| Server IP : 123.56.80.60 / Your IP : 216.73.216.217 Web Server : Apache/2.4.54 (Win32) OpenSSL/1.1.1s PHP/7.4.33 mod_fcgid/2.3.10-dev System : Windows NT iZhx3sob14hnz7Z 10.0 build 14393 (Windows Server 2016) i586 User : SYSTEM ( 0) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/data/rtap/log/ |
Upload File : |
2026-03-22 03:30:17 [Info] [976] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-22 03:30:17 [Info] [976] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap205141774121389 2026-03-22 03:30:17 [Info] [976] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-22 03:30:17 [Info] [976] Resource monitor start 2026-03-22 03:30:17 [Info] [976] ipc client init success 2026-03-22 03:30:17 [Info] [976] Ipc init: 0 2026-03-22 03:30:17 [Info] [976] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-22 03:30:17 [Info] [976] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-22 03:30:17 [Info] [976] start ipc thread id[3028] 2026-03-22 03:30:17 [Info] [976] Connect Yundun ipc server return state is 0 2026-03-22 03:30:17 [Info] [976] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-22 03:30:17 [Info] [976] CResourceMonitor::run Enter 2026-03-22 03:30:17 [Info] [976] CIpcMsgHandlerMgr::run Enter 2026-03-22 03:30:17 [Info] [976] yundun connected 2026-03-22 03:30:17 [Info] [976] Report thread 2026-03-22 03:30:17 [Info] [976] Monitor thread 2026-03-22 03:30:17 [Info] [976] Loader thread 2026-03-22 03:30:17 [Info] [976] PythonEngineImpl Init... 2026-03-22 03:30:18 [Info] [976] recvmsg: HELLO 2026-03-22 03:30:18 [Info] [976] recvmsg: WORK 2026-03-22 03:30:18 [Info] [976] no use encode, return to old mode 2026-03-22 03:30:19 [Info] [976] log fd cnt is [250], real fd cnt is [263] 2026-03-22 03:30:19 [Info] [976] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 03:30:19 [Info] [976] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 03:30:19 [Info] [976] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 03:30:20 [Info] [976] log memory size is 20480KB, real memory size is 13660KB 2026-03-22 03:30:20 [Info] [976] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 03:30:22 [Info] [976] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-22 03:30:22 [Info] [976] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-22 03:30:23 [Info] [976] item: --windows-sysinfoext-check 2026-03-22 03:30:23 [Info] [976] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-22 03:30:23 [Info] [976] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-22 03:30:23 [Info] [976] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 03:30:23 [Info] [976] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 03:30:24 [Info] [976] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-22 03:30:24 [Info] [976] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-22 03:30:24 [Info] [976] Prepare stage1: --windows-sysinfoext-check 2026-03-22 03:30:24 [Info] [976] Prepare stage2 2026-03-22 03:30:24 [Warn] [976] high cpu, cpu is 15 2026-03-22 03:30:24 [Info] [976] try get sys version 2026-03-22 03:30:24 [Info] [976] win sys info:2/10:0:3 2026-03-22 03:30:24 [Info] [976] suit legal version, enable cpu control 2026-03-22 03:30:24 [Warn] [976] High CPU Warning: 15 2026-03-22 03:30:24 [Warn] [976] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:__init__.py line: 87 in func: Moniker File:__init__.py line: 72 in func: GetObject File:wmi.py line: 1276 in func: connect File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-03-22 03:30:25 [Info] [976] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-22 03:30:25 [Info] [976] log memory size is 30720KB, real memory size is 23100KB 2026-03-22 03:30:26 [Info] [976] stage3: --windows-sysinfoext-check 2026-03-22 03:30:26 [Info] [976] Loader after check 2026-03-22 03:30:26 [Warn] [976] high cpu, cpu is 13 2026-03-22 03:30:26 [Warn] [976] High CPU Warning: 13 2026-03-22 03:30:27 [Info] [976] Enter reuse wait state. 2026-03-22 03:30:32 [Info] [976] recvmsg: EXIT 2026-03-22 03:30:32 [Info] [976] Recv Exit Msg, Exit... 2026-03-22 04:41:54 [Info] [4388] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-22 04:41:54 [Info] [4388] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap18701774125714 2026-03-22 04:41:54 [Info] [4388] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-22 04:41:54 [Info] [4388] Resource monitor start 2026-03-22 04:41:54 [Info] [4388] ipc client init success 2026-03-22 04:41:54 [Info] [4388] Ipc init: 0 2026-03-22 04:41:54 [Info] [4388] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-22 04:41:54 [Info] [4388] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-22 04:41:54 [Info] [4388] start ipc thread id[2640] 2026-03-22 04:41:54 [Info] [4388] Connect Yundun ipc server return state is 0 2026-03-22 04:41:54 [Info] [4388] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-22 04:41:54 [Info] [4388] CResourceMonitor::run Enter 2026-03-22 04:41:54 [Info] [4388] CIpcMsgHandlerMgr::run Enter 2026-03-22 04:41:54 [Info] [4388] yundun connected 2026-03-22 04:41:54 [Info] [4388] Report thread 2026-03-22 04:41:54 [Info] [4388] Monitor thread 2026-03-22 04:41:54 [Info] [4388] Loader thread 2026-03-22 04:41:54 [Info] [4388] PythonEngineImpl Init... 2026-03-22 04:41:54 [Info] [4388] recvmsg: HELLO 2026-03-22 04:41:54 [Info] [4388] recvmsg: WORK 2026-03-22 04:41:54 [Info] [4388] no use encode, return to old mode 2026-03-22 04:41:55 [Info] [4388] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 04:41:55 [Info] [4388] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 04:41:55 [Info] [4388] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 04:41:55 [Info] [4388] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 04:41:55 [Info] [4388] log fd cnt is [250], real fd cnt is [282] 2026-03-22 04:41:55 [Info] [4388] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-22 04:41:55 [Info] [4388] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-22 04:41:56 [Info] [4388] log memory size is 20480KB, real memory size is 14848KB 2026-03-22 04:41:56 [Info] [4388] item: --sca 2026-03-22 04:41:56 [Info] [4388] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-22 04:41:57 [Info] [4388] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-22 04:41:57 [Info] [4388] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-03-22 04:41:57 [Info] [4388] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-03-22 04:41:57 [Info] [4388] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-03-22 04:41:57 [Info] [4388] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-03-22 04:41:57 [Info] [4388] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-03-22 04:41:57 [Info] [4388] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-03-22 04:41:58 [Info] [4388] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-03-22 04:41:58 [Info] [4388] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-03-22 04:41:58 [Info] [4388] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-03-22 04:41:58 [Info] [4388] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-03-22 04:41:58 [Info] [4388] Download redirect files success. 2026-03-22 04:41:58 [Info] [4388] Prepare stage1: --sca 2026-03-22 04:41:58 [Info] [4388] Prepare stage2 2026-03-22 04:42:00 [Info] [4388] log memory size is 30720KB, real memory size is 32520KB 2026-03-22 04:42:05 [Info] [4388] log memory size is 40960KB, real memory size is 33292KB 2026-03-22 04:42:46 [Info] [4388] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-22 04:43:04 [Info] [4388] log fd cnt is [300], real fd cnt is [375] 2026-03-22 04:43:11 [Info] [4388] stage3: --sca 2026-03-22 04:43:11 [Info] [4388] Loader after check 2026-03-22 04:43:13 [Info] [4388] Enter reuse wait state. 2026-03-22 04:43:18 [Info] [4388] recvmsg: EXIT 2026-03-22 04:43:18 [Info] [4388] Recv Exit Msg, Exit... 2026-03-22 07:51:46 [Info] [4540] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-22 07:51:46 [Info] [4540] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap63031774137106 2026-03-22 07:51:46 [Info] [4540] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-22 07:51:46 [Info] [4540] Resource monitor start 2026-03-22 07:51:46 [Info] [4540] ipc client init success 2026-03-22 07:51:46 [Info] [4540] Ipc init: 0 2026-03-22 07:51:46 [Info] [4540] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-22 07:51:46 [Info] [4540] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-22 07:51:46 [Info] [4540] start ipc thread id[4288] 2026-03-22 07:51:46 [Info] [4540] Connect Yundun ipc server return state is 0 2026-03-22 07:51:46 [Info] [4540] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-22 07:51:46 [Info] [4540] CResourceMonitor::run Enter 2026-03-22 07:51:46 [Info] [4540] CIpcMsgHandlerMgr::run Enter 2026-03-22 07:51:46 [Info] [4540] Report thread 2026-03-22 07:51:46 [Info] [4540] Monitor thread 2026-03-22 07:51:46 [Info] [4540] Loader thread 2026-03-22 07:51:46 [Info] [4540] PythonEngineImpl Init... 2026-03-22 07:51:46 [Info] [4540] yundun connected 2026-03-22 07:51:47 [Info] [4540] recvmsg: HELLO 2026-03-22 07:51:47 [Info] [4540] recvmsg: WORK 2026-03-22 07:51:47 [Info] [4540] no use encode, return to old mode 2026-03-22 07:51:47 [Info] [4540] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 07:51:47 [Info] [4540] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 07:51:47 [Info] [4540] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 07:51:47 [Info] [4540] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 07:51:47 [Info] [4540] log fd cnt is [250], real fd cnt is [282] 2026-03-22 07:51:47 [Info] [4540] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-22 07:51:47 [Info] [4540] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-22 07:51:48 [Info] [4540] log memory size is 20480KB, real memory size is 14840KB 2026-03-22 07:51:49 [Info] [4540] item: --windows-vul-clean 2026-03-22 07:51:49 [Info] [4540] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-22 07:51:49 [Info] [4540] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-22 07:51:49 [Info] [4540] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 07:51:49 [Info] [4540] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 07:51:49 [Info] [4540] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-03-22 07:51:49 [Info] [4540] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-03-22 07:51:49 [Info] [4540] Prepare stage1: --windows-vul-clean 2026-03-22 07:51:49 [Info] [4540] Prepare stage2 2026-03-22 07:51:49 [Info] [4540] stage3: --windows-vul-clean 2026-03-22 07:51:49 [Info] [4540] Loader after check 2026-03-22 07:51:50 [Info] [4540] Enter reuse wait state. 2026-03-22 07:51:54 [Info] [4540] recvmsg: EXIT 2026-03-22 07:51:54 [Info] [4540] Recv Exit Msg, Exit... 2026-03-22 08:57:16 [Info] [3816] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-22 08:57:16 [Info] [3816] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap191271774141033 2026-03-22 08:57:16 [Info] [3816] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-22 08:57:27 [Info] [3816] Resource monitor start 2026-03-22 08:57:27 [Info] [3816] ipc client init success 2026-03-22 08:57:27 [Info] [3816] Ipc init: 0 2026-03-22 08:57:27 [Info] [3816] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-22 08:57:27 [Info] [3816] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-22 08:57:28 [Info] [3816] start ipc thread id[2336] 2026-03-22 08:57:28 [Info] [3816] Connect Yundun ipc server return state is 0 2026-03-22 08:57:28 [Info] [3816] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-22 08:57:28 [Info] [3816] CResourceMonitor::run Enter 2026-03-22 08:57:28 [Info] [3816] CIpcMsgHandlerMgr::run Enter 2026-03-22 08:57:28 [Info] [3816] Report thread 2026-03-22 08:57:28 [Info] [3816] Monitor thread 2026-03-22 08:57:28 [Info] [3816] Loader thread 2026-03-22 08:57:28 [Info] [3816] PythonEngineImpl Init... 2026-03-22 08:57:36 [Info] [3816] log fd cnt is [250], real fd cnt is [259] 2026-03-22 08:57:36 [Info] [3816] yundun connected 2026-03-22 08:57:36 [Info] [3816] recvmsg: HELLO 2026-03-22 08:57:36 [Info] [3816] recvmsg: WORK 2026-03-22 08:57:36 [Info] [3816] no use encode, return to old mode 2026-03-22 08:57:36 [Info] [3816] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 08:57:36 [Info] [3816] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 08:57:36 [Info] [3816] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 08:57:37 [Info] [3816] log memory size is 20480KB, real memory size is 13144KB 2026-03-22 08:57:37 [Info] [3816] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-22 08:57:42 [Info] [3816] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 08:57:42 [Info] [3816] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-22 08:57:42 [Info] [3816] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-22 08:57:43 [Info] [3816] item: --windows-sysinfoext-check 2026-03-22 08:57:43 [Info] [3816] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-22 08:57:43 [Info] [3816] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-22 08:57:43 [Info] [3816] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 08:57:43 [Info] [3816] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 08:57:44 [Info] [3816] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-22 08:57:44 [Info] [3816] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-22 08:57:44 [Info] [3816] Prepare stage1: --windows-sysinfoext-check 2026-03-22 08:57:44 [Info] [3816] Prepare stage2 2026-03-22 08:57:45 [Info] [3816] log memory size is 30720KB, real memory size is 23060KB 2026-03-22 08:57:46 [Info] [3816] stage3: --windows-sysinfoext-check 2026-03-22 08:57:46 [Info] [3816] Loader after check 2026-03-22 08:57:46 [Warn] [3816] high cpu, cpu is 13 2026-03-22 08:57:46 [Info] [3816] try get sys version 2026-03-22 08:57:46 [Info] [3816] win sys info:2/10:0:3 2026-03-22 08:57:46 [Info] [3816] suit legal version, enable cpu control 2026-03-22 08:57:46 [Warn] [3816] High CPU Warning: 13 2026-03-22 08:57:46 [Warn] [3816] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-22 08:57:47 [Info] [3816] Enter reuse wait state. 2026-03-22 08:57:48 [Info] [3816] recvmsg: EXIT 2026-03-22 08:57:48 [Info] [3816] Recv Exit Msg, Exit... 2026-03-22 09:06:15 [Info] [1684] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-22 09:06:15 [Info] [1684] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap208971774141575 2026-03-22 09:06:15 [Info] [1684] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-22 09:06:15 [Info] [1684] Resource monitor start 2026-03-22 09:06:15 [Info] [1684] ipc client init success 2026-03-22 09:06:15 [Info] [1684] Ipc init: 0 2026-03-22 09:06:15 [Info] [1684] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-22 09:06:15 [Info] [1684] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-22 09:06:15 [Info] [1684] start ipc thread id[3540] 2026-03-22 09:06:15 [Info] [1684] Connect Yundun ipc server return state is 0 2026-03-22 09:06:15 [Info] [1684] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-22 09:06:15 [Info] [1684] CResourceMonitor::run Enter 2026-03-22 09:06:15 [Info] [1684] CIpcMsgHandlerMgr::run Enter 2026-03-22 09:06:15 [Info] [1684] Report thread 2026-03-22 09:06:15 [Info] [1684] Monitor thread 2026-03-22 09:06:15 [Info] [1684] Loader thread 2026-03-22 09:06:15 [Info] [1684] PythonEngineImpl Init... 2026-03-22 09:06:15 [Info] [1684] yundun connected 2026-03-22 09:06:16 [Info] [1684] recvmsg: HELLO 2026-03-22 09:06:16 [Info] [1684] recvmsg: WORK 2026-03-22 09:06:16 [Info] [1684] no use encode, return to old mode 2026-03-22 09:06:16 [Info] [1684] log fd cnt is [250], real fd cnt is [263] 2026-03-22 09:06:16 [Info] [1684] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 09:06:16 [Info] [1684] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 09:06:16 [Info] [1684] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 09:06:16 [Info] [1684] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 09:06:16 [Info] [1684] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-22 09:06:16 [Info] [1684] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-22 09:06:17 [Info] [1684] log memory size is 20480KB, real memory size is 14748KB 2026-03-22 09:06:18 [Info] [1684] item: --windows-process-check 2026-03-22 09:06:18 [Info] [1684] cgroup name aegisRtap0 2026-03-22 09:06:18 [Info] [1684] try get sys version 2026-03-22 09:06:18 [Info] [1684] win sys info:2/10:0:3 2026-03-22 09:06:18 [Info] [1684] suit legal version, enable cpu control 2026-03-22 09:06:18 [Info] [1684] get AssignProcessToJobObject handle [00000478] 2026-03-22 09:06:18 [Info] [1684] Set setJobExtended. 2026-03-22 09:06:18 [Info] [1684] Set cpu [9%] 2026-03-22 09:06:18 [Info] [1684] Set cpu success 2026-03-22 09:06:18 [Info] [1684] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-22 09:06:18 [Info] [1684] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-22 09:06:18 [Info] [1684] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 09:06:18 [Info] [1684] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 09:06:18 [Info] [1684] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-03-22 09:06:18 [Info] [1684] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-03-22 09:06:18 [Info] [1684] Prepare stage1: --windows-process-check 2026-03-22 09:06:18 [Info] [1684] Prepare stage2 2026-03-22 09:06:21 [Info] [1684] log memory size is 30720KB, real memory size is 20616KB 2026-03-22 09:06:30 [Info] [1684] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-22 09:06:36 [Info] [1684] stage3: --windows-process-check 2026-03-22 09:06:36 [Info] [1684] Loader after check 2026-03-22 09:06:37 [Info] [1684] Enter reuse wait state. 2026-03-22 09:06:39 [Info] [1684] recvmsg: EXIT 2026-03-22 09:06:39 [Info] [1684] Recv Exit Msg, Exit... 2026-03-22 10:32:12 [Info] [3756] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-22 10:32:12 [Info] [3756] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap49701774146732 2026-03-22 10:32:12 [Info] [3756] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-22 10:32:12 [Info] [3756] Resource monitor start 2026-03-22 10:32:12 [Info] [3756] ipc client init success 2026-03-22 10:32:12 [Info] [3756] Ipc init: 0 2026-03-22 10:32:12 [Info] [3756] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-22 10:32:12 [Info] [3756] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-22 10:32:12 [Info] [3756] start ipc thread id[3644] 2026-03-22 10:32:12 [Info] [3756] Connect Yundun ipc server return state is 0 2026-03-22 10:32:12 [Info] [3756] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-22 10:32:12 [Info] [3756] CResourceMonitor::run Enter 2026-03-22 10:32:12 [Info] [3756] CIpcMsgHandlerMgr::run Enter 2026-03-22 10:32:12 [Info] [3756] Report thread 2026-03-22 10:32:12 [Info] [3756] Monitor thread 2026-03-22 10:32:12 [Info] [3756] Loader thread 2026-03-22 10:32:12 [Info] [3756] PythonEngineImpl Init... 2026-03-22 10:32:12 [Info] [3756] yundun connected 2026-03-22 10:32:13 [Info] [3756] recvmsg: HELLO 2026-03-22 10:32:13 [Info] [3756] recvmsg: WORK 2026-03-22 10:32:13 [Info] [3756] no use encode, return to old mode 2026-03-22 10:32:13 [Info] [3756] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 10:32:13 [Info] [3756] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 10:32:13 [Info] [3756] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 10:32:13 [Info] [3756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 10:32:13 [Info] [3756] log fd cnt is [250], real fd cnt is [282] 2026-03-22 10:32:13 [Info] [3756] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-22 10:32:13 [Info] [3756] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-22 10:32:14 [Info] [3756] log memory size is 20480KB, real memory size is 14828KB 2026-03-22 10:32:14 [Info] [3756] item: --windows-schedule-task-check 2026-03-22 10:32:14 [Info] [3756] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-22 10:32:14 [Info] [3756] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-22 10:32:14 [Info] [3756] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 10:32:14 [Info] [3756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 10:32:14 [Info] [3756] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-03-22 10:32:14 [Info] [3756] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-03-22 10:32:15 [Info] [3756] Prepare stage1: --windows-schedule-task-check 2026-03-22 10:32:15 [Info] [3756] Prepare stage2 2026-03-22 10:32:15 [Warn] [3756] high cpu, cpu is 12 2026-03-22 10:32:15 [Info] [3756] try get sys version 2026-03-22 10:32:15 [Info] [3756] win sys info:2/10:0:3 2026-03-22 10:32:15 [Info] [3756] suit legal version, enable cpu control 2026-03-22 10:32:15 [Warn] [3756] High CPU Warning: 12 2026-03-22 10:32:15 [Warn] [3756] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-schedule-task-check.py line: 382 in func: GetScheduleTaskByCom File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks File:windows-schedule-task-check.py line: 425 in func: check File:windows-schedule-task-check.py line: 61 in func: main File:windows-schedule-task-check.py line: 433 in func: start 2026-03-22 10:32:18 [Info] [3756] log memory size is 30720KB, real memory size is 23640KB 2026-03-22 10:32:29 [Info] [3992] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-22 10:32:29 [Info] [3992] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap50251774146749 2026-03-22 10:32:29 [Info] [3992] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-22 10:32:29 [Info] [3992] Resource monitor start 2026-03-22 10:32:29 [Info] [3992] ipc client init success 2026-03-22 10:32:29 [Info] [3992] Ipc init: 0 2026-03-22 10:32:29 [Info] [3992] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-22 10:32:29 [Info] [3992] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-22 10:32:29 [Info] [3992] start ipc thread id[4556] 2026-03-22 10:32:29 [Info] [3992] Connect Yundun ipc server return state is 0 2026-03-22 10:32:29 [Info] [3992] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-22 10:32:29 [Info] [3992] CResourceMonitor::run Enter 2026-03-22 10:32:29 [Info] [3992] CIpcMsgHandlerMgr::run Enter 2026-03-22 10:32:29 [Info] [3992] Report thread 2026-03-22 10:32:29 [Info] [3992] Monitor thread 2026-03-22 10:32:29 [Info] [3992] Loader thread 2026-03-22 10:32:29 [Info] [3992] PythonEngineImpl Init... 2026-03-22 10:32:29 [Info] [3992] yundun connected 2026-03-22 10:32:30 [Info] [3992] recvmsg: HELLO 2026-03-22 10:32:30 [Info] [3992] recvmsg: WORK 2026-03-22 10:32:30 [Info] [3992] no use encode, return to old mode 2026-03-22 10:32:30 [Info] [3992] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 10:32:30 [Info] [3992] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 10:32:30 [Info] [3992] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 10:32:30 [Info] [3992] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 10:32:30 [Info] [3992] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-22 10:32:30 [Info] [3992] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-22 10:32:30 [Info] [3992] log fd cnt is [250], real fd cnt is [281] 2026-03-22 10:32:31 [Info] [3992] log memory size is 20480KB, real memory size is 14852KB 2026-03-22 10:32:31 [Info] [3992] item: --windows-registry-check 2026-03-22 10:32:31 [Info] [3992] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-22 10:32:31 [Info] [3992] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-22 10:32:31 [Info] [3992] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 10:32:32 [Info] [3992] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 10:32:32 [Info] [3992] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-03-22 10:32:32 [Info] [3992] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-03-22 10:32:32 [Info] [3992] Prepare stage1: --windows-registry-check 2026-03-22 10:32:32 [Info] [3992] Prepare stage2 2026-03-22 10:32:47 [Info] [3756] stage3: --windows-schedule-task-check 2026-03-22 10:32:47 [Info] [3756] Loader after check 2026-03-22 10:32:48 [Info] [3756] Enter reuse wait state. 2026-03-22 10:32:51 [Info] [3756] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-22 10:32:51 [Info] [3992] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-22 10:32:53 [Info] [3756] recvmsg: EXIT 2026-03-22 10:32:53 [Info] [3756] Recv Exit Msg, Exit... 2026-03-22 10:33:00 [Info] [3992] stage3: --windows-registry-check 2026-03-22 10:33:00 [Info] [3992] Loader after check 2026-03-22 10:33:01 [Info] [3992] Enter reuse wait state. 2026-03-22 10:33:03 [Info] [3992] recvmsg: EXIT 2026-03-22 10:33:03 [Info] [3992] Recv Exit Msg, Exit... 2026-03-22 10:34:56 [Info] [4832] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-22 10:34:56 [Info] [4832] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap55051774146896 2026-03-22 10:34:56 [Info] [4832] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-22 10:34:56 [Info] [4832] Resource monitor start 2026-03-22 10:34:56 [Info] [4832] ipc client init success 2026-03-22 10:34:56 [Info] [4832] Ipc init: 0 2026-03-22 10:34:56 [Info] [4832] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-22 10:34:56 [Info] [4832] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-22 10:34:56 [Info] [4832] start ipc thread id[3032] 2026-03-22 10:34:56 [Info] [4832] Connect Yundun ipc server return state is 0 2026-03-22 10:34:56 [Info] [4832] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-22 10:34:56 [Info] [4832] CResourceMonitor::run Enter 2026-03-22 10:34:56 [Info] [4832] CIpcMsgHandlerMgr::run Enter 2026-03-22 10:34:56 [Info] [4832] Report thread 2026-03-22 10:34:56 [Info] [4832] Monitor thread 2026-03-22 10:34:56 [Info] [4832] Loader thread 2026-03-22 10:34:56 [Info] [4832] PythonEngineImpl Init... 2026-03-22 10:34:56 [Info] [4832] yundun connected 2026-03-22 10:34:56 [Info] [4832] recvmsg: HELLO 2026-03-22 10:34:56 [Info] [4832] recvmsg: WORK 2026-03-22 10:34:56 [Info] [4832] no use encode, return to old mode 2026-03-22 10:34:56 [Info] [4832] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 10:34:56 [Info] [4832] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 10:34:56 [Info] [4832] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 10:34:57 [Info] [4832] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 10:34:57 [Info] [4832] log fd cnt is [250], real fd cnt is [282] 2026-03-22 10:34:57 [Info] [4832] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-22 10:34:57 [Info] [4832] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-22 10:34:58 [Info] [4832] log memory size is 20480KB, real memory size is 14864KB 2026-03-22 10:34:58 [Info] [4832] item: --windows-driver-version-check 2026-03-22 10:34:58 [Info] [4832] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-22 10:34:58 [Info] [4832] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-22 10:34:58 [Info] [4832] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 10:34:58 [Info] [4832] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 10:34:58 [Info] [4832] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-03-22 10:34:58 [Info] [4832] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-03-22 10:34:58 [Info] [4832] Prepare stage1: --windows-driver-version-check 2026-03-22 10:34:58 [Info] [4832] Prepare stage2 2026-03-22 10:34:58 [Info] [4832] stage3: --windows-driver-version-check 2026-03-22 10:34:58 [Info] [4832] Loader after check 2026-03-22 10:34:59 [Info] [4832] Enter reuse wait state. 2026-03-22 10:35:03 [Info] [4832] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-22 10:35:03 [Info] [4832] recvmsg: EXIT 2026-03-22 10:35:03 [Info] [4832] Recv Exit Msg, Exit... 2026-03-22 10:54:30 [Info] [2104] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-22 10:54:30 [Info] [2104] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap93361774148069 2026-03-22 10:54:30 [Info] [2104] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-22 10:54:30 [Info] [2104] Resource monitor start 2026-03-22 10:54:30 [Info] [2104] ipc client init success 2026-03-22 10:54:30 [Info] [2104] Ipc init: 0 2026-03-22 10:54:30 [Info] [2104] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-22 10:54:30 [Info] [2104] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-22 10:54:30 [Info] [2104] start ipc thread id[4940] 2026-03-22 10:54:30 [Info] [2104] Connect Yundun ipc server return state is 0 2026-03-22 10:54:30 [Info] [2104] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-22 10:54:30 [Info] [2104] CResourceMonitor::run Enter 2026-03-22 10:54:30 [Info] [2104] CIpcMsgHandlerMgr::run Enter 2026-03-22 10:54:30 [Info] [2104] Report thread 2026-03-22 10:54:30 [Info] [2104] Monitor thread 2026-03-22 10:54:30 [Info] [2104] Loader thread 2026-03-22 10:54:30 [Info] [2104] PythonEngineImpl Init... 2026-03-22 10:54:30 [Info] [2104] yundun connected 2026-03-22 10:54:30 [Info] [2104] recvmsg: HELLO 2026-03-22 10:54:30 [Info] [2104] recvmsg: WORK 2026-03-22 10:54:30 [Info] [2104] no use encode, return to old mode 2026-03-22 10:54:30 [Info] [2104] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 10:54:30 [Info] [2104] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 10:54:30 [Info] [2104] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 10:54:30 [Info] [2104] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 10:54:31 [Info] [2104] log fd cnt is [250], real fd cnt is [282] 2026-03-22 10:54:31 [Info] [2104] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-22 10:54:31 [Info] [2104] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-22 10:54:32 [Info] [2104] log memory size is 20480KB, real memory size is 14864KB 2026-03-22 10:54:32 [Info] [2104] item: --tcp-connect-check 2026-03-22 10:54:32 [Info] [2104] cgroup name aegisRtap0 2026-03-22 10:54:32 [Info] [2104] try get sys version 2026-03-22 10:54:32 [Info] [2104] win sys info:2/10:0:3 2026-03-22 10:54:32 [Info] [2104] suit legal version, enable cpu control 2026-03-22 10:54:32 [Info] [2104] get AssignProcessToJobObject handle [00000478] 2026-03-22 10:54:32 [Info] [2104] Set setJobExtended. 2026-03-22 10:54:32 [Info] [2104] Set cpu [9%] 2026-03-22 10:54:32 [Info] [2104] Set cpu success 2026-03-22 10:54:32 [Info] [2104] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-22 10:54:32 [Info] [2104] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-22 10:54:32 [Info] [2104] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 10:54:32 [Info] [2104] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 10:54:32 [Info] [2104] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-03-22 10:54:32 [Info] [2104] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-03-22 10:54:32 [Info] [2104] Prepare stage1: --tcp-connect-check 2026-03-22 10:54:32 [Info] [2104] Prepare stage2 2026-03-22 10:54:36 [Info] [2104] stage3: --tcp-connect-check 2026-03-22 10:54:36 [Info] [2104] Loader after check 2026-03-22 10:54:37 [Info] [2104] Enter reuse wait state. 2026-03-22 10:54:41 [Info] [2104] recvmsg: EXIT 2026-03-22 10:54:41 [Info] [2104] Recv Exit Msg, Exit... 2026-03-22 11:15:35 [Info] [3144] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-22 11:15:35 [Info] [3144] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap134701774149335 2026-03-22 11:15:35 [Info] [3144] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-22 11:15:35 [Info] [3144] Resource monitor start 2026-03-22 11:15:35 [Info] [3144] ipc client init success 2026-03-22 11:15:35 [Info] [3144] Ipc init: 0 2026-03-22 11:15:35 [Info] [3144] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-22 11:15:35 [Info] [3144] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-22 11:15:35 [Info] [3144] start ipc thread id[4232] 2026-03-22 11:15:35 [Info] [3144] Connect Yundun ipc server return state is 0 2026-03-22 11:15:35 [Info] [3144] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-22 11:15:35 [Info] [3144] CResourceMonitor::run Enter 2026-03-22 11:15:35 [Info] [3144] CIpcMsgHandlerMgr::run Enter 2026-03-22 11:15:35 [Info] [3144] Report thread 2026-03-22 11:15:35 [Info] [3144] Monitor thread 2026-03-22 11:15:35 [Info] [3144] Loader thread 2026-03-22 11:15:35 [Info] [3144] PythonEngineImpl Init... 2026-03-22 11:15:35 [Info] [3144] yundun connected 2026-03-22 11:15:35 [Info] [3144] recvmsg: HELLO 2026-03-22 11:15:35 [Info] [3144] recvmsg: WORK 2026-03-22 11:15:35 [Info] [3144] no use encode, return to old mode 2026-03-22 11:15:35 [Info] [3144] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 11:15:35 [Info] [3144] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 11:15:35 [Info] [3144] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 11:15:36 [Info] [3144] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 11:15:36 [Info] [3144] log fd cnt is [250], real fd cnt is [282] 2026-03-22 11:15:36 [Info] [3144] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-22 11:15:36 [Info] [3144] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-22 11:15:37 [Info] [3144] log memory size is 20480KB, real memory size is 14832KB 2026-03-22 11:15:37 [Info] [3144] item: --windows-autorun-item-check 2026-03-22 11:15:37 [Info] [3144] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-22 11:15:37 [Info] [3144] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-22 11:15:37 [Info] [3144] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 11:15:37 [Info] [3144] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 11:15:37 [Info] [3144] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-03-22 11:15:37 [Info] [3144] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-03-22 11:15:38 [Info] [3144] Prepare stage1: --windows-autorun-item-check 2026-03-22 11:15:38 [Info] [3144] Prepare stage2 2026-03-22 11:15:41 [Info] [3144] log memory size is 30720KB, real memory size is 22572KB 2026-03-22 11:15:47 [Info] [3144] stage3: --windows-autorun-item-check 2026-03-22 11:15:47 [Info] [3144] Loader after check 2026-03-22 11:15:48 [Info] [3144] Enter reuse wait state. 2026-03-22 11:15:51 [Info] [3144] recvmsg: EXIT 2026-03-22 11:15:51 [Info] [3144] Recv Exit Msg, Exit... 2026-03-22 14:25:13 [Info] [184] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-22 14:25:13 [Info] [184] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap177631774160684 2026-03-22 14:25:13 [Info] [184] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-22 14:25:13 [Info] [184] Resource monitor start 2026-03-22 14:25:13 [Info] [184] ipc client init success 2026-03-22 14:25:13 [Info] [184] Ipc init: 0 2026-03-22 14:25:13 [Info] [184] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-22 14:25:13 [Info] [184] CResourceMonitor::run Enter 2026-03-22 14:25:13 [Info] [184] CIpcMsgHandlerMgr::run Enter 2026-03-22 14:25:13 [Info] [184] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-22 14:25:13 [Info] [184] start ipc thread id[1452] 2026-03-22 14:25:13 [Info] [184] Connect Yundun ipc server return state is 0 2026-03-22 14:25:14 [Info] [184] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-22 14:25:14 [Info] [184] yundun connected 2026-03-22 14:25:14 [Info] [184] Report thread 2026-03-22 14:25:14 [Info] [184] Monitor thread 2026-03-22 14:25:14 [Info] [184] Loader thread 2026-03-22 14:25:14 [Info] [184] PythonEngineImpl Init... 2026-03-22 14:25:14 [Info] [184] recvmsg: HELLO 2026-03-22 14:25:14 [Info] [184] recvmsg: WORK 2026-03-22 14:25:14 [Info] [184] no use encode, return to old mode 2026-03-22 14:25:14 [Info] [184] log fd cnt is [250], real fd cnt is [263] 2026-03-22 14:25:14 [Info] [184] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 14:25:14 [Info] [184] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 14:25:14 [Info] [184] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 14:25:14 [Info] [184] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 14:25:15 [Info] [184] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-22 14:25:15 [Info] [184] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-22 14:25:15 [Info] [184] log memory size is 20480KB, real memory size is 14848KB 2026-03-22 14:25:16 [Info] [184] item: --windows-sysinfoext-check 2026-03-22 14:25:16 [Info] [184] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-22 14:25:16 [Info] [184] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-22 14:25:16 [Info] [184] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 14:25:16 [Info] [184] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 14:25:16 [Info] [184] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-22 14:25:16 [Info] [184] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-22 14:25:16 [Info] [184] Prepare stage1: --windows-sysinfoext-check 2026-03-22 14:25:16 [Info] [184] Prepare stage2 2026-03-22 14:25:19 [Info] [184] log memory size is 30720KB, real memory size is 23172KB 2026-03-22 14:25:20 [Info] [184] stage3: --windows-sysinfoext-check 2026-03-22 14:25:20 [Info] [184] Loader after check 2026-03-22 14:25:21 [Info] [184] Enter reuse wait state. 2026-03-22 14:25:25 [Info] [184] recvmsg: EXIT 2026-03-22 14:25:25 [Info] [184] Recv Exit Msg, Exit... 2026-03-22 19:30:17 [Info] [4980] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-22 19:30:17 [Info] [4980] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap120921774179016 2026-03-22 19:30:17 [Info] [4980] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-22 19:30:17 [Info] [4980] Resource monitor start 2026-03-22 19:30:17 [Info] [4980] ipc client init success 2026-03-22 19:30:17 [Info] [4980] Ipc init: 0 2026-03-22 19:30:17 [Info] [4980] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-22 19:30:17 [Info] [4980] CResourceMonitor::run Enter 2026-03-22 19:30:17 [Info] [4980] CIpcMsgHandlerMgr::run Enter 2026-03-22 19:30:17 [Info] [4980] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-22 19:30:17 [Info] [4980] start ipc thread id[1988] 2026-03-22 19:30:17 [Info] [4980] Connect Yundun ipc server return state is 0 2026-03-22 19:30:17 [Info] [4980] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-22 19:30:17 [Info] [4980] yundun connected 2026-03-22 19:30:17 [Info] [4980] Report thread 2026-03-22 19:30:17 [Info] [4980] Monitor thread 2026-03-22 19:30:17 [Info] [4980] Loader thread 2026-03-22 19:30:17 [Info] [4980] PythonEngineImpl Init... 2026-03-22 19:30:18 [Info] [4980] recvmsg: HELLO 2026-03-22 19:30:18 [Info] [4980] recvmsg: WORK 2026-03-22 19:30:18 [Info] [4980] no use encode, return to old mode 2026-03-22 19:30:18 [Info] [4980] log fd cnt is [250], real fd cnt is [263] 2026-03-22 19:30:18 [Info] [4980] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 19:30:18 [Info] [4980] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 19:30:18 [Info] [4980] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 19:30:18 [Info] [4980] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 19:30:18 [Info] [4980] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-22 19:30:18 [Info] [4980] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-22 19:30:19 [Info] [4980] log memory size is 20480KB, real memory size is 14868KB 2026-03-22 19:30:19 [Info] [4980] item: --secnet_rasp_agent 2026-03-22 19:30:19 [Info] [4980] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-22 19:30:20 [Info] [4980] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-22 19:30:20 [Info] [4980] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-03-22 19:30:20 [Info] [4980] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-22 19:30:20 [Info] [4980] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-03-22 19:30:20 [Info] [4980] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-03-22 19:30:20 [Info] [4980] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-03-22 19:30:20 [Info] [4980] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-03-22 19:30:20 [Info] [4980] Download redirect files success. 2026-03-22 19:30:20 [Info] [4980] Prepare stage1: --secnet_rasp_agent 2026-03-22 19:30:20 [Info] [4980] Prepare stage2 2026-03-22 19:30:21 [Info] [4980] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-22 19:30:21 [Info] [4980] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-22 19:30:21 [Info] [4980] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 19:30:21 [Info] [4980] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 19:30:22 [Info] [4980] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-03-22 19:30:22 [Info] [4980] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-22 19:30:22 [Info] [4980] stage3: --secnet_rasp_agent 2026-03-22 19:30:22 [Info] [4980] Loader after check 2026-03-22 19:30:23 [Info] [4980] Enter reuse wait state. 2026-03-22 19:30:23 [Info] [4980] log memory size is 30720KB, real memory size is 21440KB 2026-03-22 19:30:25 [Info] [4980] recvmsg: EXIT 2026-03-22 19:30:25 [Info] [4980] Recv Exit Msg, Exit... 2026-03-22 19:52:09 [Info] [4912] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-22 19:52:09 [Info] [4912] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap163341774180315 2026-03-22 19:52:09 [Info] [4912] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-22 19:52:09 [Info] [4912] Resource monitor start 2026-03-22 19:52:09 [Info] [4912] ipc client init success 2026-03-22 19:52:09 [Info] [4912] Ipc init: 0 2026-03-22 19:52:09 [Info] [4912] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-22 19:52:09 [Info] [4912] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-22 19:52:09 [Info] [4912] start ipc thread id[4752] 2026-03-22 19:52:09 [Info] [4912] Connect Yundun ipc server return state is 0 2026-03-22 19:52:09 [Info] [4912] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-22 19:52:09 [Info] [4912] CResourceMonitor::run Enter 2026-03-22 19:52:09 [Info] [4912] CIpcMsgHandlerMgr::run Enter 2026-03-22 19:52:09 [Info] [4912] Report thread 2026-03-22 19:52:09 [Info] [4912] Monitor thread 2026-03-22 19:52:09 [Info] [4912] Loader thread 2026-03-22 19:52:09 [Info] [4912] PythonEngineImpl Init... 2026-03-22 19:52:14 [Info] [4912] yundun connected 2026-03-22 19:52:15 [Info] [4912] recvmsg: HELLO 2026-03-22 19:52:15 [Info] [4912] recvmsg: WORK 2026-03-22 19:52:15 [Info] [4912] no use encode, return to old mode 2026-03-22 19:52:15 [Info] [4912] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 19:52:15 [Info] [4912] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 19:52:15 [Info] [4912] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 19:52:17 [Info] [4912] log fd cnt is [250], real fd cnt is [264] 2026-03-22 19:52:18 [Info] [4912] log memory size is 20480KB, real memory size is 13160KB 2026-03-22 19:52:23 [Info] [3920] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-22 19:52:23 [Info] [3920] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap163961774180334 2026-03-22 19:52:23 [Info] [3920] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-22 19:52:23 [Info] [3920] Resource monitor start 2026-03-22 19:52:23 [Info] [3920] ipc client init success 2026-03-22 19:52:23 [Info] [3920] Ipc init: 0 2026-03-22 19:52:23 [Info] [3920] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-22 19:52:23 [Info] [3920] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-22 19:52:23 [Info] [3920] start ipc thread id[4420] 2026-03-22 19:52:23 [Info] [3920] Connect Yundun ipc server return state is 0 2026-03-22 19:52:23 [Info] [3920] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-22 19:52:24 [Info] [3920] CResourceMonitor::run Enter 2026-03-22 19:52:24 [Info] [3920] CIpcMsgHandlerMgr::run Enter 2026-03-22 19:52:24 [Info] [3920] yundun connected 2026-03-22 19:52:24 [Info] [3920] Report thread 2026-03-22 19:52:24 [Info] [3920] Monitor thread 2026-03-22 19:52:24 [Info] [3920] Loader thread 2026-03-22 19:52:24 [Info] [3920] PythonEngineImpl Init... 2026-03-22 19:52:25 [Info] [3920] recvmsg: HELLO 2026-03-22 19:52:25 [Info] [3920] recvmsg: WORK 2026-03-22 19:52:25 [Info] [3920] no use encode, return to old mode 2026-03-22 19:52:25 [Info] [3920] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 19:52:25 [Info] [3920] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-22 19:52:25 [Info] [3920] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 19:52:26 [Warn] [4912] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-22 19:52:26 [Info] [3920] log fd cnt is [250], real fd cnt is [274] 2026-03-22 19:52:26 [Info] [3920] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 19:52:26 [Info] [3920] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-22 19:52:26 [Info] [3920] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-22 19:52:27 [Info] [3920] log memory size is 20480KB, real memory size is 14828KB 2026-03-22 19:52:27 [Info] [3920] item: --windows-vul-check 2026-03-22 19:52:27 [Info] [3920] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-22 19:52:27 [Info] [3920] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-22 19:52:27 [Info] [3920] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py 2026-03-22 19:52:27 [Info] [3920] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-22 19:52:27 [Info] [3920] Download redirect files success. 2026-03-22 19:52:27 [Info] [3920] Prepare stage1: --windows-vul-check 2026-03-22 19:52:27 [Info] [3920] Prepare stage2 2026-03-22 19:52:28 [Warn] [3920] high cpu, cpu is 13 2026-03-22 19:52:28 [Info] [3920] try get sys version 2026-03-22 19:52:28 [Info] [3920] win sys info:2/10:0:3 2026-03-22 19:52:28 [Info] [3920] suit legal version, enable cpu control 2026-03-22 19:52:28 [Warn] [3920] High CPU Warning: 13 2026-03-22 19:52:28 [Warn] [3920] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:<string> line: 1 in func: <module> File:windows-vul-check.py line: 19 in func: <module> 2026-03-22 19:52:28 [Info] [3920] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-03-22 19:52:28 [Info] [3920] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-03-22 19:52:28 [Info] [3920] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 19:52:29 [Info] [3920] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 19:52:29 [Info] [3920] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-03-22 19:52:29 [Info] [3920] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-03-22 19:52:29 [Info] [3920] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0 2026-03-22 19:52:29 [Info] [3920] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0 2026-03-22 19:52:29 [Info] [3920] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat 2026-03-22 19:52:29 [Info] [3920] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat 2026-03-22 19:52:29 [Info] [3920] stage3: --windows-vul-check 2026-03-22 19:52:29 [Info] [3920] Loader after check 2026-03-22 19:52:30 [Warn] [3920] high cpu, cpu is 31 2026-03-22 19:52:30 [Warn] [3920] High CPU Warning: 31 2026-03-22 19:52:30 [Info] [3920] Enter reuse wait state. 2026-03-22 19:52:31 [Info] [3920] log memory size is 30720KB, real memory size is 23516KB 2026-03-22 19:52:34 [Info] [3920] recvmsg: EXIT 2026-03-22 19:52:34 [Info] [3920] Recv Exit Msg, Exit... 2026-03-22 19:52:36 [Warn] [4912] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-22 19:52:46 [Warn] [4912] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-22 19:52:46 [Info] [4912] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 19:52:46 [Info] [4912] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-22 19:52:46 [Info] [4912] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-22 19:52:47 [Info] [4912] item: --windows-sysinfoext-check 2026-03-22 19:52:47 [Info] [4912] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-22 19:52:47 [Info] [4912] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-22 19:52:47 [Info] [4912] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-22 19:52:47 [Info] [4912] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-22 19:52:48 [Info] [4912] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-22 19:52:48 [Info] [4912] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-22 19:52:48 [Info] [4912] Prepare stage1: --windows-sysinfoext-check 2026-03-22 19:52:48 [Info] [4912] Prepare stage2 2026-03-22 19:52:50 [Info] [4912] log memory size is 30720KB, real memory size is 23156KB 2026-03-22 19:52:50 [Info] [4912] stage3: --windows-sysinfoext-check 2026-03-22 19:52:50 [Info] [4912] Loader after check 2026-03-22 19:52:51 [Info] [4912] Enter reuse wait state. 2026-03-22 19:52:56 [Info] [4912] recvmsg: EXIT 2026-03-22 19:52:56 [Info] [4912] Recv Exit Msg, Exit... 2026-03-29 02:43:32 [Info] [4652] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-29 02:43:32 [Info] [4652] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap203881774723412 2026-03-29 02:43:32 [Info] [4652] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-29 02:43:32 [Info] [4652] Resource monitor start 2026-03-29 02:43:32 [Info] [4652] ipc client init success 2026-03-29 02:43:32 [Info] [4652] Ipc init: 0 2026-03-29 02:43:32 [Info] [4652] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-29 02:43:32 [Info] [4652] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-29 02:43:32 [Info] [4652] start ipc thread id[1308] 2026-03-29 02:43:32 [Info] [4652] Connect Yundun ipc server return state is 0 2026-03-29 02:43:32 [Info] [4652] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-29 02:43:32 [Info] [4652] CResourceMonitor::run Enter 2026-03-29 02:43:32 [Info] [4652] CIpcMsgHandlerMgr::run Enter 2026-03-29 02:43:32 [Info] [4652] Report thread 2026-03-29 02:43:32 [Info] [4652] Monitor thread 2026-03-29 02:43:32 [Info] [4652] Loader thread 2026-03-29 02:43:32 [Info] [4652] PythonEngineImpl Init... 2026-03-29 02:43:32 [Info] [4652] yundun connected 2026-03-29 02:43:32 [Info] [4652] recvmsg: HELLO 2026-03-29 02:43:32 [Info] [4652] recvmsg: WORK 2026-03-29 02:43:32 [Info] [4652] no use encode, return to old mode 2026-03-29 02:43:33 [Info] [4652] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 02:43:33 [Info] [4652] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 02:43:33 [Info] [4652] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 02:43:33 [Info] [4652] log fd cnt is [250], real fd cnt is [282] 2026-03-29 02:43:33 [Info] [4652] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 02:43:33 [Info] [4652] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-29 02:43:33 [Info] [4652] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-29 02:43:34 [Info] [4652] log memory size is 20480KB, real memory size is 14772KB 2026-03-29 02:43:34 [Info] [4652] item: --sca 2026-03-29 02:43:34 [Info] [4652] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-29 02:43:34 [Info] [4652] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-29 02:43:35 [Info] [4652] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-03-29 02:43:35 [Info] [4652] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-03-29 02:43:35 [Info] [4652] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-03-29 02:43:35 [Info] [4652] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-03-29 02:43:35 [Info] [4652] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-03-29 02:43:35 [Info] [4652] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-03-29 02:43:35 [Info] [4652] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-03-29 02:43:35 [Info] [4652] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-03-29 02:43:35 [Info] [4652] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-03-29 02:43:35 [Info] [4652] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-03-29 02:43:35 [Info] [4652] Download redirect files success. 2026-03-29 02:43:35 [Info] [4652] Prepare stage1: --sca 2026-03-29 02:43:35 [Info] [4652] Prepare stage2 2026-03-29 02:43:37 [Warn] [4652] high cpu, cpu is 23 2026-03-29 02:43:37 [Info] [4652] try get sys version 2026-03-29 02:43:37 [Info] [4652] win sys info:2/10:0:3 2026-03-29 02:43:37 [Info] [4652] suit legal version, enable cpu control 2026-03-29 02:43:37 [Warn] [4652] High CPU Warning: 23 2026-03-29 02:43:37 [Warn] [4652] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-29 02:43:38 [Info] [4652] log memory size is 30720KB, real memory size is 32908KB 2026-03-29 02:43:42 [Info] [4652] log memory size is 40960KB, real memory size is 33184KB 2026-03-29 02:43:42 [Info] [4652] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-29 02:44:10 [Warn] [4652] high cpu, cpu is 21 2026-03-29 02:44:10 [Warn] [4652] High CPU Warning: 21 2026-03-29 02:44:10 [Warn] [4652] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-29 02:44:11 [Info] [4652] stage3: --sca 2026-03-29 02:44:11 [Info] [4652] Loader after check 2026-03-29 02:44:12 [Info] [4652] Enter reuse wait state. 2026-03-29 02:44:16 [Info] [4652] recvmsg: EXIT 2026-03-29 02:44:16 [Info] [4652] Recv Exit Msg, Exit... 2026-03-29 05:02:57 [Info] [1240] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-29 05:02:57 [Info] [1240] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap148521774731751 2026-03-29 05:02:57 [Info] [1240] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-29 05:02:57 [Info] [1240] Resource monitor start 2026-03-29 05:02:57 [Info] [1240] ipc client init success 2026-03-29 05:02:57 [Info] [1240] Ipc init: 0 2026-03-29 05:02:57 [Info] [1240] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-29 05:02:57 [Info] [1240] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-29 05:02:57 [Info] [1240] start ipc thread id[1056] 2026-03-29 05:02:57 [Info] [1240] Connect Yundun ipc server return state is 0 2026-03-29 05:02:57 [Info] [1240] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-29 05:02:57 [Info] [1240] CResourceMonitor::run Enter 2026-03-29 05:02:57 [Info] [1240] CIpcMsgHandlerMgr::run Enter 2026-03-29 05:02:57 [Info] [1240] yundun connected 2026-03-29 05:02:57 [Info] [1240] Report thread 2026-03-29 05:02:57 [Info] [1240] Monitor thread 2026-03-29 05:02:57 [Info] [1240] Loader thread 2026-03-29 05:02:57 [Info] [1240] PythonEngineImpl Init... 2026-03-29 05:02:57 [Info] [1240] recvmsg: HELLO 2026-03-29 05:02:58 [Info] [1240] recvmsg: WORK 2026-03-29 05:02:58 [Info] [1240] no use encode, return to old mode 2026-03-29 05:02:58 [Info] [1240] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 05:02:58 [Info] [1240] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 05:02:58 [Info] [1240] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 05:02:58 [Info] [1240] log fd cnt is [250], real fd cnt is [264] 2026-03-29 05:03:00 [Info] [1240] log memory size is 20480KB, real memory size is 13604KB 2026-03-29 05:03:01 [Info] [1240] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 05:03:01 [Info] [1240] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-29 05:03:01 [Info] [1240] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-29 05:03:04 [Info] [1240] item: --windows-sysinfoext-check 2026-03-29 05:03:04 [Info] [1240] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-29 05:03:04 [Info] [1240] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-29 05:03:04 [Info] [1240] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 05:03:04 [Info] [1240] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 05:03:04 [Info] [1240] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-29 05:03:04 [Info] [1240] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-29 05:03:04 [Info] [1240] Prepare stage1: --windows-sysinfoext-check 2026-03-29 05:03:04 [Info] [1240] Prepare stage2 2026-03-29 05:03:08 [Info] [1240] log memory size is 30720KB, real memory size is 21568KB 2026-03-29 05:03:13 [Info] [1240] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-29 05:03:36 [Info] [1240] stage3: --windows-sysinfoext-check 2026-03-29 05:03:36 [Info] [1240] Loader after check 2026-03-29 05:03:38 [Info] [1240] Enter reuse wait state. 2026-03-29 05:03:40 [Info] [1240] recvmsg: EXIT 2026-03-29 05:03:40 [Info] [1240] Recv Exit Msg, Exit... 2026-03-29 08:05:07 [Info] [4448] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-29 08:05:07 [Info] [4448] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap178611774742707 2026-03-29 08:05:07 [Info] [4448] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-29 08:05:07 [Info] [4448] Resource monitor start 2026-03-29 08:05:07 [Info] [4448] ipc client init success 2026-03-29 08:05:07 [Info] [4448] Ipc init: 0 2026-03-29 08:05:07 [Info] [4448] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-29 08:05:07 [Info] [4448] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-29 08:05:07 [Info] [4448] start ipc thread id[1680] 2026-03-29 08:05:07 [Info] [4448] Connect Yundun ipc server return state is 0 2026-03-29 08:05:07 [Info] [4448] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-29 08:05:07 [Info] [4448] CResourceMonitor::run Enter 2026-03-29 08:05:07 [Info] [4448] CIpcMsgHandlerMgr::run Enter 2026-03-29 08:05:07 [Info] [4448] yundun connected 2026-03-29 08:05:07 [Info] [4448] Report thread 2026-03-29 08:05:07 [Info] [4448] Monitor thread 2026-03-29 08:05:07 [Info] [4448] Loader thread 2026-03-29 08:05:07 [Info] [4448] PythonEngineImpl Init... 2026-03-29 08:05:08 [Info] [4448] recvmsg: HELLO 2026-03-29 08:05:08 [Info] [4448] recvmsg: WORK 2026-03-29 08:05:08 [Info] [4448] no use encode, return to old mode 2026-03-29 08:05:09 [Info] [4448] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 08:05:09 [Info] [4448] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 08:05:09 [Info] [4448] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 08:05:09 [Info] [4448] log fd cnt is [250], real fd cnt is [264] 2026-03-29 08:05:10 [Info] [4448] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 08:05:10 [Info] [4448] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-29 08:05:10 [Info] [4448] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-29 08:05:10 [Info] [4448] log memory size is 20480KB, real memory size is 14568KB 2026-03-29 08:05:11 [Info] [4448] item: --windows-vul-clean 2026-03-29 08:05:11 [Info] [4448] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-29 08:05:11 [Info] [4448] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-29 08:05:11 [Info] [4448] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 08:05:11 [Info] [4448] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 08:05:11 [Info] [4448] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-03-29 08:05:11 [Info] [4448] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-03-29 08:05:11 [Info] [4448] Prepare stage1: --windows-vul-clean 2026-03-29 08:05:11 [Info] [4448] Prepare stage2 2026-03-29 08:05:11 [Info] [4448] stage3: --windows-vul-clean 2026-03-29 08:05:11 [Info] [4448] Loader after check 2026-03-29 08:05:12 [Info] [4448] Enter reuse wait state. 2026-03-29 08:05:14 [Info] [4448] recvmsg: EXIT 2026-03-29 08:05:14 [Info] [4448] Recv Exit Msg, Exit... 2026-03-29 08:52:47 [Info] [3820] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-29 08:52:47 [Info] [3820] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap272011774745567 2026-03-29 08:52:47 [Info] [3820] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-29 08:52:47 [Info] [3820] Resource monitor start 2026-03-29 08:52:47 [Info] [3820] ipc client init success 2026-03-29 08:52:47 [Info] [3820] Ipc init: 0 2026-03-29 08:52:47 [Info] [3820] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-29 08:52:47 [Info] [3820] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-29 08:52:47 [Info] [3820] start ipc thread id[5088] 2026-03-29 08:52:47 [Info] [3820] Connect Yundun ipc server return state is 0 2026-03-29 08:52:47 [Info] [3820] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-29 08:52:47 [Info] [3820] CResourceMonitor::run Enter 2026-03-29 08:52:47 [Info] [3820] CIpcMsgHandlerMgr::run Enter 2026-03-29 08:52:47 [Info] [3820] Report thread 2026-03-29 08:52:47 [Info] [3820] Monitor thread 2026-03-29 08:52:47 [Info] [3820] Loader thread 2026-03-29 08:52:47 [Info] [3820] PythonEngineImpl Init... 2026-03-29 08:52:47 [Info] [3820] yundun connected 2026-03-29 08:52:48 [Info] [3820] recvmsg: HELLO 2026-03-29 08:52:48 [Info] [3820] recvmsg: WORK 2026-03-29 08:52:48 [Info] [3820] no use encode, return to old mode 2026-03-29 08:52:48 [Info] [3820] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 08:52:48 [Info] [3820] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 08:52:48 [Info] [3820] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 08:52:48 [Info] [3820] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 08:52:48 [Info] [3820] log fd cnt is [250], real fd cnt is [282] 2026-03-29 08:52:48 [Info] [3820] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-29 08:52:48 [Info] [3820] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-29 08:52:49 [Info] [3820] log memory size is 20480KB, real memory size is 14760KB 2026-03-29 08:52:50 [Info] [3820] item: --windows-process-check 2026-03-29 08:52:50 [Info] [3820] cgroup name aegisRtap0 2026-03-29 08:52:50 [Info] [3820] try get sys version 2026-03-29 08:52:50 [Info] [3820] win sys info:2/10:0:3 2026-03-29 08:52:50 [Info] [3820] suit legal version, enable cpu control 2026-03-29 08:52:50 [Info] [3820] get AssignProcessToJobObject handle [00000478] 2026-03-29 08:52:50 [Info] [3820] Set setJobExtended. 2026-03-29 08:52:50 [Info] [3820] Set cpu [9%] 2026-03-29 08:52:50 [Info] [3820] Set cpu success 2026-03-29 08:52:50 [Info] [3820] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-29 08:52:50 [Info] [3820] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-29 08:52:50 [Info] [3820] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 08:52:50 [Info] [3820] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 08:52:50 [Info] [3820] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-03-29 08:52:50 [Info] [3820] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-03-29 08:52:50 [Info] [3820] Prepare stage1: --windows-process-check 2026-03-29 08:52:50 [Info] [3820] Prepare stage2 2026-03-29 08:52:53 [Info] [3820] log memory size is 30720KB, real memory size is 20576KB 2026-03-29 08:52:57 [Info] [3820] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-29 08:53:08 [Info] [3820] stage3: --windows-process-check 2026-03-29 08:53:08 [Info] [3820] Loader after check 2026-03-29 08:53:09 [Info] [3820] Enter reuse wait state. 2026-03-29 08:53:11 [Info] [3820] recvmsg: EXIT 2026-03-29 08:53:11 [Info] [3820] Recv Exit Msg, Exit... 2026-03-29 10:31:02 [Info] [4176] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-29 10:31:02 [Info] [4176] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap136381774751448 2026-03-29 10:31:02 [Info] [4176] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-29 10:31:03 [Info] [4176] Resource monitor start 2026-03-29 10:31:03 [Info] [4176] ipc client init success 2026-03-29 10:31:03 [Info] [4176] Ipc init: 0 2026-03-29 10:31:03 [Info] [4176] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-29 10:31:03 [Info] [4176] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-29 10:31:03 [Info] [4176] start ipc thread id[4708] 2026-03-29 10:31:03 [Info] [4176] Connect Yundun ipc server return state is 0 2026-03-29 10:31:03 [Info] [4176] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-29 10:31:03 [Info] [4176] CResourceMonitor::run Enter 2026-03-29 10:31:03 [Info] [4176] CIpcMsgHandlerMgr::run Enter 2026-03-29 10:31:03 [Info] [4176] Report thread 2026-03-29 10:31:03 [Info] [4176] Monitor thread 2026-03-29 10:31:03 [Info] [4176] Loader thread 2026-03-29 10:31:03 [Info] [4176] PythonEngineImpl Init... 2026-03-29 10:31:07 [Info] [4176] yundun connected 2026-03-29 10:31:08 [Info] [4176] log fd cnt is [250], real fd cnt is [261] 2026-03-29 10:31:08 [Info] [4176] recvmsg: HELLO 2026-03-29 10:31:08 [Info] [4176] recvmsg: WORK 2026-03-29 10:31:08 [Info] [4176] no use encode, return to old mode 2026-03-29 10:31:08 [Info] [4176] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 10:31:08 [Info] [4176] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 10:31:08 [Info] [4176] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 10:31:09 [Info] [4176] log memory size is 20480KB, real memory size is 13132KB 2026-03-29 10:31:22 [Warn] [4176] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-29 10:31:23 [Info] [4176] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-29 10:31:33 [Warn] [4176] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-29 10:31:43 [Warn] [4176] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-29 10:31:43 [Info] [4176] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 10:31:43 [Info] [4176] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-29 10:31:43 [Info] [4176] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-29 10:31:44 [Info] [4176] item: --windows-sysinfoext-check 2026-03-29 10:31:44 [Info] [4176] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-29 10:31:44 [Info] [4176] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-29 10:31:44 [Info] [4176] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 10:31:44 [Info] [4176] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 10:31:44 [Info] [4176] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-29 10:31:44 [Info] [4176] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-29 10:31:45 [Info] [4176] Prepare stage1: --windows-sysinfoext-check 2026-03-29 10:31:45 [Info] [4176] Prepare stage2 2026-03-29 10:31:46 [Info] [4176] log memory size is 30720KB, real memory size is 23116KB 2026-03-29 10:31:46 [Info] [4176] stage3: --windows-sysinfoext-check 2026-03-29 10:31:46 [Info] [4176] Loader after check 2026-03-29 10:31:47 [Warn] [4176] high cpu, cpu is 12 2026-03-29 10:31:47 [Info] [4176] try get sys version 2026-03-29 10:31:47 [Info] [4176] win sys info:2/10:0:3 2026-03-29 10:31:47 [Info] [4176] suit legal version, enable cpu control 2026-03-29 10:31:47 [Warn] [4176] High CPU Warning: 12 2026-03-29 10:31:47 [Warn] [4176] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-29 10:31:47 [Info] [4176] Enter reuse wait state. 2026-03-29 10:31:52 [Info] [4176] recvmsg: EXIT 2026-03-29 10:31:52 [Info] [4176] Recv Exit Msg, Exit... 2026-03-29 10:32:56 [Info] [3604] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-29 10:32:56 [Info] [3604] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap140561774751576 2026-03-29 10:32:56 [Info] [3604] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-29 10:32:56 [Info] [3604] Resource monitor start 2026-03-29 10:32:56 [Info] [3604] ipc client init success 2026-03-29 10:32:56 [Info] [3604] Ipc init: 0 2026-03-29 10:32:56 [Info] [3604] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-29 10:32:56 [Info] [3604] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-29 10:32:56 [Info] [3604] start ipc thread id[4512] 2026-03-29 10:32:56 [Info] [3604] Connect Yundun ipc server return state is 0 2026-03-29 10:32:56 [Info] [3604] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-29 10:32:56 [Info] [3604] CResourceMonitor::run Enter 2026-03-29 10:32:56 [Info] [3604] CIpcMsgHandlerMgr::run Enter 2026-03-29 10:32:56 [Info] [3604] Report thread 2026-03-29 10:32:56 [Info] [3604] Monitor thread 2026-03-29 10:32:56 [Info] [3604] Loader thread 2026-03-29 10:32:56 [Info] [3604] PythonEngineImpl Init... 2026-03-29 10:32:56 [Info] [3604] yundun connected 2026-03-29 10:32:57 [Info] [3604] recvmsg: HELLO 2026-03-29 10:32:57 [Info] [3604] recvmsg: WORK 2026-03-29 10:32:57 [Info] [3604] no use encode, return to old mode 2026-03-29 10:32:57 [Info] [3604] log fd cnt is [250], real fd cnt is [263] 2026-03-29 10:32:57 [Info] [3604] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 10:32:57 [Info] [3604] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 10:32:57 [Info] [3604] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 10:32:58 [Info] [3604] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 10:32:58 [Info] [3604] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-29 10:32:58 [Info] [3604] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-29 10:32:58 [Info] [3604] log memory size is 20480KB, real memory size is 14736KB 2026-03-29 10:32:59 [Info] [3604] item: --windows-registry-check 2026-03-29 10:32:59 [Info] [3604] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-29 10:32:59 [Info] [3604] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-29 10:32:59 [Info] [3604] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 10:32:59 [Info] [3604] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 10:32:59 [Info] [3604] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-03-29 10:32:59 [Info] [3604] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-03-29 10:33:00 [Info] [3604] Prepare stage1: --windows-registry-check 2026-03-29 10:33:00 [Info] [3604] Prepare stage2 2026-03-29 10:33:29 [Info] [3604] stage3: --windows-registry-check 2026-03-29 10:33:29 [Info] [3604] Loader after check 2026-03-29 10:33:30 [Info] [3604] Enter reuse wait state. 2026-03-29 10:33:32 [Info] [3604] recvmsg: EXIT 2026-03-29 10:33:32 [Info] [3604] Recv Exit Msg, Exit... 2026-03-29 10:34:13 [Info] [4108] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-29 10:34:13 [Info] [4108] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap143071774751653 2026-03-29 10:34:13 [Info] [4108] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-29 10:34:13 [Info] [4108] Resource monitor start 2026-03-29 10:34:13 [Info] [4108] ipc client init success 2026-03-29 10:34:13 [Info] [4108] Ipc init: 0 2026-03-29 10:34:13 [Info] [4108] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-29 10:34:13 [Info] [4108] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-29 10:34:13 [Info] [4108] start ipc thread id[160] 2026-03-29 10:34:13 [Info] [4108] Connect Yundun ipc server return state is 0 2026-03-29 10:34:13 [Info] [4108] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-29 10:34:13 [Info] [4108] CResourceMonitor::run Enter 2026-03-29 10:34:13 [Info] [4108] CIpcMsgHandlerMgr::run Enter 2026-03-29 10:34:13 [Info] [4108] Report thread 2026-03-29 10:34:13 [Info] [4108] Monitor thread 2026-03-29 10:34:13 [Info] [4108] Loader thread 2026-03-29 10:34:13 [Info] [4108] PythonEngineImpl Init... 2026-03-29 10:34:13 [Info] [4108] yundun connected 2026-03-29 10:34:13 [Info] [4108] recvmsg: HELLO 2026-03-29 10:34:13 [Info] [4108] recvmsg: WORK 2026-03-29 10:34:13 [Info] [4108] no use encode, return to old mode 2026-03-29 10:34:14 [Info] [4108] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 10:34:14 [Info] [4108] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 10:34:14 [Info] [4108] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 10:34:14 [Info] [4108] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 10:34:14 [Info] [4108] log fd cnt is [250], real fd cnt is [282] 2026-03-29 10:34:14 [Info] [4108] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-29 10:34:14 [Info] [4108] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-29 10:34:15 [Info] [4108] log memory size is 20480KB, real memory size is 14680KB 2026-03-29 10:34:16 [Info] [4108] item: --windows-driver-version-check 2026-03-29 10:34:16 [Info] [4108] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-29 10:34:16 [Info] [4108] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-29 10:34:16 [Info] [4108] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 10:34:17 [Info] [4108] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 10:34:17 [Info] [4108] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-03-29 10:34:17 [Info] [4108] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-03-29 10:34:17 [Info] [4108] Prepare stage1: --windows-driver-version-check 2026-03-29 10:34:17 [Info] [4108] Prepare stage2 2026-03-29 10:34:17 [Info] [4108] stage3: --windows-driver-version-check 2026-03-29 10:34:17 [Info] [4108] Loader after check 2026-03-29 10:34:19 [Info] [4108] Enter reuse wait state. 2026-03-29 10:34:21 [Info] [4108] recvmsg: EXIT 2026-03-29 10:34:21 [Info] [4108] Recv Exit Msg, Exit... 2026-03-29 10:45:54 [Info] [2504] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-29 10:45:54 [Info] [2504] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap165961774752354 2026-03-29 10:45:54 [Info] [2504] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-29 10:45:54 [Info] [2504] Resource monitor start 2026-03-29 10:45:54 [Info] [2504] ipc client init success 2026-03-29 10:45:54 [Info] [2504] Ipc init: 0 2026-03-29 10:45:54 [Info] [2504] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-29 10:45:54 [Info] [2504] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-29 10:45:54 [Info] [2504] start ipc thread id[4480] 2026-03-29 10:45:54 [Info] [2504] Connect Yundun ipc server return state is 0 2026-03-29 10:45:54 [Info] [2504] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-29 10:45:54 [Info] [2504] CResourceMonitor::run Enter 2026-03-29 10:45:54 [Info] [2504] CIpcMsgHandlerMgr::run Enter 2026-03-29 10:45:54 [Info] [2504] Report thread 2026-03-29 10:45:54 [Info] [2504] Monitor thread 2026-03-29 10:45:54 [Info] [2504] Loader thread 2026-03-29 10:45:54 [Info] [2504] PythonEngineImpl Init... 2026-03-29 10:45:54 [Info] [2504] yundun connected 2026-03-29 10:45:55 [Info] [2504] recvmsg: HELLO 2026-03-29 10:45:55 [Info] [2504] recvmsg: WORK 2026-03-29 10:45:55 [Info] [2504] no use encode, return to old mode 2026-03-29 10:45:55 [Info] [2504] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 10:45:55 [Info] [2504] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 10:45:55 [Info] [2504] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 10:45:55 [Info] [2504] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 10:45:55 [Info] [2504] log fd cnt is [250], real fd cnt is [282] 2026-03-29 10:45:55 [Info] [2504] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-29 10:45:55 [Info] [2504] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-29 10:45:56 [Info] [2504] log memory size is 20480KB, real memory size is 14824KB 2026-03-29 10:45:56 [Info] [2504] item: --windows-schedule-task-check 2026-03-29 10:45:56 [Info] [2504] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-29 10:45:56 [Info] [2504] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-29 10:45:56 [Info] [2504] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 10:45:57 [Info] [2504] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 10:45:57 [Info] [2504] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-03-29 10:45:57 [Info] [2504] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-03-29 10:45:57 [Info] [2504] Prepare stage1: --windows-schedule-task-check 2026-03-29 10:45:57 [Info] [2504] Prepare stage2 2026-03-29 10:46:00 [Info] [2504] log memory size is 30720KB, real memory size is 23644KB 2026-03-29 10:46:05 [Info] [2504] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-29 10:46:27 [Info] [2504] stage3: --windows-schedule-task-check 2026-03-29 10:46:27 [Info] [2504] Loader after check 2026-03-29 10:46:28 [Info] [2504] Enter reuse wait state. 2026-03-29 10:46:30 [Info] [2504] recvmsg: EXIT 2026-03-29 10:46:30 [Info] [2504] Recv Exit Msg, Exit... 2026-03-29 11:11:49 [Info] [4448] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-29 11:11:49 [Info] [4448] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap216741774753909 2026-03-29 11:11:49 [Info] [4448] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-29 11:11:49 [Info] [4448] Resource monitor start 2026-03-29 11:11:49 [Info] [4448] ipc client init success 2026-03-29 11:11:49 [Info] [4448] Ipc init: 0 2026-03-29 11:11:49 [Info] [4448] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-29 11:11:49 [Info] [4448] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-29 11:11:49 [Info] [4448] start ipc thread id[2028] 2026-03-29 11:11:49 [Info] [4448] Connect Yundun ipc server return state is 0 2026-03-29 11:11:49 [Info] [4448] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-29 11:11:49 [Info] [4448] CResourceMonitor::run Enter 2026-03-29 11:11:49 [Info] [4448] CIpcMsgHandlerMgr::run Enter 2026-03-29 11:11:49 [Info] [4448] Report thread 2026-03-29 11:11:49 [Info] [4448] Monitor thread 2026-03-29 11:11:49 [Info] [4448] Loader thread 2026-03-29 11:11:49 [Info] [4448] PythonEngineImpl Init... 2026-03-29 11:11:49 [Info] [4448] yundun connected 2026-03-29 11:11:50 [Info] [4448] recvmsg: HELLO 2026-03-29 11:11:50 [Info] [4448] recvmsg: WORK 2026-03-29 11:11:50 [Info] [4448] no use encode, return to old mode 2026-03-29 11:11:50 [Info] [4448] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 11:11:50 [Info] [4448] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 11:11:50 [Info] [4448] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 11:11:50 [Info] [4448] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 11:11:50 [Info] [4448] log fd cnt is [250], real fd cnt is [282] 2026-03-29 11:11:50 [Info] [4448] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-29 11:11:50 [Info] [4448] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-29 11:11:51 [Info] [4448] log memory size is 20480KB, real memory size is 14780KB 2026-03-29 11:11:51 [Info] [4448] item: --windows-autorun-item-check 2026-03-29 11:11:51 [Info] [4448] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-29 11:11:51 [Info] [4448] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-29 11:11:51 [Info] [4448] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 11:11:52 [Info] [4448] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 11:11:52 [Info] [4448] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-03-29 11:11:52 [Info] [4448] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-03-29 11:11:52 [Info] [4448] Prepare stage1: --windows-autorun-item-check 2026-03-29 11:11:52 [Info] [4448] Prepare stage2 2026-03-29 11:11:52 [Warn] [4448] high cpu, cpu is 12 2026-03-29 11:11:52 [Info] [4448] try get sys version 2026-03-29 11:11:52 [Info] [4448] win sys info:2/10:0:3 2026-03-29 11:11:52 [Info] [4448] suit legal version, enable cpu control 2026-03-29 11:11:52 [Warn] [4448] High CPU Warning: 12 2026-03-29 11:11:52 [Warn] [4448] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-autorun-item-check.py line: 220 in func: EnumRegKeyValue File:windows-autorun-item-check.py line: 257 in func: GetAutoRunByReg File:windows-autorun-item-check.py line: 500 in func: check File:windows-autorun-item-check.py line: 80 in func: main File:windows-autorun-item-check.py line: 534 in func: start 2026-03-29 11:11:55 [Info] [4448] log memory size is 30720KB, real memory size is 22556KB 2026-03-29 11:12:02 [Info] [4448] stage3: --windows-autorun-item-check 2026-03-29 11:12:02 [Info] [4448] Loader after check 2026-03-29 11:12:03 [Info] [4448] Enter reuse wait state. 2026-03-29 11:12:05 [Info] [4448] recvmsg: EXIT 2026-03-29 11:12:05 [Info] [4448] Recv Exit Msg, Exit... 2026-03-29 11:49:24 [Info] [4368] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-29 11:49:24 [Info] [4368] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap290381774756164 2026-03-29 11:49:24 [Info] [4368] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-29 11:49:24 [Info] [4368] Resource monitor start 2026-03-29 11:49:24 [Info] [4368] ipc client init success 2026-03-29 11:49:24 [Info] [4368] Ipc init: 0 2026-03-29 11:49:24 [Info] [4368] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-29 11:49:24 [Info] [4368] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-29 11:49:24 [Info] [4368] start ipc thread id[2204] 2026-03-29 11:49:24 [Info] [4368] Connect Yundun ipc server return state is 0 2026-03-29 11:49:24 [Info] [4368] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-29 11:49:24 [Info] [4368] CResourceMonitor::run Enter 2026-03-29 11:49:24 [Info] [4368] CIpcMsgHandlerMgr::run Enter 2026-03-29 11:49:24 [Info] [4368] Report thread 2026-03-29 11:49:24 [Info] [4368] Monitor thread 2026-03-29 11:49:24 [Info] [4368] Loader thread 2026-03-29 11:49:24 [Info] [4368] PythonEngineImpl Init... 2026-03-29 11:49:24 [Info] [4368] yundun connected 2026-03-29 11:49:25 [Info] [4368] recvmsg: HELLO 2026-03-29 11:49:25 [Info] [4368] recvmsg: WORK 2026-03-29 11:49:25 [Info] [4368] no use encode, return to old mode 2026-03-29 11:49:25 [Info] [4368] log fd cnt is [250], real fd cnt is [263] 2026-03-29 11:49:25 [Info] [4368] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 11:49:25 [Info] [4368] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 11:49:25 [Info] [4368] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 11:49:26 [Info] [4368] log memory size is 20480KB, real memory size is 13620KB 2026-03-29 11:49:26 [Info] [4368] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 11:49:27 [Info] [4368] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-29 11:49:27 [Info] [4368] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-29 11:49:29 [Info] [4368] item: --tcp-connect-check 2026-03-29 11:49:29 [Info] [4368] cgroup name aegisRtap0 2026-03-29 11:49:29 [Info] [4368] try get sys version 2026-03-29 11:49:29 [Info] [4368] win sys info:2/10:0:3 2026-03-29 11:49:29 [Info] [4368] suit legal version, enable cpu control 2026-03-29 11:49:29 [Info] [4368] get AssignProcessToJobObject handle [00000478] 2026-03-29 11:49:29 [Info] [4368] Set setJobExtended. 2026-03-29 11:49:29 [Info] [4368] Set cpu [9%] 2026-03-29 11:49:29 [Info] [4368] Set cpu success 2026-03-29 11:49:29 [Info] [4368] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-29 11:49:29 [Info] [4368] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-29 11:49:29 [Info] [4368] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 11:49:29 [Info] [4368] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 11:49:29 [Info] [4368] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-03-29 11:49:29 [Info] [4368] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-03-29 11:49:29 [Info] [4368] Prepare stage1: --tcp-connect-check 2026-03-29 11:49:29 [Info] [4368] Prepare stage2 2026-03-29 11:49:48 [Info] [4368] stage3: --tcp-connect-check 2026-03-29 11:49:48 [Info] [4368] Loader after check 2026-03-29 11:49:49 [Info] [4368] Enter reuse wait state. 2026-03-29 11:49:51 [Info] [4368] recvmsg: EXIT 2026-03-29 11:49:51 [Info] [4368] Recv Exit Msg, Exit... 2026-03-29 15:59:52 [Info] [2028] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-29 15:59:52 [Info] [2028] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap125451774771182 2026-03-29 15:59:52 [Info] [2028] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-29 15:59:52 [Info] [2028] Resource monitor start 2026-03-29 15:59:52 [Info] [2028] ipc client init success 2026-03-29 15:59:52 [Info] [2028] Ipc init: 0 2026-03-29 15:59:52 [Info] [2028] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-29 15:59:52 [Info] [2028] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-29 15:59:52 [Info] [2028] start ipc thread id[2320] 2026-03-29 15:59:52 [Info] [2028] Connect Yundun ipc server return state is 0 2026-03-29 15:59:52 [Info] [2028] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-29 15:59:52 [Info] [2028] CResourceMonitor::run Enter 2026-03-29 15:59:52 [Info] [2028] CIpcMsgHandlerMgr::run Enter 2026-03-29 15:59:52 [Info] [2028] Report thread 2026-03-29 15:59:52 [Info] [2028] Monitor thread 2026-03-29 15:59:52 [Info] [2028] Loader thread 2026-03-29 15:59:52 [Info] [2028] PythonEngineImpl Init... 2026-03-29 15:59:58 [Info] [2028] yundun connected 2026-03-29 15:59:59 [Info] [2028] log fd cnt is [250], real fd cnt is [261] 2026-03-29 15:59:59 [Info] [2028] recvmsg: HELLO 2026-03-29 15:59:59 [Info] [2028] recvmsg: WORK 2026-03-29 15:59:59 [Info] [2028] no use encode, return to old mode 2026-03-29 15:59:59 [Info] [2028] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 15:59:59 [Info] [2028] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 15:59:59 [Info] [2028] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 16:00:00 [Info] [2028] log memory size is 20480KB, real memory size is 13144KB 2026-03-29 16:00:01 [Info] [2028] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-29 16:00:20 [Warn] [2028] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-29 16:00:30 [Warn] [2028] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-29 16:00:40 [Warn] [2028] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-29 16:00:40 [Info] [2028] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 16:00:41 [Info] [2028] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-29 16:00:41 [Info] [2028] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-29 16:00:42 [Info] [2028] item: --windows-sysinfoext-check 2026-03-29 16:00:42 [Info] [2028] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-29 16:00:42 [Info] [2028] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-29 16:00:42 [Info] [2028] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 16:00:42 [Info] [2028] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 16:00:42 [Info] [2028] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-29 16:00:42 [Info] [2028] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-29 16:00:42 [Info] [2028] Prepare stage1: --windows-sysinfoext-check 2026-03-29 16:00:42 [Info] [2028] Prepare stage2 2026-03-29 16:00:44 [Warn] [2028] high cpu, cpu is 20 2026-03-29 16:00:44 [Info] [2028] try get sys version 2026-03-29 16:00:44 [Info] [2028] win sys info:2/10:0:3 2026-03-29 16:00:44 [Info] [2028] suit legal version, enable cpu control 2026-03-29 16:00:44 [Warn] [2028] High CPU Warning: 20 2026-03-29 16:00:44 [Warn] [2028] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-29 16:00:45 [Info] [2028] log memory size is 30720KB, real memory size is 23112KB 2026-03-29 16:00:45 [Info] [2028] stage3: --windows-sysinfoext-check 2026-03-29 16:00:45 [Info] [2028] Loader after check 2026-03-29 16:00:46 [Warn] [2028] high cpu, cpu is 17 2026-03-29 16:00:46 [Warn] [2028] High CPU Warning: 17 2026-03-29 16:00:46 [Info] [2028] Enter reuse wait state. 2026-03-29 16:00:50 [Info] [2028] recvmsg: EXIT 2026-03-29 16:00:50 [Info] [2028] Recv Exit Msg, Exit... 2026-03-29 20:39:46 [Info] [4524] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-29 20:39:46 [Info] [4524] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap18841774787986 2026-03-29 20:39:46 [Info] [4524] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-29 20:39:46 [Info] [4524] Resource monitor start 2026-03-29 20:39:46 [Info] [4524] ipc client init success 2026-03-29 20:39:46 [Info] [4524] Ipc init: 0 2026-03-29 20:39:46 [Info] [4524] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-29 20:39:46 [Info] [4524] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-29 20:39:46 [Info] [4524] start ipc thread id[1020] 2026-03-29 20:39:46 [Info] [4524] Connect Yundun ipc server return state is 0 2026-03-29 20:39:46 [Info] [4524] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-29 20:39:46 [Info] [4524] CResourceMonitor::run Enter 2026-03-29 20:39:46 [Info] [4524] CIpcMsgHandlerMgr::run Enter 2026-03-29 20:39:46 [Info] [4524] Report thread 2026-03-29 20:39:46 [Info] [4524] Monitor thread 2026-03-29 20:39:46 [Info] [4524] Loader thread 2026-03-29 20:39:46 [Info] [4524] PythonEngineImpl Init... 2026-03-29 20:39:46 [Info] [4524] yundun connected 2026-03-29 20:39:46 [Info] [4524] recvmsg: HELLO 2026-03-29 20:39:46 [Info] [4524] recvmsg: WORK 2026-03-29 20:39:46 [Info] [4524] no use encode, return to old mode 2026-03-29 20:39:47 [Info] [4524] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 20:39:47 [Info] [4524] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 20:39:47 [Info] [4524] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 20:39:47 [Info] [4524] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 20:39:47 [Info] [4524] log fd cnt is [250], real fd cnt is [282] 2026-03-29 20:39:47 [Info] [4524] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-29 20:39:47 [Info] [4524] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-29 20:39:48 [Info] [4524] log memory size is 20480KB, real memory size is 14844KB 2026-03-29 20:39:48 [Info] [4524] item: --secnet_rasp_agent 2026-03-29 20:39:48 [Info] [4524] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-29 20:39:48 [Info] [4524] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-29 20:39:48 [Info] [4524] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-03-29 20:39:48 [Info] [4524] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-29 20:39:48 [Info] [4524] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-03-29 20:39:48 [Info] [4524] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-03-29 20:39:48 [Info] [4524] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-03-29 20:39:48 [Info] [4524] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-03-29 20:39:48 [Info] [4524] Download redirect files success. 2026-03-29 20:39:48 [Info] [4524] Prepare stage1: --secnet_rasp_agent 2026-03-29 20:39:48 [Info] [4524] Prepare stage2 2026-03-29 20:39:50 [Info] [4524] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-29 20:39:50 [Info] [4524] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-29 20:39:50 [Info] [4524] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 20:39:50 [Info] [4524] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 20:39:50 [Info] [4524] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-03-29 20:39:50 [Info] [4524] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-29 20:39:50 [Info] [4524] stage3: --secnet_rasp_agent 2026-03-29 20:39:50 [Info] [4524] Loader after check 2026-03-29 20:39:51 [Info] [4524] Enter reuse wait state. 2026-03-29 20:39:52 [Info] [4524] log memory size is 30720KB, real memory size is 21400KB 2026-03-29 20:39:53 [Info] [4524] recvmsg: EXIT 2026-03-29 20:39:53 [Info] [4524] Recv Exit Msg, Exit... 2026-03-29 21:26:24 [Info] [3080] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-29 21:26:24 [Info] [3080] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap109751774790770 2026-03-29 21:26:24 [Info] [3080] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-29 21:26:24 [Info] [3080] Resource monitor start 2026-03-29 21:26:24 [Info] [3080] ipc client init success 2026-03-29 21:26:24 [Info] [3080] Ipc init: 0 2026-03-29 21:26:24 [Info] [3080] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-29 21:26:24 [Info] [3080] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-29 21:26:24 [Info] [3080] start ipc thread id[4268] 2026-03-29 21:26:24 [Info] [3080] Connect Yundun ipc server return state is 0 2026-03-29 21:26:24 [Info] [3080] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-29 21:26:24 [Info] [3080] CResourceMonitor::run Enter 2026-03-29 21:26:24 [Info] [3080] CIpcMsgHandlerMgr::run Enter 2026-03-29 21:26:24 [Info] [3080] Report thread 2026-03-29 21:26:24 [Info] [3080] Monitor thread 2026-03-29 21:26:24 [Info] [3080] Loader thread 2026-03-29 21:26:24 [Info] [3080] PythonEngineImpl Init... 2026-03-29 21:26:29 [Info] [3080] yundun connected 2026-03-29 21:26:30 [Info] [3080] log fd cnt is [250], real fd cnt is [261] 2026-03-29 21:26:30 [Info] [3080] recvmsg: HELLO 2026-03-29 21:26:30 [Info] [3080] recvmsg: WORK 2026-03-29 21:26:30 [Info] [3080] no use encode, return to old mode 2026-03-29 21:26:30 [Info] [3080] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 21:26:30 [Info] [3080] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-29 21:26:30 [Info] [3080] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 21:26:31 [Info] [3080] log memory size is 20480KB, real memory size is 13136KB 2026-03-29 21:26:39 [Info] [3080] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 21:26:39 [Info] [3080] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-29 21:26:39 [Info] [3080] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-29 21:26:40 [Info] [3080] item: --windows-sysinfoext-check 2026-03-29 21:26:40 [Info] [3080] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-29 21:26:40 [Info] [3080] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-29 21:26:40 [Info] [3080] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-29 21:26:41 [Info] [3080] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-29 21:26:41 [Info] [3080] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-29 21:26:41 [Info] [3080] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-29 21:26:41 [Info] [3080] Prepare stage1: --windows-sysinfoext-check 2026-03-29 21:26:41 [Info] [3080] Prepare stage2 2026-03-29 21:26:43 [Info] [3080] stage3: --windows-sysinfoext-check 2026-03-29 21:26:43 [Info] [3080] Loader after check 2026-03-29 21:26:43 [Info] [3080] log memory size is 30720KB, real memory size is 23224KB 2026-03-29 21:26:44 [Info] [3080] Enter reuse wait state. 2026-03-29 21:26:45 [Info] [3080] recvmsg: EXIT 2026-03-29 21:26:45 [Info] [3080] Recv Exit Msg, Exit... 2026-04-05 01:04:00 [Info] [2748] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-05 01:04:00 [Info] [2748] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap97831775322226 2026-04-05 01:04:00 [Info] [2748] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-05 01:04:05 [Info] [2748] Resource monitor start 2026-04-05 01:04:05 [Info] [2748] ipc client init success 2026-04-05 01:04:05 [Info] [2748] Ipc init: 0 2026-04-05 01:04:05 [Info] [2748] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-05 01:04:05 [Info] [2748] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-05 01:04:05 [Info] [2748] start ipc thread id[3080] 2026-04-05 01:04:05 [Info] [2748] Connect Yundun ipc server return state is 0 2026-04-05 01:04:10 [Info] [2748] Monitor thread 2026-04-05 01:04:10 [Info] [2748] Report thread 2026-04-05 01:04:10 [Info] [2748] yundun connected 2026-04-05 01:04:10 [Info] [2748] CIpcMsgHandlerMgr::run Enter 2026-04-05 01:04:10 [Info] [2748] CResourceMonitor::run Enter 2026-04-05 01:04:10 [Info] [2748] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-05 01:04:10 [Info] [2748] recvmsg: HELLO 2026-04-05 01:04:10 [Info] [2748] recvmsg: WORK 2026-04-05 01:04:10 [Info] [2748] no use encode, return to old mode 2026-04-05 01:04:11 [Info] [2748] log fd cnt is [250], real fd cnt is [250] 2026-04-05 01:04:12 [Info] [2748] Loader thread 2026-04-05 01:04:12 [Info] [2748] PythonEngineImpl Init... 2026-04-05 01:04:14 [Info] [2748] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 01:04:14 [Info] [2748] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 01:04:14 [Info] [2748] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 01:04:15 [Info] [2748] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 01:04:15 [Info] [2748] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-05 01:04:15 [Info] [2748] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-05 01:04:16 [Info] [2748] log memory size is 20480KB, real memory size is 14884KB 2026-04-05 01:04:16 [Info] [2748] item: --windows-sysinfoext-check 2026-04-05 01:04:16 [Info] [2748] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-05 01:04:16 [Info] [2748] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-05 01:04:16 [Info] [2748] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 01:04:16 [Info] [2748] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 01:04:16 [Info] [2748] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-05 01:04:16 [Info] [2748] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-05 01:04:16 [Info] [2748] Prepare stage1: --windows-sysinfoext-check 2026-04-05 01:04:16 [Info] [2748] Prepare stage2 2026-04-05 01:04:17 [Warn] [2748] high cpu, cpu is 28 2026-04-05 01:04:17 [Info] [2748] try get sys version 2026-04-05 01:04:17 [Info] [2748] win sys info:2/10:0:3 2026-04-05 01:04:17 [Info] [2748] suit legal version, enable cpu control 2026-04-05 01:04:17 [Warn] [2748] High CPU Warning: 28 2026-04-05 01:04:17 [Warn] [2748] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:dynamic.py line: 514 in func: __getattr__ File:wmi.py line: 499 in func: <genexpr> File:wmi.py line: 499 in func: __init__ File:wmi.py line: 781 in func: __init__ File:wmi.py line: 1156 in func: _cached_classes File:wmi.py line: 1145 in func: __getattr__ File:windows-sysinfoext-check.py line: 50 in func: GetSysCpuInfo File:windows-sysinfoext-check.py line: 174 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-04-05 01:04:18 [Info] [2748] stage3: --windows-sysinfoext-check 2026-04-05 01:04:18 [Info] [2748] Loader after check 2026-04-05 01:04:19 [Warn] [2748] high cpu, cpu is 15 2026-04-05 01:04:19 [Warn] [2748] High CPU Warning: 15 2026-04-05 01:04:19 [Info] [2748] Enter reuse wait state. 2026-04-05 01:04:20 [Info] [2748] log memory size is 30720KB, real memory size is 23356KB 2026-04-05 01:04:22 [Info] [2748] recvmsg: EXIT 2026-04-05 01:04:22 [Info] [2748] Recv Exit Msg, Exit... 2026-04-05 06:34:11 [Info] [4880] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-05 06:34:11 [Info] [4880] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap88791775342018 2026-04-05 06:34:11 [Info] [4880] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-05 06:34:11 [Info] [4880] Resource monitor start 2026-04-05 06:34:11 [Info] [4880] ipc client init success 2026-04-05 06:34:11 [Info] [4880] Ipc init: 0 2026-04-05 06:34:11 [Info] [4880] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-05 06:34:11 [Info] [4880] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-05 06:34:11 [Info] [4880] CResourceMonitor::run Enter 2026-04-05 06:34:11 [Info] [4880] CIpcMsgHandlerMgr::run Enter 2026-04-05 06:34:11 [Info] [4880] start ipc thread id[3496] 2026-04-05 06:34:11 [Info] [4880] Connect Yundun ipc server return state is 0 2026-04-05 06:34:11 [Info] [4880] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-05 06:34:11 [Info] [4880] yundun connected 2026-04-05 06:34:11 [Info] [4880] Report thread 2026-04-05 06:34:11 [Info] [4880] Monitor thread 2026-04-05 06:34:11 [Info] [4880] Loader thread 2026-04-05 06:34:11 [Info] [4880] PythonEngineImpl Init... 2026-04-05 06:34:12 [Info] [4880] recvmsg: HELLO 2026-04-05 06:34:12 [Info] [4880] recvmsg: WORK 2026-04-05 06:34:12 [Info] [4880] no use encode, return to old mode 2026-04-05 06:34:12 [Info] [4880] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 06:34:12 [Info] [4880] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 06:34:12 [Info] [4880] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 06:34:12 [Warn] [4880] high cpu, cpu is 11 2026-04-05 06:34:12 [Info] [4880] try get sys version 2026-04-05 06:34:12 [Info] [4880] win sys info:2/10:0:3 2026-04-05 06:34:12 [Info] [4880] suit legal version, enable cpu control 2026-04-05 06:34:12 [Warn] [4880] High CPU Warning: 11 2026-04-05 06:34:12 [Warn] [4880] resource monitor exp type: High CPU Warning, script runing: 0 2026-04-05 06:34:12 [Info] [4880] log fd cnt is [250], real fd cnt is [276] 2026-04-05 06:34:12 [Info] [4880] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 06:34:13 [Info] [4880] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-05 06:34:13 [Info] [4880] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-05 06:34:13 [Info] [4880] log memory size is 20480KB, real memory size is 14832KB 2026-04-05 06:34:14 [Info] [4880] item: --windows-sysinfoext-check 2026-04-05 06:34:14 [Info] [4880] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-05 06:34:14 [Info] [4880] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-05 06:34:14 [Info] [4880] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 06:34:15 [Info] [4880] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 06:34:15 [Info] [4880] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-05 06:34:15 [Info] [4880] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-05 06:34:15 [Info] [4880] Prepare stage1: --windows-sysinfoext-check 2026-04-05 06:34:15 [Info] [4880] Prepare stage2 2026-04-05 06:34:17 [Warn] [4880] high cpu, cpu is 21 2026-04-05 06:34:17 [Warn] [4880] High CPU Warning: 21 2026-04-05 06:34:17 [Warn] [4880] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-05 06:34:18 [Info] [4880] log memory size is 30720KB, real memory size is 23136KB 2026-04-05 06:34:19 [Info] [4880] stage3: --windows-sysinfoext-check 2026-04-05 06:34:19 [Info] [4880] Loader after check 2026-04-05 06:34:19 [Warn] [4880] high cpu, cpu is 12 2026-04-05 06:34:19 [Warn] [4880] High CPU Warning: 12 2026-04-05 06:34:20 [Info] [4880] Enter reuse wait state. 2026-04-05 06:34:23 [Info] [4880] recvmsg: EXIT 2026-04-05 06:34:23 [Info] [4880] Recv Exit Msg, Exit... 2026-04-05 07:54:21 [Info] [4588] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-05 07:54:21 [Info] [4588] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap246941775346861 2026-04-05 07:54:21 [Info] [4588] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-05 07:54:21 [Info] [4588] Resource monitor start 2026-04-05 07:54:21 [Info] [4588] ipc client init success 2026-04-05 07:54:21 [Info] [4588] Ipc init: 0 2026-04-05 07:54:21 [Info] [4588] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-05 07:54:21 [Info] [4588] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-05 07:54:21 [Info] [4588] start ipc thread id[4556] 2026-04-05 07:54:21 [Info] [4588] Connect Yundun ipc server return state is 0 2026-04-05 07:54:21 [Info] [4588] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-05 07:54:21 [Info] [4588] CResourceMonitor::run Enter 2026-04-05 07:54:21 [Info] [4588] CIpcMsgHandlerMgr::run Enter 2026-04-05 07:54:21 [Info] [4588] Report thread 2026-04-05 07:54:21 [Info] [4588] Monitor thread 2026-04-05 07:54:21 [Info] [4588] Loader thread 2026-04-05 07:54:21 [Info] [4588] PythonEngineImpl Init... 2026-04-05 07:54:21 [Info] [4588] yundun connected 2026-04-05 07:54:22 [Info] [4588] recvmsg: HELLO 2026-04-05 07:54:22 [Info] [4588] recvmsg: WORK 2026-04-05 07:54:22 [Info] [4588] no use encode, return to old mode 2026-04-05 07:54:22 [Info] [4588] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 07:54:22 [Info] [4588] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 07:54:22 [Info] [4588] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 07:54:22 [Info] [4588] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 07:54:22 [Info] [4588] log fd cnt is [250], real fd cnt is [282] 2026-04-05 07:54:22 [Info] [4588] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-05 07:54:22 [Info] [4588] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-05 07:54:23 [Info] [4588] log memory size is 20480KB, real memory size is 14836KB 2026-04-05 07:54:23 [Info] [4588] item: --windows-vul-clean 2026-04-05 07:54:23 [Info] [4588] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-05 07:54:23 [Info] [4588] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-05 07:54:23 [Info] [4588] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 07:54:23 [Info] [4588] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 07:54:23 [Info] [4588] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-04-05 07:54:23 [Info] [4588] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-04-05 07:54:24 [Info] [4588] Prepare stage1: --windows-vul-clean 2026-04-05 07:54:24 [Info] [4588] Prepare stage2 2026-04-05 07:54:24 [Info] [4588] stage3: --windows-vul-clean 2026-04-05 07:54:24 [Info] [4588] Loader after check 2026-04-05 07:54:25 [Info] [4588] Enter reuse wait state. 2026-04-05 07:54:29 [Info] [4588] recvmsg: EXIT 2026-04-05 07:54:29 [Info] [4588] Recv Exit Msg, Exit... 2026-04-05 08:51:49 [Info] [3824] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-05 08:51:49 [Info] [3824] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap31861775350309 2026-04-05 08:51:49 [Info] [3824] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-05 08:51:49 [Info] [3824] Resource monitor start 2026-04-05 08:51:49 [Info] [3824] ipc client init success 2026-04-05 08:51:49 [Info] [3824] Ipc init: 0 2026-04-05 08:51:49 [Info] [3824] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-05 08:51:49 [Info] [3824] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-05 08:51:49 [Info] [3824] start ipc thread id[3924] 2026-04-05 08:51:49 [Info] [3824] Connect Yundun ipc server return state is 0 2026-04-05 08:51:49 [Info] [3824] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-05 08:51:49 [Info] [3824] CIpcMsgHandlerMgr::run Enter 2026-04-05 08:51:49 [Info] [3824] CResourceMonitor::run Enter 2026-04-05 08:51:49 [Info] [3824] Report thread 2026-04-05 08:51:49 [Info] [3824] Monitor thread 2026-04-05 08:51:49 [Info] [3824] Loader thread 2026-04-05 08:51:49 [Info] [3824] PythonEngineImpl Init... 2026-04-05 08:51:49 [Info] [3824] yundun connected 2026-04-05 08:51:50 [Info] [3824] recvmsg: HELLO 2026-04-05 08:51:50 [Info] [3824] recvmsg: WORK 2026-04-05 08:51:50 [Info] [3824] no use encode, return to old mode 2026-04-05 08:51:50 [Info] [3824] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 08:51:50 [Info] [3824] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 08:51:50 [Info] [3824] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 08:51:50 [Info] [3824] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 08:51:50 [Info] [3824] log fd cnt is [250], real fd cnt is [286] 2026-04-05 08:51:50 [Info] [3824] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-05 08:51:50 [Info] [3824] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-05 08:51:51 [Info] [3824] log memory size is 20480KB, real memory size is 14816KB 2026-04-05 08:51:51 [Info] [3824] item: --windows-process-check 2026-04-05 08:51:51 [Info] [3824] cgroup name aegisRtap0 2026-04-05 08:51:51 [Info] [3824] try get sys version 2026-04-05 08:51:51 [Info] [3824] win sys info:2/10:0:3 2026-04-05 08:51:51 [Info] [3824] suit legal version, enable cpu control 2026-04-05 08:51:51 [Info] [3824] get AssignProcessToJobObject handle [00000478] 2026-04-05 08:51:51 [Info] [3824] Set setJobExtended. 2026-04-05 08:51:51 [Info] [3824] Set cpu [9%] 2026-04-05 08:51:51 [Info] [3824] Set cpu success 2026-04-05 08:51:51 [Info] [3824] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-05 08:51:51 [Info] [3824] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-05 08:51:51 [Info] [3824] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 08:51:51 [Info] [3824] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 08:51:51 [Info] [3824] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-04-05 08:51:51 [Info] [3824] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-04-05 08:51:52 [Info] [3824] Prepare stage1: --windows-process-check 2026-04-05 08:51:52 [Info] [3824] Prepare stage2 2026-04-05 08:51:55 [Info] [3824] log memory size is 30720KB, real memory size is 20648KB 2026-04-05 08:52:10 [Info] [3824] stage3: --windows-process-check 2026-04-05 08:52:10 [Info] [3824] Loader after check 2026-04-05 08:52:11 [Info] [3824] Enter reuse wait state. 2026-04-05 08:52:12 [Info] [3824] recvmsg: EXIT 2026-04-05 08:52:12 [Info] [3824] Recv Exit Msg, Exit... 2026-04-05 10:33:42 [Info] [488] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-05 10:33:42 [Info] [488] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap231481775356422 2026-04-05 10:33:42 [Info] [488] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-05 10:33:42 [Info] [488] Resource monitor start 2026-04-05 10:33:42 [Info] [488] ipc client init success 2026-04-05 10:33:42 [Info] [488] Ipc init: 0 2026-04-05 10:33:42 [Info] [488] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-05 10:33:42 [Info] [488] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-05 10:33:42 [Info] [488] start ipc thread id[3804] 2026-04-05 10:33:42 [Info] [488] Connect Yundun ipc server return state is 0 2026-04-05 10:33:42 [Info] [488] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-05 10:33:42 [Info] [488] CResourceMonitor::run Enter 2026-04-05 10:33:42 [Info] [488] CIpcMsgHandlerMgr::run Enter 2026-04-05 10:33:42 [Info] [488] Report thread 2026-04-05 10:33:42 [Info] [488] Monitor thread 2026-04-05 10:33:42 [Info] [488] Loader thread 2026-04-05 10:33:42 [Info] [488] PythonEngineImpl Init... 2026-04-05 10:33:42 [Info] [488] yundun connected 2026-04-05 10:33:42 [Info] [488] recvmsg: HELLO 2026-04-05 10:33:42 [Info] [488] recvmsg: WORK 2026-04-05 10:33:42 [Info] [488] no use encode, return to old mode 2026-04-05 10:33:42 [Info] [488] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 10:33:42 [Info] [488] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 10:33:42 [Info] [488] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 10:33:43 [Info] [488] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 10:33:43 [Info] [488] log fd cnt is [250], real fd cnt is [282] 2026-04-05 10:33:43 [Info] [488] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-05 10:33:43 [Info] [488] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-05 10:33:44 [Info] [488] log memory size is 20480KB, real memory size is 14832KB 2026-04-05 10:33:44 [Info] [488] item: --windows-driver-version-check 2026-04-05 10:33:44 [Info] [488] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-05 10:33:44 [Info] [488] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-05 10:33:44 [Info] [488] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 10:33:44 [Info] [488] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 10:33:44 [Info] [488] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-04-05 10:33:44 [Info] [488] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-04-05 10:33:44 [Info] [488] Prepare stage1: --windows-driver-version-check 2026-04-05 10:33:44 [Info] [488] Prepare stage2 2026-04-05 10:33:45 [Info] [488] stage3: --windows-driver-version-check 2026-04-05 10:33:45 [Info] [488] Loader after check 2026-04-05 10:33:46 [Info] [488] Enter reuse wait state. 2026-04-05 10:33:47 [Info] [2040] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-05 10:33:47 [Info] [2040] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap231651775356427 2026-04-05 10:33:47 [Info] [2040] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-05 10:33:47 [Info] [2040] Resource monitor start 2026-04-05 10:33:47 [Info] [2040] ipc client init success 2026-04-05 10:33:47 [Info] [2040] Ipc init: 0 2026-04-05 10:33:47 [Info] [2040] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-05 10:33:47 [Info] [2040] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-05 10:33:47 [Info] [2040] start ipc thread id[4808] 2026-04-05 10:33:47 [Info] [2040] Connect Yundun ipc server return state is 0 2026-04-05 10:33:47 [Info] [2040] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-05 10:33:47 [Info] [2040] CResourceMonitor::run Enter 2026-04-05 10:33:47 [Info] [2040] CIpcMsgHandlerMgr::run Enter 2026-04-05 10:33:47 [Info] [2040] Report thread 2026-04-05 10:33:47 [Info] [2040] Monitor thread 2026-04-05 10:33:47 [Info] [2040] Loader thread 2026-04-05 10:33:47 [Info] [2040] PythonEngineImpl Init... 2026-04-05 10:33:47 [Info] [2040] yundun connected 2026-04-05 10:33:47 [Info] [2040] recvmsg: HELLO 2026-04-05 10:33:47 [Info] [2040] recvmsg: WORK 2026-04-05 10:33:47 [Info] [2040] no use encode, return to old mode 2026-04-05 10:33:48 [Info] [2040] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 10:33:48 [Info] [2040] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 10:33:48 [Info] [2040] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 10:33:48 [Info] [2040] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 10:33:48 [Info] [2040] log fd cnt is [250], real fd cnt is [282] 2026-04-05 10:33:48 [Info] [2040] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-05 10:33:48 [Info] [2040] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-05 10:33:49 [Info] [2040] log memory size is 20480KB, real memory size is 14812KB 2026-04-05 10:33:49 [Info] [2040] item: --windows-registry-check 2026-04-05 10:33:49 [Info] [2040] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-05 10:33:49 [Info] [2040] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-05 10:33:49 [Info] [2040] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 10:33:49 [Info] [2040] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 10:33:50 [Info] [2040] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-04-05 10:33:50 [Info] [2040] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-04-05 10:33:50 [Info] [2040] Prepare stage1: --windows-registry-check 2026-04-05 10:33:50 [Info] [2040] Prepare stage2 2026-04-05 10:33:50 [Info] [488] recvmsg: EXIT 2026-04-05 10:33:50 [Info] [488] Recv Exit Msg, Exit... 2026-04-05 10:34:23 [Info] [2040] stage3: --windows-registry-check 2026-04-05 10:34:23 [Info] [2040] Loader after check 2026-04-05 10:34:24 [Info] [2040] Enter reuse wait state. 2026-04-05 10:34:30 [Info] [2040] recvmsg: EXIT 2026-04-05 10:34:30 [Info] [2040] Recv Exit Msg, Exit... 2026-04-05 10:44:20 [Info] [2912] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-05 10:44:20 [Info] [2912] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap252321775357060 2026-04-05 10:44:20 [Info] [2912] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-05 10:44:20 [Info] [2912] Resource monitor start 2026-04-05 10:44:20 [Info] [2912] ipc client init success 2026-04-05 10:44:20 [Info] [2912] Ipc init: 0 2026-04-05 10:44:20 [Info] [2912] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-05 10:44:20 [Info] [2912] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-05 10:44:20 [Info] [2912] start ipc thread id[3964] 2026-04-05 10:44:20 [Info] [2912] Connect Yundun ipc server return state is 0 2026-04-05 10:44:20 [Info] [2912] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-05 10:44:20 [Info] [2912] CResourceMonitor::run Enter 2026-04-05 10:44:20 [Info] [2912] CIpcMsgHandlerMgr::run Enter 2026-04-05 10:44:20 [Info] [2912] Report thread 2026-04-05 10:44:20 [Info] [2912] Monitor thread 2026-04-05 10:44:20 [Info] [2912] Loader thread 2026-04-05 10:44:20 [Info] [2912] PythonEngineImpl Init... 2026-04-05 10:44:20 [Info] [2912] yundun connected 2026-04-05 10:44:20 [Info] [2912] recvmsg: HELLO 2026-04-05 10:44:21 [Info] [2912] recvmsg: WORK 2026-04-05 10:44:21 [Info] [2912] no use encode, return to old mode 2026-04-05 10:44:21 [Info] [2912] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 10:44:21 [Info] [2912] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 10:44:21 [Info] [2912] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 10:44:21 [Info] [2912] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 10:44:21 [Info] [2912] log fd cnt is [250], real fd cnt is [282] 2026-04-05 10:44:21 [Info] [2912] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-05 10:44:21 [Info] [2912] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-05 10:44:22 [Info] [2912] log memory size is 20480KB, real memory size is 14812KB 2026-04-05 10:44:22 [Info] [2912] item: --windows-schedule-task-check 2026-04-05 10:44:22 [Info] [2912] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-05 10:44:22 [Info] [2912] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-05 10:44:22 [Info] [2912] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 10:44:22 [Info] [2912] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 10:44:23 [Info] [2912] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-04-05 10:44:23 [Info] [2912] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-04-05 10:44:23 [Info] [2912] Prepare stage1: --windows-schedule-task-check 2026-04-05 10:44:23 [Info] [2912] Prepare stage2 2026-04-05 10:44:26 [Info] [2912] log memory size is 30720KB, real memory size is 23560KB 2026-04-05 10:44:49 [Info] [2912] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-05 10:44:54 [Info] [2912] stage3: --windows-schedule-task-check 2026-04-05 10:44:54 [Info] [2912] Loader after check 2026-04-05 10:44:55 [Info] [2912] Enter reuse wait state. 2026-04-05 10:45:00 [Info] [2912] recvmsg: EXIT 2026-04-05 10:45:00 [Info] [2912] Recv Exit Msg, Exit... 2026-04-05 10:57:15 [Info] [4312] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-05 10:57:15 [Info] [4312] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap277631775357835 2026-04-05 10:57:15 [Info] [4312] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-05 10:57:15 [Info] [4312] Resource monitor start 2026-04-05 10:57:15 [Info] [4312] ipc client init success 2026-04-05 10:57:15 [Info] [4312] Ipc init: 0 2026-04-05 10:57:15 [Info] [4312] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-05 10:57:15 [Info] [4312] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-05 10:57:15 [Info] [4312] start ipc thread id[3936] 2026-04-05 10:57:15 [Info] [4312] Connect Yundun ipc server return state is 0 2026-04-05 10:57:15 [Info] [4312] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-05 10:57:15 [Info] [4312] CResourceMonitor::run Enter 2026-04-05 10:57:15 [Info] [4312] CIpcMsgHandlerMgr::run Enter 2026-04-05 10:57:15 [Info] [4312] Report thread 2026-04-05 10:57:15 [Info] [4312] Monitor thread 2026-04-05 10:57:15 [Info] [4312] Loader thread 2026-04-05 10:57:15 [Info] [4312] PythonEngineImpl Init... 2026-04-05 10:57:15 [Info] [4312] yundun connected 2026-04-05 10:57:16 [Info] [4312] recvmsg: HELLO 2026-04-05 10:57:16 [Info] [4312] recvmsg: WORK 2026-04-05 10:57:16 [Info] [4312] no use encode, return to old mode 2026-04-05 10:57:16 [Info] [4312] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 10:57:16 [Info] [4312] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 10:57:16 [Info] [4312] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 10:57:16 [Info] [4312] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 10:57:16 [Info] [4312] log fd cnt is [250], real fd cnt is [282] 2026-04-05 10:57:16 [Info] [4312] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-05 10:57:16 [Info] [4312] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-05 10:57:17 [Info] [4312] log memory size is 20480KB, real memory size is 14864KB 2026-04-05 10:57:17 [Info] [4312] item: --tcp-connect-check 2026-04-05 10:57:17 [Info] [4312] cgroup name aegisRtap0 2026-04-05 10:57:17 [Info] [4312] try get sys version 2026-04-05 10:57:17 [Info] [4312] win sys info:2/10:0:3 2026-04-05 10:57:17 [Info] [4312] suit legal version, enable cpu control 2026-04-05 10:57:17 [Info] [4312] get AssignProcessToJobObject handle [00000478] 2026-04-05 10:57:17 [Info] [4312] Set setJobExtended. 2026-04-05 10:57:17 [Info] [4312] Set cpu [9%] 2026-04-05 10:57:17 [Info] [4312] Set cpu success 2026-04-05 10:57:17 [Info] [4312] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-05 10:57:17 [Info] [4312] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-05 10:57:17 [Info] [4312] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 10:57:18 [Info] [4312] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 10:57:18 [Info] [4312] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-04-05 10:57:18 [Info] [4312] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-04-05 10:57:18 [Info] [4312] Prepare stage1: --tcp-connect-check 2026-04-05 10:57:18 [Info] [4312] Prepare stage2 2026-04-05 10:57:21 [Info] [4312] stage3: --tcp-connect-check 2026-04-05 10:57:21 [Info] [4312] Loader after check 2026-04-05 10:57:22 [Info] [4312] Enter reuse wait state. 2026-04-05 10:57:27 [Info] [4312] recvmsg: EXIT 2026-04-05 10:57:27 [Info] [4312] Recv Exit Msg, Exit... 2026-04-05 11:15:52 [Info] [2124] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-05 11:15:52 [Info] [2124] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap314101775358952 2026-04-05 11:15:52 [Info] [2124] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-05 11:15:52 [Info] [2124] Resource monitor start 2026-04-05 11:15:52 [Info] [2124] ipc client init success 2026-04-05 11:15:52 [Info] [2124] Ipc init: 0 2026-04-05 11:15:52 [Info] [2124] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-05 11:15:52 [Info] [2124] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-05 11:15:52 [Info] [2124] start ipc thread id[5096] 2026-04-05 11:15:52 [Info] [2124] Connect Yundun ipc server return state is 0 2026-04-05 11:15:52 [Info] [2124] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-05 11:15:52 [Info] [2124] CResourceMonitor::run Enter 2026-04-05 11:15:52 [Info] [2124] CIpcMsgHandlerMgr::run Enter 2026-04-05 11:15:52 [Info] [2124] Report thread 2026-04-05 11:15:52 [Info] [2124] Monitor thread 2026-04-05 11:15:52 [Info] [2124] Loader thread 2026-04-05 11:15:52 [Info] [2124] PythonEngineImpl Init... 2026-04-05 11:15:52 [Info] [2124] yundun connected 2026-04-05 11:15:52 [Info] [2124] recvmsg: HELLO 2026-04-05 11:15:52 [Info] [2124] recvmsg: WORK 2026-04-05 11:15:52 [Info] [2124] no use encode, return to old mode 2026-04-05 11:15:52 [Info] [2124] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 11:15:52 [Info] [2124] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 11:15:52 [Info] [2124] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 11:15:53 [Info] [2124] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 11:15:53 [Info] [2124] log fd cnt is [250], real fd cnt is [282] 2026-04-05 11:15:53 [Info] [2124] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-05 11:15:53 [Info] [2124] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-05 11:15:54 [Info] [2124] log memory size is 20480KB, real memory size is 14836KB 2026-04-05 11:15:54 [Info] [2124] item: --windows-autorun-item-check 2026-04-05 11:15:54 [Info] [2124] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-05 11:15:54 [Info] [2124] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-05 11:15:54 [Info] [2124] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 11:15:54 [Info] [2124] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 11:15:54 [Info] [2124] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-04-05 11:15:54 [Info] [2124] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-04-05 11:15:55 [Info] [2124] Prepare stage1: --windows-autorun-item-check 2026-04-05 11:15:55 [Info] [2124] Prepare stage2 2026-04-05 11:15:58 [Info] [2124] log memory size is 30720KB, real memory size is 22620KB 2026-04-05 11:16:05 [Info] [2124] stage3: --windows-autorun-item-check 2026-04-05 11:16:05 [Info] [2124] Loader after check 2026-04-05 11:16:05 [Warn] [2124] high cpu, cpu is 15 2026-04-05 11:16:05 [Info] [2124] try get sys version 2026-04-05 11:16:05 [Info] [2124] win sys info:2/10:0:3 2026-04-05 11:16:05 [Info] [2124] suit legal version, enable cpu control 2026-04-05 11:16:05 [Warn] [2124] High CPU Warning: 15 2026-04-05 11:16:05 [Warn] [2124] resource monitor exp type: High CPU Warning, script runing: 0 2026-04-05 11:16:06 [Info] [2124] Enter reuse wait state. 2026-04-05 11:16:07 [Info] [2124] recvmsg: EXIT 2026-04-05 11:16:07 [Info] [2124] Recv Exit Msg, Exit... 2026-04-05 12:02:48 [Info] [4200] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-05 12:02:48 [Info] [4200] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap77761775361749 2026-04-05 12:02:48 [Info] [4200] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-05 12:02:48 [Info] [4200] Resource monitor start 2026-04-05 12:02:48 [Info] [4200] ipc client init success 2026-04-05 12:02:48 [Info] [4200] Ipc init: 0 2026-04-05 12:02:48 [Info] [4200] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-05 12:02:48 [Info] [4200] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-05 12:02:53 [Info] [4200] CIpcMsgHandlerMgr::run Enter 2026-04-05 12:02:53 [Info] [4200] CResourceMonitor::run Enter 2026-04-05 12:02:53 [Info] [4200] start ipc thread id[1816] 2026-04-05 12:02:53 [Info] [4200] Connect Yundun ipc server return state is 0 2026-04-05 12:02:53 [Info] [4200] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-05 12:02:54 [Info] [4200] log fd cnt is [250], real fd cnt is [242] 2026-04-05 12:02:57 [Info] [4200] yundun connected 2026-04-05 12:02:57 [Info] [4200] Report thread 2026-04-05 12:02:57 [Info] [4200] Monitor thread 2026-04-05 12:02:57 [Info] [4200] Loader thread 2026-04-05 12:02:57 [Info] [4200] PythonEngineImpl Init... 2026-04-05 12:02:59 [Info] [4200] log memory size is 20480KB, real memory size is 12900KB 2026-04-05 12:02:59 [Info] [4200] recvmsg: HELLO 2026-04-05 12:02:59 [Info] [4200] recvmsg: WORK 2026-04-05 12:02:59 [Info] [4200] no use encode, return to old mode 2026-04-05 12:03:00 [Info] [4200] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 12:03:00 [Info] [4200] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 12:03:00 [Info] [4200] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 12:03:00 [Info] [4200] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 12:03:00 [Info] [4200] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-05 12:03:00 [Info] [4200] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-05 12:03:01 [Info] [4200] item: --windows-sysinfoext-check 2026-04-05 12:03:01 [Info] [4200] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-05 12:03:01 [Info] [4200] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-05 12:03:01 [Info] [4200] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 12:03:01 [Info] [4200] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 12:03:02 [Info] [4200] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-05 12:03:02 [Info] [4200] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-05 12:03:02 [Info] [4200] Prepare stage1: --windows-sysinfoext-check 2026-04-05 12:03:02 [Info] [4200] Prepare stage2 2026-04-05 12:03:02 [Warn] [4200] high cpu, cpu is 13 2026-04-05 12:03:02 [Info] [4200] try get sys version 2026-04-05 12:03:02 [Info] [4200] win sys info:2/10:0:3 2026-04-05 12:03:02 [Info] [4200] suit legal version, enable cpu control 2026-04-05 12:03:02 [Warn] [4200] High CPU Warning: 13 2026-04-05 12:03:02 [Warn] [4200] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:util.py line: 84 in func: next File:wmi.py line: 1009 in func: query File:wmi.py line: 817 in func: query File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-04-05 12:03:03 [Info] [4200] log memory size is 30720KB, real memory size is 23096KB 2026-04-05 12:03:05 [Info] [4200] stage3: --windows-sysinfoext-check 2026-04-05 12:03:05 [Info] [4200] Loader after check 2026-04-05 12:03:06 [Info] [4200] Enter reuse wait state. 2026-04-05 12:03:10 [Info] [4200] recvmsg: EXIT 2026-04-05 12:03:10 [Info] [4200] Recv Exit Msg, Exit... 2026-04-05 17:29:56 [Info] [2664] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-05 17:29:56 [Info] [2664] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap63071775381368 2026-04-05 17:29:56 [Info] [2664] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-05 17:29:56 [Info] [2664] Resource monitor start 2026-04-05 17:29:56 [Info] [2664] ipc client init success 2026-04-05 17:29:56 [Info] [2664] Ipc init: 0 2026-04-05 17:29:56 [Info] [2664] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-05 17:29:56 [Info] [2664] CResourceMonitor::run Enter 2026-04-05 17:29:56 [Info] [2664] CIpcMsgHandlerMgr::run Enter 2026-04-05 17:29:56 [Info] [2664] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-05 17:29:56 [Info] [2664] start ipc thread id[3956] 2026-04-05 17:29:56 [Info] [2664] Connect Yundun ipc server return state is 0 2026-04-05 17:29:56 [Info] [2664] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-05 17:29:56 [Info] [2664] yundun connected 2026-04-05 17:29:56 [Info] [2664] Report thread 2026-04-05 17:29:56 [Info] [2664] Monitor thread 2026-04-05 17:29:56 [Info] [2664] Loader thread 2026-04-05 17:29:56 [Info] [2664] PythonEngineImpl Init... 2026-04-05 17:29:56 [Info] [2664] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-05 17:29:56 [Info] [2664] recvmsg: HELLO 2026-04-05 17:29:56 [Info] [2664] recvmsg: WORK 2026-04-05 17:29:56 [Info] [2664] no use encode, return to old mode 2026-04-05 17:29:57 [Info] [2664] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 17:29:57 [Info] [2664] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 17:29:57 [Info] [2664] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 17:29:57 [Info] [2664] log fd cnt is [250], real fd cnt is [274] 2026-04-05 17:29:57 [Info] [2664] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 17:29:57 [Info] [2664] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-05 17:29:57 [Info] [2664] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-05 17:29:58 [Info] [2664] log memory size is 20480KB, real memory size is 14884KB 2026-04-05 17:29:58 [Info] [2664] item: --windows-sysinfoext-check 2026-04-05 17:29:58 [Info] [2664] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-05 17:29:58 [Info] [2664] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-05 17:29:58 [Info] [2664] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 17:29:59 [Info] [2664] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 17:29:59 [Info] [2664] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-05 17:29:59 [Info] [2664] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-05 17:29:59 [Info] [2664] Prepare stage1: --windows-sysinfoext-check 2026-04-05 17:29:59 [Info] [2664] Prepare stage2 2026-04-05 17:30:02 [Info] [2664] log memory size is 30720KB, real memory size is 23152KB 2026-04-05 17:30:02 [Info] [2664] stage3: --windows-sysinfoext-check 2026-04-05 17:30:02 [Info] [2664] Loader after check 2026-04-05 17:30:03 [Warn] [2664] high cpu, cpu is 12 2026-04-05 17:30:03 [Info] [2664] try get sys version 2026-04-05 17:30:03 [Info] [2664] win sys info:2/10:0:3 2026-04-05 17:30:03 [Info] [2664] suit legal version, enable cpu control 2026-04-05 17:30:03 [Warn] [2664] High CPU Warning: 12 2026-04-05 17:30:03 [Warn] [2664] resource monitor exp type: High CPU Warning, script runing: 0 2026-04-05 17:30:03 [Info] [2664] Enter reuse wait state. 2026-04-05 17:30:07 [Info] [2664] recvmsg: EXIT 2026-04-05 17:30:07 [Info] [2664] Recv Exit Msg, Exit... 2026-04-05 19:54:34 [Info] [2660] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-05 19:54:34 [Info] [2660] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap19701775390074 2026-04-05 19:54:34 [Info] [2660] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-05 19:54:34 [Info] [2660] Resource monitor start 2026-04-05 19:54:34 [Info] [2660] ipc client init success 2026-04-05 19:54:34 [Info] [2660] Ipc init: 0 2026-04-05 19:54:34 [Info] [2660] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-05 19:54:34 [Info] [2660] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-05 19:54:34 [Info] [2660] start ipc thread id[2536] 2026-04-05 19:54:34 [Info] [2660] Connect Yundun ipc server return state is 0 2026-04-05 19:54:34 [Info] [2660] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-05 19:54:34 [Info] [2660] CResourceMonitor::run Enter 2026-04-05 19:54:34 [Info] [2660] CIpcMsgHandlerMgr::run Enter 2026-04-05 19:54:34 [Info] [2660] yundun connected 2026-04-05 19:54:34 [Info] [2660] Report thread 2026-04-05 19:54:34 [Info] [2660] Monitor thread 2026-04-05 19:54:34 [Info] [2660] Loader thread 2026-04-05 19:54:34 [Info] [2660] PythonEngineImpl Init... 2026-04-05 19:54:35 [Info] [2660] recvmsg: HELLO 2026-04-05 19:54:35 [Info] [2660] recvmsg: WORK 2026-04-05 19:54:35 [Info] [2660] no use encode, return to old mode 2026-04-05 19:54:35 [Info] [2660] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 19:54:35 [Info] [2660] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 19:54:35 [Info] [2660] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 19:54:35 [Info] [2660] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 19:54:35 [Info] [2660] log fd cnt is [250], real fd cnt is [286] 2026-04-05 19:54:36 [Info] [2660] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-05 19:54:36 [Info] [2660] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-05 19:54:36 [Info] [2660] log memory size is 20480KB, real memory size is 14808KB 2026-04-05 19:54:37 [Info] [2660] item: --secnet_rasp_agent 2026-04-05 19:54:37 [Info] [2660] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-05 19:54:37 [Info] [2660] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-05 19:54:37 [Info] [2660] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-04-05 19:54:37 [Info] [2660] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-05 19:54:37 [Info] [2660] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-04-05 19:54:37 [Info] [2660] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-04-05 19:54:37 [Info] [2660] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-04-05 19:54:37 [Info] [2660] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-04-05 19:54:37 [Info] [2660] Download redirect files success. 2026-04-05 19:54:37 [Info] [2660] Prepare stage1: --secnet_rasp_agent 2026-04-05 19:54:37 [Info] [2660] Prepare stage2 2026-04-05 19:54:38 [Info] [2660] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-05 19:54:38 [Info] [2660] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-05 19:54:38 [Info] [2660] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 19:54:39 [Info] [2660] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 19:54:39 [Info] [2660] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-04-05 19:54:39 [Info] [2660] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-05 19:54:39 [Info] [2660] stage3: --secnet_rasp_agent 2026-04-05 19:54:39 [Info] [2660] Loader after check 2026-04-05 19:54:40 [Info] [2660] Enter reuse wait state. 2026-04-05 19:54:41 [Info] [2660] log memory size is 30720KB, real memory size is 21340KB 2026-04-05 19:54:42 [Info] [2660] recvmsg: EXIT 2026-04-05 19:54:42 [Info] [2660] Recv Exit Msg, Exit... 2026-04-05 22:55:34 [Info] [640] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-05 22:55:34 [Info] [640] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap46041775400915 2026-04-05 22:55:34 [Info] [640] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-05 22:55:34 [Info] [640] Resource monitor start 2026-04-05 22:55:34 [Info] [640] ipc client init success 2026-04-05 22:55:34 [Info] [640] Ipc init: 0 2026-04-05 22:55:34 [Info] [640] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-05 22:55:34 [Info] [640] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-05 22:55:34 [Info] [640] start ipc thread id[3312] 2026-04-05 22:55:34 [Info] [640] Connect Yundun ipc server return state is 0 2026-04-05 22:55:34 [Info] [640] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-05 22:55:39 [Info] [640] Loader thread 2026-04-05 22:55:39 [Info] [640] PythonEngineImpl Init... 2026-04-05 22:55:39 [Info] [640] Monitor thread 2026-04-05 22:55:39 [Info] [640] Report thread 2026-04-05 22:55:39 [Info] [640] yundun connected 2026-04-05 22:55:39 [Info] [640] CIpcMsgHandlerMgr::run Enter 2026-04-05 22:55:39 [Info] [640] CResourceMonitor::run Enter 2026-04-05 22:55:39 [Info] [640] recvmsg: HELLO 2026-04-05 22:55:39 [Info] [640] recvmsg: WORK 2026-04-05 22:55:39 [Info] [640] no use encode, return to old mode 2026-04-05 22:55:39 [Info] [640] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-05 22:55:39 [Info] [640] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 22:55:39 [Info] [640] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 22:55:39 [Info] [640] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 22:55:40 [Info] [640] log fd cnt is [250], real fd cnt is [264] 2026-04-05 22:55:41 [Info] [640] log memory size is 20480KB, real memory size is 13188KB 2026-04-05 22:55:42 [Info] [640] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 22:55:41 [Info] [2540] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-05 22:55:41 [Info] [2540] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap46821775400939 2026-04-05 22:55:43 [Info] [640] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-05 22:55:43 [Info] [640] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-05 22:55:41 [Info] [2540] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-05 22:55:41 [Info] [2540] Resource monitor start 2026-04-05 22:55:41 [Info] [2540] ipc client init success 2026-04-05 22:55:41 [Info] [2540] Ipc init: 0 2026-04-05 22:55:41 [Info] [2540] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-05 22:55:41 [Info] [2540] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-05 22:55:41 [Info] [2540] start ipc thread id[4880] 2026-04-05 22:55:41 [Info] [2540] Connect Yundun ipc server return state is 0 2026-04-05 22:55:41 [Info] [2540] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-05 22:55:42 [Info] [2540] CResourceMonitor::run Enter 2026-04-05 22:55:42 [Info] [2540] CIpcMsgHandlerMgr::run Enter 2026-04-05 22:55:42 [Info] [2540] yundun connected 2026-04-05 22:55:42 [Info] [2540] Report thread 2026-04-05 22:55:42 [Info] [2540] Monitor thread 2026-04-05 22:55:42 [Info] [2540] Loader thread 2026-04-05 22:55:42 [Info] [2540] PythonEngineImpl Init... 2026-04-05 22:55:42 [Info] [2540] recvmsg: HELLO 2026-04-05 22:55:43 [Info] [2540] recvmsg: WORK 2026-04-05 22:55:43 [Info] [2540] no use encode, return to old mode 2026-04-05 22:55:43 [Info] [2540] log fd cnt is [250], real fd cnt is [263] 2026-04-05 22:55:43 [Info] [2540] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 22:55:43 [Info] [2540] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-05 22:55:43 [Info] [2540] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 22:55:44 [Info] [2540] log memory size is 20480KB, real memory size is 13676KB 2026-04-05 22:55:45 [Info] [2540] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 22:55:45 [Info] [2540] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-05 22:55:45 [Info] [2540] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-05 22:55:45 [Info] [640] item: --windows-sysinfoext-check 2026-04-05 22:55:45 [Info] [640] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-05 22:55:45 [Info] [640] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-05 22:55:45 [Info] [640] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 22:55:45 [Info] [640] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 22:55:46 [Info] [640] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-05 22:55:46 [Info] [640] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-05 22:55:46 [Info] [640] Prepare stage1: --windows-sysinfoext-check 2026-04-05 22:55:46 [Info] [640] Prepare stage2 2026-04-05 22:55:46 [Info] [2540] item: --windows-vul-check 2026-04-05 22:55:46 [Info] [2540] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-05 22:55:46 [Info] [2540] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-05 22:55:46 [Info] [2540] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py 2026-04-05 22:55:46 [Info] [2540] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-05 22:55:46 [Info] [2540] Download redirect files success. 2026-04-05 22:55:46 [Info] [2540] Prepare stage1: --windows-vul-check 2026-04-05 22:55:46 [Info] [2540] Prepare stage2 2026-04-05 22:55:47 [Info] [2540] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-04-05 22:55:47 [Info] [2540] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-04-05 22:55:47 [Info] [2540] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-05 22:55:47 [Info] [2540] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-05 22:55:48 [Info] [2540] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-04-05 22:55:48 [Info] [2540] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-04-05 22:55:48 [Info] [2540] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0 2026-04-05 22:55:48 [Info] [2540] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0 2026-04-05 22:55:48 [Info] [2540] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat 2026-04-05 22:55:48 [Info] [2540] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat 2026-04-05 22:55:48 [Info] [2540] stage3: --windows-vul-check 2026-04-05 22:55:48 [Info] [2540] Loader after check 2026-04-05 22:55:48 [Info] [2540] log memory size is 30720KB, real memory size is 23396KB 2026-04-05 22:55:49 [Info] [640] stage3: --windows-sysinfoext-check 2026-04-05 22:55:49 [Info] [640] Loader after check 2026-04-05 22:55:49 [Info] [640] log memory size is 30720KB, real memory size is 23160KB 2026-04-05 22:55:49 [Info] [2540] Enter reuse wait state. 2026-04-05 22:55:50 [Info] [640] Enter reuse wait state. 2026-04-05 22:55:53 [Info] [640] recvmsg: EXIT 2026-04-05 22:55:53 [Info] [640] Recv Exit Msg, Exit... 2026-04-05 22:55:55 [Info] [2540] recvmsg: EXIT 2026-04-05 22:55:55 [Info] [2540] Recv Exit Msg, Exit... 2026-04-12 02:04:01 [Info] [4176] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-12 02:04:01 [Info] [4176] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap305301775930641 2026-04-12 02:04:01 [Info] [4176] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-12 02:04:01 [Info] [4176] Resource monitor start 2026-04-12 02:04:01 [Info] [4176] ipc client init success 2026-04-12 02:04:01 [Info] [4176] Ipc init: 0 2026-04-12 02:04:01 [Info] [4176] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-12 02:04:01 [Info] [4176] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-12 02:04:01 [Info] [4176] start ipc thread id[2560] 2026-04-12 02:04:01 [Info] [4176] Connect Yundun ipc server return state is 0 2026-04-12 02:04:01 [Info] [4176] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-12 02:04:01 [Info] [4176] CResourceMonitor::run Enter 2026-04-12 02:04:01 [Info] [4176] CIpcMsgHandlerMgr::run Enter 2026-04-12 02:04:01 [Info] [4176] Report thread 2026-04-12 02:04:01 [Info] [4176] Monitor thread 2026-04-12 02:04:01 [Info] [4176] Loader thread 2026-04-12 02:04:01 [Info] [4176] PythonEngineImpl Init... 2026-04-12 02:04:02 [Info] [4176] yundun connected 2026-04-12 02:04:02 [Info] [4176] recvmsg: HELLO 2026-04-12 02:04:02 [Info] [4176] recvmsg: WORK 2026-04-12 02:04:02 [Info] [4176] no use encode, return to old mode 2026-04-12 02:04:02 [Info] [4176] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 02:04:02 [Info] [4176] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 02:04:02 [Info] [4176] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 02:04:02 [Info] [4176] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 02:04:03 [Info] [4176] log fd cnt is [250], real fd cnt is [282] 2026-04-12 02:04:03 [Info] [4176] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-12 02:04:03 [Info] [4176] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-12 02:04:04 [Info] [4176] log memory size is 20480KB, real memory size is 14836KB 2026-04-12 02:04:04 [Info] [4176] item: --sca 2026-04-12 02:04:04 [Info] [4176] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-12 02:04:04 [Info] [4176] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-12 02:04:04 [Info] [4176] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-04-12 02:04:04 [Info] [4176] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-04-12 02:04:04 [Info] [4176] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-04-12 02:04:04 [Info] [4176] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-04-12 02:04:04 [Info] [4176] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-04-12 02:04:04 [Info] [4176] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-04-12 02:04:04 [Info] [4176] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-04-12 02:04:04 [Info] [4176] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-04-12 02:04:05 [Info] [4176] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-04-12 02:04:05 [Info] [4176] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-04-12 02:04:05 [Info] [4176] Download redirect files success. 2026-04-12 02:04:05 [Info] [4176] Prepare stage1: --sca 2026-04-12 02:04:05 [Info] [4176] Prepare stage2 2026-04-12 02:04:07 [Warn] [4176] high cpu, cpu is 24 2026-04-12 02:04:07 [Info] [4176] try get sys version 2026-04-12 02:04:07 [Info] [4176] win sys info:2/10:0:3 2026-04-12 02:04:07 [Info] [4176] suit legal version, enable cpu control 2026-04-12 02:04:07 [Warn] [4176] High CPU Warning: 24 2026-04-12 02:04:07 [Warn] [4176] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-12 02:04:08 [Info] [4176] log memory size is 30720KB, real memory size is 32912KB 2026-04-12 02:04:12 [Info] [4176] log memory size is 40960KB, real memory size is 33224KB 2026-04-12 02:04:23 [Info] [4176] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-12 02:04:42 [Warn] [4176] high cpu, cpu is 23 2026-04-12 02:04:42 [Warn] [4176] High CPU Warning: 23 2026-04-12 02:04:43 [Warn] [4176] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-12 02:04:44 [Info] [4176] stage3: --sca 2026-04-12 02:04:44 [Info] [4176] Loader after check 2026-04-12 02:04:45 [Info] [4176] Enter reuse wait state. 2026-04-12 02:04:49 [Info] [4176] recvmsg: EXIT 2026-04-12 02:04:49 [Info] [4176] Recv Exit Msg, Exit... 2026-04-12 02:47:13 [Info] [3204] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-12 02:47:13 [Info] [3204] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap61841775933220 2026-04-12 02:47:13 [Info] [3204] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-12 02:47:13 [Info] [3204] Resource monitor start 2026-04-12 02:47:13 [Info] [3204] ipc client init success 2026-04-12 02:47:13 [Info] [3204] Ipc init: 0 2026-04-12 02:47:13 [Info] [3204] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-12 02:47:13 [Info] [3204] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-12 02:47:13 [Info] [3204] start ipc thread id[4560] 2026-04-12 02:47:13 [Info] [3204] Connect Yundun ipc server return state is 0 2026-04-12 02:47:13 [Info] [3204] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-12 02:47:13 [Info] [3204] CResourceMonitor::run Enter 2026-04-12 02:47:13 [Info] [3204] CIpcMsgHandlerMgr::run Enter 2026-04-12 02:47:13 [Info] [3204] Report thread 2026-04-12 02:47:13 [Info] [3204] Monitor thread 2026-04-12 02:47:13 [Info] [3204] Loader thread 2026-04-12 02:47:13 [Info] [3204] PythonEngineImpl Init... 2026-04-12 02:47:19 [Info] [3204] yundun connected 2026-04-12 02:47:19 [Info] [3204] recvmsg: HELLO 2026-04-12 02:47:19 [Info] [3204] recvmsg: WORK 2026-04-12 02:47:19 [Info] [3204] no use encode, return to old mode 2026-04-12 02:47:19 [Info] [3204] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 02:47:19 [Info] [3204] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 02:47:19 [Info] [3204] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 02:47:21 [Info] [3204] log fd cnt is [250], real fd cnt is [264] 2026-04-12 02:47:22 [Info] [3204] log memory size is 20480KB, real memory size is 13160KB 2026-04-12 02:47:32 [Warn] [3204] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-12 02:47:40 [Info] [3204] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-12 02:47:42 [Warn] [3204] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-12 02:47:42 [Info] [3204] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 02:47:42 [Info] [3204] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-12 02:47:42 [Info] [3204] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-12 02:47:43 [Info] [3204] item: --windows-sysinfoext-check 2026-04-12 02:47:43 [Info] [3204] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-12 02:47:43 [Info] [3204] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-12 02:47:43 [Info] [3204] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 02:47:43 [Info] [3204] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 02:47:43 [Info] [3204] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-12 02:47:43 [Info] [3204] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-12 02:47:44 [Info] [3204] Prepare stage1: --windows-sysinfoext-check 2026-04-12 02:47:44 [Info] [3204] Prepare stage2 2026-04-12 02:47:45 [Info] [3204] stage3: --windows-sysinfoext-check 2026-04-12 02:47:45 [Info] [3204] Loader after check 2026-04-12 02:47:46 [Info] [3204] log memory size is 30720KB, real memory size is 23208KB 2026-04-12 02:47:46 [Info] [3204] Enter reuse wait state. 2026-04-12 02:47:51 [Info] [3204] recvmsg: EXIT 2026-04-12 02:47:51 [Info] [3204] Recv Exit Msg, Exit... 2026-04-12 07:43:51 [Info] [916] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-12 07:43:51 [Info] [916] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap315791775951031 2026-04-12 07:43:51 [Info] [916] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-12 07:43:51 [Info] [916] Resource monitor start 2026-04-12 07:43:51 [Info] [916] ipc client init success 2026-04-12 07:43:51 [Info] [916] Ipc init: 0 2026-04-12 07:43:51 [Info] [916] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-12 07:43:51 [Info] [916] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-12 07:43:51 [Info] [916] start ipc thread id[4884] 2026-04-12 07:43:51 [Info] [916] Connect Yundun ipc server return state is 0 2026-04-12 07:43:51 [Info] [916] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-12 07:43:51 [Info] [916] CResourceMonitor::run Enter 2026-04-12 07:43:51 [Info] [916] CIpcMsgHandlerMgr::run Enter 2026-04-12 07:43:51 [Info] [916] Report thread 2026-04-12 07:43:51 [Info] [916] Monitor thread 2026-04-12 07:43:51 [Info] [916] Loader thread 2026-04-12 07:43:51 [Info] [916] PythonEngineImpl Init... 2026-04-12 07:43:51 [Info] [916] yundun connected 2026-04-12 07:43:51 [Info] [916] recvmsg: HELLO 2026-04-12 07:43:51 [Info] [916] recvmsg: WORK 2026-04-12 07:43:51 [Info] [916] no use encode, return to old mode 2026-04-12 07:43:51 [Info] [916] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 07:43:51 [Info] [916] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 07:43:51 [Info] [916] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 07:43:52 [Info] [916] log fd cnt is [250], real fd cnt is [282] 2026-04-12 07:43:52 [Info] [916] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 07:43:52 [Info] [916] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-12 07:43:52 [Info] [916] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-12 07:43:53 [Info] [916] log memory size is 20480KB, real memory size is 14824KB 2026-04-12 07:43:53 [Info] [916] item: --windows-vul-clean 2026-04-12 07:43:53 [Info] [916] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-12 07:43:53 [Info] [916] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-12 07:43:53 [Info] [916] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 07:43:53 [Info] [916] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 07:43:53 [Info] [916] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-04-12 07:43:53 [Info] [916] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-04-12 07:43:54 [Info] [916] Prepare stage1: --windows-vul-clean 2026-04-12 07:43:54 [Info] [916] Prepare stage2 2026-04-12 07:43:54 [Info] [916] stage3: --windows-vul-clean 2026-04-12 07:43:54 [Info] [916] Loader after check 2026-04-12 07:43:55 [Info] [916] Enter reuse wait state. 2026-04-12 07:43:58 [Info] [916] recvmsg: EXIT 2026-04-12 07:43:58 [Info] [916] Recv Exit Msg, Exit... 2026-04-12 08:16:24 [Info] [2020] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-12 08:16:24 [Info] [2020] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap51371775952968 2026-04-12 08:16:24 [Info] [2020] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-12 08:16:24 [Info] [2020] Resource monitor start 2026-04-12 08:16:24 [Info] [2020] ipc client init success 2026-04-12 08:16:24 [Info] [2020] Ipc init: 0 2026-04-12 08:16:24 [Info] [2020] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-12 08:16:24 [Info] [2020] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-12 08:16:24 [Info] [2020] start ipc thread id[2336] 2026-04-12 08:16:24 [Info] [2020] Connect Yundun ipc server return state is 0 2026-04-12 08:16:24 [Info] [2020] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-12 08:16:24 [Info] [2020] CResourceMonitor::run Enter 2026-04-12 08:16:24 [Info] [2020] CIpcMsgHandlerMgr::run Enter 2026-04-12 08:16:24 [Info] [2020] Report thread 2026-04-12 08:16:24 [Info] [2020] Monitor thread 2026-04-12 08:16:24 [Info] [2020] Loader thread 2026-04-12 08:16:24 [Info] [2020] PythonEngineImpl Init... 2026-04-12 08:16:30 [Info] [2020] yundun connected 2026-04-12 08:16:30 [Info] [2020] recvmsg: HELLO 2026-04-12 08:16:30 [Info] [2020] recvmsg: WORK 2026-04-12 08:16:30 [Info] [2020] no use encode, return to old mode 2026-04-12 08:16:30 [Info] [2020] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 08:16:30 [Info] [2020] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 08:16:30 [Info] [2020] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 08:16:33 [Info] [2020] log fd cnt is [250], real fd cnt is [264] 2026-04-12 08:16:34 [Info] [2020] log memory size is 20480KB, real memory size is 13160KB 2026-04-12 08:16:38 [Info] [2020] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-12 08:16:44 [Warn] [2020] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-12 08:16:54 [Warn] [2020] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-12 08:16:54 [Info] [2020] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 08:16:54 [Info] [2020] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-12 08:16:54 [Info] [2020] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-12 08:16:55 [Info] [2020] item: --windows-sysinfoext-check 2026-04-12 08:16:55 [Info] [2020] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-12 08:16:55 [Info] [2020] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-12 08:16:55 [Info] [2020] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 08:16:55 [Info] [2020] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 08:16:55 [Info] [2020] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-12 08:16:55 [Info] [2020] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-12 08:16:56 [Info] [2020] Prepare stage1: --windows-sysinfoext-check 2026-04-12 08:16:56 [Info] [2020] Prepare stage2 2026-04-12 08:16:57 [Info] [2020] stage3: --windows-sysinfoext-check 2026-04-12 08:16:57 [Info] [2020] Loader after check 2026-04-12 08:16:58 [Info] [2020] log memory size is 30720KB, real memory size is 23232KB 2026-04-12 08:16:58 [Info] [2020] Enter reuse wait state. 2026-04-12 08:17:02 [Info] [2020] recvmsg: EXIT 2026-04-12 08:17:02 [Info] [2020] Recv Exit Msg, Exit... 2026-04-12 08:49:52 [Info] [4432] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-12 08:49:52 [Info] [4432] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap117461775954992 2026-04-12 08:49:52 [Info] [4432] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-12 08:49:52 [Info] [4432] Resource monitor start 2026-04-12 08:49:52 [Info] [4432] ipc client init success 2026-04-12 08:49:52 [Info] [4432] Ipc init: 0 2026-04-12 08:49:52 [Info] [4432] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-12 08:49:52 [Info] [4432] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-12 08:49:52 [Info] [4432] start ipc thread id[3604] 2026-04-12 08:49:52 [Info] [4432] Connect Yundun ipc server return state is 0 2026-04-12 08:49:52 [Info] [4432] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-12 08:49:52 [Info] [4432] CResourceMonitor::run Enter 2026-04-12 08:49:52 [Info] [4432] CIpcMsgHandlerMgr::run Enter 2026-04-12 08:49:52 [Info] [4432] Report thread 2026-04-12 08:49:52 [Info] [4432] Monitor thread 2026-04-12 08:49:52 [Info] [4432] Loader thread 2026-04-12 08:49:52 [Info] [4432] PythonEngineImpl Init... 2026-04-12 08:49:52 [Info] [4432] yundun connected 2026-04-12 08:49:53 [Info] [4432] recvmsg: HELLO 2026-04-12 08:49:53 [Info] [4432] recvmsg: WORK 2026-04-12 08:49:53 [Info] [4432] no use encode, return to old mode 2026-04-12 08:49:53 [Info] [4432] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 08:49:53 [Info] [4432] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 08:49:53 [Info] [4432] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 08:49:53 [Info] [4432] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 08:49:53 [Info] [4432] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-12 08:49:53 [Info] [4432] log fd cnt is [250], real fd cnt is [286] 2026-04-12 08:49:54 [Info] [4432] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-12 08:49:54 [Info] [4432] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-12 08:49:54 [Info] [4432] log memory size is 20480KB, real memory size is 14764KB 2026-04-12 08:49:55 [Info] [4432] item: --windows-process-check 2026-04-12 08:49:55 [Info] [4432] cgroup name aegisRtap0 2026-04-12 08:49:55 [Info] [4432] try get sys version 2026-04-12 08:49:55 [Info] [4432] win sys info:2/10:0:3 2026-04-12 08:49:55 [Info] [4432] suit legal version, enable cpu control 2026-04-12 08:49:55 [Info] [4432] get AssignProcessToJobObject handle [00000478] 2026-04-12 08:49:55 [Info] [4432] Set setJobExtended. 2026-04-12 08:49:55 [Info] [4432] Set cpu [9%] 2026-04-12 08:49:55 [Info] [4432] Set cpu success 2026-04-12 08:49:55 [Info] [4432] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-12 08:49:55 [Info] [4432] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-12 08:49:55 [Info] [4432] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 08:49:55 [Info] [4432] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 08:49:55 [Info] [4432] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-04-12 08:49:55 [Info] [4432] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-04-12 08:49:55 [Info] [4432] Prepare stage1: --windows-process-check 2026-04-12 08:49:55 [Info] [4432] Prepare stage2 2026-04-12 08:49:59 [Info] [4432] log memory size is 30720KB, real memory size is 20584KB 2026-04-12 08:50:14 [Info] [4432] stage3: --windows-process-check 2026-04-12 08:50:14 [Info] [4432] Loader after check 2026-04-12 08:50:15 [Info] [4432] Enter reuse wait state. 2026-04-12 08:50:20 [Info] [4432] recvmsg: EXIT 2026-04-12 08:50:20 [Info] [4432] Recv Exit Msg, Exit... 2026-04-12 10:23:56 [Info] [492] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-12 10:23:56 [Info] [492] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap301771775960636 2026-04-12 10:23:56 [Info] [492] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-12 10:23:56 [Info] [492] Resource monitor start 2026-04-12 10:23:56 [Info] [492] ipc client init success 2026-04-12 10:23:56 [Info] [492] Ipc init: 0 2026-04-12 10:23:56 [Info] [492] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-12 10:23:56 [Info] [492] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-12 10:23:56 [Info] [492] start ipc thread id[5056] 2026-04-12 10:23:56 [Info] [492] Connect Yundun ipc server return state is 0 2026-04-12 10:23:56 [Info] [492] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-12 10:23:56 [Info] [492] CResourceMonitor::run Enter 2026-04-12 10:23:56 [Info] [492] CIpcMsgHandlerMgr::run Enter 2026-04-12 10:23:56 [Info] [492] Report thread 2026-04-12 10:23:56 [Info] [492] Monitor thread 2026-04-12 10:23:56 [Info] [492] Loader thread 2026-04-12 10:23:56 [Info] [492] PythonEngineImpl Init... 2026-04-12 10:23:56 [Info] [492] yundun connected 2026-04-12 10:23:56 [Info] [492] recvmsg: HELLO 2026-04-12 10:23:56 [Info] [492] recvmsg: WORK 2026-04-12 10:23:56 [Info] [492] no use encode, return to old mode 2026-04-12 10:23:57 [Info] [492] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 10:23:57 [Info] [492] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 10:23:57 [Info] [492] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 10:23:57 [Info] [492] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 10:23:57 [Info] [492] log fd cnt is [250], real fd cnt is [282] 2026-04-12 10:23:57 [Info] [492] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-12 10:23:57 [Info] [492] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-12 10:23:58 [Info] [492] log memory size is 20480KB, real memory size is 14848KB 2026-04-12 10:23:58 [Info] [492] item: --windows-registry-check 2026-04-12 10:23:58 [Info] [492] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-12 10:23:58 [Info] [492] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-12 10:23:58 [Info] [492] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 10:23:58 [Info] [492] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 10:23:58 [Info] [492] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-04-12 10:23:58 [Info] [492] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-04-12 10:23:59 [Info] [492] Prepare stage1: --windows-registry-check 2026-04-12 10:23:59 [Info] [492] Prepare stage2 2026-04-12 10:24:27 [Info] [492] stage3: --windows-registry-check 2026-04-12 10:24:27 [Info] [492] Loader after check 2026-04-12 10:24:28 [Info] [492] Enter reuse wait state. 2026-04-12 10:24:32 [Info] [492] recvmsg: EXIT 2026-04-12 10:24:32 [Info] [492] Recv Exit Msg, Exit... 2026-04-12 10:25:12 [Info] [4664] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-12 10:25:12 [Info] [4664] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap304251775960712 2026-04-12 10:25:12 [Info] [4664] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-12 10:25:12 [Info] [4664] Resource monitor start 2026-04-12 10:25:12 [Info] [4664] ipc client init success 2026-04-12 10:25:12 [Info] [4664] Ipc init: 0 2026-04-12 10:25:12 [Info] [4664] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-12 10:25:12 [Info] [4664] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-12 10:25:12 [Info] [4664] start ipc thread id[892] 2026-04-12 10:25:12 [Info] [4664] Connect Yundun ipc server return state is 0 2026-04-12 10:25:12 [Info] [4664] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-12 10:25:12 [Info] [4664] CResourceMonitor::run Enter 2026-04-12 10:25:12 [Info] [4664] CIpcMsgHandlerMgr::run Enter 2026-04-12 10:25:12 [Info] [4664] Report thread 2026-04-12 10:25:12 [Info] [4664] Monitor thread 2026-04-12 10:25:12 [Info] [4664] Loader thread 2026-04-12 10:25:12 [Info] [4664] PythonEngineImpl Init... 2026-04-12 10:25:12 [Info] [4664] yundun connected 2026-04-12 10:25:12 [Info] [4664] recvmsg: HELLO 2026-04-12 10:25:12 [Info] [4664] recvmsg: WORK 2026-04-12 10:25:12 [Info] [4664] no use encode, return to old mode 2026-04-12 10:25:12 [Info] [4664] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 10:25:12 [Info] [4664] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 10:25:12 [Info] [4664] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 10:25:13 [Info] [4664] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 10:25:13 [Info] [4664] log fd cnt is [250], real fd cnt is [282] 2026-04-12 10:25:13 [Info] [4664] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-12 10:25:13 [Info] [4664] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-12 10:25:14 [Info] [4664] log memory size is 20480KB, real memory size is 14760KB 2026-04-12 10:25:14 [Info] [4664] item: --windows-driver-version-check 2026-04-12 10:25:14 [Info] [4664] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-12 10:25:14 [Info] [4664] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-12 10:25:14 [Info] [4664] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 10:25:15 [Info] [4664] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 10:25:15 [Info] [4664] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-04-12 10:25:15 [Info] [4664] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-04-12 10:25:15 [Info] [4664] Prepare stage1: --windows-driver-version-check 2026-04-12 10:25:15 [Info] [4664] Prepare stage2 2026-04-12 10:25:15 [Info] [4664] stage3: --windows-driver-version-check 2026-04-12 10:25:15 [Info] [4664] Loader after check 2026-04-12 10:25:16 [Info] [4664] Enter reuse wait state. 2026-04-12 10:25:19 [Info] [4664] recvmsg: EXIT 2026-04-12 10:25:19 [Info] [4664] Recv Exit Msg, Exit... 2026-04-12 10:26:15 [Info] [2020] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-12 10:26:15 [Info] [2020] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap306311775960775 2026-04-12 10:26:15 [Info] [2020] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-12 10:26:15 [Info] [2020] Resource monitor start 2026-04-12 10:26:15 [Info] [2020] ipc client init success 2026-04-12 10:26:15 [Info] [2020] Ipc init: 0 2026-04-12 10:26:15 [Info] [2020] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-12 10:26:15 [Info] [2020] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-12 10:26:15 [Info] [2020] start ipc thread id[4384] 2026-04-12 10:26:15 [Info] [2020] Connect Yundun ipc server return state is 0 2026-04-12 10:26:15 [Info] [2020] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-12 10:26:15 [Info] [2020] CResourceMonitor::run Enter 2026-04-12 10:26:15 [Info] [2020] CIpcMsgHandlerMgr::run Enter 2026-04-12 10:26:15 [Info] [2020] yundun connected 2026-04-12 10:26:15 [Info] [2020] Report thread 2026-04-12 10:26:15 [Info] [2020] Monitor thread 2026-04-12 10:26:15 [Info] [2020] Loader thread 2026-04-12 10:26:15 [Info] [2020] PythonEngineImpl Init... 2026-04-12 10:26:16 [Info] [2020] recvmsg: HELLO 2026-04-12 10:26:16 [Info] [2020] recvmsg: WORK 2026-04-12 10:26:16 [Info] [2020] no use encode, return to old mode 2026-04-12 10:26:16 [Info] [2020] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 10:26:16 [Info] [2020] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 10:26:16 [Info] [2020] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 10:26:16 [Info] [2020] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 10:26:16 [Info] [2020] log fd cnt is [250], real fd cnt is [282] 2026-04-12 10:26:17 [Info] [2020] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-12 10:26:17 [Info] [2020] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-12 10:26:17 [Info] [2020] log memory size is 20480KB, real memory size is 14768KB 2026-04-12 10:26:18 [Info] [2020] item: --tcp-connect-check 2026-04-12 10:26:18 [Info] [2020] cgroup name aegisRtap0 2026-04-12 10:26:18 [Info] [2020] try get sys version 2026-04-12 10:26:18 [Info] [2020] win sys info:2/10:0:3 2026-04-12 10:26:18 [Info] [2020] suit legal version, enable cpu control 2026-04-12 10:26:18 [Info] [2020] get AssignProcessToJobObject handle [00000478] 2026-04-12 10:26:18 [Info] [2020] Set setJobExtended. 2026-04-12 10:26:18 [Info] [2020] Set cpu [9%] 2026-04-12 10:26:18 [Info] [2020] Set cpu success 2026-04-12 10:26:18 [Info] [2020] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-12 10:26:18 [Info] [2020] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-12 10:26:18 [Info] [2020] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 10:26:18 [Info] [2020] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 10:26:18 [Info] [2020] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-04-12 10:26:18 [Info] [2020] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-04-12 10:26:18 [Info] [2020] Prepare stage1: --tcp-connect-check 2026-04-12 10:26:18 [Info] [2020] Prepare stage2 2026-04-12 10:26:18 [Warn] [2020] high cpu, cpu is 11 2026-04-12 10:26:18 [Warn] [2020] High CPU Warning: 11 2026-04-12 10:26:19 [Warn] [2020] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:tcp-connect-check.py line: 601 in func: getProcInfo File:tcp-connect-check.py line: 792 in func: check File:tcp-connect-check.py line: 144 in func: main File:tcp-connect-check.py line: 818 in func: start 2026-04-12 10:26:21 [Info] [2020] stage3: --tcp-connect-check 2026-04-12 10:26:21 [Info] [2020] Loader after check 2026-04-12 10:26:22 [Info] [2020] Enter reuse wait state. 2026-04-12 10:26:27 [Info] [2020] recvmsg: EXIT 2026-04-12 10:26:27 [Info] [2020] Recv Exit Msg, Exit... 2026-04-12 10:30:57 [Info] [4708] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-12 10:30:57 [Info] [4708] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap315521775961057 2026-04-12 10:30:57 [Info] [4708] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-12 10:30:57 [Info] [4708] Resource monitor start 2026-04-12 10:30:57 [Info] [4708] ipc client init success 2026-04-12 10:30:57 [Info] [4708] Ipc init: 0 2026-04-12 10:30:57 [Info] [4708] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-12 10:30:57 [Info] [4708] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-12 10:30:57 [Info] [4708] start ipc thread id[1996] 2026-04-12 10:30:57 [Info] [4708] Connect Yundun ipc server return state is 0 2026-04-12 10:30:57 [Info] [4708] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-12 10:30:57 [Info] [4708] CResourceMonitor::run Enter 2026-04-12 10:30:57 [Info] [4708] CIpcMsgHandlerMgr::run Enter 2026-04-12 10:30:57 [Info] [4708] Report thread 2026-04-12 10:30:57 [Info] [4708] Monitor thread 2026-04-12 10:30:57 [Info] [4708] Loader thread 2026-04-12 10:30:57 [Info] [4708] PythonEngineImpl Init... 2026-04-12 10:30:58 [Info] [4708] yundun connected 2026-04-12 10:30:58 [Info] [4708] recvmsg: HELLO 2026-04-12 10:30:58 [Info] [4708] recvmsg: WORK 2026-04-12 10:30:58 [Info] [4708] no use encode, return to old mode 2026-04-12 10:30:58 [Info] [4708] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 10:30:58 [Info] [4708] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 10:30:58 [Info] [4708] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 10:30:59 [Info] [4708] log fd cnt is [250], real fd cnt is [274] 2026-04-12 10:30:59 [Info] [4708] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 10:30:59 [Info] [4708] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-12 10:30:59 [Info] [4708] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-12 10:31:00 [Info] [4708] log memory size is 20480KB, real memory size is 14804KB 2026-04-12 10:31:00 [Info] [4708] item: --windows-schedule-task-check 2026-04-12 10:31:00 [Info] [4708] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-12 10:31:00 [Info] [4708] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-12 10:31:00 [Info] [4708] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 10:31:01 [Info] [4708] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 10:31:01 [Info] [4708] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-04-12 10:31:01 [Info] [4708] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-04-12 10:31:01 [Info] [4708] Prepare stage1: --windows-schedule-task-check 2026-04-12 10:31:01 [Info] [4708] Prepare stage2 2026-04-12 10:31:04 [Info] [4708] log memory size is 30720KB, real memory size is 23600KB 2026-04-12 10:31:32 [Info] [4708] stage3: --windows-schedule-task-check 2026-04-12 10:31:32 [Info] [4708] Loader after check 2026-04-12 10:31:33 [Info] [4708] Enter reuse wait state. 2026-04-12 10:31:37 [Info] [4708] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-12 10:31:37 [Info] [4708] recvmsg: EXIT 2026-04-12 10:31:37 [Info] [4708] Recv Exit Msg, Exit... 2026-04-12 11:08:35 [Info] [2388] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-12 11:08:35 [Info] [2388] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap61581775963315 2026-04-12 11:08:35 [Info] [2388] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-12 11:08:35 [Info] [2388] Resource monitor start 2026-04-12 11:08:35 [Info] [2388] ipc client init success 2026-04-12 11:08:35 [Info] [2388] Ipc init: 0 2026-04-12 11:08:35 [Info] [2388] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-12 11:08:35 [Info] [2388] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-12 11:08:35 [Info] [2388] start ipc thread id[572] 2026-04-12 11:08:35 [Info] [2388] Connect Yundun ipc server return state is 0 2026-04-12 11:08:35 [Info] [2388] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-12 11:08:35 [Info] [2388] CResourceMonitor::run Enter 2026-04-12 11:08:35 [Info] [2388] CIpcMsgHandlerMgr::run Enter 2026-04-12 11:08:35 [Info] [2388] yundun connected 2026-04-12 11:08:35 [Info] [2388] Report thread 2026-04-12 11:08:35 [Info] [2388] Monitor thread 2026-04-12 11:08:35 [Info] [2388] Loader thread 2026-04-12 11:08:35 [Info] [2388] PythonEngineImpl Init... 2026-04-12 11:08:36 [Info] [2388] recvmsg: HELLO 2026-04-12 11:08:36 [Info] [2388] recvmsg: WORK 2026-04-12 11:08:36 [Info] [2388] no use encode, return to old mode 2026-04-12 11:08:36 [Info] [2388] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 11:08:36 [Info] [2388] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 11:08:36 [Info] [2388] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 11:08:36 [Info] [2388] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 11:08:36 [Info] [2388] log fd cnt is [250], real fd cnt is [282] 2026-04-12 11:08:36 [Info] [2388] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-12 11:08:36 [Info] [2388] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-12 11:08:37 [Info] [2388] log memory size is 20480KB, real memory size is 14860KB 2026-04-12 11:08:37 [Info] [2388] item: --windows-autorun-item-check 2026-04-12 11:08:37 [Info] [2388] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-12 11:08:37 [Info] [2388] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-12 11:08:37 [Info] [2388] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 11:08:37 [Info] [2388] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 11:08:37 [Info] [2388] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-04-12 11:08:37 [Info] [2388] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-04-12 11:08:38 [Info] [2388] Prepare stage1: --windows-autorun-item-check 2026-04-12 11:08:38 [Info] [2388] Prepare stage2 2026-04-12 11:08:38 [Warn] [2388] high cpu, cpu is 13 2026-04-12 11:08:38 [Info] [2388] try get sys version 2026-04-12 11:08:38 [Info] [2388] win sys info:2/10:0:3 2026-04-12 11:08:38 [Info] [2388] suit legal version, enable cpu control 2026-04-12 11:08:38 [Warn] [2388] High CPU Warning: 13 2026-04-12 11:08:38 [Warn] [2388] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-autorun-item-check.py line: 220 in func: EnumRegKeyValue File:windows-autorun-item-check.py line: 257 in func: GetAutoRunByReg File:windows-autorun-item-check.py line: 500 in func: check File:windows-autorun-item-check.py line: 80 in func: main File:windows-autorun-item-check.py line: 534 in func: start 2026-04-12 11:08:41 [Info] [2388] log memory size is 30720KB, real memory size is 22580KB 2026-04-12 11:08:50 [Info] [2388] stage3: --windows-autorun-item-check 2026-04-12 11:08:50 [Info] [2388] Loader after check 2026-04-12 11:08:51 [Info] [2388] Enter reuse wait state. 2026-04-12 11:08:55 [Info] [2388] recvmsg: EXIT 2026-04-12 11:08:55 [Info] [2388] Recv Exit Msg, Exit... 2026-04-12 13:46:25 [Info] [2688] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-12 13:46:25 [Info] [2688] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap42661775972770 2026-04-12 13:46:25 [Info] [2688] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-12 13:46:25 [Info] [2688] Resource monitor start 2026-04-12 13:46:25 [Info] [2688] ipc client init success 2026-04-12 13:46:25 [Info] [2688] Ipc init: 0 2026-04-12 13:46:25 [Info] [2688] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-12 13:46:25 [Info] [2688] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-12 13:46:25 [Info] [2688] start ipc thread id[792] 2026-04-12 13:46:25 [Info] [2688] Connect Yundun ipc server return state is 0 2026-04-12 13:46:25 [Info] [2688] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-12 13:46:25 [Info] [2688] CResourceMonitor::run Enter 2026-04-12 13:46:25 [Info] [2688] CIpcMsgHandlerMgr::run Enter 2026-04-12 13:46:25 [Info] [2688] Report thread 2026-04-12 13:46:25 [Info] [2688] Monitor thread 2026-04-12 13:46:25 [Info] [2688] Loader thread 2026-04-12 13:46:25 [Info] [2688] PythonEngineImpl Init... 2026-04-12 13:46:30 [Info] [2688] yundun connected 2026-04-12 13:46:30 [Info] [2688] recvmsg: HELLO 2026-04-12 13:46:30 [Info] [2688] recvmsg: WORK 2026-04-12 13:46:30 [Info] [2688] no use encode, return to old mode 2026-04-12 13:46:30 [Info] [2688] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 13:46:30 [Info] [2688] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 13:46:30 [Info] [2688] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 13:46:31 [Info] [2688] log fd cnt is [250], real fd cnt is [264] 2026-04-12 13:46:32 [Info] [2688] log memory size is 20480KB, real memory size is 13164KB 2026-04-12 13:46:46 [Warn] [2688] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-12 13:46:56 [Warn] [2688] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-12 13:47:06 [Warn] [2688] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-12 13:47:06 [Info] [2688] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 13:47:06 [Info] [2688] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-12 13:47:06 [Info] [2688] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-12 13:47:08 [Info] [2688] item: --windows-sysinfoext-check 2026-04-12 13:47:08 [Info] [2688] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-12 13:47:08 [Info] [2688] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-12 13:47:08 [Info] [2688] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 13:47:08 [Info] [2688] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 13:47:08 [Info] [2688] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-12 13:47:08 [Info] [2688] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-12 13:47:08 [Info] [2688] Prepare stage1: --windows-sysinfoext-check 2026-04-12 13:47:08 [Info] [2688] Prepare stage2 2026-04-12 13:47:08 [Info] [2688] log memory size is 30720KB, real memory size is 21008KB 2026-04-12 13:47:09 [Warn] [2688] high cpu, cpu is 16 2026-04-12 13:47:09 [Info] [2688] try get sys version 2026-04-12 13:47:09 [Info] [2688] win sys info:2/10:0:3 2026-04-12 13:47:09 [Info] [2688] suit legal version, enable cpu control 2026-04-12 13:47:09 [Warn] [2688] High CPU Warning: 16 2026-04-12 13:47:10 [Warn] [2688] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-12 13:47:12 [Info] [2688] stage3: --windows-sysinfoext-check 2026-04-12 13:47:12 [Info] [2688] Loader after check 2026-04-12 13:47:12 [Warn] [2688] high cpu, cpu is 13 2026-04-12 13:47:12 [Warn] [2688] High CPU Warning: 13 2026-04-12 13:47:13 [Info] [2688] Enter reuse wait state. 2026-04-12 13:47:14 [Info] [2688] recvmsg: EXIT 2026-04-12 13:47:14 [Info] [2688] Recv Exit Msg, Exit... 2026-04-12 18:07:47 [Info] [4652] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-12 18:07:47 [Info] [4652] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap227571775988467 2026-04-12 18:07:47 [Info] [4652] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-12 18:07:47 [Info] [4652] Resource monitor start 2026-04-12 18:07:47 [Info] [4652] ipc client init success 2026-04-12 18:07:47 [Info] [4652] Ipc init: 0 2026-04-12 18:07:47 [Info] [4652] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-12 18:07:47 [Info] [4652] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-12 18:07:47 [Info] [4652] start ipc thread id[4700] 2026-04-12 18:07:47 [Info] [4652] Connect Yundun ipc server return state is 0 2026-04-12 18:07:47 [Info] [4652] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-12 18:07:47 [Info] [4652] CResourceMonitor::run Enter 2026-04-12 18:07:47 [Info] [4652] CIpcMsgHandlerMgr::run Enter 2026-04-12 18:07:47 [Info] [4652] Report thread 2026-04-12 18:07:47 [Info] [4652] Monitor thread 2026-04-12 18:07:47 [Info] [4652] Loader thread 2026-04-12 18:07:47 [Info] [4652] PythonEngineImpl Init... 2026-04-12 18:07:47 [Info] [4652] yundun connected 2026-04-12 18:07:48 [Info] [4652] recvmsg: HELLO 2026-04-12 18:07:48 [Info] [4652] recvmsg: WORK 2026-04-12 18:07:48 [Info] [4652] no use encode, return to old mode 2026-04-12 18:07:48 [Info] [4652] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 18:07:48 [Info] [4652] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 18:07:48 [Info] [4652] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 18:07:48 [Info] [4652] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 18:07:48 [Info] [4652] log fd cnt is [250], real fd cnt is [282] 2026-04-12 18:07:48 [Info] [4652] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-12 18:07:48 [Info] [4652] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-12 18:07:49 [Info] [4652] log memory size is 20480KB, real memory size is 14824KB 2026-04-12 18:07:49 [Info] [4652] item: --secnet_rasp_agent 2026-04-12 18:07:49 [Info] [4652] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-12 18:07:49 [Info] [4652] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-12 18:07:49 [Info] [4652] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-04-12 18:07:49 [Info] [4652] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-12 18:07:49 [Info] [4652] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-04-12 18:07:49 [Info] [4652] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-04-12 18:07:49 [Info] [4652] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-04-12 18:07:49 [Info] [4652] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-04-12 18:07:49 [Info] [4652] Download redirect files success. 2026-04-12 18:07:49 [Info] [4652] Prepare stage1: --secnet_rasp_agent 2026-04-12 18:07:49 [Info] [4652] Prepare stage2 2026-04-12 18:07:51 [Info] [4652] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-12 18:07:51 [Info] [4652] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-12 18:07:51 [Info] [4652] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 18:07:51 [Info] [4652] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 18:07:51 [Info] [4652] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-04-12 18:07:51 [Info] [4652] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-12 18:07:51 [Info] [4652] stage3: --secnet_rasp_agent 2026-04-12 18:07:51 [Info] [4652] Loader after check 2026-04-12 18:07:52 [Info] [4652] Enter reuse wait state. 2026-04-12 18:07:53 [Info] [4652] log memory size is 30720KB, real memory size is 21320KB 2026-04-12 18:07:55 [Info] [4652] recvmsg: EXIT 2026-04-12 18:07:55 [Info] [4652] Recv Exit Msg, Exit... 2026-04-12 19:15:07 [Info] [4264] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-12 19:15:07 [Info] [4264] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap31171775992487 2026-04-12 19:15:07 [Info] [4264] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-12 19:15:07 [Info] [4264] Resource monitor start 2026-04-12 19:15:07 [Info] [4264] ipc client init success 2026-04-12 19:15:07 [Info] [4264] Ipc init: 0 2026-04-12 19:15:07 [Info] [4264] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-12 19:15:07 [Info] [4264] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-12 19:15:07 [Info] [4264] start ipc thread id[3572] 2026-04-12 19:15:07 [Info] [4264] Connect Yundun ipc server return state is 0 2026-04-12 19:15:07 [Info] [4264] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-12 19:15:14 [Info] [4264] CResourceMonitor::run Enter 2026-04-12 19:15:14 [Info] [4264] Loader thread 2026-04-12 19:15:14 [Info] [4264] PythonEngineImpl Init... 2026-04-12 19:15:14 [Info] [4264] Monitor thread 2026-04-12 19:15:14 [Info] [4264] Report thread 2026-04-12 19:15:14 [Info] [4264] yundun connected 2026-04-12 19:15:14 [Info] [4264] CIpcMsgHandlerMgr::run Enter 2026-04-12 19:15:14 [Info] [4264] recvmsg: HELLO 2026-04-12 19:15:14 [Info] [4264] recvmsg: WORK 2026-04-12 19:15:14 [Info] [4264] no use encode, return to old mode 2026-04-12 19:15:14 [Info] [4264] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 19:15:14 [Info] [4264] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-12 19:15:14 [Info] [4264] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 19:15:15 [Info] [4264] log fd cnt is [250], real fd cnt is [264] 2026-04-12 19:15:16 [Info] [4264] log memory size is 20480KB, real memory size is 13144KB 2026-04-12 19:15:33 [Warn] [4264] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-12 19:15:43 [Warn] [4264] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-12 19:15:43 [Info] [4264] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 19:15:43 [Info] [4264] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-12 19:15:43 [Info] [4264] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-12 19:15:44 [Info] [4264] item: --windows-sysinfoext-check 2026-04-12 19:15:44 [Info] [4264] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-12 19:15:44 [Info] [4264] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-12 19:15:44 [Info] [4264] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-12 19:15:45 [Info] [4264] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-12 19:15:45 [Info] [4264] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-12 19:15:45 [Info] [4264] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-12 19:15:45 [Info] [4264] Prepare stage1: --windows-sysinfoext-check 2026-04-12 19:15:45 [Info] [4264] Prepare stage2 2026-04-12 19:15:47 [Info] [4264] stage3: --windows-sysinfoext-check 2026-04-12 19:15:47 [Info] [4264] Loader after check 2026-04-12 19:15:48 [Info] [4264] log memory size is 30720KB, real memory size is 23144KB 2026-04-12 19:15:48 [Info] [4264] Enter reuse wait state. 2026-04-12 19:15:50 [Info] [4264] recvmsg: EXIT 2026-04-12 19:15:50 [Info] [4264] Recv Exit Msg, Exit... 2026-04-19 01:41:59 [Info] [2188] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-19 01:41:59 [Info] [2188] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap23871776534119 2026-04-19 01:41:59 [Info] [2188] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-19 01:41:59 [Info] [2188] Resource monitor start 2026-04-19 01:41:59 [Info] [2188] ipc client init success 2026-04-19 01:41:59 [Info] [2188] Ipc init: 0 2026-04-19 01:41:59 [Info] [2188] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-19 01:41:59 [Info] [2188] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-19 01:41:59 [Info] [2188] start ipc thread id[3700] 2026-04-19 01:41:59 [Info] [2188] Connect Yundun ipc server return state is 0 2026-04-19 01:41:59 [Info] [2188] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-19 01:41:59 [Info] [2188] CResourceMonitor::run Enter 2026-04-19 01:41:59 [Info] [2188] CIpcMsgHandlerMgr::run Enter 2026-04-19 01:41:59 [Info] [2188] Report thread 2026-04-19 01:41:59 [Info] [2188] Monitor thread 2026-04-19 01:41:59 [Info] [2188] Loader thread 2026-04-19 01:41:59 [Info] [2188] PythonEngineImpl Init... 2026-04-19 01:41:59 [Info] [2188] yundun connected 2026-04-19 01:42:00 [Info] [2188] recvmsg: HELLO 2026-04-19 01:42:00 [Info] [2188] recvmsg: WORK 2026-04-19 01:42:00 [Info] [2188] no use encode, return to old mode 2026-04-19 01:42:00 [Info] [2188] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 01:42:00 [Info] [2188] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 01:42:00 [Info] [2188] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 01:42:00 [Info] [2188] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 01:42:00 [Info] [2188] log fd cnt is [250], real fd cnt is [286] 2026-04-19 01:42:00 [Info] [2188] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-19 01:42:00 [Info] [2188] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-19 01:42:01 [Info] [2188] log memory size is 20480KB, real memory size is 14840KB 2026-04-19 01:42:01 [Info] [2188] item: --sca 2026-04-19 01:42:01 [Info] [2188] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-19 01:42:02 [Info] [2188] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-19 01:42:02 [Info] [2188] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-04-19 01:42:02 [Info] [2188] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-04-19 01:42:02 [Info] [2188] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-04-19 01:42:02 [Info] [2188] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-04-19 01:42:02 [Info] [2188] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-04-19 01:42:02 [Info] [2188] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-04-19 01:42:02 [Info] [2188] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-04-19 01:42:02 [Info] [2188] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-04-19 01:42:02 [Info] [2188] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-04-19 01:42:02 [Info] [2188] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-04-19 01:42:02 [Info] [2188] Download redirect files success. 2026-04-19 01:42:02 [Info] [2188] Prepare stage1: --sca 2026-04-19 01:42:02 [Info] [2188] Prepare stage2 2026-04-19 01:42:05 [Info] [2188] log memory size is 30720KB, real memory size is 32856KB 2026-04-19 01:42:09 [Info] [2188] log memory size is 40960KB, real memory size is 33132KB 2026-04-19 01:42:37 [Info] [2188] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-19 01:42:37 [Warn] [2188] high cpu, cpu is 13 2026-04-19 01:42:37 [Info] [2188] try get sys version 2026-04-19 01:42:37 [Info] [2188] win sys info:2/10:0:3 2026-04-19 01:42:37 [Info] [2188] suit legal version, enable cpu control 2026-04-19 01:42:37 [Warn] [2188] High CPU Warning: 13 2026-04-19 01:42:38 [Warn] [2188] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:sca.py line: 213 in func: init_analyzer File:sca.py line: 390 in func: start 2026-04-19 01:42:39 [Info] [2188] stage3: --sca 2026-04-19 01:42:39 [Info] [2188] Loader after check 2026-04-19 01:42:40 [Info] [2188] Enter reuse wait state. 2026-04-19 01:42:43 [Info] [2188] recvmsg: EXIT 2026-04-19 01:42:43 [Info] [2188] Recv Exit Msg, Exit... 2026-04-19 04:31:11 [Info] [3832] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-19 04:31:11 [Info] [3832] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap26861776544245 2026-04-19 04:31:11 [Info] [3832] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-19 04:31:11 [Info] [3832] Resource monitor start 2026-04-19 04:31:11 [Info] [3832] ipc client init success 2026-04-19 04:31:11 [Info] [3832] Ipc init: 0 2026-04-19 04:31:11 [Info] [3832] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-19 04:31:11 [Info] [3832] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-19 04:31:11 [Info] [3832] start ipc thread id[3812] 2026-04-19 04:31:11 [Info] [3832] Connect Yundun ipc server return state is 0 2026-04-19 04:31:11 [Info] [3832] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-19 04:31:17 [Info] [3832] Loader thread 2026-04-19 04:31:17 [Info] [3832] PythonEngineImpl Init... 2026-04-19 04:31:17 [Info] [3832] Monitor thread 2026-04-19 04:31:17 [Info] [3832] Report thread 2026-04-19 04:31:17 [Info] [3832] yundun connected 2026-04-19 04:31:17 [Info] [3832] CIpcMsgHandlerMgr::run Enter 2026-04-19 04:31:17 [Info] [3832] CResourceMonitor::run Enter 2026-04-19 04:31:17 [Info] [3832] recvmsg: HELLO 2026-04-19 04:31:17 [Info] [3832] recvmsg: WORK 2026-04-19 04:31:17 [Info] [3832] no use encode, return to old mode 2026-04-19 04:31:17 [Info] [3832] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 04:31:17 [Info] [3832] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 04:31:17 [Info] [3832] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 04:31:18 [Info] [3832] log fd cnt is [250], real fd cnt is [264] 2026-04-19 04:31:19 [Info] [3832] log memory size is 20480KB, real memory size is 13176KB 2026-04-19 04:31:28 [Warn] [3832] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-19 04:31:30 [Info] [3832] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-19 04:31:38 [Warn] [3832] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-19 04:31:48 [Warn] [3832] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-19 04:31:48 [Info] [3832] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 04:31:48 [Info] [3832] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-19 04:31:48 [Info] [3832] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-19 04:31:49 [Info] [3832] item: --windows-sysinfoext-check 2026-04-19 04:31:49 [Info] [3832] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-19 04:31:49 [Info] [3832] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-19 04:31:49 [Info] [3832] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 04:31:50 [Info] [3832] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 04:31:50 [Info] [3832] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-19 04:31:50 [Info] [3832] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-19 04:31:50 [Info] [3832] Prepare stage1: --windows-sysinfoext-check 2026-04-19 04:31:50 [Info] [3832] Prepare stage2 2026-04-19 04:31:51 [Info] [3832] log memory size is 30720KB, real memory size is 23100KB 2026-04-19 04:31:52 [Info] [3832] stage3: --windows-sysinfoext-check 2026-04-19 04:31:52 [Info] [3832] Loader after check 2026-04-19 04:31:53 [Info] [3832] Enter reuse wait state. 2026-04-19 04:31:56 [Info] [3832] recvmsg: EXIT 2026-04-19 04:31:56 [Info] [3832] Recv Exit Msg, Exit... 2026-04-19 07:43:50 [Info] [3504] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-19 07:43:50 [Info] [3504] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap77501776555830 2026-04-19 07:43:50 [Info] [3504] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-19 07:43:50 [Info] [3504] Resource monitor start 2026-04-19 07:43:50 [Info] [3504] ipc client init success 2026-04-19 07:43:50 [Info] [3504] Ipc init: 0 2026-04-19 07:43:50 [Info] [3504] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-19 07:43:50 [Info] [3504] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-19 07:43:50 [Info] [3504] start ipc thread id[4412] 2026-04-19 07:43:50 [Info] [3504] Connect Yundun ipc server return state is 0 2026-04-19 07:43:50 [Info] [3504] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-19 07:43:50 [Info] [3504] CResourceMonitor::run Enter 2026-04-19 07:43:50 [Info] [3504] CIpcMsgHandlerMgr::run Enter 2026-04-19 07:43:50 [Info] [3504] Report thread 2026-04-19 07:43:50 [Info] [3504] Monitor thread 2026-04-19 07:43:50 [Info] [3504] Loader thread 2026-04-19 07:43:50 [Info] [3504] PythonEngineImpl Init... 2026-04-19 07:43:50 [Info] [3504] yundun connected 2026-04-19 07:43:51 [Info] [3504] recvmsg: HELLO 2026-04-19 07:43:51 [Info] [3504] recvmsg: WORK 2026-04-19 07:43:51 [Info] [3504] no use encode, return to old mode 2026-04-19 07:43:51 [Info] [3504] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 07:43:51 [Info] [3504] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 07:43:51 [Info] [3504] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 07:43:51 [Info] [3504] log fd cnt is [250], real fd cnt is [282] 2026-04-19 07:43:51 [Info] [3504] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 07:43:52 [Info] [3504] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-19 07:43:52 [Info] [3504] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-19 07:43:52 [Info] [3504] log memory size is 20480KB, real memory size is 14800KB 2026-04-19 07:43:53 [Info] [3504] item: --windows-vul-clean 2026-04-19 07:43:53 [Info] [3504] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-19 07:43:53 [Info] [3504] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-19 07:43:53 [Info] [3504] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 07:43:53 [Info] [3504] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 07:43:53 [Info] [3504] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-04-19 07:43:53 [Info] [3504] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-04-19 07:43:53 [Info] [3504] Prepare stage1: --windows-vul-clean 2026-04-19 07:43:53 [Info] [3504] Prepare stage2 2026-04-19 07:43:53 [Info] [3504] stage3: --windows-vul-clean 2026-04-19 07:43:53 [Info] [3504] Loader after check 2026-04-19 07:43:54 [Info] [3504] Enter reuse wait state. 2026-04-19 07:43:58 [Info] [3504] recvmsg: EXIT 2026-04-19 07:43:58 [Info] [3504] Recv Exit Msg, Exit... 2026-04-19 08:43:18 [Info] [4404] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-19 08:43:18 [Info] [4404] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap194021776559398 2026-04-19 08:43:18 [Info] [4404] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-19 08:43:18 [Info] [4404] Resource monitor start 2026-04-19 08:43:18 [Info] [4404] ipc client init success 2026-04-19 08:43:18 [Info] [4404] Ipc init: 0 2026-04-19 08:43:18 [Info] [4404] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-19 08:43:18 [Info] [4404] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-19 08:43:18 [Info] [4404] start ipc thread id[4264] 2026-04-19 08:43:18 [Info] [4404] Connect Yundun ipc server return state is 0 2026-04-19 08:43:18 [Info] [4404] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-19 08:43:18 [Info] [4404] CResourceMonitor::run Enter 2026-04-19 08:43:18 [Info] [4404] CIpcMsgHandlerMgr::run Enter 2026-04-19 08:43:18 [Info] [4404] Report thread 2026-04-19 08:43:18 [Info] [4404] Monitor thread 2026-04-19 08:43:18 [Info] [4404] Loader thread 2026-04-19 08:43:18 [Info] [4404] PythonEngineImpl Init... 2026-04-19 08:43:18 [Info] [4404] yundun connected 2026-04-19 08:43:19 [Info] [4404] recvmsg: HELLO 2026-04-19 08:43:19 [Info] [4404] recvmsg: WORK 2026-04-19 08:43:19 [Info] [4404] no use encode, return to old mode 2026-04-19 08:43:19 [Info] [4404] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 08:43:19 [Info] [4404] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 08:43:19 [Info] [4404] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 08:43:19 [Info] [4404] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 08:43:19 [Info] [4404] log fd cnt is [250], real fd cnt is [282] 2026-04-19 08:43:19 [Info] [4404] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-19 08:43:19 [Info] [4404] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-19 08:43:20 [Info] [4404] log memory size is 20480KB, real memory size is 14848KB 2026-04-19 08:43:20 [Info] [4404] item: --windows-process-check 2026-04-19 08:43:20 [Info] [4404] cgroup name aegisRtap0 2026-04-19 08:43:20 [Info] [4404] try get sys version 2026-04-19 08:43:20 [Info] [4404] win sys info:2/10:0:3 2026-04-19 08:43:20 [Info] [4404] suit legal version, enable cpu control 2026-04-19 08:43:20 [Info] [4404] get AssignProcessToJobObject handle [00000478] 2026-04-19 08:43:20 [Info] [4404] Set setJobExtended. 2026-04-19 08:43:20 [Info] [4404] Set cpu [9%] 2026-04-19 08:43:20 [Info] [4404] Set cpu success 2026-04-19 08:43:20 [Info] [4404] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-19 08:43:20 [Info] [4404] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-19 08:43:20 [Info] [4404] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 08:43:21 [Info] [4404] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 08:43:21 [Info] [4404] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-04-19 08:43:21 [Info] [4404] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-04-19 08:43:21 [Info] [4404] Prepare stage1: --windows-process-check 2026-04-19 08:43:21 [Info] [4404] Prepare stage2 2026-04-19 08:43:24 [Info] [4404] log memory size is 30720KB, real memory size is 20632KB 2026-04-19 08:43:34 [Info] [4404] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-19 08:43:39 [Info] [4404] stage3: --windows-process-check 2026-04-19 08:43:39 [Info] [4404] Loader after check 2026-04-19 08:43:40 [Info] [4404] Enter reuse wait state. 2026-04-19 08:43:42 [Info] [4404] recvmsg: EXIT 2026-04-19 08:43:42 [Info] [4404] Recv Exit Msg, Exit... 2026-04-19 09:59:28 [Info] [3528] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-19 09:59:28 [Info] [3528] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap15181776563956 2026-04-19 09:59:28 [Info] [3528] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-19 09:59:28 [Info] [3528] Resource monitor start 2026-04-19 09:59:28 [Info] [3528] ipc client init success 2026-04-19 09:59:28 [Info] [3528] Ipc init: 0 2026-04-19 09:59:28 [Info] [3528] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-19 09:59:28 [Info] [3528] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-19 09:59:28 [Info] [3528] start ipc thread id[4840] 2026-04-19 09:59:28 [Info] [3528] Connect Yundun ipc server return state is 0 2026-04-19 09:59:28 [Info] [3528] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-19 09:59:28 [Info] [3528] CResourceMonitor::run Enter 2026-04-19 09:59:28 [Info] [3528] CIpcMsgHandlerMgr::run Enter 2026-04-19 09:59:28 [Info] [3528] Report thread 2026-04-19 09:59:28 [Info] [3528] Monitor thread 2026-04-19 09:59:28 [Info] [3528] Loader thread 2026-04-19 09:59:28 [Info] [3528] PythonEngineImpl Init... 2026-04-19 09:59:28 [Info] [3528] yundun connected 2026-04-19 09:59:34 [Info] [3528] recvmsg: HELLO 2026-04-19 09:59:35 [Info] [3528] log fd cnt is [250], real fd cnt is [263] 2026-04-19 09:59:35 [Info] [3528] recvmsg: WORK 2026-04-19 09:59:35 [Info] [3528] no use encode, return to old mode 2026-04-19 09:59:35 [Info] [3528] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 09:59:35 [Info] [3528] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 09:59:35 [Info] [3528] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 09:59:36 [Info] [3528] log memory size is 20480KB, real memory size is 13132KB 2026-04-19 09:59:52 [Warn] [3528] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-19 09:59:52 [Info] [3528] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-19 10:00:02 [Warn] [3528] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-19 10:00:13 [Warn] [3528] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-19 10:00:13 [Info] [3528] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 10:00:14 [Info] [3528] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-19 10:00:14 [Info] [3528] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-19 10:00:15 [Info] [3528] item: --windows-sysinfoext-check 2026-04-19 10:00:15 [Info] [3528] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-19 10:00:15 [Info] [3528] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-19 10:00:15 [Info] [3528] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 10:00:15 [Info] [3528] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 10:00:15 [Info] [3528] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-19 10:00:15 [Info] [3528] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-19 10:00:15 [Info] [3528] Prepare stage1: --windows-sysinfoext-check 2026-04-19 10:00:15 [Info] [3528] Prepare stage2 2026-04-19 10:00:16 [Info] [3528] log memory size is 30720KB, real memory size is 23116KB 2026-04-19 10:00:17 [Info] [3528] stage3: --windows-sysinfoext-check 2026-04-19 10:00:17 [Info] [3528] Loader after check 2026-04-19 10:00:18 [Info] [3528] Enter reuse wait state. 2026-04-19 10:00:22 [Info] [3528] recvmsg: EXIT 2026-04-19 10:00:22 [Info] [3528] Recv Exit Msg, Exit... 2026-04-19 10:24:11 [Info] [2720] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-19 10:24:11 [Info] [2720] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap64001776565451 2026-04-19 10:24:11 [Info] [2720] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-19 10:24:11 [Info] [2720] Resource monitor start 2026-04-19 10:24:11 [Info] [2720] ipc client init success 2026-04-19 10:24:11 [Info] [2720] Ipc init: 0 2026-04-19 10:24:11 [Info] [2720] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-19 10:24:11 [Info] [2720] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-19 10:24:11 [Info] [2720] start ipc thread id[1620] 2026-04-19 10:24:11 [Info] [2720] Connect Yundun ipc server return state is 0 2026-04-19 10:24:11 [Info] [2720] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-19 10:24:11 [Info] [2720] CResourceMonitor::run Enter 2026-04-19 10:24:11 [Info] [2720] CIpcMsgHandlerMgr::run Enter 2026-04-19 10:24:11 [Info] [2720] Report thread 2026-04-19 10:24:11 [Info] [2720] Monitor thread 2026-04-19 10:24:11 [Info] [2720] Loader thread 2026-04-19 10:24:11 [Info] [2720] PythonEngineImpl Init... 2026-04-19 10:24:11 [Info] [2720] yundun connected 2026-04-19 10:24:11 [Info] [2720] recvmsg: HELLO 2026-04-19 10:24:11 [Info] [2720] recvmsg: WORK 2026-04-19 10:24:11 [Info] [2720] no use encode, return to old mode 2026-04-19 10:24:12 [Info] [2720] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 10:24:12 [Info] [2720] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 10:24:12 [Info] [2720] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 10:24:12 [Info] [2720] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 10:24:12 [Info] [2720] log fd cnt is [250], real fd cnt is [282] 2026-04-19 10:24:12 [Info] [2720] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-19 10:24:12 [Info] [2720] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-19 10:24:13 [Info] [2720] log memory size is 20480KB, real memory size is 14840KB 2026-04-19 10:24:13 [Info] [2720] item: --windows-schedule-task-check 2026-04-19 10:24:13 [Info] [2720] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-19 10:24:13 [Info] [2720] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-19 10:24:13 [Info] [2720] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 10:24:13 [Info] [2720] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 10:24:13 [Info] [2720] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-04-19 10:24:13 [Info] [2720] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-04-19 10:24:14 [Info] [2720] Prepare stage1: --windows-schedule-task-check 2026-04-19 10:24:14 [Info] [2720] Prepare stage2 2026-04-19 10:24:14 [Warn] [2720] high cpu, cpu is 21 2026-04-19 10:24:14 [Info] [2720] try get sys version 2026-04-19 10:24:14 [Info] [2720] win sys info:2/10:0:3 2026-04-19 10:24:14 [Info] [2720] suit legal version, enable cpu control 2026-04-19 10:24:14 [Warn] [2720] High CPU Warning: 21 2026-04-19 10:24:14 [Warn] [2720] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:dynamic.py line: 516 in func: __getattr__ File:windows-schedule-task-check.py line: 377 in func: GetScheduleTaskByCom File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks File:windows-schedule-task-check.py line: 425 in func: check File:windows-schedule-task-check.py line: 61 in func: main File:windows-schedule-task-check.py line: 433 in func: start 2026-04-19 10:24:17 [Info] [2720] log memory size is 30720KB, real memory size is 23652KB 2026-04-19 10:24:20 [Info] [2020] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-19 10:24:20 [Info] [2020] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap64301776565460 2026-04-19 10:24:20 [Info] [2020] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-19 10:24:20 [Info] [2020] Resource monitor start 2026-04-19 10:24:20 [Info] [2020] ipc client init success 2026-04-19 10:24:20 [Info] [2020] Ipc init: 0 2026-04-19 10:24:20 [Info] [2020] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-19 10:24:20 [Info] [2020] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-19 10:24:20 [Info] [2020] start ipc thread id[2568] 2026-04-19 10:24:20 [Info] [2020] Connect Yundun ipc server return state is 0 2026-04-19 10:24:20 [Info] [2020] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-19 10:24:20 [Info] [2020] CResourceMonitor::run Enter 2026-04-19 10:24:20 [Info] [2020] CIpcMsgHandlerMgr::run Enter 2026-04-19 10:24:20 [Info] [2020] yundun connected 2026-04-19 10:24:20 [Info] [2020] Report thread 2026-04-19 10:24:20 [Info] [2020] Monitor thread 2026-04-19 10:24:20 [Info] [2020] Loader thread 2026-04-19 10:24:20 [Info] [2020] PythonEngineImpl Init... 2026-04-19 10:24:21 [Info] [2020] recvmsg: HELLO 2026-04-19 10:24:21 [Info] [2020] recvmsg: WORK 2026-04-19 10:24:21 [Info] [2020] no use encode, return to old mode 2026-04-19 10:24:21 [Info] [2020] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 10:24:21 [Info] [2020] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 10:24:21 [Info] [2020] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 10:24:21 [Info] [2020] log fd cnt is [250], real fd cnt is [282] 2026-04-19 10:24:21 [Info] [2020] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 10:24:21 [Info] [2020] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-19 10:24:21 [Info] [2020] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-19 10:24:22 [Info] [2020] log memory size is 20480KB, real memory size is 14816KB 2026-04-19 10:24:22 [Info] [2020] item: --windows-registry-check 2026-04-19 10:24:22 [Info] [2020] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-19 10:24:22 [Info] [2020] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-19 10:24:22 [Info] [2020] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 10:24:23 [Info] [2020] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 10:24:23 [Info] [2020] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-04-19 10:24:23 [Info] [2020] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-04-19 10:24:23 [Info] [2020] Prepare stage1: --windows-registry-check 2026-04-19 10:24:23 [Info] [2020] Prepare stage2 2026-04-19 10:24:45 [Info] [2720] stage3: --windows-schedule-task-check 2026-04-19 10:24:45 [Info] [2720] Loader after check 2026-04-19 10:24:46 [Info] [2720] Enter reuse wait state. 2026-04-19 10:24:48 [Info] [2720] recvmsg: EXIT 2026-04-19 10:24:48 [Info] [2720] Recv Exit Msg, Exit... 2026-04-19 10:24:51 [Info] [2020] stage3: --windows-registry-check 2026-04-19 10:24:51 [Info] [2020] Loader after check 2026-04-19 10:24:52 [Info] [2020] Enter reuse wait state. 2026-04-19 10:24:53 [Info] [2020] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-19 10:24:54 [Info] [2020] recvmsg: EXIT 2026-04-19 10:24:54 [Info] [2020] Recv Exit Msg, Exit... 2026-04-19 10:28:40 [Info] [2188] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-19 10:28:40 [Info] [2188] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap72791776565720 2026-04-19 10:28:40 [Info] [2188] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-19 10:28:40 [Info] [2188] Resource monitor start 2026-04-19 10:28:40 [Info] [2188] ipc client init success 2026-04-19 10:28:40 [Info] [2188] Ipc init: 0 2026-04-19 10:28:40 [Info] [2188] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-19 10:28:40 [Info] [2188] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-19 10:28:40 [Info] [2188] start ipc thread id[3316] 2026-04-19 10:28:40 [Info] [2188] Connect Yundun ipc server return state is 0 2026-04-19 10:28:40 [Info] [2188] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-19 10:28:40 [Info] [2188] CResourceMonitor::run Enter 2026-04-19 10:28:40 [Info] [2188] CIpcMsgHandlerMgr::run Enter 2026-04-19 10:28:40 [Info] [2188] Report thread 2026-04-19 10:28:40 [Info] [2188] Monitor thread 2026-04-19 10:28:40 [Info] [2188] Loader thread 2026-04-19 10:28:40 [Info] [2188] PythonEngineImpl Init... 2026-04-19 10:28:40 [Info] [2188] yundun connected 2026-04-19 10:28:41 [Info] [2188] recvmsg: HELLO 2026-04-19 10:28:41 [Info] [2188] recvmsg: WORK 2026-04-19 10:28:41 [Info] [2188] no use encode, return to old mode 2026-04-19 10:28:41 [Info] [2188] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 10:28:41 [Info] [2188] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 10:28:41 [Info] [2188] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 10:28:41 [Info] [2188] log fd cnt is [250], real fd cnt is [282] 2026-04-19 10:28:41 [Info] [2188] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 10:28:41 [Info] [2188] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-19 10:28:41 [Info] [2188] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-19 10:28:42 [Info] [2188] log memory size is 20480KB, real memory size is 14824KB 2026-04-19 10:28:42 [Info] [2188] item: --tcp-connect-check 2026-04-19 10:28:42 [Info] [2188] cgroup name aegisRtap0 2026-04-19 10:28:42 [Info] [2188] try get sys version 2026-04-19 10:28:42 [Info] [2188] win sys info:2/10:0:3 2026-04-19 10:28:42 [Info] [2188] suit legal version, enable cpu control 2026-04-19 10:28:42 [Info] [2188] get AssignProcessToJobObject handle [00000478] 2026-04-19 10:28:42 [Info] [2188] Set setJobExtended. 2026-04-19 10:28:42 [Info] [2188] Set cpu [9%] 2026-04-19 10:28:42 [Info] [2188] Set cpu success 2026-04-19 10:28:42 [Info] [2188] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-19 10:28:42 [Info] [2188] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-19 10:28:42 [Info] [2188] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 10:28:43 [Info] [2188] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 10:28:43 [Info] [2188] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-04-19 10:28:43 [Info] [2188] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-04-19 10:28:43 [Info] [2188] Prepare stage1: --tcp-connect-check 2026-04-19 10:28:43 [Info] [2188] Prepare stage2 2026-04-19 10:28:46 [Info] [2188] stage3: --tcp-connect-check 2026-04-19 10:28:46 [Info] [2188] Loader after check 2026-04-19 10:28:47 [Info] [2188] Enter reuse wait state. 2026-04-19 10:28:52 [Info] [2188] recvmsg: EXIT 2026-04-19 10:28:52 [Info] [2188] Recv Exit Msg, Exit... 2026-04-19 10:32:34 [Info] [4008] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-19 10:32:34 [Info] [4008] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap80431776565954 2026-04-19 10:32:34 [Info] [4008] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-19 10:32:34 [Info] [4008] Resource monitor start 2026-04-19 10:32:34 [Info] [4008] ipc client init success 2026-04-19 10:32:34 [Info] [4008] Ipc init: 0 2026-04-19 10:32:34 [Info] [4008] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-19 10:32:34 [Info] [4008] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-19 10:32:34 [Info] [4008] start ipc thread id[2208] 2026-04-19 10:32:34 [Info] [4008] Connect Yundun ipc server return state is 0 2026-04-19 10:32:34 [Info] [4008] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-19 10:32:34 [Info] [4008] CResourceMonitor::run Enter 2026-04-19 10:32:34 [Info] [4008] CIpcMsgHandlerMgr::run Enter 2026-04-19 10:32:34 [Info] [4008] Report thread 2026-04-19 10:32:34 [Info] [4008] Monitor thread 2026-04-19 10:32:34 [Info] [4008] Loader thread 2026-04-19 10:32:34 [Info] [4008] PythonEngineImpl Init... 2026-04-19 10:32:34 [Info] [4008] yundun connected 2026-04-19 10:32:35 [Info] [4008] recvmsg: HELLO 2026-04-19 10:32:35 [Info] [4008] recvmsg: WORK 2026-04-19 10:32:35 [Info] [4008] no use encode, return to old mode 2026-04-19 10:32:35 [Info] [4008] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 10:32:35 [Info] [4008] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 10:32:35 [Info] [4008] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 10:32:35 [Info] [4008] log fd cnt is [250], real fd cnt is [278] 2026-04-19 10:32:35 [Info] [4008] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 10:32:36 [Info] [4008] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-19 10:32:36 [Info] [4008] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-19 10:32:37 [Info] [4008] log memory size is 20480KB, real memory size is 14652KB 2026-04-19 10:32:38 [Info] [4008] item: --windows-driver-version-check 2026-04-19 10:32:38 [Info] [4008] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-19 10:32:38 [Info] [4008] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-19 10:32:38 [Info] [4008] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 10:32:38 [Info] [4008] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 10:32:38 [Info] [4008] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-04-19 10:32:38 [Info] [4008] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-04-19 10:32:38 [Info] [4008] Prepare stage1: --windows-driver-version-check 2026-04-19 10:32:38 [Info] [4008] Prepare stage2 2026-04-19 10:32:38 [Info] [4008] stage3: --windows-driver-version-check 2026-04-19 10:32:38 [Info] [4008] Loader after check 2026-04-19 10:32:39 [Info] [4008] Enter reuse wait state. 2026-04-19 10:32:42 [Info] [4008] recvmsg: EXIT 2026-04-19 10:32:42 [Info] [4008] Recv Exit Msg, Exit... 2026-04-19 11:08:40 [Info] [2112] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-19 11:08:40 [Info] [2112] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap151161776568120 2026-04-19 11:08:40 [Info] [2112] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-19 11:08:40 [Info] [2112] Resource monitor start 2026-04-19 11:08:40 [Info] [2112] ipc client init success 2026-04-19 11:08:40 [Info] [2112] Ipc init: 0 2026-04-19 11:08:40 [Info] [2112] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-19 11:08:40 [Info] [2112] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-19 11:08:40 [Info] [2112] start ipc thread id[1180] 2026-04-19 11:08:40 [Info] [2112] Connect Yundun ipc server return state is 0 2026-04-19 11:08:40 [Info] [2112] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-19 11:08:40 [Info] [2112] CResourceMonitor::run Enter 2026-04-19 11:08:40 [Info] [2112] CIpcMsgHandlerMgr::run Enter 2026-04-19 11:08:40 [Info] [2112] Report thread 2026-04-19 11:08:40 [Info] [2112] Monitor thread 2026-04-19 11:08:40 [Info] [2112] Loader thread 2026-04-19 11:08:40 [Info] [2112] PythonEngineImpl Init... 2026-04-19 11:08:40 [Info] [2112] yundun connected 2026-04-19 11:08:40 [Info] [2112] recvmsg: HELLO 2026-04-19 11:08:40 [Info] [2112] recvmsg: WORK 2026-04-19 11:08:40 [Info] [2112] no use encode, return to old mode 2026-04-19 11:08:40 [Info] [2112] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 11:08:40 [Info] [2112] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 11:08:40 [Info] [2112] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 11:08:41 [Info] [2112] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 11:08:41 [Info] [2112] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-19 11:08:41 [Info] [2112] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-19 11:08:41 [Info] [2112] log fd cnt is [250], real fd cnt is [281] 2026-04-19 11:08:42 [Info] [2112] log memory size is 20480KB, real memory size is 14852KB 2026-04-19 11:08:42 [Info] [2112] item: --windows-autorun-item-check 2026-04-19 11:08:42 [Info] [2112] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-19 11:08:42 [Info] [2112] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-19 11:08:42 [Info] [2112] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 11:08:42 [Info] [2112] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 11:08:42 [Info] [2112] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-04-19 11:08:42 [Info] [2112] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-04-19 11:08:42 [Info] [2112] Prepare stage1: --windows-autorun-item-check 2026-04-19 11:08:42 [Info] [2112] Prepare stage2 2026-04-19 11:08:43 [Warn] [2112] high cpu, cpu is 15 2026-04-19 11:08:43 [Info] [2112] try get sys version 2026-04-19 11:08:43 [Info] [2112] win sys info:2/10:0:3 2026-04-19 11:08:43 [Info] [2112] suit legal version, enable cpu control 2026-04-19 11:08:43 [Warn] [2112] High CPU Warning: 15 2026-04-19 11:08:43 [Warn] [2112] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-autorun-item-check.py line: 220 in func: EnumRegKeyValue File:windows-autorun-item-check.py line: 258 in func: GetAutoRunByReg File:windows-autorun-item-check.py line: 500 in func: check File:windows-autorun-item-check.py line: 80 in func: main File:windows-autorun-item-check.py line: 534 in func: start 2026-04-19 11:08:46 [Info] [2112] log memory size is 30720KB, real memory size is 22624KB 2026-04-19 11:08:52 [Info] [2112] stage3: --windows-autorun-item-check 2026-04-19 11:08:52 [Info] [2112] Loader after check 2026-04-19 11:08:53 [Info] [2112] Enter reuse wait state. 2026-04-19 11:08:55 [Info] [2112] recvmsg: EXIT 2026-04-19 11:08:55 [Info] [2112] Recv Exit Msg, Exit... 2026-04-19 15:30:07 [Info] [2020] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-19 15:30:07 [Info] [2020] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap7161776583779 2026-04-19 15:30:07 [Info] [2020] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-19 15:30:07 [Info] [2020] Resource monitor start 2026-04-19 15:30:07 [Info] [2020] ipc client init success 2026-04-19 15:30:07 [Info] [2020] Ipc init: 0 2026-04-19 15:30:07 [Info] [2020] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-19 15:30:07 [Info] [2020] CResourceMonitor::run Enter 2026-04-19 15:30:07 [Info] [2020] CIpcMsgHandlerMgr::run Enter 2026-04-19 15:30:07 [Info] [2020] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-19 15:30:07 [Info] [2020] start ipc thread id[4884] 2026-04-19 15:30:07 [Info] [2020] Connect Yundun ipc server return state is 0 2026-04-19 15:30:07 [Info] [2020] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-19 15:30:07 [Info] [2020] yundun connected 2026-04-19 15:30:07 [Info] [2020] Report thread 2026-04-19 15:30:07 [Info] [2020] Monitor thread 2026-04-19 15:30:07 [Info] [2020] Loader thread 2026-04-19 15:30:07 [Info] [2020] PythonEngineImpl Init... 2026-04-19 15:30:08 [Info] [2020] recvmsg: HELLO 2026-04-19 15:30:08 [Info] [2020] recvmsg: WORK 2026-04-19 15:30:08 [Info] [2020] no use encode, return to old mode 2026-04-19 15:30:08 [Info] [2020] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 15:30:08 [Info] [2020] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 15:30:08 [Info] [2020] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 15:30:08 [Info] [2020] log fd cnt is [250], real fd cnt is [286] 2026-04-19 15:30:08 [Info] [2020] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 15:30:08 [Info] [2020] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-19 15:30:08 [Info] [2020] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-19 15:30:09 [Info] [2020] log memory size is 20480KB, real memory size is 15072KB 2026-04-19 15:30:10 [Info] [2020] item: --windows-sysinfoext-check 2026-04-19 15:30:10 [Info] [2020] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-19 15:30:10 [Info] [2020] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-19 15:30:10 [Info] [2020] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 15:30:10 [Info] [2020] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 15:30:10 [Info] [2020] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-19 15:30:10 [Info] [2020] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-19 15:30:10 [Info] [2020] Prepare stage1: --windows-sysinfoext-check 2026-04-19 15:30:10 [Info] [2020] Prepare stage2 2026-04-19 15:30:12 [Warn] [2020] high cpu, cpu is 14 2026-04-19 15:30:12 [Info] [2020] try get sys version 2026-04-19 15:30:12 [Info] [2020] win sys info:2/10:0:3 2026-04-19 15:30:12 [Info] [2020] suit legal version, enable cpu control 2026-04-19 15:30:12 [Warn] [2020] High CPU Warning: 14 2026-04-19 15:30:13 [Warn] [2020] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-19 15:30:14 [Info] [2020] log memory size is 30720KB, real memory size is 23504KB 2026-04-19 15:30:14 [Info] [2020] stage3: --windows-sysinfoext-check 2026-04-19 15:30:14 [Info] [2020] Loader after check 2026-04-19 15:30:15 [Info] [2020] Enter reuse wait state. 2026-04-19 15:30:19 [Info] [2020] recvmsg: EXIT 2026-04-19 15:30:19 [Info] [2020] Recv Exit Msg, Exit... 2026-04-19 18:26:45 [Info] [3368] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-19 18:26:45 [Info] [3368] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap26481776594405 2026-04-19 18:26:45 [Info] [3368] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-19 18:26:45 [Info] [3368] Resource monitor start 2026-04-19 18:26:45 [Info] [3368] ipc client init success 2026-04-19 18:26:45 [Info] [3368] Ipc init: 0 2026-04-19 18:26:45 [Info] [3368] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-19 18:26:45 [Info] [3368] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-19 18:26:45 [Info] [3368] start ipc thread id[4708] 2026-04-19 18:26:45 [Info] [3368] Connect Yundun ipc server return state is 0 2026-04-19 18:26:45 [Info] [3368] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-19 18:26:45 [Info] [3368] CResourceMonitor::run Enter 2026-04-19 18:26:45 [Info] [3368] CIpcMsgHandlerMgr::run Enter 2026-04-19 18:26:45 [Info] [3368] Report thread 2026-04-19 18:26:45 [Info] [3368] Monitor thread 2026-04-19 18:26:45 [Info] [3368] Loader thread 2026-04-19 18:26:45 [Info] [3368] PythonEngineImpl Init... 2026-04-19 18:26:45 [Info] [3368] yundun connected 2026-04-19 18:26:45 [Info] [3368] recvmsg: HELLO 2026-04-19 18:26:45 [Info] [3368] recvmsg: WORK 2026-04-19 18:26:45 [Info] [3368] no use encode, return to old mode 2026-04-19 18:26:45 [Info] [3368] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 18:26:45 [Info] [3368] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 18:26:45 [Info] [3368] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 18:26:45 [Info] [3368] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 18:26:46 [Info] [3368] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-19 18:26:46 [Info] [3368] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-19 18:26:46 [Info] [3368] log fd cnt is [250], real fd cnt is [281] 2026-04-19 18:26:47 [Info] [3368] log memory size is 20480KB, real memory size is 14856KB 2026-04-19 18:26:47 [Info] [3368] item: --secnet_rasp_agent 2026-04-19 18:26:47 [Info] [3368] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-19 18:26:47 [Info] [3368] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-19 18:26:47 [Info] [3368] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-04-19 18:26:47 [Info] [3368] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-19 18:26:47 [Info] [3368] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-04-19 18:26:47 [Info] [3368] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-04-19 18:26:47 [Info] [3368] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-04-19 18:26:47 [Info] [3368] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-04-19 18:26:47 [Info] [3368] Download redirect files success. 2026-04-19 18:26:47 [Info] [3368] Prepare stage1: --secnet_rasp_agent 2026-04-19 18:26:47 [Info] [3368] Prepare stage2 2026-04-19 18:26:48 [Info] [3368] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-19 18:26:48 [Info] [3368] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-19 18:26:48 [Info] [3368] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 18:26:48 [Info] [3368] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 18:26:49 [Info] [3368] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-04-19 18:26:49 [Info] [3368] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-19 18:26:49 [Info] [3368] stage3: --secnet_rasp_agent 2026-04-19 18:26:49 [Info] [3368] Loader after check 2026-04-19 18:26:50 [Info] [3368] Enter reuse wait state. 2026-04-19 18:26:51 [Info] [3368] log memory size is 30720KB, real memory size is 21360KB 2026-04-19 18:26:52 [Info] [3368] recvmsg: EXIT 2026-04-19 18:26:52 [Info] [3368] Recv Exit Msg, Exit... 2026-04-19 20:59:21 [Info] [4364] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-19 20:59:21 [Info] [4364] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap323941776603514 2026-04-19 20:59:21 [Info] [4364] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-19 20:59:21 [Info] [4364] Resource monitor start 2026-04-19 20:59:21 [Info] [4364] ipc client init success 2026-04-19 20:59:21 [Info] [4364] Ipc init: 0 2026-04-19 20:59:21 [Info] [4364] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-19 20:59:21 [Info] [4364] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-19 20:59:21 [Info] [4364] start ipc thread id[4308] 2026-04-19 20:59:21 [Info] [4364] Connect Yundun ipc server return state is 0 2026-04-19 20:59:21 [Info] [4364] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-19 20:59:23 [Info] [4364] CResourceMonitor::run Enter 2026-04-19 20:59:23 [Info] [4364] CIpcMsgHandlerMgr::run Enter 2026-04-19 20:59:23 [Info] [4364] yundun connected 2026-04-19 20:59:23 [Info] [4364] Report thread 2026-04-19 20:59:23 [Info] [4364] Monitor thread 2026-04-19 20:59:23 [Info] [4364] Loader thread 2026-04-19 20:59:23 [Info] [4364] PythonEngineImpl Init... 2026-04-19 20:59:26 [Info] [4364] recvmsg: HELLO 2026-04-19 20:59:26 [Info] [4364] log fd cnt is [250], real fd cnt is [263] 2026-04-19 20:59:27 [Info] [4364] recvmsg: WORK 2026-04-19 20:59:27 [Info] [4364] no use encode, return to old mode 2026-04-19 20:59:27 [Info] [4364] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 20:59:27 [Info] [4364] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 20:59:27 [Info] [4364] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 20:59:28 [Info] [4364] log memory size is 20480KB, real memory size is 13640KB 2026-04-19 20:59:26 [Info] [2964] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-19 20:59:26 [Info] [2964] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap325641776603566 2026-04-19 20:59:26 [Info] [2964] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-19 20:59:26 [Info] [2964] Resource monitor start 2026-04-19 20:59:26 [Info] [2964] ipc client init success 2026-04-19 20:59:26 [Info] [2964] Ipc init: 0 2026-04-19 20:59:26 [Info] [2964] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-19 20:59:26 [Info] [2964] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-19 20:59:26 [Info] [2964] start ipc thread id[3568] 2026-04-19 20:59:26 [Info] [2964] Connect Yundun ipc server return state is 0 2026-04-19 20:59:26 [Info] [2964] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-19 20:59:27 [Info] [2964] CResourceMonitor::run Enter 2026-04-19 20:59:27 [Info] [2964] CIpcMsgHandlerMgr::run Enter 2026-04-19 20:59:27 [Info] [2964] yundun connected 2026-04-19 20:59:27 [Info] [2964] Report thread 2026-04-19 20:59:27 [Info] [2964] Monitor thread 2026-04-19 20:59:27 [Info] [2964] Loader thread 2026-04-19 20:59:27 [Info] [2964] PythonEngineImpl Init... 2026-04-19 20:59:27 [Info] [2964] recvmsg: HELLO 2026-04-19 20:59:27 [Info] [2964] recvmsg: WORK 2026-04-19 20:59:27 [Info] [2964] no use encode, return to old mode 2026-04-19 20:59:27 [Info] [2964] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 20:59:27 [Info] [2964] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-19 20:59:27 [Info] [2964] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 20:59:28 [Info] [2964] log fd cnt is [250], real fd cnt is [277] 2026-04-19 20:59:29 [Info] [4364] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 20:59:29 [Info] [2964] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 20:59:29 [Info] [2964] log memory size is 20480KB, real memory size is 14484KB 2026-04-19 20:59:29 [Info] [2964] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-19 20:59:29 [Info] [2964] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-19 20:59:29 [Info] [4364] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-19 20:59:29 [Info] [4364] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-19 20:59:30 [Info] [2964] item: --windows-vul-check 2026-04-19 20:59:30 [Info] [2964] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-19 20:59:30 [Info] [4364] item: --windows-sysinfoext-check 2026-04-19 20:59:30 [Info] [4364] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-19 20:59:30 [Info] [4364] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-19 20:59:30 [Info] [4364] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 20:59:30 [Info] [4364] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 20:59:30 [Info] [2964] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-19 20:59:30 [Info] [4364] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-19 20:59:30 [Info] [4364] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-19 20:59:30 [Info] [4364] Prepare stage1: --windows-sysinfoext-check 2026-04-19 20:59:30 [Info] [4364] Prepare stage2 2026-04-19 20:59:30 [Info] [2964] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py 2026-04-19 20:59:30 [Info] [2964] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-19 20:59:30 [Info] [2964] Download redirect files success. 2026-04-19 20:59:30 [Info] [2964] Prepare stage1: --windows-vul-check 2026-04-19 20:59:30 [Info] [2964] Prepare stage2 2026-04-19 20:59:31 [Info] [2964] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-04-19 20:59:31 [Info] [2964] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-04-19 20:59:31 [Info] [2964] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-19 20:59:31 [Info] [2964] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-19 20:59:31 [Info] [2964] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-04-19 20:59:31 [Info] [2964] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-04-19 20:59:32 [Info] [4364] log memory size is 30720KB, real memory size is 23120KB 2026-04-19 20:59:32 [Info] [2964] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0 2026-04-19 20:59:32 [Info] [2964] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0 2026-04-19 20:59:32 [Info] [2964] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat 2026-04-19 20:59:32 [Info] [2964] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat 2026-04-19 20:59:33 [Info] [2964] log memory size is 30720KB, real memory size is 23764KB 2026-04-19 20:59:33 [Info] [2964] stage3: --windows-vul-check 2026-04-19 20:59:33 [Info] [2964] Loader after check 2026-04-19 20:59:33 [Info] [4364] stage3: --windows-sysinfoext-check 2026-04-19 20:59:33 [Info] [4364] Loader after check 2026-04-19 20:59:34 [Warn] [2964] high cpu, cpu is 15 2026-04-19 20:59:34 [Info] [2964] try get sys version 2026-04-19 20:59:34 [Info] [2964] win sys info:2/10:0:3 2026-04-19 20:59:34 [Info] [2964] suit legal version, enable cpu control 2026-04-19 20:59:34 [Warn] [2964] High CPU Warning: 15 2026-04-19 20:59:34 [Warn] [2964] resource monitor exp type: High CPU Warning, script runing: 0 2026-04-19 20:59:34 [Info] [2964] Enter reuse wait state. 2026-04-19 20:59:34 [Info] [4364] Enter reuse wait state. 2026-04-19 20:59:38 [Info] [4364] recvmsg: EXIT 2026-04-19 20:59:38 [Info] [4364] Recv Exit Msg, Exit... 2026-04-19 20:59:40 [Info] [2964] recvmsg: EXIT 2026-04-19 20:59:40 [Info] [2964] Recv Exit Msg, Exit... 2026-04-26 00:39:07 [Info] [3236] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-26 00:39:07 [Info] [3236] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap317371777135134 2026-04-26 00:39:07 [Info] [3236] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-26 00:39:12 [Info] [3236] Resource monitor start 2026-04-26 00:39:12 [Info] [3236] ipc client init success 2026-04-26 00:39:12 [Info] [3236] Ipc init: 0 2026-04-26 00:39:12 [Info] [3236] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-26 00:39:12 [Info] [3236] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-26 00:39:16 [Info] [3236] CIpcMsgHandlerMgr::run Enter 2026-04-26 00:39:16 [Info] [3236] CResourceMonitor::run Enter 2026-04-26 00:39:16 [Info] [3236] start ipc thread id[2820] 2026-04-26 00:39:16 [Info] [3236] Connect Yundun ipc server return state is 0 2026-04-26 00:39:16 [Info] [3236] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-26 00:39:17 [Info] [3236] log fd cnt is [250], real fd cnt is [242] 2026-04-26 00:39:21 [Info] [3236] Loader thread 2026-04-26 00:39:21 [Info] [3236] PythonEngineImpl Init... 2026-04-26 00:39:21 [Info] [3236] Monitor thread 2026-04-26 00:39:21 [Info] [3236] Report thread 2026-04-26 00:39:21 [Info] [3236] yundun connected 2026-04-26 00:39:21 [Info] [3236] recvmsg: HELLO 2026-04-26 00:39:21 [Info] [3236] recvmsg: WORK 2026-04-26 00:39:21 [Info] [3236] no use encode, return to old mode 2026-04-26 00:39:21 [Info] [3236] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 00:39:21 [Info] [3236] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 00:39:21 [Info] [3236] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 00:39:22 [Info] [3236] log memory size is 20480KB, real memory size is 13132KB 2026-04-26 00:39:42 [Warn] [3236] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-26 00:39:46 [Info] [3236] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-26 00:39:52 [Warn] [3236] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-26 00:39:53 [Info] [3236] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 00:39:53 [Info] [3236] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-26 00:39:53 [Info] [3236] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-26 00:39:54 [Info] [3236] item: --windows-sysinfoext-check 2026-04-26 00:39:54 [Info] [3236] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-26 00:39:54 [Info] [3236] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-26 00:39:54 [Info] [3236] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 00:39:54 [Info] [3236] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 00:39:54 [Info] [3236] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-26 00:39:54 [Info] [3236] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-26 00:39:54 [Info] [3236] Prepare stage1: --windows-sysinfoext-check 2026-04-26 00:39:54 [Info] [3236] Prepare stage2 2026-04-26 00:39:55 [Info] [3236] log memory size is 30720KB, real memory size is 22768KB 2026-04-26 00:39:57 [Info] [3236] stage3: --windows-sysinfoext-check 2026-04-26 00:39:57 [Info] [3236] Loader after check 2026-04-26 00:39:58 [Info] [3236] Enter reuse wait state. 2026-04-26 00:40:02 [Info] [3236] recvmsg: EXIT 2026-04-26 00:40:02 [Info] [3236] Recv Exit Msg, Exit... 2026-04-26 02:05:25 [Info] [4612] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-26 02:05:25 [Info] [4612] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap159211777140325 2026-04-26 02:05:25 [Info] [4612] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-26 02:05:25 [Info] [4612] Resource monitor start 2026-04-26 02:05:25 [Info] [4612] ipc client init success 2026-04-26 02:05:25 [Info] [4612] Ipc init: 0 2026-04-26 02:05:25 [Info] [4612] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-26 02:05:25 [Info] [4612] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-26 02:05:25 [Info] [4612] start ipc thread id[2880] 2026-04-26 02:05:25 [Info] [4612] Connect Yundun ipc server return state is 0 2026-04-26 02:05:25 [Info] [4612] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-26 02:05:25 [Info] [4612] CResourceMonitor::run Enter 2026-04-26 02:05:25 [Info] [4612] CIpcMsgHandlerMgr::run Enter 2026-04-26 02:05:25 [Info] [4612] Report thread 2026-04-26 02:05:25 [Info] [4612] Monitor thread 2026-04-26 02:05:25 [Info] [4612] Loader thread 2026-04-26 02:05:25 [Info] [4612] PythonEngineImpl Init... 2026-04-26 02:05:25 [Info] [4612] yundun connected 2026-04-26 02:05:26 [Info] [4612] recvmsg: HELLO 2026-04-26 02:05:26 [Info] [4612] recvmsg: WORK 2026-04-26 02:05:26 [Info] [4612] no use encode, return to old mode 2026-04-26 02:05:26 [Info] [4612] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 02:05:26 [Info] [4612] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 02:05:26 [Info] [4612] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 02:05:26 [Info] [4612] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 02:05:26 [Info] [4612] log fd cnt is [250], real fd cnt is [282] 2026-04-26 02:05:26 [Info] [4612] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-26 02:05:26 [Info] [4612] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-26 02:05:28 [Info] [4612] log memory size is 20480KB, real memory size is 14788KB 2026-04-26 02:05:29 [Info] [4612] item: --sca 2026-04-26 02:05:29 [Info] [4612] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-26 02:05:29 [Info] [4612] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-26 02:05:29 [Info] [4612] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-04-26 02:05:29 [Info] [4612] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-04-26 02:05:29 [Info] [4612] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-04-26 02:05:29 [Info] [4612] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-04-26 02:05:30 [Info] [4612] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-04-26 02:05:30 [Info] [4612] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-04-26 02:05:30 [Info] [4612] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-04-26 02:05:30 [Info] [4612] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-04-26 02:05:30 [Info] [4612] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-04-26 02:05:30 [Info] [4612] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-04-26 02:05:30 [Info] [4612] Download redirect files success. 2026-04-26 02:05:30 [Info] [4612] Prepare stage1: --sca 2026-04-26 02:05:30 [Info] [4612] Prepare stage2 2026-04-26 02:05:31 [Warn] [4612] high cpu, cpu is 30 2026-04-26 02:05:31 [Info] [4612] try get sys version 2026-04-26 02:05:31 [Info] [4612] win sys info:2/10:0:3 2026-04-26 02:05:31 [Info] [4612] suit legal version, enable cpu control 2026-04-26 02:05:31 [Warn] [4612] High CPU Warning: 30 2026-04-26 02:05:31 [Warn] [4612] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:analyzer.py line: 2 in func: <module> File:parser.py line: 9 in func: <module> File:__init__.py line: 2 in func: <module> File:sca_webcontainer_proc.py line: 23 in func: <module> File:sca.py line: 48 in func: <module> 2026-04-26 02:05:32 [Info] [4612] log memory size is 30720KB, real memory size is 32768KB 2026-04-26 02:05:35 [Info] [4612] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-26 02:05:36 [Info] [4612] log memory size is 40960KB, real memory size is 33116KB 2026-04-26 02:06:06 [Info] [4612] stage3: --sca 2026-04-26 02:06:06 [Info] [4612] Loader after check 2026-04-26 02:06:07 [Info] [4612] Enter reuse wait state. 2026-04-26 02:06:09 [Info] [4612] recvmsg: EXIT 2026-04-26 02:06:09 [Info] [4612] Recv Exit Msg, Exit... 2026-04-26 06:07:25 [Info] [2364] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-26 06:07:25 [Info] [2364] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap305661777154844 2026-04-26 06:07:25 [Info] [2364] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-26 06:07:25 [Info] [2364] Resource monitor start 2026-04-26 06:07:25 [Info] [2364] ipc client init success 2026-04-26 06:07:25 [Info] [2364] Ipc init: 0 2026-04-26 06:07:25 [Info] [2364] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-26 06:07:25 [Info] [2364] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-26 06:07:25 [Info] [2364] start ipc thread id[4340] 2026-04-26 06:07:25 [Info] [2364] Connect Yundun ipc server return state is 0 2026-04-26 06:07:25 [Info] [2364] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-26 06:07:25 [Info] [2364] CResourceMonitor::run Enter 2026-04-26 06:07:25 [Info] [2364] CIpcMsgHandlerMgr::run Enter 2026-04-26 06:07:25 [Info] [2364] Report thread 2026-04-26 06:07:25 [Info] [2364] Monitor thread 2026-04-26 06:07:25 [Info] [2364] Loader thread 2026-04-26 06:07:25 [Info] [2364] PythonEngineImpl Init... 2026-04-26 06:07:31 [Info] [2364] yundun connected 2026-04-26 06:07:33 [Info] [2364] recvmsg: HELLO 2026-04-26 06:07:33 [Info] [2364] recvmsg: WORK 2026-04-26 06:07:33 [Info] [2364] no use encode, return to old mode 2026-04-26 06:07:33 [Info] [2364] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 06:07:33 [Info] [2364] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 06:07:33 [Info] [2364] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 06:07:36 [Info] [2364] log fd cnt is [250], real fd cnt is [264] 2026-04-26 06:07:37 [Info] [2364] log memory size is 20480KB, real memory size is 13112KB 2026-04-26 06:07:50 [Warn] [2364] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-26 06:07:59 [Info] [2364] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-26 06:08:04 [Warn] [2364] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-26 06:08:07 [Info] [2364] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 06:08:07 [Info] [2364] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-26 06:08:07 [Info] [2364] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-26 06:08:09 [Info] [2364] item: --windows-sysinfoext-check 2026-04-26 06:08:09 [Info] [2364] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-26 06:08:09 [Info] [2364] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-26 06:08:09 [Info] [2364] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 06:08:09 [Info] [2364] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 06:08:09 [Info] [2364] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-26 06:08:09 [Info] [2364] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-26 06:08:09 [Info] [2364] Prepare stage1: --windows-sysinfoext-check 2026-04-26 06:08:09 [Info] [2364] Prepare stage2 2026-04-26 06:08:10 [Warn] [2364] high cpu, cpu is 16 2026-04-26 06:08:10 [Info] [2364] try get sys version 2026-04-26 06:08:10 [Info] [2364] win sys info:2/10:0:3 2026-04-26 06:08:10 [Info] [2364] suit legal version, enable cpu control 2026-04-26 06:08:10 [Warn] [2364] High CPU Warning: 16 2026-04-26 06:08:11 [Warn] [2364] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-26 06:08:11 [Info] [2364] stage3: --windows-sysinfoext-check 2026-04-26 06:08:11 [Info] [2364] Loader after check 2026-04-26 06:08:12 [Info] [2364] Enter reuse wait state. 2026-04-26 06:08:14 [Info] [2364] log memory size is 30720KB, real memory size is 23376KB 2026-04-26 06:08:16 [Info] [2364] recvmsg: EXIT 2026-04-26 06:08:16 [Info] [2364] Recv Exit Msg, Exit... 2026-04-26 07:44:32 [Info] [3268] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-26 07:44:32 [Info] [3268] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap168301777160672 2026-04-26 07:44:32 [Info] [3268] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-26 07:44:32 [Info] [3268] Resource monitor start 2026-04-26 07:44:32 [Info] [3268] ipc client init success 2026-04-26 07:44:32 [Info] [3268] Ipc init: 0 2026-04-26 07:44:32 [Info] [3268] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-26 07:44:32 [Info] [3268] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-26 07:44:32 [Info] [3268] start ipc thread id[4700] 2026-04-26 07:44:32 [Info] [3268] Connect Yundun ipc server return state is 0 2026-04-26 07:44:32 [Info] [3268] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-26 07:44:32 [Info] [3268] CResourceMonitor::run Enter 2026-04-26 07:44:32 [Info] [3268] CIpcMsgHandlerMgr::run Enter 2026-04-26 07:44:32 [Info] [3268] Report thread 2026-04-26 07:44:32 [Info] [3268] Monitor thread 2026-04-26 07:44:32 [Info] [3268] Loader thread 2026-04-26 07:44:32 [Info] [3268] PythonEngineImpl Init... 2026-04-26 07:44:32 [Info] [3268] yundun connected 2026-04-26 07:44:32 [Info] [3268] recvmsg: HELLO 2026-04-26 07:44:32 [Info] [3268] recvmsg: WORK 2026-04-26 07:44:32 [Info] [3268] no use encode, return to old mode 2026-04-26 07:44:32 [Info] [3268] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 07:44:32 [Info] [3268] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 07:44:32 [Info] [3268] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 07:44:33 [Info] [3268] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 07:44:33 [Info] [3268] log fd cnt is [250], real fd cnt is [282] 2026-04-26 07:44:33 [Info] [3268] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-26 07:44:33 [Info] [3268] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-26 07:44:34 [Info] [3268] log memory size is 20480KB, real memory size is 14768KB 2026-04-26 07:44:34 [Info] [3268] item: --windows-vul-clean 2026-04-26 07:44:34 [Info] [3268] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-26 07:44:34 [Info] [3268] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-26 07:44:34 [Info] [3268] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 07:44:34 [Info] [3268] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 07:44:35 [Info] [3268] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-04-26 07:44:35 [Info] [3268] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-04-26 07:44:35 [Info] [3268] Prepare stage1: --windows-vul-clean 2026-04-26 07:44:35 [Info] [3268] Prepare stage2 2026-04-26 07:44:35 [Info] [3268] stage3: --windows-vul-clean 2026-04-26 07:44:35 [Info] [3268] Loader after check 2026-04-26 07:44:36 [Info] [3268] Enter reuse wait state. 2026-04-26 07:44:40 [Info] [3268] recvmsg: EXIT 2026-04-26 07:44:40 [Info] [3268] Recv Exit Msg, Exit... 2026-04-26 08:43:21 [Info] [4904] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-26 08:43:21 [Info] [4904] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap283541777164201 2026-04-26 08:43:21 [Info] [4904] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-26 08:43:21 [Info] [4904] Resource monitor start 2026-04-26 08:43:21 [Info] [4904] ipc client init success 2026-04-26 08:43:21 [Info] [4904] Ipc init: 0 2026-04-26 08:43:21 [Info] [4904] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-26 08:43:21 [Info] [4904] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-26 08:43:21 [Info] [4904] start ipc thread id[288] 2026-04-26 08:43:21 [Info] [4904] Connect Yundun ipc server return state is 0 2026-04-26 08:43:21 [Info] [4904] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-26 08:43:21 [Info] [4904] CResourceMonitor::run Enter 2026-04-26 08:43:21 [Info] [4904] CIpcMsgHandlerMgr::run Enter 2026-04-26 08:43:21 [Info] [4904] Report thread 2026-04-26 08:43:21 [Info] [4904] Monitor thread 2026-04-26 08:43:21 [Info] [4904] Loader thread 2026-04-26 08:43:21 [Info] [4904] PythonEngineImpl Init... 2026-04-26 08:43:21 [Info] [4904] yundun connected 2026-04-26 08:43:22 [Info] [4904] recvmsg: HELLO 2026-04-26 08:43:22 [Info] [4904] log fd cnt is [250], real fd cnt is [263] 2026-04-26 08:43:22 [Info] [4904] recvmsg: WORK 2026-04-26 08:43:22 [Info] [4904] no use encode, return to old mode 2026-04-26 08:43:22 [Info] [4904] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 08:43:22 [Info] [4904] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 08:43:22 [Info] [4904] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 08:43:23 [Info] [4904] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 08:43:23 [Info] [4904] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-26 08:43:23 [Info] [4904] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-26 08:43:23 [Info] [4904] log memory size is 20480KB, real memory size is 14548KB 2026-04-26 08:43:23 [Info] [4904] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-26 08:43:24 [Info] [4904] item: --windows-process-check 2026-04-26 08:43:24 [Info] [4904] cgroup name aegisRtap0 2026-04-26 08:43:24 [Info] [4904] try get sys version 2026-04-26 08:43:24 [Info] [4904] win sys info:2/10:0:3 2026-04-26 08:43:24 [Info] [4904] suit legal version, enable cpu control 2026-04-26 08:43:24 [Info] [4904] get AssignProcessToJobObject handle [00000478] 2026-04-26 08:43:24 [Info] [4904] Set setJobExtended. 2026-04-26 08:43:24 [Info] [4904] Set cpu [9%] 2026-04-26 08:43:24 [Info] [4904] Set cpu success 2026-04-26 08:43:24 [Info] [4904] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-26 08:43:24 [Info] [4904] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-26 08:43:24 [Info] [4904] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 08:43:24 [Info] [4904] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 08:43:25 [Info] [4904] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-04-26 08:43:25 [Info] [4904] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-04-26 08:43:25 [Info] [4904] Prepare stage1: --windows-process-check 2026-04-26 08:43:25 [Info] [4904] Prepare stage2 2026-04-26 08:43:28 [Info] [4904] log memory size is 30720KB, real memory size is 20588KB 2026-04-26 08:43:43 [Info] [4904] stage3: --windows-process-check 2026-04-26 08:43:43 [Info] [4904] Loader after check 2026-04-26 08:43:44 [Info] [4904] Enter reuse wait state. 2026-04-26 08:43:49 [Info] [4904] recvmsg: EXIT 2026-04-26 08:43:49 [Info] [4904] Recv Exit Msg, Exit... 2026-04-26 10:24:52 [Info] [2368] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-26 10:24:52 [Info] [2368] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap154771777170292 2026-04-26 10:24:52 [Info] [2368] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-26 10:24:52 [Info] [2368] Resource monitor start 2026-04-26 10:24:52 [Info] [2368] ipc client init success 2026-04-26 10:24:52 [Info] [2368] Ipc init: 0 2026-04-26 10:24:52 [Info] [2368] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-26 10:24:52 [Info] [2368] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-26 10:24:52 [Info] [2368] start ipc thread id[4180] 2026-04-26 10:24:52 [Info] [2368] Connect Yundun ipc server return state is 0 2026-04-26 10:24:52 [Info] [2368] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-26 10:24:52 [Info] [2368] CResourceMonitor::run Enter 2026-04-26 10:24:52 [Info] [2368] CIpcMsgHandlerMgr::run Enter 2026-04-26 10:24:52 [Info] [2368] Report thread 2026-04-26 10:24:52 [Info] [2368] Monitor thread 2026-04-26 10:24:52 [Info] [2368] Loader thread 2026-04-26 10:24:52 [Info] [2368] PythonEngineImpl Init... 2026-04-26 10:24:52 [Info] [2368] yundun connected 2026-04-26 10:24:53 [Info] [2368] recvmsg: HELLO 2026-04-26 10:24:53 [Info] [2368] recvmsg: WORK 2026-04-26 10:24:53 [Info] [2368] no use encode, return to old mode 2026-04-26 10:24:53 [Info] [2368] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 10:24:53 [Info] [2368] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 10:24:53 [Info] [2368] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 10:24:53 [Info] [2368] log fd cnt is [250], real fd cnt is [282] 2026-04-26 10:24:53 [Info] [2368] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 10:24:53 [Info] [2368] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-26 10:24:53 [Info] [2368] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-26 10:24:54 [Info] [2368] log memory size is 20480KB, real memory size is 14740KB 2026-04-26 10:24:54 [Info] [2368] item: --windows-registry-check 2026-04-26 10:24:54 [Info] [2368] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-26 10:24:54 [Info] [2368] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-26 10:24:54 [Info] [2368] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 10:24:55 [Info] [2368] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 10:24:55 [Info] [2368] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-04-26 10:24:55 [Info] [2368] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-04-26 10:24:55 [Info] [2368] Prepare stage1: --windows-registry-check 2026-04-26 10:24:55 [Info] [2368] Prepare stage2 2026-04-26 10:25:26 [Info] [2368] stage3: --windows-registry-check 2026-04-26 10:25:26 [Info] [2368] Loader after check 2026-04-26 10:25:27 [Info] [2368] Enter reuse wait state. 2026-04-26 10:25:32 [Info] [2368] recvmsg: EXIT 2026-04-26 10:25:32 [Info] [2368] Recv Exit Msg, Exit... 2026-04-26 10:26:08 [Info] [3748] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-26 10:26:08 [Info] [3748] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap157251777170368 2026-04-26 10:26:08 [Info] [3748] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-26 10:26:08 [Info] [3748] Resource monitor start 2026-04-26 10:26:08 [Info] [3748] ipc client init success 2026-04-26 10:26:08 [Info] [3748] Ipc init: 0 2026-04-26 10:26:08 [Info] [3748] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-26 10:26:08 [Info] [3748] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-26 10:26:08 [Info] [3748] start ipc thread id[184] 2026-04-26 10:26:08 [Info] [3748] Connect Yundun ipc server return state is 0 2026-04-26 10:26:08 [Info] [3748] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-26 10:26:08 [Info] [3748] CResourceMonitor::run Enter 2026-04-26 10:26:08 [Info] [3748] CIpcMsgHandlerMgr::run Enter 2026-04-26 10:26:08 [Info] [3748] Report thread 2026-04-26 10:26:08 [Info] [3748] Monitor thread 2026-04-26 10:26:08 [Info] [3748] Loader thread 2026-04-26 10:26:08 [Info] [3748] PythonEngineImpl Init... 2026-04-26 10:26:08 [Info] [3748] yundun connected 2026-04-26 10:26:09 [Info] [3748] recvmsg: HELLO 2026-04-26 10:26:09 [Info] [3748] recvmsg: WORK 2026-04-26 10:26:09 [Info] [3748] no use encode, return to old mode 2026-04-26 10:26:09 [Info] [3748] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 10:26:09 [Info] [3748] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 10:26:09 [Info] [3748] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 10:26:09 [Info] [3748] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 10:26:09 [Info] [3748] log fd cnt is [250], real fd cnt is [282] 2026-04-26 10:26:09 [Info] [3748] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-26 10:26:09 [Info] [3748] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-26 10:26:10 [Info] [3748] log memory size is 20480KB, real memory size is 14840KB 2026-04-26 10:26:10 [Info] [3748] item: --windows-driver-version-check 2026-04-26 10:26:10 [Info] [3748] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-26 10:26:10 [Info] [3748] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-26 10:26:10 [Info] [3748] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 10:26:11 [Info] [3748] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 10:26:11 [Info] [3748] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-04-26 10:26:11 [Info] [3748] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-04-26 10:26:11 [Info] [3748] Prepare stage1: --windows-driver-version-check 2026-04-26 10:26:11 [Info] [3748] Prepare stage2 2026-04-26 10:26:11 [Info] [3748] stage3: --windows-driver-version-check 2026-04-26 10:26:11 [Info] [3748] Loader after check 2026-04-26 10:26:12 [Info] [3748] Enter reuse wait state. 2026-04-26 10:26:16 [Info] [3748] recvmsg: EXIT 2026-04-26 10:26:16 [Info] [3748] Recv Exit Msg, Exit... 2026-04-26 10:28:57 [Info] [2448] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-26 10:28:57 [Info] [2448] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap162771777170537 2026-04-26 10:28:57 [Info] [2448] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-26 10:28:57 [Info] [2448] Resource monitor start 2026-04-26 10:28:57 [Info] [2448] ipc client init success 2026-04-26 10:28:57 [Info] [2448] Ipc init: 0 2026-04-26 10:28:57 [Info] [2448] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-26 10:28:57 [Info] [2448] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-26 10:28:57 [Info] [2448] start ipc thread id[4540] 2026-04-26 10:28:57 [Info] [2448] Connect Yundun ipc server return state is 0 2026-04-26 10:28:57 [Info] [2448] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-26 10:28:57 [Info] [2448] CResourceMonitor::run Enter 2026-04-26 10:28:57 [Info] [2448] CIpcMsgHandlerMgr::run Enter 2026-04-26 10:28:57 [Info] [2448] Report thread 2026-04-26 10:28:57 [Info] [2448] Monitor thread 2026-04-26 10:28:57 [Info] [2448] Loader thread 2026-04-26 10:28:57 [Info] [2448] PythonEngineImpl Init... 2026-04-26 10:28:57 [Info] [2448] yundun connected 2026-04-26 10:28:58 [Info] [2448] recvmsg: HELLO 2026-04-26 10:28:58 [Info] [2448] recvmsg: WORK 2026-04-26 10:28:58 [Info] [2448] no use encode, return to old mode 2026-04-26 10:28:58 [Info] [2448] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 10:28:58 [Info] [2448] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 10:28:58 [Info] [2448] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 10:28:58 [Info] [2448] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 10:28:58 [Info] [2448] log fd cnt is [250], real fd cnt is [282] 2026-04-26 10:28:58 [Info] [2448] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-26 10:28:58 [Info] [2448] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-26 10:28:59 [Info] [2448] log memory size is 20480KB, real memory size is 14828KB 2026-04-26 10:28:59 [Info] [2448] item: --tcp-connect-check 2026-04-26 10:28:59 [Info] [2448] cgroup name aegisRtap0 2026-04-26 10:28:59 [Info] [2448] try get sys version 2026-04-26 10:28:59 [Info] [2448] win sys info:2/10:0:3 2026-04-26 10:28:59 [Info] [2448] suit legal version, enable cpu control 2026-04-26 10:28:59 [Info] [2448] get AssignProcessToJobObject handle [00000478] 2026-04-26 10:28:59 [Info] [2448] Set setJobExtended. 2026-04-26 10:28:59 [Info] [2448] Set cpu [9%] 2026-04-26 10:28:59 [Info] [2448] Set cpu success 2026-04-26 10:28:59 [Info] [2448] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-26 10:28:59 [Info] [2448] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-26 10:28:59 [Info] [2448] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 10:28:59 [Info] [2448] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 10:28:59 [Info] [2448] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-04-26 10:28:59 [Info] [2448] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-04-26 10:29:00 [Info] [2448] Prepare stage1: --tcp-connect-check 2026-04-26 10:29:00 [Info] [2448] Prepare stage2 2026-04-26 10:29:02 [Info] [2448] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-26 10:29:03 [Info] [2448] stage3: --tcp-connect-check 2026-04-26 10:29:03 [Info] [2448] Loader after check 2026-04-26 10:29:04 [Info] [2448] Enter reuse wait state. 2026-04-26 10:29:09 [Info] [2448] recvmsg: EXIT 2026-04-26 10:29:09 [Info] [2448] Recv Exit Msg, Exit... 2026-04-26 10:31:13 [Info] [276] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-26 10:31:13 [Info] [276] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap167211777170673 2026-04-26 10:31:13 [Info] [276] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-26 10:31:13 [Info] [276] Resource monitor start 2026-04-26 10:31:13 [Info] [276] ipc client init success 2026-04-26 10:31:13 [Info] [276] Ipc init: 0 2026-04-26 10:31:13 [Info] [276] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-26 10:31:13 [Info] [276] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-26 10:31:13 [Info] [276] start ipc thread id[4076] 2026-04-26 10:31:13 [Info] [276] Connect Yundun ipc server return state is 0 2026-04-26 10:31:13 [Info] [276] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-26 10:31:13 [Info] [276] CResourceMonitor::run Enter 2026-04-26 10:31:13 [Info] [276] CIpcMsgHandlerMgr::run Enter 2026-04-26 10:31:13 [Info] [276] Report thread 2026-04-26 10:31:13 [Info] [276] Monitor thread 2026-04-26 10:31:13 [Info] [276] Loader thread 2026-04-26 10:31:13 [Info] [276] PythonEngineImpl Init... 2026-04-26 10:31:14 [Info] [276] yundun connected 2026-04-26 10:31:14 [Info] [276] recvmsg: HELLO 2026-04-26 10:31:14 [Info] [276] recvmsg: WORK 2026-04-26 10:31:14 [Info] [276] no use encode, return to old mode 2026-04-26 10:31:14 [Info] [276] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 10:31:14 [Info] [276] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 10:31:14 [Info] [276] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 10:31:14 [Info] [276] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 10:31:14 [Info] [276] log fd cnt is [250], real fd cnt is [282] 2026-04-26 10:31:14 [Info] [276] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-26 10:31:14 [Info] [276] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-26 10:31:15 [Info] [276] log memory size is 20480KB, real memory size is 14808KB 2026-04-26 10:31:16 [Info] [276] item: --windows-schedule-task-check 2026-04-26 10:31:16 [Info] [276] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-26 10:31:16 [Info] [276] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-26 10:31:16 [Info] [276] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 10:31:16 [Info] [276] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 10:31:16 [Info] [276] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-04-26 10:31:16 [Info] [276] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-04-26 10:31:16 [Info] [276] Prepare stage1: --windows-schedule-task-check 2026-04-26 10:31:16 [Info] [276] Prepare stage2 2026-04-26 10:31:16 [Warn] [276] high cpu, cpu is 15 2026-04-26 10:31:16 [Info] [276] try get sys version 2026-04-26 10:31:16 [Info] [276] win sys info:2/10:0:3 2026-04-26 10:31:16 [Info] [276] suit legal version, enable cpu control 2026-04-26 10:31:16 [Warn] [276] High CPU Warning: 15 2026-04-26 10:31:16 [Warn] [276] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:<COMObject <unknown>> line: 2 in func: GetTasks File:windows-schedule-task-check.py line: 347 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 372 in func: GetScheduleTaskByCom File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks File:windows-schedule-task-check.py line: 425 in func: check File:windows-schedule-task-check.py line: 61 in func: main File:windows-schedule-task-check.py line: 433 in func: start 2026-04-26 10:31:19 [Info] [276] log memory size is 30720KB, real memory size is 23640KB 2026-04-26 10:31:21 [Info] [276] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-26 10:31:47 [Info] [276] stage3: --windows-schedule-task-check 2026-04-26 10:31:47 [Info] [276] Loader after check 2026-04-26 10:31:48 [Info] [276] Enter reuse wait state. 2026-04-26 10:31:53 [Info] [276] recvmsg: EXIT 2026-04-26 10:31:53 [Info] [276] Recv Exit Msg, Exit... 2026-04-26 11:09:19 [Info] [2920] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-26 11:09:19 [Info] [2920] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap241831777172958 2026-04-26 11:09:19 [Info] [2920] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-26 11:09:19 [Info] [2920] Resource monitor start 2026-04-26 11:09:19 [Info] [2920] ipc client init success 2026-04-26 11:09:19 [Info] [2920] Ipc init: 0 2026-04-26 11:09:19 [Info] [2920] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-26 11:09:19 [Info] [2920] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-26 11:09:19 [Info] [2920] start ipc thread id[3896] 2026-04-26 11:09:19 [Info] [2920] Connect Yundun ipc server return state is 0 2026-04-26 11:09:19 [Info] [2920] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-26 11:09:19 [Info] [2920] CResourceMonitor::run Enter 2026-04-26 11:09:19 [Info] [2920] CIpcMsgHandlerMgr::run Enter 2026-04-26 11:09:19 [Info] [2920] Report thread 2026-04-26 11:09:19 [Info] [2920] Monitor thread 2026-04-26 11:09:19 [Info] [2920] Loader thread 2026-04-26 11:09:19 [Info] [2920] PythonEngineImpl Init... 2026-04-26 11:09:19 [Info] [2920] yundun connected 2026-04-26 11:09:19 [Info] [2920] recvmsg: HELLO 2026-04-26 11:09:19 [Info] [2920] recvmsg: WORK 2026-04-26 11:09:19 [Info] [2920] no use encode, return to old mode 2026-04-26 11:09:19 [Info] [2920] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 11:09:19 [Info] [2920] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 11:09:19 [Info] [2920] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 11:09:19 [Info] [2920] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 11:09:20 [Info] [2920] log fd cnt is [250], real fd cnt is [282] 2026-04-26 11:09:20 [Info] [2920] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-26 11:09:20 [Info] [2920] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-26 11:09:21 [Info] [2920] log memory size is 20480KB, real memory size is 14828KB 2026-04-26 11:09:21 [Info] [2920] item: --windows-autorun-item-check 2026-04-26 11:09:21 [Info] [2920] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-26 11:09:21 [Info] [2920] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-26 11:09:21 [Info] [2920] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 11:09:21 [Info] [2920] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 11:09:21 [Info] [2920] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-04-26 11:09:21 [Info] [2920] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-04-26 11:09:21 [Info] [2920] Prepare stage1: --windows-autorun-item-check 2026-04-26 11:09:21 [Info] [2920] Prepare stage2 2026-04-26 11:09:25 [Info] [2920] log memory size is 30720KB, real memory size is 22584KB 2026-04-26 11:09:31 [Info] [2920] stage3: --windows-autorun-item-check 2026-04-26 11:09:31 [Info] [2920] Loader after check 2026-04-26 11:09:32 [Info] [2920] Enter reuse wait state. 2026-04-26 11:09:34 [Info] [2920] recvmsg: EXIT 2026-04-26 11:09:34 [Info] [2920] Recv Exit Msg, Exit... 2026-04-26 11:36:43 [Info] [5004] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-26 11:36:43 [Info] [5004] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap295381777174598 2026-04-26 11:36:43 [Info] [5004] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-26 11:36:43 [Info] [5004] Resource monitor start 2026-04-26 11:36:43 [Info] [5004] ipc client init success 2026-04-26 11:36:43 [Info] [5004] Ipc init: 0 2026-04-26 11:36:43 [Info] [5004] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-26 11:36:43 [Info] [5004] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-26 11:36:47 [Info] [5004] start ipc thread id[5020] 2026-04-26 11:36:47 [Info] [5004] Connect Yundun ipc server return state is 0 2026-04-26 11:36:47 [Info] [5004] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-26 11:36:52 [Info] [5004] CResourceMonitor::run Enter 2026-04-26 11:36:53 [Info] [5004] log fd cnt is [250], real fd cnt is [242] 2026-04-26 11:36:53 [Info] [5004] CIpcMsgHandlerMgr::run Enter 2026-04-26 11:36:57 [Info] [5004] yundun connected 2026-04-26 11:36:57 [Info] [5004] recvmsg: HELLO 2026-04-26 11:36:57 [Info] [5004] recvmsg: WORK 2026-04-26 11:36:57 [Info] [5004] no use encode, return to old mode 2026-04-26 11:36:58 [Info] [5004] Loader thread 2026-04-26 11:36:58 [Info] [5004] PythonEngineImpl Init... 2026-04-26 11:36:58 [Info] [5004] Monitor thread 2026-04-26 11:36:58 [Info] [5004] Report thread 2026-04-26 11:36:58 [Info] [5004] log memory size is 20480KB, real memory size is 12872KB 2026-04-26 11:36:58 [Info] [5004] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 11:36:58 [Info] [5004] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 11:36:58 [Info] [5004] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 11:37:25 [Warn] [5004] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-26 11:37:35 [Warn] [5004] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-26 11:37:35 [Info] [5004] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 11:37:36 [Info] [5004] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-26 11:37:36 [Info] [5004] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-26 11:37:37 [Info] [5004] item: --windows-sysinfoext-check 2026-04-26 11:37:37 [Info] [5004] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-26 11:37:37 [Info] [5004] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-26 11:37:37 [Info] [5004] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 11:37:37 [Info] [5004] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 11:37:37 [Info] [5004] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-26 11:37:37 [Info] [5004] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-26 11:37:37 [Info] [5004] Prepare stage1: --windows-sysinfoext-check 2026-04-26 11:37:37 [Info] [5004] Prepare stage2 2026-04-26 11:37:37 [Warn] [5004] high cpu, cpu is 13 2026-04-26 11:37:37 [Info] [5004] try get sys version 2026-04-26 11:37:37 [Info] [5004] win sys info:2/10:0:3 2026-04-26 11:37:37 [Info] [5004] suit legal version, enable cpu control 2026-04-26 11:37:37 [Warn] [5004] High CPU Warning: 13 2026-04-26 11:37:37 [Warn] [5004] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:dynamic.py line: 406 in func: _LazyAddAttr_ File:dynamic.py line: 388 in func: __LazyMap__ File:dynamic.py line: 493 in func: __getattr__ File:wmi.py line: 492 in func: __init__ File:wmi.py line: 781 in func: __init__ File:wmi.py line: 1156 in func: _cached_classes File:wmi.py line: 1145 in func: __getattr__ File:windows-sysinfoext-check.py line: 50 in func: GetSysCpuInfo File:windows-sysinfoext-check.py line: 174 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-04-26 11:37:38 [Info] [5004] log memory size is 30720KB, real memory size is 23036KB 2026-04-26 11:37:39 [Info] [5004] stage3: --windows-sysinfoext-check 2026-04-26 11:37:39 [Info] [5004] Loader after check 2026-04-26 11:37:39 [Warn] [5004] high cpu, cpu is 15 2026-04-26 11:37:39 [Warn] [5004] High CPU Warning: 15 2026-04-26 11:37:40 [Info] [5004] Enter reuse wait state. 2026-04-26 11:37:43 [Info] [5004] recvmsg: EXIT 2026-04-26 11:37:43 [Info] [5004] Recv Exit Msg, Exit... 2026-04-26 17:06:03 [Info] [4540] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-26 17:06:03 [Info] [4540] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap284031777194319 2026-04-26 17:06:03 [Info] [4540] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-26 17:06:03 [Info] [4540] Resource monitor start 2026-04-26 17:06:03 [Info] [4540] ipc client init success 2026-04-26 17:06:03 [Info] [4540] Ipc init: 0 2026-04-26 17:06:03 [Info] [4540] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-26 17:06:04 [Info] [4540] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-26 17:06:04 [Info] [4540] CResourceMonitor::run Enter 2026-04-26 17:06:04 [Info] [4540] CIpcMsgHandlerMgr::run Enter 2026-04-26 17:06:04 [Info] [4540] start ipc thread id[184] 2026-04-26 17:06:04 [Info] [4540] Connect Yundun ipc server return state is 0 2026-04-26 17:06:04 [Info] [4540] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-26 17:06:04 [Info] [4540] yundun connected 2026-04-26 17:06:04 [Info] [4540] Report thread 2026-04-26 17:06:04 [Info] [4540] Monitor thread 2026-04-26 17:06:04 [Info] [4540] Loader thread 2026-04-26 17:06:04 [Info] [4540] PythonEngineImpl Init... 2026-04-26 17:06:04 [Info] [4540] recvmsg: HELLO 2026-04-26 17:06:04 [Info] [4540] recvmsg: WORK 2026-04-26 17:06:04 [Info] [4540] no use encode, return to old mode 2026-04-26 17:06:05 [Info] [4540] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 17:06:05 [Info] [4540] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 17:06:05 [Info] [4540] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 17:06:05 [Info] [4540] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 17:06:05 [Info] [4540] log fd cnt is [250], real fd cnt is [286] 2026-04-26 17:06:05 [Info] [4540] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-26 17:06:05 [Info] [4540] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-26 17:06:06 [Info] [4540] log memory size is 20480KB, real memory size is 14800KB 2026-04-26 17:06:06 [Info] [4540] item: --windows-sysinfoext-check 2026-04-26 17:06:06 [Info] [4540] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-26 17:06:06 [Info] [4540] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-26 17:06:06 [Info] [4540] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 17:06:06 [Info] [4540] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 17:06:07 [Info] [4540] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-26 17:06:07 [Info] [4540] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-26 17:06:07 [Info] [4540] Prepare stage1: --windows-sysinfoext-check 2026-04-26 17:06:07 [Info] [4540] Prepare stage2 2026-04-26 17:06:10 [Info] [4540] log memory size is 30720KB, real memory size is 23188KB 2026-04-26 17:06:10 [Info] [4540] stage3: --windows-sysinfoext-check 2026-04-26 17:06:10 [Info] [4540] Loader after check 2026-04-26 17:06:11 [Info] [4540] Enter reuse wait state. 2026-04-26 17:06:15 [Info] [4540] recvmsg: EXIT 2026-04-26 17:06:15 [Info] [4540] Recv Exit Msg, Exit... 2026-04-26 18:04:25 [Info] [1892] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-26 18:04:25 [Info] [1892] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap72141777197865 2026-04-26 18:04:25 [Info] [1892] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-26 18:04:25 [Info] [1892] Resource monitor start 2026-04-26 18:04:25 [Info] [1892] ipc client init success 2026-04-26 18:04:25 [Info] [1892] Ipc init: 0 2026-04-26 18:04:25 [Info] [1892] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-26 18:04:25 [Info] [1892] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-26 18:04:25 [Info] [1892] start ipc thread id[916] 2026-04-26 18:04:25 [Info] [1892] Connect Yundun ipc server return state is 0 2026-04-26 18:04:25 [Info] [1892] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-26 18:04:25 [Info] [1892] CResourceMonitor::run Enter 2026-04-26 18:04:25 [Info] [1892] CIpcMsgHandlerMgr::run Enter 2026-04-26 18:04:25 [Info] [1892] Report thread 2026-04-26 18:04:25 [Info] [1892] Monitor thread 2026-04-26 18:04:25 [Info] [1892] Loader thread 2026-04-26 18:04:25 [Info] [1892] PythonEngineImpl Init... 2026-04-26 18:04:25 [Info] [1892] yundun connected 2026-04-26 18:04:26 [Info] [1892] recvmsg: HELLO 2026-04-26 18:04:26 [Info] [1892] recvmsg: WORK 2026-04-26 18:04:26 [Info] [1892] no use encode, return to old mode 2026-04-26 18:04:26 [Info] [1892] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 18:04:26 [Info] [1892] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 18:04:26 [Info] [1892] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 18:04:26 [Info] [1892] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 18:04:26 [Info] [1892] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-26 18:04:26 [Info] [1892] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-26 18:04:26 [Info] [1892] log fd cnt is [250], real fd cnt is [281] 2026-04-26 18:04:27 [Info] [1892] log memory size is 20480KB, real memory size is 14884KB 2026-04-26 18:04:27 [Info] [1892] item: --secnet_rasp_agent 2026-04-26 18:04:27 [Info] [1892] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-26 18:04:27 [Info] [1892] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-26 18:04:27 [Info] [1892] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-04-26 18:04:27 [Info] [1892] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-26 18:04:27 [Info] [1892] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-04-26 18:04:28 [Info] [1892] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-04-26 18:04:28 [Info] [1892] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-04-26 18:04:28 [Info] [1892] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-04-26 18:04:28 [Info] [1892] Download redirect files success. 2026-04-26 18:04:28 [Info] [1892] Prepare stage1: --secnet_rasp_agent 2026-04-26 18:04:28 [Info] [1892] Prepare stage2 2026-04-26 18:04:28 [Warn] [1892] high cpu, cpu is 13 2026-04-26 18:04:28 [Info] [1892] try get sys version 2026-04-26 18:04:28 [Info] [1892] win sys info:2/10:0:3 2026-04-26 18:04:28 [Info] [1892] suit legal version, enable cpu control 2026-04-26 18:04:28 [Warn] [1892] High CPU Warning: 13 2026-04-26 18:04:28 [Warn] [1892] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:__init__.py line: 7 in func: <module> File:platform.py line: 602 in func: _get_real_winver File:platform.py line: 670 in func: win32_ver File:platform.py line: 1194 in func: uname File:platform.py line: 1298 in func: system File:secnet_rasp_agent_lib.py line: 51 in func: read_host_uuid File:secnet_rasp_agent.py line: 218 in func: main File:secnet_rasp_agent.py line: 240 in func: start 2026-04-26 18:04:29 [Info] [1892] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-26 18:04:29 [Info] [1892] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-26 18:04:29 [Info] [1892] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 18:04:29 [Info] [1892] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 18:04:29 [Info] [1892] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-04-26 18:04:29 [Info] [1892] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-26 18:04:29 [Info] [1892] stage3: --secnet_rasp_agent 2026-04-26 18:04:29 [Info] [1892] Loader after check 2026-04-26 18:04:30 [Info] [1892] Enter reuse wait state. 2026-04-26 18:04:32 [Info] [1892] log memory size is 30720KB, real memory size is 21368KB 2026-04-26 18:04:33 [Info] [1892] recvmsg: EXIT 2026-04-26 18:04:33 [Info] [1892] Recv Exit Msg, Exit... 2026-04-26 22:34:22 [Info] [2364] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-26 22:34:22 [Info] [2364] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap272801777214044 2026-04-26 22:34:22 [Info] [2364] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-26 22:34:22 [Info] [2364] Resource monitor start 2026-04-26 22:34:22 [Info] [2364] ipc client init success 2026-04-26 22:34:22 [Info] [2364] Ipc init: 0 2026-04-26 22:34:22 [Info] [2364] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-26 22:34:22 [Info] [2364] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-26 22:34:22 [Info] [2364] start ipc thread id[1440] 2026-04-26 22:34:22 [Info] [2364] Connect Yundun ipc server return state is 0 2026-04-26 22:34:22 [Info] [2364] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-26 22:34:22 [Info] [2364] CResourceMonitor::run Enter 2026-04-26 22:34:22 [Info] [2364] CIpcMsgHandlerMgr::run Enter 2026-04-26 22:34:22 [Info] [2364] Report thread 2026-04-26 22:34:22 [Info] [2364] Monitor thread 2026-04-26 22:34:22 [Info] [2364] Loader thread 2026-04-26 22:34:22 [Info] [2364] PythonEngineImpl Init... 2026-04-26 22:34:27 [Info] [2364] yundun connected 2026-04-26 22:34:27 [Info] [2364] recvmsg: HELLO 2026-04-26 22:34:27 [Info] [2364] recvmsg: WORK 2026-04-26 22:34:27 [Info] [2364] no use encode, return to old mode 2026-04-26 22:34:27 [Info] [2364] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 22:34:27 [Info] [2364] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-26 22:34:27 [Info] [2364] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 22:34:28 [Info] [2364] log fd cnt is [250], real fd cnt is [264] 2026-04-26 22:34:29 [Info] [2364] log memory size is 20480KB, real memory size is 13152KB 2026-04-26 22:34:44 [Warn] [2364] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-26 22:34:54 [Warn] [2364] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-26 22:35:04 [Warn] [2364] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-26 22:35:04 [Info] [2364] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 22:35:04 [Info] [2364] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-26 22:35:04 [Info] [2364] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-26 22:35:05 [Info] [2364] item: --windows-sysinfoext-check 2026-04-26 22:35:05 [Info] [2364] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-26 22:35:05 [Info] [2364] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-26 22:35:05 [Info] [2364] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-26 22:35:05 [Info] [2364] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-26 22:35:05 [Info] [2364] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-26 22:35:05 [Info] [2364] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-26 22:35:06 [Info] [2364] Prepare stage1: --windows-sysinfoext-check 2026-04-26 22:35:06 [Info] [2364] Prepare stage2 2026-04-26 22:35:06 [Warn] [2364] high cpu, cpu is 15 2026-04-26 22:35:06 [Info] [2364] try get sys version 2026-04-26 22:35:06 [Info] [2364] win sys info:2/10:0:3 2026-04-26 22:35:06 [Info] [2364] suit legal version, enable cpu control 2026-04-26 22:35:06 [Warn] [2364] High CPU Warning: 15 2026-04-26 22:35:07 [Warn] [2364] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-26 22:35:07 [Info] [2364] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-26 22:35:08 [Info] [2364] stage3: --windows-sysinfoext-check 2026-04-26 22:35:08 [Info] [2364] Loader after check 2026-04-26 22:35:09 [Info] [2364] Enter reuse wait state. 2026-04-26 22:35:10 [Info] [2364] log memory size is 30720KB, real memory size is 23428KB 2026-04-26 22:35:10 [Info] [2364] recvmsg: EXIT 2026-04-26 22:35:10 [Info] [2364] Recv Exit Msg, Exit... 2026-05-03 02:01:17 [Info] [3144] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-03 02:01:17 [Info] [3144] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap240531777744877 2026-05-03 02:01:17 [Info] [3144] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-03 02:01:17 [Info] [3144] Resource monitor start 2026-05-03 02:01:17 [Info] [3144] ipc client init success 2026-05-03 02:01:17 [Info] [3144] Ipc init: 0 2026-05-03 02:01:17 [Info] [3144] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-03 02:01:17 [Info] [3144] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-03 02:01:17 [Info] [3144] start ipc thread id[1640] 2026-05-03 02:01:17 [Info] [3144] Connect Yundun ipc server return state is 0 2026-05-03 02:01:17 [Info] [3144] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-03 02:01:17 [Info] [3144] CResourceMonitor::run Enter 2026-05-03 02:01:17 [Info] [3144] CIpcMsgHandlerMgr::run Enter 2026-05-03 02:01:17 [Info] [3144] Report thread 2026-05-03 02:01:17 [Info] [3144] Monitor thread 2026-05-03 02:01:17 [Info] [3144] Loader thread 2026-05-03 02:01:17 [Info] [3144] PythonEngineImpl Init... 2026-05-03 02:01:17 [Info] [3144] yundun connected 2026-05-03 02:01:18 [Info] [3144] recvmsg: HELLO 2026-05-03 02:01:18 [Info] [3144] recvmsg: WORK 2026-05-03 02:01:18 [Info] [3144] no use encode, return to old mode 2026-05-03 02:01:18 [Info] [3144] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 02:01:18 [Info] [3144] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 02:01:18 [Info] [3144] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 02:01:18 [Info] [3144] log fd cnt is [250], real fd cnt is [282] 2026-05-03 02:01:18 [Info] [3144] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 02:01:18 [Info] [3144] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-03 02:01:18 [Info] [3144] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-03 02:01:19 [Info] [3144] log memory size is 20480KB, real memory size is 14824KB 2026-05-03 02:01:19 [Info] [3144] item: --sca 2026-05-03 02:01:19 [Info] [3144] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-05-03 02:01:20 [Info] [3144] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-05-03 02:01:20 [Info] [3144] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-05-03 02:01:20 [Info] [3144] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-05-03 02:01:20 [Info] [3144] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-05-03 02:01:20 [Info] [3144] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-05-03 02:01:20 [Info] [3144] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-05-03 02:01:20 [Info] [3144] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-05-03 02:01:20 [Info] [3144] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-05-03 02:01:20 [Info] [3144] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-05-03 02:01:20 [Info] [3144] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-05-03 02:01:20 [Info] [3144] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-05-03 02:01:20 [Info] [3144] Download redirect files success. 2026-05-03 02:01:20 [Info] [3144] Prepare stage1: --sca 2026-05-03 02:01:20 [Info] [3144] Prepare stage2 2026-05-03 02:01:22 [Warn] [3144] high cpu, cpu is 33 2026-05-03 02:01:22 [Info] [3144] try get sys version 2026-05-03 02:01:22 [Info] [3144] win sys info:2/10:0:3 2026-05-03 02:01:22 [Info] [3144] suit legal version, enable cpu control 2026-05-03 02:01:22 [Warn] [3144] High CPU Warning: 33 2026-05-03 02:01:22 [Warn] [3144] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:mbcs.py line: 9 in func: <module> File:__init__.py line: 100 in func: search_function File:_pswindows.py line: 243 in func: py2_strencode File:_pswindows.py line: 782 in func: exe File:_pswindows.py line: 716 in func: wrapper File:_pswindows.py line: 765 in func: name File:_pswindows.py line: 716 in func: wrapper File:__init__.py line: 730 in func: name File:sca.py line: 78 in func: init_analyzer File:sca.py line: 390 in func: start 2026-05-03 02:01:23 [Info] [3144] log memory size is 30720KB, real memory size is 32744KB 2026-05-03 02:01:27 [Info] [3144] log memory size is 40960KB, real memory size is 33180KB 2026-05-03 02:01:34 [Info] [3144] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-03 02:01:57 [Info] [3144] stage3: --sca 2026-05-03 02:01:57 [Info] [3144] Loader after check 2026-05-03 02:01:58 [Info] [3144] Enter reuse wait state. 2026-05-03 02:02:01 [Info] [3144] recvmsg: EXIT 2026-05-03 02:02:01 [Info] [3144] Recv Exit Msg, Exit... 2026-05-03 02:03:34 [Info] [4868] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-03 02:03:34 [Info] [4868] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap244971777745013 2026-05-03 02:03:34 [Info] [4868] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-03 02:03:34 [Info] [4868] Resource monitor start 2026-05-03 02:03:34 [Info] [4868] ipc client init success 2026-05-03 02:03:34 [Info] [4868] Ipc init: 0 2026-05-03 02:03:34 [Info] [4868] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-03 02:03:34 [Info] [4868] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-03 02:03:34 [Info] [4868] start ipc thread id[4612] 2026-05-03 02:03:34 [Info] [4868] Connect Yundun ipc server return state is 0 2026-05-03 02:03:34 [Info] [4868] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-03 02:03:34 [Info] [4868] CResourceMonitor::run Enter 2026-05-03 02:03:34 [Info] [4868] CIpcMsgHandlerMgr::run Enter 2026-05-03 02:03:34 [Info] [4868] Report thread 2026-05-03 02:03:34 [Info] [4868] Monitor thread 2026-05-03 02:03:34 [Info] [4868] Loader thread 2026-05-03 02:03:34 [Info] [4868] PythonEngineImpl Init... 2026-05-03 02:03:34 [Info] [4868] yundun connected 2026-05-03 02:03:34 [Info] [4868] recvmsg: HELLO 2026-05-03 02:03:34 [Info] [4868] recvmsg: WORK 2026-05-03 02:03:34 [Info] [4868] no use encode, return to old mode 2026-05-03 02:03:34 [Info] [4868] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 02:03:34 [Info] [4868] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 02:03:34 [Info] [4868] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 02:03:35 [Info] [4868] log fd cnt is [250], real fd cnt is [282] 2026-05-03 02:03:35 [Info] [4868] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 02:03:35 [Info] [4868] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-03 02:03:35 [Info] [4868] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-03 02:03:36 [Info] [4868] log memory size is 20480KB, real memory size is 14792KB 2026-05-03 02:03:36 [Info] [4868] item: --windows-sysinfoext-check 2026-05-03 02:03:36 [Info] [4868] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-03 02:03:36 [Info] [4868] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-03 02:03:36 [Info] [4868] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 02:03:36 [Info] [4868] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 02:03:36 [Info] [4868] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-03 02:03:36 [Info] [4868] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-03 02:03:36 [Info] [4868] Prepare stage1: --windows-sysinfoext-check 2026-05-03 02:03:36 [Info] [4868] Prepare stage2 2026-05-03 02:03:38 [Info] [4868] stage3: --windows-sysinfoext-check 2026-05-03 02:03:38 [Info] [4868] Loader after check 2026-05-03 02:03:39 [Warn] [4868] high cpu, cpu is 12 2026-05-03 02:03:39 [Info] [4868] try get sys version 2026-05-03 02:03:39 [Info] [4868] win sys info:2/10:0:3 2026-05-03 02:03:39 [Info] [4868] suit legal version, enable cpu control 2026-05-03 02:03:39 [Warn] [4868] High CPU Warning: 12 2026-05-03 02:03:39 [Warn] [4868] resource monitor exp type: High CPU Warning, script runing: 0 2026-05-03 02:03:39 [Info] [4868] Enter reuse wait state. 2026-05-03 02:03:40 [Info] [4868] log memory size is 30720KB, real memory size is 23316KB 2026-05-03 02:03:41 [Info] [4868] recvmsg: EXIT 2026-05-03 02:03:41 [Info] [4868] Recv Exit Msg, Exit... 2026-05-03 07:32:04 [Info] [3960] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-03 07:32:04 [Info] [3960] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap233291777764724 2026-05-03 07:32:04 [Info] [3960] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-03 07:32:04 [Info] [3960] Resource monitor start 2026-05-03 07:32:04 [Info] [3960] ipc client init success 2026-05-03 07:32:04 [Info] [3960] Ipc init: 0 2026-05-03 07:32:04 [Info] [3960] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-03 07:32:04 [Info] [3960] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-03 07:32:04 [Info] [3960] start ipc thread id[2056] 2026-05-03 07:32:04 [Info] [3960] Connect Yundun ipc server return state is 0 2026-05-03 07:32:04 [Info] [3960] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-03 07:32:04 [Info] [3960] CResourceMonitor::run Enter 2026-05-03 07:32:04 [Info] [3960] CIpcMsgHandlerMgr::run Enter 2026-05-03 07:32:04 [Info] [3960] Report thread 2026-05-03 07:32:04 [Info] [3960] Monitor thread 2026-05-03 07:32:04 [Info] [3960] Loader thread 2026-05-03 07:32:04 [Info] [3960] PythonEngineImpl Init... 2026-05-03 07:32:05 [Info] [3960] yundun connected 2026-05-03 07:32:05 [Info] [3960] recvmsg: HELLO 2026-05-03 07:32:05 [Info] [3960] recvmsg: WORK 2026-05-03 07:32:05 [Info] [3960] no use encode, return to old mode 2026-05-03 07:32:05 [Info] [3960] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 07:32:05 [Info] [3960] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 07:32:05 [Info] [3960] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 07:32:05 [Info] [3960] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 07:32:06 [Info] [3960] log fd cnt is [250], real fd cnt is [282] 2026-05-03 07:32:06 [Info] [3960] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-03 07:32:06 [Info] [3960] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-03 07:32:07 [Info] [3960] log memory size is 20480KB, real memory size is 14832KB 2026-05-03 07:32:07 [Info] [3960] item: --windows-sysinfoext-check 2026-05-03 07:32:07 [Info] [3960] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-03 07:32:07 [Info] [3960] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-03 07:32:07 [Info] [3960] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 07:32:07 [Info] [3960] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 07:32:07 [Info] [3960] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-03 07:32:07 [Info] [3960] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-03 07:32:07 [Info] [3960] Prepare stage1: --windows-sysinfoext-check 2026-05-03 07:32:07 [Info] [3960] Prepare stage2 2026-05-03 07:32:08 [Warn] [3960] high cpu, cpu is 15 2026-05-03 07:32:08 [Info] [3960] try get sys version 2026-05-03 07:32:08 [Info] [3960] win sys info:2/10:0:3 2026-05-03 07:32:08 [Info] [3960] suit legal version, enable cpu control 2026-05-03 07:32:08 [Warn] [3960] High CPU Warning: 15 2026-05-03 07:32:08 [Warn] [3960] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:<string> line: 12 in func: __init__ File:wmi.py line: 1145 in func: __getattr__ File:wmi.py line: 783 in func: __init__ File:wmi.py line: 1156 in func: _cached_classes File:wmi.py line: 1145 in func: __getattr__ File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-05-03 07:32:09 [Info] [3960] stage3: --windows-sysinfoext-check 2026-05-03 07:32:09 [Info] [3960] Loader after check 2026-05-03 07:32:10 [Warn] [3960] high cpu, cpu is 13 2026-05-03 07:32:10 [Warn] [3960] High CPU Warning: 13 2026-05-03 07:32:10 [Info] [3960] Enter reuse wait state. 2026-05-03 07:32:11 [Info] [3960] log memory size is 30720KB, real memory size is 23440KB 2026-05-03 07:32:12 [Info] [3960] recvmsg: EXIT 2026-05-03 07:32:12 [Info] [3960] Recv Exit Msg, Exit... 2026-05-03 07:43:48 [Info] [4976] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-03 07:43:48 [Info] [4976] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap256281777765428 2026-05-03 07:43:48 [Info] [4976] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-03 07:43:48 [Info] [4976] Resource monitor start 2026-05-03 07:43:48 [Info] [4976] ipc client init success 2026-05-03 07:43:48 [Info] [4976] Ipc init: 0 2026-05-03 07:43:48 [Info] [4976] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-03 07:43:48 [Info] [4976] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-03 07:43:48 [Info] [4976] start ipc thread id[4240] 2026-05-03 07:43:48 [Info] [4976] Connect Yundun ipc server return state is 0 2026-05-03 07:43:48 [Info] [4976] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-03 07:43:48 [Info] [4976] CResourceMonitor::run Enter 2026-05-03 07:43:48 [Info] [4976] CIpcMsgHandlerMgr::run Enter 2026-05-03 07:43:48 [Info] [4976] Report thread 2026-05-03 07:43:48 [Info] [4976] Monitor thread 2026-05-03 07:43:48 [Info] [4976] Loader thread 2026-05-03 07:43:48 [Info] [4976] PythonEngineImpl Init... 2026-05-03 07:43:48 [Info] [4976] yundun connected 2026-05-03 07:43:49 [Info] [4976] recvmsg: HELLO 2026-05-03 07:43:49 [Info] [4976] recvmsg: WORK 2026-05-03 07:43:49 [Info] [4976] no use encode, return to old mode 2026-05-03 07:43:49 [Info] [4976] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 07:43:49 [Info] [4976] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 07:43:49 [Info] [4976] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 07:43:49 [Info] [4976] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 07:43:49 [Info] [4976] log fd cnt is [250], real fd cnt is [282] 2026-05-03 07:43:49 [Info] [4976] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-03 07:43:49 [Info] [4976] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-03 07:43:50 [Info] [4976] log memory size is 20480KB, real memory size is 14860KB 2026-05-03 07:43:51 [Info] [4976] item: --windows-vul-clean 2026-05-03 07:43:51 [Info] [4976] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-05-03 07:43:51 [Info] [4976] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-05-03 07:43:51 [Info] [4976] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 07:43:51 [Info] [4976] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 07:43:51 [Info] [4976] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-05-03 07:43:51 [Info] [4976] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-05-03 07:43:51 [Info] [4976] Prepare stage1: --windows-vul-clean 2026-05-03 07:43:51 [Info] [4976] Prepare stage2 2026-05-03 07:43:51 [Info] [4976] stage3: --windows-vul-clean 2026-05-03 07:43:51 [Info] [4976] Loader after check 2026-05-03 07:43:52 [Info] [4976] Enter reuse wait state. 2026-05-03 07:43:56 [Info] [4976] recvmsg: EXIT 2026-05-03 07:43:56 [Info] [4976] Recv Exit Msg, Exit... 2026-05-03 08:42:37 [Info] [4996] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-03 08:42:37 [Info] [4996] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap43851777768957 2026-05-03 08:42:37 [Info] [4996] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-03 08:42:37 [Info] [4996] Resource monitor start 2026-05-03 08:42:37 [Info] [4996] ipc client init success 2026-05-03 08:42:37 [Info] [4996] Ipc init: 0 2026-05-03 08:42:37 [Info] [4996] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-03 08:42:37 [Info] [4996] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-03 08:42:37 [Info] [4996] start ipc thread id[4284] 2026-05-03 08:42:37 [Info] [4996] Connect Yundun ipc server return state is 0 2026-05-03 08:42:37 [Info] [4996] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-03 08:42:37 [Info] [4996] CResourceMonitor::run Enter 2026-05-03 08:42:37 [Info] [4996] CIpcMsgHandlerMgr::run Enter 2026-05-03 08:42:37 [Info] [4996] Report thread 2026-05-03 08:42:37 [Info] [4996] Monitor thread 2026-05-03 08:42:37 [Info] [4996] Loader thread 2026-05-03 08:42:37 [Info] [4996] PythonEngineImpl Init... 2026-05-03 08:42:37 [Info] [4996] yundun connected 2026-05-03 08:42:38 [Info] [4996] recvmsg: HELLO 2026-05-03 08:42:38 [Info] [4996] recvmsg: WORK 2026-05-03 08:42:38 [Info] [4996] no use encode, return to old mode 2026-05-03 08:42:38 [Info] [4996] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 08:42:38 [Info] [4996] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 08:42:38 [Info] [4996] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 08:42:38 [Info] [4996] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 08:42:38 [Info] [4996] log fd cnt is [250], real fd cnt is [282] 2026-05-03 08:42:38 [Info] [4996] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-03 08:42:38 [Info] [4996] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-03 08:42:39 [Info] [4996] log memory size is 20480KB, real memory size is 14864KB 2026-05-03 08:42:39 [Info] [4996] item: --windows-process-check 2026-05-03 08:42:39 [Info] [4996] cgroup name aegisRtap0 2026-05-03 08:42:39 [Info] [4996] try get sys version 2026-05-03 08:42:39 [Info] [4996] win sys info:2/10:0:3 2026-05-03 08:42:39 [Info] [4996] suit legal version, enable cpu control 2026-05-03 08:42:39 [Info] [4996] get AssignProcessToJobObject handle [00000478] 2026-05-03 08:42:39 [Info] [4996] Set setJobExtended. 2026-05-03 08:42:39 [Info] [4996] Set cpu [9%] 2026-05-03 08:42:39 [Info] [4996] Set cpu success 2026-05-03 08:42:39 [Info] [4996] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-05-03 08:42:39 [Info] [4996] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-05-03 08:42:39 [Info] [4996] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 08:42:39 [Info] [4996] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 08:42:40 [Info] [4996] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-05-03 08:42:40 [Info] [4996] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-05-03 08:42:40 [Info] [4996] Prepare stage1: --windows-process-check 2026-05-03 08:42:40 [Info] [4996] Prepare stage2 2026-05-03 08:42:43 [Info] [4996] log memory size is 30720KB, real memory size is 20608KB 2026-05-03 08:42:58 [Info] [4996] stage3: --windows-process-check 2026-05-03 08:42:58 [Info] [4996] Loader after check 2026-05-03 08:42:59 [Info] [4996] Enter reuse wait state. 2026-05-03 08:43:01 [Info] [4996] recvmsg: EXIT 2026-05-03 08:43:01 [Info] [4996] Recv Exit Msg, Exit... 2026-05-03 10:24:24 [Info] [4456] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-03 10:24:24 [Info] [4456] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap243271777775064 2026-05-03 10:24:24 [Info] [4456] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-03 10:24:24 [Info] [4456] Resource monitor start 2026-05-03 10:24:24 [Info] [4456] ipc client init success 2026-05-03 10:24:24 [Info] [4456] Ipc init: 0 2026-05-03 10:24:24 [Info] [4456] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-03 10:24:24 [Info] [4456] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-03 10:24:24 [Info] [4456] start ipc thread id[4564] 2026-05-03 10:24:24 [Info] [4456] Connect Yundun ipc server return state is 0 2026-05-03 10:24:24 [Info] [4456] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-03 10:24:24 [Info] [4456] CResourceMonitor::run Enter 2026-05-03 10:24:24 [Info] [4456] CIpcMsgHandlerMgr::run Enter 2026-05-03 10:24:24 [Info] [4456] Report thread 2026-05-03 10:24:24 [Info] [4456] Monitor thread 2026-05-03 10:24:24 [Info] [4456] Loader thread 2026-05-03 10:24:24 [Info] [4456] PythonEngineImpl Init... 2026-05-03 10:24:24 [Info] [4456] yundun connected 2026-05-03 10:24:24 [Info] [4456] recvmsg: HELLO 2026-05-03 10:24:25 [Info] [4456] recvmsg: WORK 2026-05-03 10:24:25 [Info] [4456] no use encode, return to old mode 2026-05-03 10:24:25 [Info] [4456] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 10:24:25 [Info] [4456] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 10:24:25 [Info] [4456] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 10:24:25 [Info] [4456] log fd cnt is [250], real fd cnt is [282] 2026-05-03 10:24:25 [Info] [4456] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 10:24:25 [Info] [4456] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-03 10:24:25 [Info] [4456] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-03 10:24:26 [Info] [4456] log memory size is 20480KB, real memory size is 14748KB 2026-05-03 10:24:26 [Info] [4456] item: --windows-registry-check 2026-05-03 10:24:26 [Info] [4456] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-05-03 10:24:26 [Info] [4456] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-05-03 10:24:26 [Info] [4456] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 10:24:26 [Info] [4456] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 10:24:27 [Info] [4456] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-05-03 10:24:27 [Info] [4456] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-05-03 10:24:27 [Info] [4456] Prepare stage1: --windows-registry-check 2026-05-03 10:24:27 [Info] [4456] Prepare stage2 2026-05-03 10:24:29 [Info] [1560] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-03 10:24:29 [Info] [1560] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap243441777775069 2026-05-03 10:24:29 [Info] [1560] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-03 10:24:29 [Info] [1560] Resource monitor start 2026-05-03 10:24:29 [Info] [1560] ipc client init success 2026-05-03 10:24:29 [Info] [1560] Ipc init: 0 2026-05-03 10:24:29 [Info] [1560] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-03 10:24:29 [Info] [1560] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-03 10:24:29 [Info] [1560] start ipc thread id[1888] 2026-05-03 10:24:29 [Info] [1560] Connect Yundun ipc server return state is 0 2026-05-03 10:24:29 [Info] [1560] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-03 10:24:29 [Info] [1560] CResourceMonitor::run Enter 2026-05-03 10:24:29 [Info] [1560] CIpcMsgHandlerMgr::run Enter 2026-05-03 10:24:29 [Info] [1560] Report thread 2026-05-03 10:24:29 [Info] [1560] Monitor thread 2026-05-03 10:24:29 [Info] [1560] Loader thread 2026-05-03 10:24:29 [Info] [1560] PythonEngineImpl Init... 2026-05-03 10:24:29 [Info] [1560] yundun connected 2026-05-03 10:24:30 [Info] [1560] recvmsg: HELLO 2026-05-03 10:24:30 [Info] [1560] recvmsg: WORK 2026-05-03 10:24:30 [Info] [1560] no use encode, return to old mode 2026-05-03 10:24:30 [Info] [1560] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 10:24:30 [Info] [1560] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 10:24:30 [Info] [1560] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 10:24:30 [Info] [1560] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 10:24:30 [Info] [1560] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-03 10:24:30 [Info] [1560] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-03 10:24:30 [Info] [1560] log fd cnt is [250], real fd cnt is [281] 2026-05-03 10:24:31 [Info] [1560] log memory size is 20480KB, real memory size is 14880KB 2026-05-03 10:24:31 [Info] [1560] item: --windows-schedule-task-check 2026-05-03 10:24:31 [Info] [1560] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-05-03 10:24:31 [Info] [1560] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-05-03 10:24:31 [Info] [1560] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 10:24:31 [Info] [1560] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 10:24:31 [Info] [1560] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-05-03 10:24:31 [Info] [1560] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-05-03 10:24:32 [Info] [1560] Prepare stage1: --windows-schedule-task-check 2026-05-03 10:24:32 [Info] [1560] Prepare stage2 2026-05-03 10:24:32 [Warn] [1560] high cpu, cpu is 18 2026-05-03 10:24:32 [Info] [1560] try get sys version 2026-05-03 10:24:32 [Info] [1560] win sys info:2/10:0:3 2026-05-03 10:24:32 [Info] [1560] suit legal version, enable cpu control 2026-05-03 10:24:32 [Warn] [1560] High CPU Warning: 18 2026-05-03 10:24:32 [Warn] [1560] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-schedule-task-check.py line: 382 in func: GetScheduleTaskByCom File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks File:windows-schedule-task-check.py line: 425 in func: check File:windows-schedule-task-check.py line: 61 in func: main File:windows-schedule-task-check.py line: 433 in func: start 2026-05-03 10:24:35 [Info] [1560] log memory size is 30720KB, real memory size is 23620KB 2026-05-03 10:24:56 [Info] [4456] stage3: --windows-registry-check 2026-05-03 10:24:56 [Info] [4456] Loader after check 2026-05-03 10:24:57 [Info] [4456] Enter reuse wait state. 2026-05-03 10:25:01 [Info] [4456] recvmsg: EXIT 2026-05-03 10:25:01 [Info] [4456] Recv Exit Msg, Exit... 2026-05-03 10:25:02 [Info] [1560] stage3: --windows-schedule-task-check 2026-05-03 10:25:02 [Info] [1560] Loader after check 2026-05-03 10:25:03 [Info] [1560] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-03 10:25:03 [Info] [1560] Enter reuse wait state. 2026-05-03 10:25:07 [Info] [1560] recvmsg: EXIT 2026-05-03 10:25:07 [Info] [1560] Recv Exit Msg, Exit... 2026-05-03 10:25:11 [Info] [2604] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-03 10:25:11 [Info] [2604] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap244811777775111 2026-05-03 10:25:11 [Info] [2604] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-03 10:25:11 [Info] [2604] Resource monitor start 2026-05-03 10:25:11 [Info] [2604] ipc client init success 2026-05-03 10:25:11 [Info] [2604] Ipc init: 0 2026-05-03 10:25:11 [Info] [2604] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-03 10:25:11 [Info] [2604] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-03 10:25:11 [Info] [2604] start ipc thread id[2068] 2026-05-03 10:25:11 [Info] [2604] Connect Yundun ipc server return state is 0 2026-05-03 10:25:11 [Info] [2604] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-03 10:25:11 [Info] [2604] CResourceMonitor::run Enter 2026-05-03 10:25:11 [Info] [2604] CIpcMsgHandlerMgr::run Enter 2026-05-03 10:25:11 [Info] [2604] Report thread 2026-05-03 10:25:11 [Info] [2604] Monitor thread 2026-05-03 10:25:11 [Info] [2604] Loader thread 2026-05-03 10:25:11 [Info] [2604] PythonEngineImpl Init... 2026-05-03 10:25:11 [Info] [2604] yundun connected 2026-05-03 10:25:11 [Info] [2604] recvmsg: HELLO 2026-05-03 10:25:11 [Info] [2604] recvmsg: WORK 2026-05-03 10:25:11 [Info] [2604] no use encode, return to old mode 2026-05-03 10:25:11 [Info] [2604] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 10:25:11 [Info] [2604] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 10:25:11 [Info] [2604] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 10:25:12 [Info] [2604] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 10:25:12 [Info] [2604] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-03 10:25:12 [Info] [2604] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-03 10:25:12 [Info] [2604] log fd cnt is [250], real fd cnt is [281] 2026-05-03 10:25:13 [Info] [2604] log memory size is 20480KB, real memory size is 14888KB 2026-05-03 10:25:13 [Info] [2604] item: --windows-driver-version-check 2026-05-03 10:25:13 [Info] [2604] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-05-03 10:25:13 [Info] [2604] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-05-03 10:25:13 [Info] [2604] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 10:25:13 [Info] [2604] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 10:25:13 [Info] [2604] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-05-03 10:25:13 [Info] [2604] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-05-03 10:25:13 [Info] [2604] Prepare stage1: --windows-driver-version-check 2026-05-03 10:25:13 [Info] [2604] Prepare stage2 2026-05-03 10:25:13 [Info] [2604] stage3: --windows-driver-version-check 2026-05-03 10:25:13 [Info] [2604] Loader after check 2026-05-03 10:25:14 [Info] [2604] Enter reuse wait state. 2026-05-03 10:25:18 [Info] [2604] recvmsg: EXIT 2026-05-03 10:25:18 [Info] [2604] Recv Exit Msg, Exit... 2026-05-03 10:29:00 [Info] [96] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-03 10:29:00 [Info] [96] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap252291777775340 2026-05-03 10:29:00 [Info] [96] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-03 10:29:00 [Info] [96] Resource monitor start 2026-05-03 10:29:00 [Info] [96] ipc client init success 2026-05-03 10:29:00 [Info] [96] Ipc init: 0 2026-05-03 10:29:00 [Info] [96] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-03 10:29:00 [Info] [96] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-03 10:29:00 [Info] [96] start ipc thread id[2488] 2026-05-03 10:29:00 [Info] [96] Connect Yundun ipc server return state is 0 2026-05-03 10:29:00 [Info] [96] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-03 10:29:00 [Info] [96] CResourceMonitor::run Enter 2026-05-03 10:29:00 [Info] [96] CIpcMsgHandlerMgr::run Enter 2026-05-03 10:29:00 [Info] [96] yundun connected 2026-05-03 10:29:00 [Info] [96] Report thread 2026-05-03 10:29:00 [Info] [96] Monitor thread 2026-05-03 10:29:00 [Info] [96] Loader thread 2026-05-03 10:29:00 [Info] [96] PythonEngineImpl Init... 2026-05-03 10:29:01 [Info] [96] recvmsg: HELLO 2026-05-03 10:29:01 [Info] [96] recvmsg: WORK 2026-05-03 10:29:01 [Info] [96] no use encode, return to old mode 2026-05-03 10:29:01 [Info] [96] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 10:29:01 [Info] [96] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 10:29:01 [Info] [96] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 10:29:01 [Info] [96] log fd cnt is [250], real fd cnt is [264] 2026-05-03 10:29:02 [Info] [96] log memory size is 20480KB, real memory size is 13624KB 2026-05-03 10:29:03 [Info] [96] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 10:29:03 [Info] [96] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-03 10:29:03 [Info] [96] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-03 10:29:04 [Info] [96] item: --tcp-connect-check 2026-05-03 10:29:04 [Info] [96] cgroup name aegisRtap0 2026-05-03 10:29:04 [Info] [96] try get sys version 2026-05-03 10:29:04 [Info] [96] win sys info:2/10:0:3 2026-05-03 10:29:04 [Info] [96] suit legal version, enable cpu control 2026-05-03 10:29:04 [Info] [96] get AssignProcessToJobObject handle [00000478] 2026-05-03 10:29:04 [Info] [96] Set setJobExtended. 2026-05-03 10:29:04 [Info] [96] Set cpu [9%] 2026-05-03 10:29:04 [Info] [96] Set cpu success 2026-05-03 10:29:04 [Info] [96] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-05-03 10:29:04 [Info] [96] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-05-03 10:29:04 [Info] [96] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 10:29:04 [Info] [96] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 10:29:05 [Info] [96] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-05-03 10:29:05 [Info] [96] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-05-03 10:29:05 [Info] [96] Prepare stage1: --tcp-connect-check 2026-05-03 10:29:05 [Info] [96] Prepare stage2 2026-05-03 10:29:08 [Info] [96] stage3: --tcp-connect-check 2026-05-03 10:29:08 [Info] [96] Loader after check 2026-05-03 10:29:09 [Info] [96] Enter reuse wait state. 2026-05-03 10:29:11 [Info] [96] recvmsg: EXIT 2026-05-03 10:29:11 [Info] [96] Recv Exit Msg, Exit... 2026-05-03 11:10:45 [Info] [3984] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-03 11:10:45 [Info] [3984] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap6411777777845 2026-05-03 11:10:45 [Info] [3984] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-03 11:10:45 [Info] [3984] Resource monitor start 2026-05-03 11:10:45 [Info] [3984] ipc client init success 2026-05-03 11:10:45 [Info] [3984] Ipc init: 0 2026-05-03 11:10:45 [Info] [3984] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-03 11:10:45 [Info] [3984] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-03 11:10:45 [Info] [3984] start ipc thread id[1028] 2026-05-03 11:10:45 [Info] [3984] Connect Yundun ipc server return state is 0 2026-05-03 11:10:45 [Info] [3984] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-03 11:10:45 [Info] [3984] CResourceMonitor::run Enter 2026-05-03 11:10:45 [Info] [3984] CIpcMsgHandlerMgr::run Enter 2026-05-03 11:10:45 [Info] [3984] Report thread 2026-05-03 11:10:45 [Info] [3984] Monitor thread 2026-05-03 11:10:45 [Info] [3984] Loader thread 2026-05-03 11:10:45 [Info] [3984] PythonEngineImpl Init... 2026-05-03 11:10:45 [Info] [3984] yundun connected 2026-05-03 11:10:46 [Info] [3984] recvmsg: HELLO 2026-05-03 11:10:46 [Info] [3984] recvmsg: WORK 2026-05-03 11:10:46 [Info] [3984] no use encode, return to old mode 2026-05-03 11:10:46 [Info] [3984] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 11:10:46 [Info] [3984] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 11:10:46 [Info] [3984] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 11:10:46 [Info] [3984] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 11:10:46 [Info] [3984] log fd cnt is [250], real fd cnt is [282] 2026-05-03 11:10:46 [Info] [3984] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-03 11:10:46 [Info] [3984] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-03 11:10:47 [Info] [3984] log memory size is 20480KB, real memory size is 14836KB 2026-05-03 11:10:48 [Info] [3984] item: --windows-autorun-item-check 2026-05-03 11:10:48 [Info] [3984] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-05-03 11:10:48 [Info] [3984] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-05-03 11:10:48 [Info] [3984] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 11:10:48 [Info] [3984] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 11:10:48 [Info] [3984] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-05-03 11:10:48 [Info] [3984] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-05-03 11:10:48 [Info] [3984] Prepare stage1: --windows-autorun-item-check 2026-05-03 11:10:48 [Info] [3984] Prepare stage2 2026-05-03 11:10:48 [Warn] [3984] high cpu, cpu is 13 2026-05-03 11:10:48 [Info] [3984] try get sys version 2026-05-03 11:10:48 [Info] [3984] win sys info:2/10:0:3 2026-05-03 11:10:48 [Info] [3984] suit legal version, enable cpu control 2026-05-03 11:10:48 [Warn] [3984] High CPU Warning: 13 2026-05-03 11:10:48 [Warn] [3984] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-autorun-item-check.py line: 220 in func: EnumRegKeyValue File:windows-autorun-item-check.py line: 257 in func: GetAutoRunByReg File:windows-autorun-item-check.py line: 500 in func: check File:windows-autorun-item-check.py line: 80 in func: main File:windows-autorun-item-check.py line: 534 in func: start 2026-05-03 11:10:51 [Info] [3984] log memory size is 30720KB, real memory size is 22600KB 2026-05-03 11:10:58 [Info] [3984] stage3: --windows-autorun-item-check 2026-05-03 11:10:58 [Info] [3984] Loader after check 2026-05-03 11:10:59 [Info] [3984] Enter reuse wait state. 2026-05-03 11:11:01 [Info] [3984] recvmsg: EXIT 2026-05-03 11:11:01 [Info] [3984] Recv Exit Msg, Exit... 2026-05-03 12:59:48 [Info] [2660] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-03 12:59:48 [Info] [2660] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap220081777784388 2026-05-03 12:59:48 [Info] [2660] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-03 12:59:48 [Info] [2660] Resource monitor start 2026-05-03 12:59:48 [Info] [2660] ipc client init success 2026-05-03 12:59:48 [Info] [2660] Ipc init: 0 2026-05-03 12:59:48 [Info] [2660] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-03 12:59:48 [Info] [2660] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-03 12:59:48 [Info] [2660] start ipc thread id[3968] 2026-05-03 12:59:48 [Info] [2660] Connect Yundun ipc server return state is 0 2026-05-03 12:59:48 [Info] [2660] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-03 12:59:48 [Info] [2660] CResourceMonitor::run Enter 2026-05-03 12:59:48 [Info] [2660] CIpcMsgHandlerMgr::run Enter 2026-05-03 12:59:48 [Info] [2660] Report thread 2026-05-03 12:59:48 [Info] [2660] Monitor thread 2026-05-03 12:59:48 [Info] [2660] Loader thread 2026-05-03 12:59:48 [Info] [2660] PythonEngineImpl Init... 2026-05-03 12:59:48 [Info] [2660] yundun connected 2026-05-03 12:59:49 [Info] [2660] recvmsg: HELLO 2026-05-03 12:59:49 [Info] [2660] recvmsg: WORK 2026-05-03 12:59:49 [Info] [2660] no use encode, return to old mode 2026-05-03 12:59:49 [Info] [2660] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 12:59:49 [Info] [2660] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 12:59:49 [Info] [2660] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 12:59:49 [Info] [2660] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 12:59:49 [Info] [2660] log fd cnt is [250], real fd cnt is [282] 2026-05-03 12:59:49 [Info] [2660] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-03 12:59:49 [Info] [2660] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-03 12:59:50 [Info] [2660] log memory size is 20480KB, real memory size is 14824KB 2026-05-03 12:59:50 [Info] [2660] item: --windows-sysinfoext-check 2026-05-03 12:59:50 [Info] [2660] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-03 12:59:50 [Info] [2660] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-03 12:59:50 [Info] [2660] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 12:59:51 [Info] [2660] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 12:59:51 [Info] [2660] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-03 12:59:51 [Info] [2660] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-03 12:59:51 [Info] [2660] Prepare stage1: --windows-sysinfoext-check 2026-05-03 12:59:51 [Info] [2660] Prepare stage2 2026-05-03 12:59:51 [Warn] [2660] high cpu, cpu is 18 2026-05-03 12:59:51 [Info] [2660] try get sys version 2026-05-03 12:59:51 [Info] [2660] win sys info:2/10:0:3 2026-05-03 12:59:51 [Info] [2660] suit legal version, enable cpu control 2026-05-03 12:59:51 [Warn] [2660] High CPU Warning: 18 2026-05-03 12:59:51 [Warn] [2660] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:<string> line: 12 in func: __init__ File:wmi.py line: 1145 in func: __getattr__ File:wmi.py line: 783 in func: __init__ File:wmi.py line: 1156 in func: _cached_classes File:wmi.py line: 1145 in func: __getattr__ File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-05-03 12:59:54 [Info] [2660] stage3: --windows-sysinfoext-check 2026-05-03 12:59:54 [Info] [2660] Loader after check 2026-05-03 12:59:54 [Info] [2660] log memory size is 30720KB, real memory size is 23240KB 2026-05-03 12:59:55 [Info] [2660] Enter reuse wait state. 2026-05-03 13:00:00 [Info] [2660] recvmsg: EXIT 2026-05-03 13:00:00 [Info] [2660] Recv Exit Msg, Exit... 2026-05-03 18:02:20 [Info] [3136] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-03 18:02:20 [Info] [3136] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap157451777802539 2026-05-03 18:02:20 [Info] [3136] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-03 18:02:20 [Info] [3136] Resource monitor start 2026-05-03 18:02:20 [Info] [3136] ipc client init success 2026-05-03 18:02:20 [Info] [3136] Ipc init: 0 2026-05-03 18:02:20 [Info] [3136] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-03 18:02:20 [Info] [3136] CResourceMonitor::run Enter 2026-05-03 18:02:20 [Info] [3136] CIpcMsgHandlerMgr::run Enter 2026-05-03 18:02:20 [Info] [3136] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-03 18:02:20 [Info] [3136] start ipc thread id[5004] 2026-05-03 18:02:20 [Info] [3136] Connect Yundun ipc server return state is 0 2026-05-03 18:02:20 [Info] [3136] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-03 18:02:20 [Info] [3136] yundun connected 2026-05-03 18:02:20 [Info] [3136] Report thread 2026-05-03 18:02:20 [Info] [3136] Monitor thread 2026-05-03 18:02:20 [Info] [3136] Loader thread 2026-05-03 18:02:20 [Info] [3136] PythonEngineImpl Init... 2026-05-03 18:02:21 [Info] [3136] recvmsg: HELLO 2026-05-03 18:02:21 [Info] [3136] recvmsg: WORK 2026-05-03 18:02:21 [Info] [3136] no use encode, return to old mode 2026-05-03 18:02:21 [Info] [3136] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 18:02:21 [Info] [3136] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 18:02:21 [Info] [3136] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 18:02:21 [Info] [3136] log fd cnt is [250], real fd cnt is [282] 2026-05-03 18:02:21 [Info] [3136] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 18:02:22 [Info] [3136] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-03 18:02:22 [Info] [3136] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-03 18:02:22 [Info] [3136] log memory size is 20480KB, real memory size is 14852KB 2026-05-03 18:02:23 [Info] [3136] item: --secnet_rasp_agent 2026-05-03 18:02:23 [Info] [3136] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-05-03 18:02:23 [Info] [3136] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-05-03 18:02:23 [Info] [3136] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-05-03 18:02:24 [Info] [3136] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-05-03 18:02:24 [Info] [3136] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-05-03 18:02:24 [Info] [3136] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-05-03 18:02:24 [Info] [3136] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-05-03 18:02:24 [Info] [3136] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-05-03 18:02:24 [Info] [3136] Download redirect files success. 2026-05-03 18:02:24 [Info] [3136] Prepare stage1: --secnet_rasp_agent 2026-05-03 18:02:24 [Info] [3136] Prepare stage2 2026-05-03 18:02:26 [Info] [3136] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-05-03 18:02:26 [Info] [3136] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-05-03 18:02:26 [Info] [3136] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 18:02:26 [Info] [3136] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 18:02:27 [Info] [3136] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-05-03 18:02:27 [Info] [3136] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-05-03 18:02:27 [Info] [3136] stage3: --secnet_rasp_agent 2026-05-03 18:02:27 [Info] [3136] Loader after check 2026-05-03 18:02:27 [Info] [3136] log memory size is 30720KB, real memory size is 21424KB 2026-05-03 18:02:28 [Info] [3136] Enter reuse wait state. 2026-05-03 18:02:32 [Info] [3136] recvmsg: EXIT 2026-05-03 18:02:32 [Info] [3136] Recv Exit Msg, Exit... 2026-05-03 18:27:48 [Info] [4296] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-03 18:27:48 [Info] [4296] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap207351777804067 2026-05-03 18:27:48 [Info] [4296] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-03 18:27:48 [Info] [4296] Resource monitor start 2026-05-03 18:27:48 [Info] [4296] ipc client init success 2026-05-03 18:27:48 [Info] [4296] Ipc init: 0 2026-05-03 18:27:48 [Info] [4296] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-03 18:27:48 [Info] [4296] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-03 18:27:48 [Info] [4296] start ipc thread id[5040] 2026-05-03 18:27:48 [Info] [4296] Connect Yundun ipc server return state is 0 2026-05-03 18:27:48 [Info] [4296] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-03 18:27:48 [Info] [4296] CResourceMonitor::run Enter 2026-05-03 18:27:48 [Info] [4296] CIpcMsgHandlerMgr::run Enter 2026-05-03 18:27:48 [Info] [4296] yundun connected 2026-05-03 18:27:48 [Info] [4296] Report thread 2026-05-03 18:27:48 [Info] [4296] Monitor thread 2026-05-03 18:27:48 [Info] [4296] Loader thread 2026-05-03 18:27:48 [Info] [4296] PythonEngineImpl Init... 2026-05-03 18:27:48 [Info] [4296] recvmsg: HELLO 2026-05-03 18:27:49 [Info] [4296] recvmsg: WORK 2026-05-03 18:27:49 [Info] [4296] no use encode, return to old mode 2026-05-03 18:27:49 [Info] [4296] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 18:27:49 [Info] [4296] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 18:27:49 [Info] [4296] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 18:27:49 [Info] [4296] log fd cnt is [250], real fd cnt is [264] 2026-05-03 18:27:50 [Info] [4296] log memory size is 20480KB, real memory size is 13612KB 2026-05-03 18:27:50 [Info] [4296] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 18:27:51 [Info] [4296] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-03 18:27:51 [Info] [4296] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-03 18:27:53 [Info] [4296] item: --windows-sysinfoext-check 2026-05-03 18:27:53 [Info] [4296] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-03 18:27:53 [Info] [4296] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-03 18:27:53 [Info] [4296] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 18:27:53 [Info] [4296] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 18:27:54 [Info] [4296] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-03 18:27:54 [Info] [4296] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-03 18:27:54 [Info] [4296] Prepare stage1: --windows-sysinfoext-check 2026-05-03 18:27:54 [Info] [4296] Prepare stage2 2026-05-03 18:27:57 [Info] [2828] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-03 18:27:57 [Info] [2828] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap207681777804077 2026-05-03 18:27:57 [Info] [2828] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-03 18:27:57 [Info] [2828] Resource monitor start 2026-05-03 18:27:57 [Info] [2828] ipc client init success 2026-05-03 18:27:57 [Info] [2828] Ipc init: 0 2026-05-03 18:27:57 [Info] [2828] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-03 18:27:57 [Info] [2828] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-03 18:27:57 [Info] [2828] start ipc thread id[2428] 2026-05-03 18:27:57 [Info] [2828] Connect Yundun ipc server return state is 0 2026-05-03 18:27:57 [Info] [2828] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-03 18:27:57 [Info] [2828] CResourceMonitor::run Enter 2026-05-03 18:27:57 [Info] [2828] CIpcMsgHandlerMgr::run Enter 2026-05-03 18:27:57 [Info] [2828] yundun connected 2026-05-03 18:27:57 [Info] [2828] Report thread 2026-05-03 18:27:57 [Info] [2828] Monitor thread 2026-05-03 18:27:59 [Info] [4296] log memory size is 30720KB, real memory size is 20856KB 2026-05-03 18:27:57 [Info] [2828] Loader thread 2026-05-03 18:27:57 [Info] [2828] PythonEngineImpl Init... 2026-05-03 18:27:57 [Info] [2828] recvmsg: HELLO 2026-05-03 18:27:58 [Info] [2828] recvmsg: WORK 2026-05-03 18:27:58 [Info] [2828] no use encode, return to old mode 2026-05-03 18:27:58 [Info] [2828] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 18:27:58 [Info] [2828] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 18:27:58 [Info] [2828] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 18:27:58 [Info] [2828] log fd cnt is [250], real fd cnt is [274] 2026-05-03 18:27:59 [Info] [2828] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 18:27:59 [Info] [2828] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-03 18:27:59 [Info] [2828] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-03 18:27:59 [Info] [2828] log memory size is 20480KB, real memory size is 14728KB 2026-05-03 18:28:01 [Info] [2828] item: --windows-vul-check 2026-05-03 18:28:01 [Info] [2828] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-05-03 18:28:02 [Info] [2828] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-05-03 18:28:02 [Info] [2828] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py 2026-05-03 18:28:02 [Info] [2828] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-05-03 18:28:02 [Info] [2828] Download redirect files success. 2026-05-03 18:28:02 [Info] [2828] Prepare stage1: --windows-vul-check 2026-05-03 18:28:02 [Info] [2828] Prepare stage2 2026-05-03 18:28:04 [Info] [2828] log memory size is 30720KB, real memory size is 21724KB 2026-05-03 18:28:04 [Info] [2828] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-05-03 18:28:04 [Info] [2828] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-05-03 18:28:04 [Info] [2828] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 18:28:04 [Info] [2828] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 18:28:04 [Info] [2828] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-05-03 18:28:04 [Info] [2828] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-05-03 18:28:05 [Info] [2828] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0 2026-05-03 18:28:05 [Info] [2828] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0 2026-05-03 18:28:05 [Info] [2828] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat 2026-05-03 18:28:05 [Info] [2828] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_90\rule\vuldata_v2.dat 2026-05-03 18:28:06 [Info] [2828] stage3: --windows-vul-check 2026-05-03 18:28:06 [Info] [2828] Loader after check 2026-05-03 18:28:07 [Info] [2828] Enter reuse wait state. 2026-05-03 18:28:12 [Info] [2828] recvmsg: EXIT 2026-05-03 18:28:12 [Info] [2828] Recv Exit Msg, Exit... 2026-05-03 18:28:24 [Info] [4296] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-03 18:28:30 [Info] [4296] stage3: --windows-sysinfoext-check 2026-05-03 18:28:30 [Info] [4296] Loader after check 2026-05-03 18:28:31 [Warn] [4296] high cpu, cpu is 15 2026-05-03 18:28:31 [Info] [4296] try get sys version 2026-05-03 18:28:31 [Info] [4296] win sys info:2/10:0:3 2026-05-03 18:28:31 [Info] [4296] suit legal version, enable cpu control 2026-05-03 18:28:31 [Warn] [4296] High CPU Warning: 15 2026-05-03 18:28:31 [Warn] [4296] resource monitor exp type: High CPU Warning, script runing: 0 2026-05-03 18:28:31 [Info] [4296] Enter reuse wait state. 2026-05-03 18:28:35 [Info] [4296] recvmsg: EXIT 2026-05-03 18:28:35 [Info] [4296] Recv Exit Msg, Exit... 2026-05-03 23:55:25 [Info] [3648] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-03 23:55:25 [Info] [3648] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap193941777823725 2026-05-03 23:55:25 [Info] [3648] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-03 23:55:25 [Info] [3648] Resource monitor start 2026-05-03 23:55:25 [Info] [3648] ipc client init success 2026-05-03 23:55:25 [Info] [3648] Ipc init: 0 2026-05-03 23:55:25 [Info] [3648] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-03 23:55:25 [Info] [3648] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-03 23:55:25 [Info] [3648] start ipc thread id[3504] 2026-05-03 23:55:25 [Info] [3648] Connect Yundun ipc server return state is 0 2026-05-03 23:55:25 [Info] [3648] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-03 23:55:25 [Info] [3648] CResourceMonitor::run Enter 2026-05-03 23:55:25 [Info] [3648] CIpcMsgHandlerMgr::run Enter 2026-05-03 23:55:25 [Info] [3648] Report thread 2026-05-03 23:55:25 [Info] [3648] Monitor thread 2026-05-03 23:55:25 [Info] [3648] Loader thread 2026-05-03 23:55:25 [Info] [3648] PythonEngineImpl Init... 2026-05-03 23:55:25 [Info] [3648] yundun connected 2026-05-03 23:55:25 [Info] [3648] recvmsg: HELLO 2026-05-03 23:55:25 [Info] [3648] recvmsg: WORK 2026-05-03 23:55:25 [Info] [3648] no use encode, return to old mode 2026-05-03 23:55:25 [Info] [3648] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 23:55:25 [Info] [3648] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-03 23:55:25 [Info] [3648] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 23:55:26 [Info] [3648] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 23:55:26 [Info] [3648] log fd cnt is [250], real fd cnt is [282] 2026-05-03 23:55:26 [Info] [3648] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-03 23:55:26 [Info] [3648] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-03 23:55:27 [Info] [3648] log memory size is 20480KB, real memory size is 14852KB 2026-05-03 23:55:27 [Info] [3648] item: --windows-sysinfoext-check 2026-05-03 23:55:27 [Info] [3648] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-03 23:55:27 [Info] [3648] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-03 23:55:27 [Info] [3648] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-03 23:55:27 [Info] [3648] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-03 23:55:27 [Info] [3648] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-03 23:55:27 [Info] [3648] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-03 23:55:27 [Info] [3648] Prepare stage1: --windows-sysinfoext-check 2026-05-03 23:55:27 [Info] [3648] Prepare stage2 2026-05-03 23:55:28 [Warn] [3648] high cpu, cpu is 21 2026-05-03 23:55:28 [Info] [3648] try get sys version 2026-05-03 23:55:28 [Info] [3648] win sys info:2/10:0:3 2026-05-03 23:55:28 [Info] [3648] suit legal version, enable cpu control 2026-05-03 23:55:28 [Warn] [3648] High CPU Warning: 21 2026-05-03 23:55:28 [Warn] [3648] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:dynamic.py line: 516 in func: __getattr__ File:wmi.py line: 494 in func: __init__ File:wmi.py line: 1009 in func: query File:wmi.py line: 817 in func: query File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-05-03 23:55:29 [Info] [3648] stage3: --windows-sysinfoext-check 2026-05-03 23:55:29 [Info] [3648] Loader after check 2026-05-03 23:55:30 [Warn] [3648] high cpu, cpu is 13 2026-05-03 23:55:30 [Warn] [3648] High CPU Warning: 13 2026-05-03 23:55:30 [Info] [3648] Enter reuse wait state. 2026-05-03 23:55:31 [Info] [3648] log memory size is 30720KB, real memory size is 23364KB 2026-05-03 23:55:32 [Info] [3648] recvmsg: EXIT 2026-05-03 23:55:32 [Info] [3648] Recv Exit Msg, Exit... 2026-05-10 02:03:35 [Info] [4896] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-10 02:03:35 [Info] [4896] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap6751778349814 2026-05-10 02:03:35 [Info] [4896] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-10 02:03:35 [Info] [4896] Resource monitor start 2026-05-10 02:03:35 [Info] [4896] ipc client init success 2026-05-10 02:03:35 [Info] [4896] Ipc init: 0 2026-05-10 02:03:35 [Info] [4896] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-10 02:03:35 [Info] [4896] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-10 02:03:35 [Info] [4896] CResourceMonitor::run Enter 2026-05-10 02:03:35 [Info] [4896] CIpcMsgHandlerMgr::run Enter 2026-05-10 02:03:35 [Info] [4896] start ipc thread id[3944] 2026-05-10 02:03:35 [Info] [4896] Connect Yundun ipc server return state is 0 2026-05-10 02:03:35 [Info] [4896] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-10 02:03:35 [Info] [4896] yundun connected 2026-05-10 02:03:35 [Info] [4896] Report thread 2026-05-10 02:03:35 [Info] [4896] Monitor thread 2026-05-10 02:03:35 [Info] [4896] Loader thread 2026-05-10 02:03:35 [Info] [4896] PythonEngineImpl Init... 2026-05-10 02:03:35 [Info] [4896] recvmsg: HELLO 2026-05-10 02:03:35 [Info] [4896] recvmsg: WORK 2026-05-10 02:03:35 [Info] [4896] no use encode, return to old mode 2026-05-10 02:03:36 [Info] [4896] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 02:03:36 [Info] [4896] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 02:03:36 [Info] [4896] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 02:03:36 [Info] [4896] log fd cnt is [250], real fd cnt is [283] 2026-05-10 02:03:36 [Info] [4896] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 02:03:36 [Info] [4896] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-10 02:03:36 [Info] [4896] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-10 02:03:37 [Info] [4896] log memory size is 20480KB, real memory size is 14672KB 2026-05-10 02:03:37 [Info] [4896] item: --sca 2026-05-10 02:03:37 [Info] [4896] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-05-10 02:03:38 [Info] [4896] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-05-10 02:03:38 [Info] [4896] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-05-10 02:03:38 [Info] [4896] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-05-10 02:03:38 [Info] [4896] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-05-10 02:03:38 [Info] [4896] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-05-10 02:03:38 [Info] [4896] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-05-10 02:03:38 [Info] [4896] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-05-10 02:03:38 [Info] [4896] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-05-10 02:03:38 [Info] [4896] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-05-10 02:03:38 [Info] [4896] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-05-10 02:03:38 [Info] [4896] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-05-10 02:03:38 [Info] [4896] Download redirect files success. 2026-05-10 02:03:38 [Info] [4896] Prepare stage1: --sca 2026-05-10 02:03:38 [Info] [4896] Prepare stage2 2026-05-10 02:03:41 [Info] [4896] log memory size is 30720KB, real memory size is 32392KB 2026-05-10 02:03:45 [Info] [4896] log memory size is 40960KB, real memory size is 33012KB 2026-05-10 02:04:11 [Info] [4896] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-10 02:04:14 [Warn] [4896] high cpu, cpu is 24 2026-05-10 02:04:14 [Info] [4896] try get sys version 2026-05-10 02:04:14 [Info] [4896] win sys info:2/10:0:3 2026-05-10 02:04:14 [Info] [4896] suit legal version, enable cpu control 2026-05-10 02:04:14 [Warn] [4896] High CPU Warning: 24 2026-05-10 02:04:15 [Warn] [4896] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-05-10 02:04:15 [Info] [4896] stage3: --sca 2026-05-10 02:04:15 [Info] [4896] Loader after check 2026-05-10 02:04:16 [Info] [4896] Enter reuse wait state. 2026-05-10 02:04:19 [Info] [4896] recvmsg: EXIT 2026-05-10 02:04:19 [Info] [4896] Recv Exit Msg, Exit... 2026-05-10 05:22:38 [Info] [4812] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-10 05:22:38 [Info] [4812] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap69081778361757 2026-05-10 05:22:38 [Info] [4812] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-10 05:22:38 [Info] [4812] Resource monitor start 2026-05-10 05:22:38 [Info] [4812] ipc client init success 2026-05-10 05:22:38 [Info] [4812] Ipc init: 0 2026-05-10 05:22:38 [Info] [4812] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-10 05:22:38 [Info] [4812] CResourceMonitor::run Enter 2026-05-10 05:22:38 [Info] [4812] CIpcMsgHandlerMgr::run Enter 2026-05-10 05:22:39 [Info] [4812] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-10 05:22:39 [Info] [4812] start ipc thread id[3316] 2026-05-10 05:22:39 [Info] [4812] Connect Yundun ipc server return state is 0 2026-05-10 05:22:39 [Info] [4812] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-10 05:22:39 [Info] [4812] yundun connected 2026-05-10 05:22:39 [Info] [4812] Report thread 2026-05-10 05:22:39 [Info] [4812] Monitor thread 2026-05-10 05:22:39 [Info] [4812] Loader thread 2026-05-10 05:22:39 [Info] [4812] PythonEngineImpl Init... 2026-05-10 05:22:39 [Info] [4812] recvmsg: HELLO 2026-05-10 05:22:39 [Info] [4812] recvmsg: WORK 2026-05-10 05:22:39 [Info] [4812] no use encode, return to old mode 2026-05-10 05:22:39 [Info] [4812] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 05:22:39 [Info] [4812] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 05:22:39 [Info] [4812] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 05:22:40 [Info] [4812] log fd cnt is [250], real fd cnt is [276] 2026-05-10 05:22:40 [Info] [4812] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 05:22:40 [Info] [4812] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-10 05:22:40 [Info] [4812] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-10 05:22:41 [Info] [4812] log memory size is 20480KB, real memory size is 14692KB 2026-05-10 05:22:41 [Info] [4812] item: --windows-sysinfoext-check 2026-05-10 05:22:41 [Info] [4812] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-10 05:22:41 [Info] [4812] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-10 05:22:41 [Info] [4812] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 05:22:41 [Info] [4812] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 05:22:41 [Info] [4812] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-10 05:22:41 [Info] [4812] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-10 05:22:42 [Info] [4812] Prepare stage1: --windows-sysinfoext-check 2026-05-10 05:22:42 [Info] [4812] Prepare stage2 2026-05-10 05:22:44 [Warn] [4812] high cpu, cpu is 12 2026-05-10 05:22:44 [Info] [4812] try get sys version 2026-05-10 05:22:44 [Info] [4812] win sys info:2/10:0:3 2026-05-10 05:22:44 [Info] [4812] suit legal version, enable cpu control 2026-05-10 05:22:44 [Warn] [4812] High CPU Warning: 12 2026-05-10 05:22:44 [Warn] [4812] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-05-10 05:22:45 [Info] [4812] log memory size is 30720KB, real memory size is 23056KB 2026-05-10 05:22:45 [Info] [4812] stage3: --windows-sysinfoext-check 2026-05-10 05:22:45 [Info] [4812] Loader after check 2026-05-10 05:22:46 [Info] [4812] Enter reuse wait state. 2026-05-10 05:22:50 [Info] [4812] recvmsg: EXIT 2026-05-10 05:22:50 [Info] [4812] Recv Exit Msg, Exit... 2026-05-10 07:43:44 [Info] [2280] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-10 07:43:44 [Info] [2280] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap17831778370222 2026-05-10 07:43:44 [Info] [2280] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-10 07:43:44 [Info] [2280] Resource monitor start 2026-05-10 07:43:44 [Info] [2280] ipc client init success 2026-05-10 07:43:44 [Info] [2280] Ipc init: 0 2026-05-10 07:43:44 [Info] [2280] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-10 07:43:44 [Info] [2280] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-10 07:43:44 [Info] [2280] CResourceMonitor::run Enter 2026-05-10 07:43:44 [Info] [2280] CIpcMsgHandlerMgr::run Enter 2026-05-10 07:43:44 [Info] [2280] start ipc thread id[2848] 2026-05-10 07:43:44 [Info] [2280] Connect Yundun ipc server return state is 0 2026-05-10 07:43:44 [Info] [2280] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-10 07:43:44 [Info] [2280] yundun connected 2026-05-10 07:43:44 [Info] [2280] Report thread 2026-05-10 07:43:44 [Info] [2280] Monitor thread 2026-05-10 07:43:44 [Info] [2280] Loader thread 2026-05-10 07:43:44 [Info] [2280] PythonEngineImpl Init... 2026-05-10 07:43:44 [Info] [2280] recvmsg: HELLO 2026-05-10 07:43:44 [Info] [2280] recvmsg: WORK 2026-05-10 07:43:44 [Info] [2280] no use encode, return to old mode 2026-05-10 07:43:45 [Info] [2280] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 07:43:45 [Info] [2280] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 07:43:45 [Info] [2280] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 07:43:45 [Info] [2280] log fd cnt is [250], real fd cnt is [282] 2026-05-10 07:43:45 [Info] [2280] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 07:43:45 [Info] [2280] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-10 07:43:45 [Info] [2280] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-10 07:43:46 [Info] [2280] log memory size is 20480KB, real memory size is 14704KB 2026-05-10 07:43:46 [Info] [2280] item: --windows-vul-clean 2026-05-10 07:43:46 [Info] [2280] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-05-10 07:43:46 [Info] [2280] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-05-10 07:43:46 [Info] [2280] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 07:43:47 [Info] [2280] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 07:43:47 [Info] [2280] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-05-10 07:43:47 [Info] [2280] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-05-10 07:43:47 [Info] [2280] Prepare stage1: --windows-vul-clean 2026-05-10 07:43:47 [Info] [2280] Prepare stage2 2026-05-10 07:43:47 [Info] [2280] stage3: --windows-vul-clean 2026-05-10 07:43:47 [Info] [2280] Loader after check 2026-05-10 07:43:48 [Info] [2280] Enter reuse wait state. 2026-05-10 07:43:51 [Info] [2280] recvmsg: EXIT 2026-05-10 07:43:51 [Info] [2280] Recv Exit Msg, Exit... 2026-05-10 08:42:49 [Info] [4992] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-10 08:42:49 [Info] [4992] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap133661778373769 2026-05-10 08:42:49 [Info] [4992] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-10 08:42:49 [Info] [4992] Resource monitor start 2026-05-10 08:42:49 [Info] [4992] ipc client init success 2026-05-10 08:42:49 [Info] [4992] Ipc init: 0 2026-05-10 08:42:49 [Info] [4992] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-10 08:42:49 [Info] [4992] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-10 08:42:49 [Info] [4992] start ipc thread id[2216] 2026-05-10 08:42:49 [Info] [4992] Connect Yundun ipc server return state is 0 2026-05-10 08:42:49 [Info] [4992] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-10 08:42:49 [Info] [4992] CResourceMonitor::run Enter 2026-05-10 08:42:49 [Info] [4992] CIpcMsgHandlerMgr::run Enter 2026-05-10 08:42:49 [Info] [4992] Report thread 2026-05-10 08:42:49 [Info] [4992] Monitor thread 2026-05-10 08:42:49 [Info] [4992] Loader thread 2026-05-10 08:42:49 [Info] [4992] PythonEngineImpl Init... 2026-05-10 08:42:49 [Info] [4992] yundun connected 2026-05-10 08:42:50 [Info] [4992] recvmsg: HELLO 2026-05-10 08:42:50 [Info] [4992] recvmsg: WORK 2026-05-10 08:42:50 [Info] [4992] no use encode, return to old mode 2026-05-10 08:42:50 [Info] [4992] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 08:42:50 [Info] [4992] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 08:42:50 [Info] [4992] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 08:42:50 [Info] [4992] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 08:42:50 [Info] [4992] log fd cnt is [250], real fd cnt is [282] 2026-05-10 08:42:50 [Info] [4992] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-10 08:42:50 [Info] [4992] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-10 08:42:51 [Info] [4992] log memory size is 20480KB, real memory size is 14560KB 2026-05-10 08:42:52 [Info] [4992] item: --windows-process-check 2026-05-10 08:42:52 [Info] [4992] cgroup name aegisRtap0 2026-05-10 08:42:52 [Info] [4992] try get sys version 2026-05-10 08:42:52 [Info] [4992] win sys info:2/10:0:3 2026-05-10 08:42:52 [Info] [4992] suit legal version, enable cpu control 2026-05-10 08:42:52 [Info] [4992] get AssignProcessToJobObject handle [00000478] 2026-05-10 08:42:52 [Info] [4992] Set setJobExtended. 2026-05-10 08:42:52 [Info] [4992] Set cpu [9%] 2026-05-10 08:42:52 [Info] [4992] Set cpu success 2026-05-10 08:42:52 [Info] [4992] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-05-10 08:42:52 [Info] [4992] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-05-10 08:42:52 [Info] [4992] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 08:42:52 [Info] [4992] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 08:42:52 [Info] [4992] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-05-10 08:42:52 [Info] [4992] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-05-10 08:42:52 [Info] [4992] Prepare stage1: --windows-process-check 2026-05-10 08:42:52 [Info] [4992] Prepare stage2 2026-05-10 08:42:59 [Info] [4992] log memory size is 30720KB, real memory size is 20496KB 2026-05-10 08:43:11 [Info] [4992] stage3: --windows-process-check 2026-05-10 08:43:11 [Info] [4992] Loader after check 2026-05-10 08:43:12 [Info] [4992] Enter reuse wait state. 2026-05-10 08:43:17 [Info] [4992] recvmsg: EXIT 2026-05-10 08:43:17 [Info] [4992] Recv Exit Msg, Exit... 2026-05-10 10:24:35 [Info] [5100] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-10 10:24:35 [Info] [5100] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap5311778379873 2026-05-10 10:24:35 [Info] [5100] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-10 10:24:35 [Info] [5100] Resource monitor start 2026-05-10 10:24:35 [Info] [5100] ipc client init success 2026-05-10 10:24:35 [Info] [5100] Ipc init: 0 2026-05-10 10:24:35 [Info] [5100] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-10 10:24:35 [Info] [5100] CResourceMonitor::run Enter 2026-05-10 10:24:35 [Info] [5100] CIpcMsgHandlerMgr::run Enter 2026-05-10 10:24:35 [Info] [5100] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-10 10:24:35 [Info] [5100] start ipc thread id[1404] 2026-05-10 10:24:35 [Info] [5100] Connect Yundun ipc server return state is 0 2026-05-10 10:24:35 [Info] [5100] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-10 10:24:35 [Info] [5100] yundun connected 2026-05-10 10:24:35 [Info] [5100] Report thread 2026-05-10 10:24:35 [Info] [5100] Monitor thread 2026-05-10 10:24:35 [Info] [5100] Loader thread 2026-05-10 10:24:35 [Info] [5100] PythonEngineImpl Init... 2026-05-10 10:24:35 [Info] [5100] recvmsg: HELLO 2026-05-10 10:24:35 [Info] [5100] recvmsg: WORK 2026-05-10 10:24:35 [Info] [5100] no use encode, return to old mode 2026-05-10 10:24:36 [Info] [5100] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 10:24:36 [Info] [5100] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 10:24:36 [Info] [5100] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 10:24:36 [Info] [5100] log fd cnt is [250], real fd cnt is [276] 2026-05-10 10:24:36 [Info] [5100] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 10:24:36 [Info] [5100] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-10 10:24:36 [Info] [5100] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-10 10:24:37 [Info] [5100] log memory size is 20480KB, real memory size is 14672KB 2026-05-10 10:24:37 [Info] [5100] item: --windows-registry-check 2026-05-10 10:24:37 [Info] [5100] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-05-10 10:24:37 [Info] [5100] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-05-10 10:24:37 [Info] [5100] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 10:24:37 [Info] [5100] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 10:24:37 [Info] [5100] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-05-10 10:24:37 [Info] [5100] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-05-10 10:24:38 [Info] [5100] Prepare stage1: --windows-registry-check 2026-05-10 10:24:38 [Info] [5100] Prepare stage2 2026-05-10 10:24:39 [Info] [4608] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-10 10:24:39 [Info] [4608] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap5511778379879 2026-05-10 10:24:39 [Info] [4608] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-10 10:24:39 [Info] [4608] Resource monitor start 2026-05-10 10:24:39 [Info] [4608] ipc client init success 2026-05-10 10:24:39 [Info] [4608] Ipc init: 0 2026-05-10 10:24:39 [Info] [4608] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-10 10:24:39 [Info] [4608] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-10 10:24:39 [Info] [4608] start ipc thread id[4172] 2026-05-10 10:24:39 [Info] [4608] Connect Yundun ipc server return state is 0 2026-05-10 10:24:39 [Info] [4608] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-10 10:24:39 [Info] [4608] CResourceMonitor::run Enter 2026-05-10 10:24:39 [Info] [4608] CIpcMsgHandlerMgr::run Enter 2026-05-10 10:24:39 [Info] [4608] Report thread 2026-05-10 10:24:39 [Info] [4608] Monitor thread 2026-05-10 10:24:39 [Info] [4608] Loader thread 2026-05-10 10:24:39 [Info] [4608] PythonEngineImpl Init... 2026-05-10 10:24:39 [Info] [4608] yundun connected 2026-05-10 10:24:40 [Info] [4608] recvmsg: HELLO 2026-05-10 10:24:40 [Info] [4608] recvmsg: WORK 2026-05-10 10:24:40 [Info] [4608] no use encode, return to old mode 2026-05-10 10:24:40 [Info] [4608] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 10:24:40 [Info] [4608] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 10:24:40 [Info] [4608] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 10:24:40 [Info] [4608] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 10:24:40 [Info] [4608] log fd cnt is [250], real fd cnt is [282] 2026-05-10 10:24:41 [Info] [4608] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-10 10:24:41 [Info] [4608] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-10 10:24:41 [Info] [4608] log memory size is 20480KB, real memory size is 14620KB 2026-05-10 10:24:42 [Info] [4608] item: --windows-schedule-task-check 2026-05-10 10:24:42 [Info] [4608] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-05-10 10:24:42 [Info] [4608] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-05-10 10:24:42 [Info] [4608] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 10:24:42 [Info] [4608] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 10:24:42 [Info] [4608] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-05-10 10:24:42 [Info] [4608] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-05-10 10:24:42 [Info] [4608] Prepare stage1: --windows-schedule-task-check 2026-05-10 10:24:42 [Info] [4608] Prepare stage2 2026-05-10 10:24:46 [Info] [4608] log memory size is 30720KB, real memory size is 23380KB 2026-05-10 10:25:02 [Info] [5100] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-10 10:25:02 [Info] [4608] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-10 10:25:09 [Info] [5100] stage3: --windows-registry-check 2026-05-10 10:25:09 [Info] [5100] Loader after check 2026-05-10 10:25:10 [Info] [5100] Enter reuse wait state. 2026-05-10 10:25:15 [Info] [5100] recvmsg: EXIT 2026-05-10 10:25:15 [Info] [5100] Recv Exit Msg, Exit... 2026-05-10 10:25:19 [Info] [4608] stage3: --windows-schedule-task-check 2026-05-10 10:25:19 [Info] [4608] Loader after check 2026-05-10 10:25:20 [Info] [4608] Enter reuse wait state. 2026-05-10 10:25:21 [Info] [4608] recvmsg: EXIT 2026-05-10 10:25:21 [Info] [4608] Recv Exit Msg, Exit... 2026-05-10 10:26:01 [Info] [844] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-10 10:26:01 [Info] [844] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap8181778379961 2026-05-10 10:26:01 [Info] [844] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-10 10:26:01 [Info] [844] Resource monitor start 2026-05-10 10:26:01 [Info] [844] ipc client init success 2026-05-10 10:26:01 [Info] [844] Ipc init: 0 2026-05-10 10:26:01 [Info] [844] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-10 10:26:01 [Info] [844] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-10 10:26:01 [Info] [844] start ipc thread id[5020] 2026-05-10 10:26:01 [Info] [844] Connect Yundun ipc server return state is 0 2026-05-10 10:26:01 [Info] [844] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-10 10:26:01 [Info] [844] CResourceMonitor::run Enter 2026-05-10 10:26:01 [Info] [844] CIpcMsgHandlerMgr::run Enter 2026-05-10 10:26:01 [Info] [844] Report thread 2026-05-10 10:26:01 [Info] [844] Monitor thread 2026-05-10 10:26:01 [Info] [844] Loader thread 2026-05-10 10:26:01 [Info] [844] PythonEngineImpl Init... 2026-05-10 10:26:01 [Info] [844] yundun connected 2026-05-10 10:26:02 [Info] [844] recvmsg: HELLO 2026-05-10 10:26:02 [Info] [844] recvmsg: WORK 2026-05-10 10:26:02 [Info] [844] no use encode, return to old mode 2026-05-10 10:26:02 [Info] [844] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 10:26:02 [Info] [844] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 10:26:02 [Info] [844] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 10:26:02 [Info] [844] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 10:26:02 [Info] [844] log fd cnt is [250], real fd cnt is [282] 2026-05-10 10:26:02 [Info] [844] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-10 10:26:02 [Info] [844] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-10 10:26:03 [Info] [844] log memory size is 20480KB, real memory size is 14664KB 2026-05-10 10:26:04 [Info] [844] item: --windows-driver-version-check 2026-05-10 10:26:04 [Info] [844] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-05-10 10:26:04 [Info] [844] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-05-10 10:26:04 [Info] [844] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 10:26:04 [Info] [844] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 10:26:04 [Info] [844] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-05-10 10:26:04 [Info] [844] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-05-10 10:26:04 [Info] [844] Prepare stage1: --windows-driver-version-check 2026-05-10 10:26:04 [Info] [844] Prepare stage2 2026-05-10 10:26:04 [Info] [844] stage3: --windows-driver-version-check 2026-05-10 10:26:04 [Info] [844] Loader after check 2026-05-10 10:26:05 [Info] [844] Enter reuse wait state. 2026-05-10 10:26:08 [Info] [844] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-10 10:26:09 [Info] [844] recvmsg: EXIT 2026-05-10 10:26:09 [Info] [844] Recv Exit Msg, Exit... 2026-05-10 10:29:38 [Info] [2640] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-10 10:29:38 [Info] [2640] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap15271778380178 2026-05-10 10:29:38 [Info] [2640] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-10 10:29:38 [Info] [2640] Resource monitor start 2026-05-10 10:29:38 [Info] [2640] ipc client init success 2026-05-10 10:29:38 [Info] [2640] Ipc init: 0 2026-05-10 10:29:38 [Info] [2640] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-10 10:29:38 [Info] [2640] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-10 10:29:38 [Info] [2640] start ipc thread id[1208] 2026-05-10 10:29:38 [Info] [2640] Connect Yundun ipc server return state is 0 2026-05-10 10:29:38 [Info] [2640] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-10 10:29:38 [Info] [2640] CResourceMonitor::run Enter 2026-05-10 10:29:38 [Info] [2640] CIpcMsgHandlerMgr::run Enter 2026-05-10 10:29:38 [Info] [2640] Report thread 2026-05-10 10:29:38 [Info] [2640] Monitor thread 2026-05-10 10:29:38 [Info] [2640] Loader thread 2026-05-10 10:29:38 [Info] [2640] PythonEngineImpl Init... 2026-05-10 10:29:39 [Info] [2640] yundun connected 2026-05-10 10:29:39 [Info] [2640] recvmsg: HELLO 2026-05-10 10:29:39 [Info] [2640] recvmsg: WORK 2026-05-10 10:29:39 [Info] [2640] no use encode, return to old mode 2026-05-10 10:29:39 [Info] [2640] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 10:29:39 [Info] [2640] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 10:29:39 [Info] [2640] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 10:29:39 [Info] [2640] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 10:29:39 [Info] [2640] log fd cnt is [250], real fd cnt is [282] 2026-05-10 10:29:39 [Info] [2640] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-10 10:29:39 [Info] [2640] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-10 10:29:40 [Info] [2640] log memory size is 20480KB, real memory size is 14664KB 2026-05-10 10:29:40 [Info] [2640] item: --tcp-connect-check 2026-05-10 10:29:40 [Info] [2640] cgroup name aegisRtap0 2026-05-10 10:29:40 [Info] [2640] try get sys version 2026-05-10 10:29:40 [Info] [2640] win sys info:2/10:0:3 2026-05-10 10:29:40 [Info] [2640] suit legal version, enable cpu control 2026-05-10 10:29:40 [Info] [2640] get AssignProcessToJobObject handle [00000478] 2026-05-10 10:29:40 [Info] [2640] Set setJobExtended. 2026-05-10 10:29:40 [Info] [2640] Set cpu [9%] 2026-05-10 10:29:40 [Info] [2640] Set cpu success 2026-05-10 10:29:40 [Info] [2640] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-05-10 10:29:40 [Info] [2640] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-05-10 10:29:40 [Info] [2640] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 10:29:41 [Info] [2640] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 10:29:41 [Info] [2640] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-05-10 10:29:41 [Info] [2640] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-05-10 10:29:41 [Info] [2640] Prepare stage1: --tcp-connect-check 2026-05-10 10:29:41 [Info] [2640] Prepare stage2 2026-05-10 10:29:44 [Info] [2640] stage3: --tcp-connect-check 2026-05-10 10:29:44 [Info] [2640] Loader after check 2026-05-10 10:29:45 [Info] [2640] Enter reuse wait state. 2026-05-10 10:29:50 [Info] [2640] recvmsg: EXIT 2026-05-10 10:29:50 [Info] [2640] Recv Exit Msg, Exit... 2026-05-10 10:50:03 [Info] [5116] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-10 10:50:03 [Info] [5116] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap55271778381403 2026-05-10 10:50:03 [Info] [5116] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-10 10:50:03 [Info] [5116] Resource monitor start 2026-05-10 10:50:03 [Info] [5116] ipc client init success 2026-05-10 10:50:03 [Info] [5116] Ipc init: 0 2026-05-10 10:50:03 [Info] [5116] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-10 10:50:03 [Info] [5116] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-10 10:50:03 [Info] [5116] start ipc thread id[2656] 2026-05-10 10:50:03 [Info] [5116] Connect Yundun ipc server return state is 0 2026-05-10 10:50:03 [Info] [5116] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-10 10:50:03 [Info] [5116] CResourceMonitor::run Enter 2026-05-10 10:50:03 [Info] [5116] CIpcMsgHandlerMgr::run Enter 2026-05-10 10:50:03 [Info] [5116] Report thread 2026-05-10 10:50:03 [Info] [5116] Monitor thread 2026-05-10 10:50:03 [Info] [5116] Loader thread 2026-05-10 10:50:03 [Info] [5116] PythonEngineImpl Init... 2026-05-10 10:50:03 [Info] [5116] yundun connected 2026-05-10 10:50:04 [Info] [5116] recvmsg: HELLO 2026-05-10 10:50:04 [Info] [5116] recvmsg: WORK 2026-05-10 10:50:04 [Info] [5116] no use encode, return to old mode 2026-05-10 10:50:04 [Info] [5116] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 10:50:04 [Info] [5116] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 10:50:04 [Info] [5116] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 10:50:04 [Info] [5116] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 10:50:04 [Info] [5116] log fd cnt is [250], real fd cnt is [282] 2026-05-10 10:50:04 [Info] [5116] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-10 10:50:04 [Info] [5116] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-10 10:50:05 [Info] [5116] log memory size is 20480KB, real memory size is 14584KB 2026-05-10 10:50:05 [Info] [5116] item: --windows-sysinfoext-check 2026-05-10 10:50:05 [Info] [5116] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-10 10:50:05 [Info] [5116] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-10 10:50:05 [Info] [5116] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 10:50:06 [Info] [5116] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 10:50:06 [Info] [5116] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-10 10:50:06 [Info] [5116] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-10 10:50:06 [Info] [5116] Prepare stage1: --windows-sysinfoext-check 2026-05-10 10:50:06 [Info] [5116] Prepare stage2 2026-05-10 10:50:06 [Warn] [5116] high cpu, cpu is 12 2026-05-10 10:50:06 [Info] [5116] try get sys version 2026-05-10 10:50:06 [Info] [5116] win sys info:2/10:0:3 2026-05-10 10:50:06 [Info] [5116] suit legal version, enable cpu control 2026-05-10 10:50:06 [Warn] [5116] High CPU Warning: 12 2026-05-10 10:50:06 [Warn] [5116] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:__init__.py line: 87 in func: Moniker File:__init__.py line: 72 in func: GetObject File:wmi.py line: 157 in func: <module> File:windows-sysinfoext-check.py line: 10 in func: <module> 2026-05-10 10:50:09 [Info] [5116] stage3: --windows-sysinfoext-check 2026-05-10 10:50:09 [Info] [5116] Loader after check 2026-05-10 10:50:09 [Info] [5116] log memory size is 30720KB, real memory size is 23032KB 2026-05-10 10:50:10 [Info] [5116] Enter reuse wait state. 2026-05-10 10:50:15 [Info] [5116] recvmsg: EXIT 2026-05-10 10:50:15 [Info] [5116] Recv Exit Msg, Exit... 2026-05-10 17:00:51 [Info] [1400] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-10 17:00:51 [Info] [1400] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap126281778403646 2026-05-10 17:00:51 [Info] [1400] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-10 17:00:51 [Info] [1400] Resource monitor start 2026-05-10 17:00:51 [Info] [1400] ipc client init success 2026-05-10 17:00:51 [Info] [1400] Ipc init: 0 2026-05-10 17:00:51 [Info] [1400] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-10 17:00:51 [Info] [1400] CResourceMonitor::run Enter 2026-05-10 17:00:51 [Info] [1400] CIpcMsgHandlerMgr::run Enter 2026-05-10 17:00:51 [Info] [1400] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-10 17:00:51 [Info] [1400] start ipc thread id[4720] 2026-05-10 17:00:51 [Info] [1400] Connect Yundun ipc server return state is 0 2026-05-10 17:00:52 [Info] [1400] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-10 17:00:52 [Info] [1400] yundun connected 2026-05-10 17:00:52 [Info] [1400] Report thread 2026-05-10 17:00:52 [Info] [1400] Monitor thread 2026-05-10 17:00:52 [Info] [1400] Loader thread 2026-05-10 17:00:52 [Info] [1400] PythonEngineImpl Init... 2026-05-10 17:00:52 [Info] [1400] recvmsg: HELLO 2026-05-10 17:00:52 [Info] [1400] recvmsg: WORK 2026-05-10 17:00:52 [Info] [1400] no use encode, return to old mode 2026-05-10 17:00:52 [Info] [1400] log fd cnt is [250], real fd cnt is [262] 2026-05-10 17:00:52 [Info] [1400] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 17:00:52 [Info] [1400] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 17:00:52 [Info] [1400] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 17:00:52 [Info] [1400] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 17:00:53 [Info] [1400] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-10 17:00:53 [Info] [1400] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-10 17:00:53 [Info] [1400] log memory size is 20480KB, real memory size is 14588KB 2026-05-10 17:00:54 [Info] [1400] item: --windows-sysinfoext-check 2026-05-10 17:00:54 [Info] [1400] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-10 17:00:54 [Info] [1400] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-10 17:00:54 [Info] [1400] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 17:00:54 [Info] [1400] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 17:00:54 [Info] [1400] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-10 17:00:54 [Info] [1400] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-10 17:00:54 [Info] [1400] Prepare stage1: --windows-sysinfoext-check 2026-05-10 17:00:54 [Info] [1400] Prepare stage2 2026-05-10 17:00:57 [Info] [1400] log memory size is 30720KB, real memory size is 22984KB 2026-05-10 17:00:58 [Info] [1400] stage3: --windows-sysinfoext-check 2026-05-10 17:00:58 [Info] [1400] Loader after check 2026-05-10 17:00:58 [Warn] [1400] high cpu, cpu is 15 2026-05-10 17:00:58 [Info] [1400] try get sys version 2026-05-10 17:00:58 [Info] [1400] win sys info:2/10:0:3 2026-05-10 17:00:58 [Info] [1400] suit legal version, enable cpu control 2026-05-10 17:00:58 [Warn] [1400] High CPU Warning: 15 2026-05-10 17:00:58 [Warn] [1400] resource monitor exp type: High CPU Warning, script runing: 0 2026-05-10 17:00:59 [Info] [1400] Enter reuse wait state. 2026-05-10 17:01:02 [Info] [1400] recvmsg: EXIT 2026-05-10 17:01:02 [Info] [1400] Recv Exit Msg, Exit... 2026-05-10 18:01:30 [Info] [4644] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-10 18:01:30 [Info] [4644] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap245281778407290 2026-05-10 18:01:30 [Info] [4644] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-10 18:01:30 [Info] [4644] Resource monitor start 2026-05-10 18:01:30 [Info] [4644] ipc client init success 2026-05-10 18:01:30 [Info] [4644] Ipc init: 0 2026-05-10 18:01:30 [Info] [4644] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-10 18:01:30 [Info] [4644] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-10 18:01:30 [Info] [4644] start ipc thread id[2716] 2026-05-10 18:01:30 [Info] [4644] Connect Yundun ipc server return state is 0 2026-05-10 18:01:30 [Info] [4644] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-10 18:01:30 [Info] [4644] CResourceMonitor::run Enter 2026-05-10 18:01:30 [Info] [4644] CIpcMsgHandlerMgr::run Enter 2026-05-10 18:01:30 [Info] [4644] Report thread 2026-05-10 18:01:30 [Info] [4644] Monitor thread 2026-05-10 18:01:30 [Info] [4644] Loader thread 2026-05-10 18:01:30 [Info] [4644] PythonEngineImpl Init... 2026-05-10 18:01:30 [Info] [4644] yundun connected 2026-05-10 18:01:31 [Info] [4644] recvmsg: HELLO 2026-05-10 18:01:31 [Info] [4644] recvmsg: WORK 2026-05-10 18:01:31 [Info] [4644] no use encode, return to old mode 2026-05-10 18:01:31 [Info] [4644] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 18:01:31 [Info] [4644] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 18:01:31 [Info] [4644] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 18:01:32 [Info] [4644] log fd cnt is [250], real fd cnt is [274] 2026-05-10 18:01:32 [Info] [4644] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 18:01:32 [Info] [4644] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-10 18:01:32 [Info] [4644] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-10 18:01:33 [Info] [4644] log memory size is 20480KB, real memory size is 14624KB 2026-05-10 18:01:33 [Info] [4644] item: --secnet_rasp_agent 2026-05-10 18:01:33 [Info] [4644] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-05-10 18:01:33 [Info] [4644] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-05-10 18:01:33 [Info] [4644] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-05-10 18:01:33 [Info] [4644] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-05-10 18:01:33 [Info] [4644] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-05-10 18:01:33 [Info] [4644] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-05-10 18:01:33 [Info] [4644] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-05-10 18:01:33 [Info] [4644] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-05-10 18:01:33 [Info] [4644] Download redirect files success. 2026-05-10 18:01:33 [Info] [4644] Prepare stage1: --secnet_rasp_agent 2026-05-10 18:01:33 [Info] [4644] Prepare stage2 2026-05-10 18:01:36 [Info] [4644] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-05-10 18:01:36 [Info] [4644] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-05-10 18:01:36 [Info] [4644] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 18:01:36 [Info] [4644] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 18:01:36 [Info] [4644] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-05-10 18:01:36 [Info] [4644] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-05-10 18:01:36 [Info] [4644] stage3: --secnet_rasp_agent 2026-05-10 18:01:36 [Info] [4644] Loader after check 2026-05-10 18:01:37 [Info] [4644] log memory size is 30720KB, real memory size is 21176KB 2026-05-10 18:01:37 [Info] [4644] Enter reuse wait state. 2026-05-10 18:01:42 [Info] [4644] recvmsg: EXIT 2026-05-10 18:01:42 [Info] [4644] Recv Exit Msg, Exit... 2026-05-10 22:30:08 [Info] [4428] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-10 22:30:08 [Info] [4428] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap116101778423403 2026-05-10 22:30:08 [Info] [4428] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-10 22:30:08 [Info] [4428] Resource monitor start 2026-05-10 22:30:08 [Info] [4428] CResourceMonitor::run Enter 2026-05-10 22:30:08 [Info] [4428] ipc client init success 2026-05-10 22:30:08 [Info] [4428] Ipc init: 0 2026-05-10 22:30:08 [Info] [4428] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-10 22:30:08 [Info] [4428] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-10 22:30:08 [Info] [4428] start ipc thread id[4960] 2026-05-10 22:30:08 [Info] [4428] Connect Yundun ipc server return state is 0 2026-05-10 22:30:08 [Info] [4428] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-10 22:30:08 [Info] [4428] CIpcMsgHandlerMgr::run Enter 2026-05-10 22:30:08 [Info] [4428] yundun connected 2026-05-10 22:30:08 [Info] [4428] Report thread 2026-05-10 22:30:08 [Info] [4428] Monitor thread 2026-05-10 22:30:08 [Info] [4428] Loader thread 2026-05-10 22:30:08 [Info] [4428] PythonEngineImpl Init... 2026-05-10 22:30:09 [Info] [4428] recvmsg: HELLO 2026-05-10 22:30:09 [Info] [4428] recvmsg: WORK 2026-05-10 22:30:09 [Info] [4428] no use encode, return to old mode 2026-05-10 22:30:09 [Info] [4428] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 22:30:09 [Info] [4428] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-10 22:30:09 [Info] [4428] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 22:30:09 [Info] [4428] log fd cnt is [250], real fd cnt is [278] 2026-05-10 22:30:09 [Info] [4428] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 22:30:10 [Info] [4428] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-10 22:30:10 [Info] [4428] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-10 22:30:10 [Info] [4428] log memory size is 20480KB, real memory size is 14688KB 2026-05-10 22:30:11 [Info] [4428] item: --windows-sysinfoext-check 2026-05-10 22:30:11 [Info] [4428] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-10 22:30:11 [Info] [4428] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-10 22:30:11 [Info] [4428] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-10 22:30:11 [Info] [4428] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-10 22:30:11 [Info] [4428] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-10 22:30:11 [Info] [4428] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-10 22:30:11 [Info] [4428] Prepare stage1: --windows-sysinfoext-check 2026-05-10 22:30:11 [Info] [4428] Prepare stage2 2026-05-10 22:30:13 [Warn] [4428] high cpu, cpu is 18 2026-05-10 22:30:13 [Info] [4428] try get sys version 2026-05-10 22:30:13 [Info] [4428] win sys info:2/10:0:3 2026-05-10 22:30:13 [Info] [4428] suit legal version, enable cpu control 2026-05-10 22:30:13 [Warn] [4428] High CPU Warning: 18 2026-05-10 22:30:14 [Warn] [4428] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-05-10 22:30:15 [Info] [4428] log memory size is 30720KB, real memory size is 23000KB 2026-05-10 22:30:16 [Info] [4428] stage3: --windows-sysinfoext-check 2026-05-10 22:30:16 [Info] [4428] Loader after check 2026-05-10 22:30:16 [Warn] [4428] high cpu, cpu is 16 2026-05-10 22:30:16 [Warn] [4428] High CPU Warning: 16 2026-05-10 22:30:17 [Info] [4428] Enter reuse wait state. 2026-05-10 22:30:20 [Info] [4428] recvmsg: EXIT 2026-05-10 22:30:20 [Info] [4428] Recv Exit Msg, Exit...