-lsapolicy-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\API-MS-Win-security-provider-L1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-security-sddl-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-service-core-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-service-core-l1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-service-management-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-service-management-l2-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-service-private-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-service-private-l1-1-1.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-service-winsvc-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-shcore-stream-l1-1-0.dll	35
C:\Windows\SysWOW64\dsrole.dll	29
C:\Windows\SysWOW64\fltLib.dll	32
C:\Windows\SysWOW64\IME\IMETC\IMTCTRLN.DLL	30
C:\Windows\SysWOW64\IME\SHARED\imecfmps.dll	33
C:\Windows\SysWOW64\IME\SHARED\IMEDICAPICCPS.DLL	32
C:\Windows\SysWOW64\IME\SHARED\IMESEARCHPS.DLL	35
C:\Windows\SysWOW64\ksuser.dll	36
C:\Windows\SysWOW64\LocationFrameworkPS.dll	33
C:\Windows\SysWOW64\pcwum.dll	32
C:\Windows\SysWOW64\psapi.dll	40
C:\Windows\SysWOW64\sfc.dll	38
C:\Windows\SysWOW64\smphost.dll	27
C:\Windows\SysWOW64\ttdloader.dll	40
C:\Windows\SysWOW64\uxlibres.dll	38
C:\Windows\SysWOW64\wbem\Microsoft.AppV.AppVClientWmi.dll	27
C:\Windows\SysWOW64\winnsi.dll	40
C:\Windows\SysWOW64\wshhyperv.dll	32
C:\Windows\SysWOW64\wshunix.dll	32

Possible Misuse

The following table contains possible examples of backgroundTaskHost.exe being misused. While backgroundTaskHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
sigma	image_load_abusing_azure_browser_sso.yml	- '\BackgroundTaskHost.exe'	DRL 1.0
sigma	proc_access_win_in_memory_assembly_execution.yml	- '\backgroundTaskHost.exe'	DRL 1.0
sigma	proc_access_win_in_memory_assembly_execution.yml	- 'C:\WINDOWS\system32\backgroundTaskHost.exe'	DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.