File name:

岍賜戚惆桶.exe

Full analysis: https://app.any.run/tasks/96209afd-42e1-47e0-881f-7c89aa1ece62
Verdict: Malicious activity
Analysis date: December 05, 2022, 17:50:45
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
fatalrat
rat
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

9F577DC7DC75E51A1694BEB71C270E03

SHA1:

CE585F871D8E2533AAAA0436B77212EA634143F2

SHA256:

120D00ACA0E9B9BF90AFEED888191371C2381931AB1294D76E4F1E17ABAE39BE

SSDEEP:

49152:Xm9lsm0OY8UAYBhGXrcMCbahXSMtpfRJzGA:W70OUA4h2httSMtZGA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Drops the executable file immediately after the start

      • 岍賜戚惆桶.exe (PID: 3784)
      • eavzrp.exe (PID: 284)
    • Application was dropped or rewritten from another process

      • eavzrp.exe (PID: 284)
      • Aggregatorhost.exe (PID: 2232)
      • Aggregatorhost.exe (PID: 3092)
      • Aggregatorhost.exe (PID: 3024)
      • Aggregatorhost.exe (PID: 4020)
      • Aggregatorhost.exe (PID: 1976)
      • Aggregatorhost.exe (PID: 3260)
      • Aggregatorhost.exe (PID: 2140)
    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3596)
      • Aggregatorhost.exe (PID: 2232)
      • Aggregatorhost.exe (PID: 1976)
    • Creates a writable file the system directory

      • eavzrp.exe (PID: 284)
    • Changes the autorun value in the registry

      • Aggregatorhost.exe (PID: 1976)
    • FATALRAT was detected

      • Aggregatorhost.exe (PID: 3092)
    • Connects to the CnC server

      • Aggregatorhost.exe (PID: 3092)
  • SUSPICIOUS

    • Reads the Internet Settings

      • 岍賜戚惆桶.exe (PID: 3784)
      • eavzrp.exe (PID: 284)
      • Aggregatorhost.exe (PID: 2232)
    • Reads security settings of Internet Explorer

      • eavzrp.exe (PID: 284)
    • Checks Windows Trust Settings

      • eavzrp.exe (PID: 284)
    • Executable content was dropped or overwritten

      • 岍賜戚惆桶.exe (PID: 3784)
      • eavzrp.exe (PID: 284)
    • Reads settings of System Certificates

      • eavzrp.exe (PID: 284)
    • Adds/modifies Windows certificates

      • eavzrp.exe (PID: 284)
    • Application launched itself

      • Aggregatorhost.exe (PID: 2232)
      • Aggregatorhost.exe (PID: 1976)
    • Creates files in the Windows directory

      • eavzrp.exe (PID: 284)
    • Reads the date of Windows installation

      • eavzrp.exe (PID: 284)
    • Executes scripts

      • eavzrp.exe (PID: 284)
  • INFO

    • Checks proxy server information

      • eavzrp.exe (PID: 284)
      • 岍賜戚惆桶.exe (PID: 3784)
    • Reads the computer name

      • 岍賜戚惆桶.exe (PID: 3784)
      • eavzrp.exe (PID: 284)
      • Aggregatorhost.exe (PID: 2232)
      • Aggregatorhost.exe (PID: 3092)
      • Aggregatorhost.exe (PID: 3260)
      • Aggregatorhost.exe (PID: 3024)
      • Aggregatorhost.exe (PID: 2140)
      • Aggregatorhost.exe (PID: 4020)
    • Checks supported languages

      • 岍賜戚惆桶.exe (PID: 3784)
      • eavzrp.exe (PID: 284)
      • Aggregatorhost.exe (PID: 2232)
      • Aggregatorhost.exe (PID: 1976)
      • Aggregatorhost.exe (PID: 3092)
      • Aggregatorhost.exe (PID: 3260)
      • Aggregatorhost.exe (PID: 3024)
      • Aggregatorhost.exe (PID: 2140)
      • Aggregatorhost.exe (PID: 4020)
    • Manual execution by a user

      • Aggregatorhost.exe (PID: 2232)
    • Reads CPU info

      • Aggregatorhost.exe (PID: 3092)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (28.6)
.exe | UPX compressed Win32 Executable (28)
.exe | Win32 EXE Yoda's Crypter (27.5)
.dll | Win32 Dynamic Link Library (generic) (6.8)
.exe | Win32 Executable (generic) (4.6)

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 2022-Dec-05 07:25:21
Detected languages:
  • Chinese - PRC
  • English - United States
CompanyName: Baidu.com, Inc.
FileDescription: BaiduNetdisk
FileVersion: 7.19.0.18
InternalName: BaiduNetdisk
LegalCopyright: Baidu. All rights reserved.
OriginalFilename: BaiduNetdisk.exe
ProductName: BaiduYunGuanjia Application
ProductVersion: 7.19.0.18

DOS Header

e_magic: MZ
e_cblp: 144
e_cp: 3
e_crlc: 0
e_cparhdr: 4
e_minalloc: 0
e_maxalloc: 65535
e_ss: 0
e_sp: 184
e_csum: 0
e_ip: 0
e_cs: 0
e_ovno: 0
e_oemid: 0
e_oeminfo: 0
e_lfanew: 248

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
NumberofSections: 3
TimeDateStamp: 2022-Dec-05 07:25:21
PointerToSymbolTable: 0
NumberOfSymbols: 0
SizeOfOptionalHeader: 224
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_LARGE_ADDRESS_AWARE
  • IMAGE_FILE_LINE_NUMS_STRIPPED
  • IMAGE_FILE_LOCAL_SYMS_STRIPPED
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
UPX0
4096
3215360
0
IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
UPX1
3219456
2101248
2098688
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
7.58711
.rsrc
5320704
4096
4096
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.4523

Resources

Title
Entropy
Size
Codepage
Language
Type
1
6.75413
744
Latin 1 / Western European
Chinese - PRC
RT_ICON
2
6.47904
296
Latin 1 / Western European
Chinese - PRC
RT_ICON
3
2.79939
1128
UNKNOWN
English - United States
RT_ICON
ONLINE_ICON
2.0815
20
UNKNOWN
English - United States
RT_GROUP_ICON
1 (#2)
3.43205
780
UNKNOWN
Chinese - PRC
RT_VERSION
1 (#3)
5.09091
664
Latin 1 / Western European
UNKNOWN
RT_MANIFEST

Imports

ADVAPI32.dll
COMCTL32.dll
GDI32.dll
KERNEL32.DLL
OLEAUT32.dll
SHELL32.dll
USER32.dll
WINMM.dll
WINSPOOL.DRV
WS2_32.dll
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
53
Monitored processes
12
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start 岍賜戚惆桶.exe no specs 岍賜戚惆桶.exe eavzrp.exe searchprotocolhost.exe no specs aggregatorhost.exe no specs aggregatorhost.exe #FATALRAT aggregatorhost.exe aggregatorhost.exe no specs aggregatorhost.exe no specs aggregatorhost.exe no specs aggregatorhost.exe no specs wscript.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2384"C:\Users\admin\AppData\Local\Temp\岍賜戚惆桶.exe" C:\Users\admin\AppData\Local\Temp\岍賜戚惆桶.exeExplorer.EXE
User:
admin
Company:
Baidu.com, Inc.
Integrity Level:
MEDIUM
Description:
BaiduNetdisk
Exit code:
3221226540
Version:
7.19.0.18
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\local\temp\岍賜戚惆桶.exe
3784"C:\Users\admin\AppData\Local\Temp\岍賜戚惆桶.exe" C:\Users\admin\AppData\Local\Temp\岍賜戚惆桶.exe
Explorer.EXE
User:
admin
Company:
Baidu.com, Inc.
Integrity Level:
HIGH
Description:
BaiduNetdisk
Exit code:
0
Version:
7.19.0.18
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\users\admin\appdata\local\temp\岍賜戚惆桶.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\lpk.dll
284C:\Users\Public\Pictures\eavzrp\eavzrp.exeC:\Users\Public\Pictures\eavzrp\eavzrp.exe
岍賜戚惆桶.exe
User:
admin
Company:
360.cn
Integrity Level:
HIGH
Description:
360压缩
Exit code:
0
Version:
4, 0, 0, 1380
Modules
Images
c:\users\public\pictures\eavzrp\eavzrp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
3596"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\system32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2232"C:\Users\Public\Downloads\Tencente\dxhfgl\Aggregatorhost.exe" C:\Users\Public\Downloads\Tencente\dxhfgl\Aggregatorhost.exeExplorer.EXE
User:
admin
Company:
四川盛创时代
Integrity Level:
MEDIUM
Description:
WeFun
Exit code:
0
Version:

Modules
Images
c:\users\public\downloads\tencente\dxhfgl\aggregatorhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\users\public\downloads\tencente\dxhfgl\libcef.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\rpcrt4.dll
1976"C:\Users\Public\Downloads\Tencente\dxhfgl\Aggregatorhost.exe" C:\Users\Public\Downloads\Tencente\dxhfgl\Aggregatorhost.exe
Aggregatorhost.exe
User:
admin
Company:
四川盛创时代
Integrity Level:
HIGH
Description:
WeFun
Exit code:
0
Version:

Modules
Images
c:\users\public\downloads\tencente\dxhfgl\aggregatorhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\public\downloads\tencente\dxhfgl\libcef.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3092C:\Users\Public\Downloads\Tencente\dxhfgl\Aggregatorhost.exeC:\Users\Public\Downloads\Tencente\dxhfgl\Aggregatorhost.exe
Aggregatorhost.exe
User:
admin
Company:
四川盛创时代
Integrity Level:
HIGH
Description:
WeFun
Version:

Modules
Images
c:\users\public\downloads\tencente\dxhfgl\aggregatorhost.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
3024C:\Users\Public\Downloads\Tencente\dxhfgl\Aggregatorhost.exeC:\Users\Public\Downloads\Tencente\dxhfgl\Aggregatorhost.exeAggregatorhost.exe
User:
admin
Company:
四川盛创时代
Integrity Level:
HIGH
Description:
WeFun
Exit code:
0
Version:

Modules
Images
c:\users\public\downloads\tencente\dxhfgl\aggregatorhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
3260C:\Users\Public\Downloads\Tencente\dxhfgl\Aggregatorhost.exeC:\Users\Public\Downloads\Tencente\dxhfgl\Aggregatorhost.exeAggregatorhost.exe
User:
admin
Company:
四川盛创时代
Integrity Level:
HIGH
Description:
WeFun
Exit code:
0
Version:

Modules
Images
c:\users\public\downloads\tencente\dxhfgl\aggregatorhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctf.dll
4020C:\Users\Public\Downloads\Tencente\dxhfgl\Aggregatorhost.exeC:\Users\Public\Downloads\Tencente\dxhfgl\Aggregatorhost.exeAggregatorhost.exe
User:
admin
Company:
四川盛创时代
Integrity Level:
HIGH
Description:
WeFun
Exit code:
0
Version:

Modules
Images
c:\users\public\downloads\tencente\dxhfgl\aggregatorhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msvcrt.dll
Total events
4 144
Read events
4 074
Write events
70
Delete events
0

Modification events

(PID) Process:(284) eavzrp.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(284) eavzrp.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(284) eavzrp.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(284) eavzrp.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(284) eavzrp.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(284) eavzrp.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(284) eavzrp.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(284) eavzrp.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(284) eavzrp.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(284) eavzrp.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
Operation:writeName:WpadDecisionReason
Value:
1
Executable files
7
Suspicious files
1
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
284eavzrp.exeC:\Windows\system32\Enpud.pngtext
MD5:7877089862389879625BCE08DBEEF1ED
SHA256:2A7D8BC8EECB605F29576CECCB869AF247EF8B9C6B30CB4C19BE6748AF4503BB
284eavzrp.exeC:\Users\admin\AppData\Local\Aggregatorhost.exeexecutable
MD5:DD9BBCDA5DC4AC0BE23E57B36BC3840E
SHA256:E9BE44B199D99D7175280EC398CD59B636584226469CB9B87E2507CDDDAF0CE2
3784岍賜戚惆桶.exeC:\Users\Public\Pictures\eavzrp\eavzrp.exeexecutable
MD5:9E8E1AF186A1BA7DD0CD2CA87EC1732F
SHA256:673EE587B01FAEF7EFAC76E036B307AA6FBE178CF5B25DDF42A0CEBAEFF13C79
284eavzrp.exeC:\Windows\system32\Aggregatorhost.exeexecutable
MD5:DD9BBCDA5DC4AC0BE23E57B36BC3840E
SHA256:E9BE44B199D99D7175280EC398CD59B636584226469CB9B87E2507CDDDAF0CE2
284eavzrp.exeC:\Users\Public\Downloads\Tencente\dxhfgl\Aggregatorhost.exeexecutable
MD5:DD9BBCDA5DC4AC0BE23E57B36BC3840E
SHA256:E9BE44B199D99D7175280EC398CD59B636584226469CB9B87E2507CDDDAF0CE2
284eavzrp.exeC:\Users\admin\AppData\Local\Enpud.pngtext
MD5:7877089862389879625BCE08DBEEF1ED
SHA256:2A7D8BC8EECB605F29576CECCB869AF247EF8B9C6B30CB4C19BE6748AF4503BB
284eavzrp.exeC:\Users\Public\Downloads\Tencente\dxhfgl\libcef.dllexecutable
MD5:7B4A7F342D1705329A9F4653106C9A39
SHA256:B46DAA955640A2E830EFC3D69A813DF722FD6D9B2C57E8249DDAA4290C1E045F
284eavzrp.exeC:\Users\Public\Downloads\Misnobi\dxhfgl\a.packbinary
MD5:B6F208A15BDFF16406D9F33E825CFE9A
SHA256:69C2B858132E64D1642EBE4779EC2410762C3BA40F7784694FED4297A01A5938
284eavzrp.exeC:\Users\Public\Pictures\eavzrp\tem.vbstext
MD5:E6442AE1057A4F5BC3313C630D028152
SHA256:3BD9CBCB4A48E78384FDB5CCDFF2667C474D70FC786C099C9EF3128C0C7060BA
284eavzrp.exeC:\Users\admin\AppData\Local\libcef.dllexecutable
MD5:7B4A7F342D1705329A9F4653106C9A39
SHA256:B46DAA955640A2E830EFC3D69A813DF722FD6D9B2C57E8249DDAA4290C1E045F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
2
Threats
1

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3784
岍賜戚惆桶.exe
103.235.46.40:443
www.baidu.com
Beijing Baidu Netcom Science and Technology Co., Ltd.
HK
malicious
284
eavzrp.exe
103.235.46.40:443
www.baidu.com
Beijing Baidu Netcom Science and Technology Co., Ltd.
HK
malicious
103.235.46.40:443
www.baidu.com
Beijing Baidu Netcom Science and Technology Co., Ltd.
HK
malicious
3092
Aggregatorhost.exe
216.83.53.197:8081
Sun Network Hong Kong Limited - HongKong Backbone
US
malicious

DNS requests

Domain
IP
Reputation
www.baidu.com
  • 103.235.46.40
whitelisted

Threats

PID
Process
Class
Message
3092
Aggregatorhost.exe
A Network Trojan was detected
ET TROJAN FatalRAT CnC Activity
Process
Message
Aggregatorhost.exe
SVP7-Thread running...
Aggregatorhost.exe
SVP7-Thread running...
Aggregatorhost.exe
SVP7-Thread running...
Aggregatorhost.exe
SVP7-Thread running...
Aggregatorhost.exe
SVP7-Thread running...
Aggregatorhost.exe
SVP7-Thread running...
Aggregatorhost.exe
SVP7-Thread running...
Aggregatorhost.exe
SVP7-Thread running...
Aggregatorhost.exe
SVP7-Thread running...
Aggregatorhost.exe
SVP7-Thread running...