![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I'm replying here because it seems to be the newest post on aggregatorhost.exe, and is not locked like many others which incorrectly state it's some part of Windows Defender. It's the Microsoft telemetry aggregator. You'll find the service "Connected User Experience and Telemetry" controls this. In my case, it became active after I needed to download something that was part of the "Windows Insider" program. To join Windows Insider, they force you to enable telemetry and agree to send them such telemetry data via an "I agree" ToS checkbox.
It seems that nobody official or volunteer is willing or perhaps able to answer this, so I wanted to put it out there for the record. Because while it isn't "malicious" per se, some people may not realize that they are sending data to Microsoft via this service (presumably about "application compatibility", but who knows what that actually encompasses or what they have agreed to in a EULA or TOS?) :-/
The executable has debugging info in it so you can see the paths of the source code used to compile it. For example:
onecore\base\telemetry\utc\aggregation\aggregatorhost\exe\main.cpp
