| Server IP : 123.56.80.60 / Your IP : 216.73.216.78 Web Server : Apache/2.4.54 (Win32) OpenSSL/1.1.1s PHP/7.4.33 mod_fcgid/2.3.10-dev System : Windows NT iZhx3sob14hnz7Z 10.0 build 14393 (Windows Server 2016) i586 User : SYSTEM ( 0) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/data/rtap/log/ |
Upload File : |
2026-02-24 16:41:31 [Info] [1564] Prepare stage1: --windows-sysinfoext-check 2026-02-24 16:41:31 [Info] [1564] Prepare stage2 2026-02-24 16:41:32 [Info] [1564] stage3: --windows-sysinfoext-check 2026-02-24 16:41:32 [Info] [1564] Loader after check 2026-02-24 16:41:33 [Warn] [1564] high cpu, cpu is 14 2026-02-24 16:41:33 [Info] [1564] try get sys version 2026-02-24 16:41:33 [Info] [1564] win sys info:2/10:0:3 2026-02-24 16:41:33 [Info] [1564] suit legal version, enable cpu control 2026-02-24 16:41:33 [Warn] [1564] High CPU Warning: 14 2026-02-24 16:41:33 [Warn] [1564] resource monitor exp type: High CPU Warning, script runing: 0 2026-02-24 16:41:33 [Info] [1564] Enter reuse wait state. 2026-02-24 16:41:34 [Info] [1564] log memory size is 30720KB, real memory size is 22992KB 2026-02-24 16:41:35 [Info] [1564] recvmsg: EXIT 2026-02-24 16:41:35 [Info] [1564] Recv Exit Msg, Exit... 2026-02-24 19:42:19 [Info] [4696] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-02-24 19:42:19 [Info] [4696] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap186841771933338 2026-02-24 19:42:19 [Info] [4696] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-02-24 19:42:19 [Info] [4696] Resource monitor start 2026-02-24 19:42:19 [Info] [4696] ipc client init success 2026-02-24 19:42:19 [Info] [4696] Ipc init: 0 2026-02-24 19:42:19 [Info] [4696] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-02-24 19:42:19 [Info] [4696] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-02-24 19:42:19 [Info] [4696] CResourceMonitor::run Enter 2026-02-24 19:42:19 [Info] [4696] CIpcMsgHandlerMgr::run Enter 2026-02-24 19:42:19 [Info] [4696] start ipc thread id[3252] 2026-02-24 19:42:19 [Info] [4696] Connect Yundun ipc server return state is 0 2026-02-24 19:42:20 [Info] [4696] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-02-24 19:42:20 [Info] [4696] yundun connected 2026-02-24 19:42:20 [Info] [4696] Report thread 2026-02-24 19:42:20 [Info] [4696] Monitor thread 2026-02-24 19:42:20 [Info] [4696] Loader thread 2026-02-24 19:42:20 [Info] [4696] PythonEngineImpl Init... 2026-02-24 19:42:20 [Info] [4696] recvmsg: HELLO 2026-02-24 19:42:20 [Info] [4696] recvmsg: WORK 2026-02-24 19:42:20 [Info] [4696] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-02-24 19:42:20 [Info] [4696] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-02-24 19:42:20 [Info] [4696] start post buffer update.aegis.aliyun.com/file_policy/file 2026-02-24 19:42:20 [Info] [4696] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-02-24 19:42:20 [Info] [4696] log fd cnt is [250], real fd cnt is [282] 2026-02-24 19:42:20 [Info] [4696] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-02-24 19:42:20 [Info] [4696] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-02-24 19:42:21 [Info] [4696] log memory size is 20480KB, real memory size is 14592KB 2026-02-24 19:42:22 [Info] [4696] item: --secnet_rasp_agent 2026-02-24 19:42:22 [Info] [4696] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-02-24 19:42:22 [Info] [4696] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-02-24 19:42:22 [Info] [4696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-02-24 19:42:22 [Info] [4696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-02-24 19:42:22 [Info] [4696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-02-24 19:42:22 [Info] [4696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-02-24 19:42:22 [Info] [4696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-02-24 19:42:22 [Info] [4696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-02-24 19:42:22 [Info] [4696] Download redirect files success. 2026-02-24 19:42:22 [Info] [4696] Prepare stage1: --secnet_rasp_agent 2026-02-24 19:42:22 [Info] [4696] Prepare stage2 2026-02-24 19:42:23 [Info] [4696] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-02-24 19:42:23 [Info] [4696] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-02-24 19:42:23 [Info] [4696] start post buffer update.aegis.aliyun.com/file_policy/file 2026-02-24 19:42:23 [Info] [4696] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-02-24 19:42:24 [Info] [4696] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-02-24 19:42:24 [Info] [4696] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-02-24 19:42:24 [Info] [4696] stage3: --secnet_rasp_agent 2026-02-24 19:42:24 [Info] [4696] Loader after check 2026-02-24 19:42:25 [Info] [4696] Enter reuse wait state. 2026-02-24 19:42:25 [Info] [4696] log memory size is 30720KB, real memory size is 21184KB 2026-02-24 19:42:27 [Info] [4696] recvmsg: EXIT 2026-02-24 19:42:27 [Info] [4696] Recv Exit Msg, Exit... 2026-02-24 22:08:35 [Info] [3852] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-02-24 22:08:35 [Info] [3852] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap145201771942097 2026-02-24 22:08:35 [Info] [3852] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-02-24 22:08:35 [Info] [3852] Resource monitor start 2026-02-24 22:08:35 [Info] [3852] ipc client init success 2026-02-24 22:08:35 [Info] [3852] Ipc init: 0 2026-02-24 22:08:35 [Info] [3852] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-02-24 22:08:35 [Info] [3852] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-02-24 22:08:35 [Info] [3852] start ipc thread id[748] 2026-02-24 22:08:35 [Info] [3852] Connect Yundun ipc server return state is 0 2026-02-24 22:08:35 [Info] [3852] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-02-24 22:08:35 [Info] [3852] CResourceMonitor::run Enter 2026-02-24 22:08:35 [Info] [3852] CIpcMsgHandlerMgr::run Enter 2026-02-24 22:08:35 [Info] [3852] yundun connected 2026-02-24 22:08:35 [Info] [3852] Report thread 2026-02-24 22:08:35 [Info] [3852] Monitor thread 2026-02-24 22:08:35 [Info] [3852] Loader thread 2026-02-24 22:08:35 [Info] [3852] PythonEngineImpl Init... 2026-02-24 22:08:36 [Info] [3852] recvmsg: HELLO 2026-02-24 22:08:36 [Info] [3852] recvmsg: WORK 2026-02-24 22:08:36 [Info] [3852] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-02-24 22:08:36 [Info] [3852] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-02-24 22:08:36 [Info] [3852] start post buffer update.aegis.aliyun.com/file_policy/file 2026-02-24 22:08:36 [Info] [3852] log fd cnt is [250], real fd cnt is [274] 2026-02-24 22:08:38 [Info] [3852] log memory size is 20480KB, real memory size is 13300KB 2026-02-24 22:08:42 [Info] [1068] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-02-24 22:08:42 [Info] [1068] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap145911771942119 2026-02-24 22:08:42 [Info] [1068] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-02-24 22:08:42 [Info] [1068] Resource monitor start 2026-02-24 22:08:42 [Info] [1068] ipc client init success 2026-02-24 22:08:42 [Info] [1068] Ipc init: 0 2026-02-24 22:08:42 [Info] [1068] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-02-24 22:08:42 [Info] [1068] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-02-24 22:08:42 [Info] [1068] start ipc thread id[2120] 2026-02-24 22:08:42 [Info] [1068] Connect Yundun ipc server return state is 0 2026-02-24 22:08:42 [Info] [1068] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-02-24 22:08:43 [Info] [1068] CResourceMonitor::run Enter 2026-02-24 22:08:43 [Info] [1068] CIpcMsgHandlerMgr::run Enter 2026-02-24 22:08:43 [Info] [1068] yundun connected 2026-02-24 22:08:43 [Info] [1068] Report thread 2026-02-24 22:08:43 [Info] [1068] Monitor thread 2026-02-24 22:08:43 [Info] [1068] Loader thread 2026-02-24 22:08:43 [Info] [1068] PythonEngineImpl Init... 2026-02-24 22:08:43 [Info] [3852] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-02-24 22:08:44 [Info] [1068] recvmsg: HELLO 2026-02-24 22:08:44 [Info] [1068] log fd cnt is [250], real fd cnt is [263] 2026-02-24 22:08:44 [Info] [1068] recvmsg: WORK 2026-02-24 22:08:45 [Info] [1068] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-02-24 22:08:45 [Info] [3852] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-02-24 22:08:45 [Info] [3852] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-02-24 22:08:45 [Info] [1068] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-02-24 22:08:45 [Info] [1068] start post buffer update.aegis.aliyun.com/file_policy/file 2026-02-24 22:08:45 [Info] [1068] log memory size is 20480KB, real memory size is 13412KB 2026-02-24 22:08:47 [Info] [1068] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-02-24 22:08:47 [Info] [1068] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-02-24 22:08:47 [Info] [1068] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-02-24 22:08:49 [Info] [3852] item: --windows-sysinfoext-check 2026-02-24 22:08:49 [Info] [3852] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-02-24 22:08:49 [Info] [3852] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-02-24 22:08:49 [Info] [3852] start post buffer update.aegis.aliyun.com/file_policy/file 2026-02-24 22:08:50 [Info] [1068] item: --windows-vul-check 2026-02-24 22:08:50 [Info] [1068] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-02-24 22:08:50 [Info] [1068] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-02-24 22:08:51 [Info] [1068] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py 2026-02-24 22:08:49 [Info] [3852] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-02-24 22:08:51 [Info] [1068] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-02-24 22:08:51 [Info] [1068] Download redirect files success. 2026-02-24 22:08:51 [Info] [1068] Prepare stage1: --windows-vul-check 2026-02-24 22:08:51 [Info] [1068] Prepare stage2 2026-02-24 22:08:55 [Info] [1068] log memory size is 30720KB, real memory size is 20928KB 2026-02-24 22:08:59 [Info] [1068] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-02-24 22:08:59 [Info] [1068] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-02-24 22:08:59 [Info] [1068] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-02-24 22:08:59 [Info] [1068] start post buffer update.aegis.aliyun.com/file_policy/file 2026-02-24 22:08:59 [Info] [1068] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-02-24 22:09:00 [Info] [1068] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-02-24 22:09:00 [Info] [1068] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-02-24 22:09:00 [Info] [1068] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0 2026-02-24 22:09:00 [Info] [1068] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0 2026-02-24 22:09:00 [Info] [1068] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat 2026-02-24 22:08:49 [Info] [3852] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-02-24 22:08:49 [Info] [3852] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-02-24 22:08:50 [Info] [3852] Prepare stage1: --windows-sysinfoext-check 2026-02-24 22:08:50 [Info] [3852] Prepare stage2 2026-02-24 22:08:59 [Info] [3852] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-02-24 22:09:01 [Info] [1068] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat 2026-02-24 22:09:03 [Info] [1068] stage3: --windows-vul-check 2026-02-24 22:09:03 [Info] [1068] Loader after check 2026-02-24 22:09:05 [Info] [1068] Enter reuse wait state. 2026-02-24 22:09:07 [Info] [3852] log memory size is 30720KB, real memory size is 20776KB 2026-02-24 22:09:10 [Info] [1068] recvmsg: EXIT 2026-02-24 22:09:10 [Info] [1068] Recv Exit Msg, Exit... 2026-02-24 22:09:57 [Info] [3852] log fd cnt is [300], real fd cnt is [396] 2026-02-24 22:10:00 [Info] [3852] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-02-24 22:10:25 [Info] [3852] stage3: --windows-sysinfoext-check 2026-02-24 22:10:25 [Info] [3852] Loader after check 2026-02-24 22:10:27 [Info] [3852] Enter reuse wait state. 2026-02-24 22:10:29 [Info] [3852] recvmsg: EXIT 2026-02-24 22:10:29 [Info] [3852] Recv Exit Msg, Exit... 2026-03-03 02:19:38 [Info] [1560] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-03 02:19:38 [Info] [1560] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap198911772475563 2026-03-03 02:19:38 [Info] [1560] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-03 02:19:38 [Info] [1560] Resource monitor start 2026-03-03 02:19:38 [Info] [1560] ipc client init success 2026-03-03 02:19:38 [Info] [1560] Ipc init: 0 2026-03-03 02:19:38 [Info] [1560] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-03 02:19:38 [Info] [1560] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-03 02:19:38 [Info] [1560] CResourceMonitor::run Enter 2026-03-03 02:19:38 [Info] [1560] CIpcMsgHandlerMgr::run Enter 2026-03-03 02:19:38 [Info] [1560] start ipc thread id[1524] 2026-03-03 02:19:38 [Info] [1560] Connect Yundun ipc server return state is 0 2026-03-03 02:19:39 [Info] [1560] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-03 02:19:39 [Info] [1560] yundun connected 2026-03-03 02:19:39 [Info] [1560] Report thread 2026-03-03 02:19:39 [Info] [1560] Monitor thread 2026-03-03 02:19:39 [Info] [1560] Loader thread 2026-03-03 02:19:39 [Info] [1560] PythonEngineImpl Init... 2026-03-03 02:19:39 [Info] [1560] recvmsg: HELLO 2026-03-03 02:19:39 [Info] [1560] recvmsg: WORK 2026-03-03 02:19:39 [Info] [1560] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 02:19:39 [Info] [1560] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 02:19:39 [Info] [1560] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 02:19:39 [Info] [1560] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 02:19:39 [Info] [1560] log fd cnt is [250], real fd cnt is [286] 2026-03-03 02:19:40 [Info] [1560] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-03 02:19:40 [Info] [1560] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-03 02:19:40 [Info] [1560] log memory size is 20480KB, real memory size is 14596KB 2026-03-03 02:19:41 [Info] [1560] item: --windows-sysinfoext-check 2026-03-03 02:19:41 [Info] [1560] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-03 02:19:41 [Info] [1560] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-03 02:19:41 [Info] [1560] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 02:19:41 [Info] [1560] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 02:19:41 [Info] [1560] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-03 02:19:41 [Info] [1560] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-03 02:19:41 [Info] [1560] Prepare stage1: --windows-sysinfoext-check 2026-03-03 02:19:41 [Info] [1560] Prepare stage2 2026-03-03 02:19:44 [Info] [1560] stage3: --windows-sysinfoext-check 2026-03-03 02:19:44 [Info] [1560] Loader after check 2026-03-03 02:19:44 [Info] [1560] log memory size is 30720KB, real memory size is 22984KB 2026-03-03 02:19:45 [Info] [1560] Enter reuse wait state. 2026-03-03 02:19:50 [Info] [1560] recvmsg: EXIT 2026-03-03 02:19:50 [Info] [1560] Recv Exit Msg, Exit... 2026-03-03 07:46:58 [Info] [1908] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-03 07:46:58 [Info] [1908] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap185241772495213 2026-03-03 07:46:58 [Info] [1908] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-03 07:46:58 [Info] [1908] Resource monitor start 2026-03-03 07:47:04 [Info] [1908] ipc client init success 2026-03-03 07:47:04 [Info] [1908] Ipc init: 0 2026-03-03 07:47:04 [Info] [1908] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-03 07:47:08 [Info] [1908] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-03 07:47:08 [Info] [1908] start ipc thread id[4972] 2026-03-03 07:47:08 [Info] [1908] Connect Yundun ipc server return state is 0 2026-03-03 07:47:08 [Info] [1908] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-03 07:47:08 [Info] [1908] CResourceMonitor::run Enter 2026-03-03 07:47:08 [Info] [1908] CIpcMsgHandlerMgr::run Enter 2026-03-03 07:47:08 [Info] [1908] Report thread 2026-03-03 07:47:08 [Info] [1908] Monitor thread 2026-03-03 07:47:08 [Info] [1908] Loader thread 2026-03-03 07:47:08 [Info] [1908] PythonEngineImpl Init... 2026-03-03 07:47:08 [Info] [1908] yundun connected 2026-03-03 07:47:08 [Info] [1908] recvmsg: HELLO 2026-03-03 07:47:09 [Info] [1908] recvmsg: WORK 2026-03-03 07:47:09 [Info] [1908] log fd cnt is [250], real fd cnt is [263] 2026-03-03 07:47:09 [Info] [1908] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 07:47:09 [Info] [1908] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 07:47:09 [Info] [1908] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 07:47:09 [Info] [1908] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 07:47:09 [Info] [1908] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-03 07:47:09 [Info] [1908] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-03 07:47:10 [Info] [1908] log memory size is 20480KB, real memory size is 14488KB 2026-03-03 07:47:10 [Info] [1908] item: --windows-sysinfoext-check 2026-03-03 07:47:10 [Info] [1908] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-03 07:47:10 [Info] [1908] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-03 07:47:10 [Info] [1908] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 07:47:10 [Info] [1908] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 07:47:11 [Info] [1908] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-03 07:47:11 [Info] [1908] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-03 07:47:11 [Info] [1908] Prepare stage1: --windows-sysinfoext-check 2026-03-03 07:47:11 [Info] [1908] Prepare stage2 2026-03-03 07:47:12 [Info] [1908] stage3: --windows-sysinfoext-check 2026-03-03 07:47:12 [Info] [1908] Loader after check 2026-03-03 07:47:13 [Warn] [1908] high cpu, cpu is 12 2026-03-03 07:47:13 [Info] [1908] try get sys version 2026-03-03 07:47:13 [Info] [1908] win sys info:2/10:0:3 2026-03-03 07:47:13 [Info] [1908] suit legal version, enable cpu control 2026-03-03 07:47:13 [Warn] [1908] High CPU Warning: 12 2026-03-03 07:47:13 [Warn] [1908] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-03 07:47:13 [Info] [1908] Enter reuse wait state. 2026-03-03 07:47:14 [Info] [1908] log memory size is 30720KB, real memory size is 22932KB 2026-03-03 07:47:15 [Info] [1908] recvmsg: EXIT 2026-03-03 07:47:15 [Info] [1908] Recv Exit Msg, Exit... 2026-03-03 08:07:46 [Info] [1560] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-03 08:07:46 [Info] [1560] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap226151772496466 2026-03-03 08:07:46 [Info] [1560] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-03 08:07:46 [Info] [1560] Resource monitor start 2026-03-03 08:07:46 [Info] [1560] ipc client init success 2026-03-03 08:07:46 [Info] [1560] Ipc init: 0 2026-03-03 08:07:46 [Info] [1560] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-03 08:07:46 [Info] [1560] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-03 08:07:46 [Info] [1560] start ipc thread id[1484] 2026-03-03 08:07:46 [Info] [1560] Connect Yundun ipc server return state is 0 2026-03-03 08:07:46 [Info] [1560] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-03 08:07:46 [Info] [1560] CResourceMonitor::run Enter 2026-03-03 08:07:46 [Info] [1560] CIpcMsgHandlerMgr::run Enter 2026-03-03 08:07:46 [Info] [1560] Report thread 2026-03-03 08:07:46 [Info] [1560] Monitor thread 2026-03-03 08:07:46 [Info] [1560] Loader thread 2026-03-03 08:07:46 [Info] [1560] PythonEngineImpl Init... 2026-03-03 08:07:46 [Info] [1560] yundun connected 2026-03-03 08:07:47 [Info] [1560] recvmsg: HELLO 2026-03-03 08:07:47 [Info] [1560] recvmsg: WORK 2026-03-03 08:07:47 [Info] [1560] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 08:07:47 [Info] [1560] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 08:07:47 [Info] [1560] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 08:07:47 [Info] [1560] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 08:07:47 [Info] [1560] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-03 08:07:47 [Info] [1560] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-03 08:07:47 [Warn] [1560] high cpu, cpu is 12 2026-03-03 08:07:47 [Info] [1560] try get sys version 2026-03-03 08:07:47 [Info] [1560] win sys info:2/10:0:3 2026-03-03 08:07:47 [Info] [1560] suit legal version, enable cpu control 2026-03-03 08:07:47 [Warn] [1560] High CPU Warning: 12 2026-03-03 08:07:47 [Warn] [1560] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-03 08:07:47 [Info] [1560] log fd cnt is [250], real fd cnt is [281] 2026-03-03 08:07:48 [Info] [1560] log memory size is 20480KB, real memory size is 14532KB 2026-03-03 08:07:48 [Info] [1560] item: --windows-vul-clean 2026-03-03 08:07:48 [Info] [1560] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-03 08:07:48 [Info] [1560] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-03 08:07:48 [Info] [1560] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 08:07:48 [Info] [1560] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 08:07:49 [Info] [1560] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-03-03 08:07:49 [Info] [1560] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-03-03 08:07:49 [Info] [1560] Prepare stage1: --windows-vul-clean 2026-03-03 08:07:49 [Info] [1560] Prepare stage2 2026-03-03 08:07:49 [Info] [1560] stage3: --windows-vul-clean 2026-03-03 08:07:49 [Info] [1560] Loader after check 2026-03-03 08:07:50 [Info] [1560] Enter reuse wait state. 2026-03-03 08:07:54 [Info] [1560] recvmsg: EXIT 2026-03-03 08:07:54 [Info] [1560] Recv Exit Msg, Exit... 2026-03-03 08:59:07 [Info] [3316] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-03 08:59:07 [Info] [3316] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap326771772499547 2026-03-03 08:59:07 [Info] [3316] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-03 08:59:07 [Info] [3316] Resource monitor start 2026-03-03 08:59:07 [Info] [3316] ipc client init success 2026-03-03 08:59:07 [Info] [3316] Ipc init: 0 2026-03-03 08:59:07 [Info] [3316] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-03 08:59:07 [Info] [3316] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-03 08:59:07 [Info] [3316] start ipc thread id[4336] 2026-03-03 08:59:07 [Info] [3316] Connect Yundun ipc server return state is 0 2026-03-03 08:59:07 [Info] [3316] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-03 08:59:07 [Info] [3316] CResourceMonitor::run Enter 2026-03-03 08:59:07 [Info] [3316] CIpcMsgHandlerMgr::run Enter 2026-03-03 08:59:07 [Info] [3316] Report thread 2026-03-03 08:59:07 [Info] [3316] Monitor thread 2026-03-03 08:59:07 [Info] [3316] Loader thread 2026-03-03 08:59:07 [Info] [3316] PythonEngineImpl Init... 2026-03-03 08:59:07 [Info] [3316] yundun connected 2026-03-03 08:59:08 [Info] [3316] recvmsg: HELLO 2026-03-03 08:59:08 [Info] [3316] recvmsg: WORK 2026-03-03 08:59:08 [Info] [3316] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 08:59:08 [Info] [3316] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 08:59:08 [Info] [3316] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 08:59:08 [Info] [3316] log fd cnt is [250], real fd cnt is [282] 2026-03-03 08:59:08 [Info] [3316] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 08:59:08 [Info] [3316] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-03 08:59:08 [Info] [3316] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-03 08:59:09 [Info] [3316] log memory size is 20480KB, real memory size is 14504KB 2026-03-03 08:59:10 [Info] [3316] item: --windows-process-check 2026-03-03 08:59:10 [Info] [3316] cgroup name aegisRtap0 2026-03-03 08:59:10 [Info] [3316] try get sys version 2026-03-03 08:59:10 [Info] [3316] win sys info:2/10:0:3 2026-03-03 08:59:10 [Info] [3316] suit legal version, enable cpu control 2026-03-03 08:59:10 [Info] [3316] get AssignProcessToJobObject handle [00000478] 2026-03-03 08:59:10 [Info] [3316] Set setJobExtended. 2026-03-03 08:59:10 [Info] [3316] Set cpu [9%] 2026-03-03 08:59:10 [Info] [3316] Set cpu success 2026-03-03 08:59:10 [Info] [3316] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-03 08:59:10 [Info] [3316] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-03 08:59:10 [Info] [3316] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 08:59:10 [Info] [3316] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 08:59:10 [Info] [3316] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-03-03 08:59:10 [Info] [3316] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-03-03 08:59:10 [Info] [3316] Prepare stage1: --windows-process-check 2026-03-03 08:59:10 [Info] [3316] Prepare stage2 2026-03-03 08:59:13 [Info] [3316] log memory size is 30720KB, real memory size is 20496KB 2026-03-03 08:59:29 [Info] [3316] stage3: --windows-process-check 2026-03-03 08:59:29 [Info] [3316] Loader after check 2026-03-03 08:59:30 [Info] [3316] Enter reuse wait state. 2026-03-03 08:59:31 [Info] [3316] recvmsg: EXIT 2026-03-03 08:59:31 [Info] [3316] Recv Exit Msg, Exit... 2026-03-03 10:35:26 [Info] [2076] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-03 10:35:26 [Info] [2076] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap187771772505325 2026-03-03 10:35:26 [Info] [2076] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-03 10:35:27 [Info] [2076] Resource monitor start 2026-03-03 10:35:27 [Info] [2076] ipc client init success 2026-03-03 10:35:27 [Info] [2076] Ipc init: 0 2026-03-03 10:35:27 [Info] [2076] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-03 10:35:27 [Info] [2076] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-03 10:35:27 [Info] [2076] CResourceMonitor::run Enter 2026-03-03 10:35:27 [Info] [2076] CIpcMsgHandlerMgr::run Enter 2026-03-03 10:35:27 [Info] [2076] start ipc thread id[640] 2026-03-03 10:35:27 [Info] [2076] Connect Yundun ipc server return state is 0 2026-03-03 10:35:27 [Info] [2076] yundun connected 2026-03-03 10:35:27 [Info] [2076] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-03 10:35:27 [Info] [2076] Report thread 2026-03-03 10:35:27 [Info] [2076] Monitor thread 2026-03-03 10:35:27 [Info] [2076] Loader thread 2026-03-03 10:35:27 [Info] [2076] PythonEngineImpl Init... 2026-03-03 10:35:27 [Info] [2076] recvmsg: HELLO 2026-03-03 10:35:27 [Info] [2076] recvmsg: WORK 2026-03-03 10:35:27 [Info] [2076] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 10:35:27 [Info] [2076] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 10:35:27 [Info] [2076] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 10:35:28 [Info] [2076] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 10:35:28 [Info] [2076] log fd cnt is [250], real fd cnt is [282] 2026-03-03 10:35:28 [Info] [2076] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-03 10:35:28 [Info] [2076] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-03 10:35:29 [Info] [2076] log memory size is 20480KB, real memory size is 14684KB 2026-03-03 10:35:29 [Info] [2076] item: --windows-driver-version-check 2026-03-03 10:35:29 [Info] [2076] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-03 10:35:29 [Info] [2076] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-03 10:35:29 [Info] [2076] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 10:35:29 [Info] [2076] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 10:35:29 [Info] [2076] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-03-03 10:35:29 [Info] [2076] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-03-03 10:35:30 [Info] [2076] Prepare stage1: --windows-driver-version-check 2026-03-03 10:35:30 [Info] [2076] Prepare stage2 2026-03-03 10:35:30 [Info] [2076] stage3: --windows-driver-version-check 2026-03-03 10:35:30 [Info] [2076] Loader after check 2026-03-03 10:35:31 [Info] [2076] Enter reuse wait state. 2026-03-03 10:35:34 [Info] [2076] recvmsg: EXIT 2026-03-03 10:35:34 [Info] [2076] Recv Exit Msg, Exit... 2026-03-03 10:36:30 [Info] [4832] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-03 10:36:30 [Info] [4832] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap189891772505390 2026-03-03 10:36:30 [Info] [4832] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-03 10:36:30 [Info] [4832] Resource monitor start 2026-03-03 10:36:30 [Info] [4832] ipc client init success 2026-03-03 10:36:30 [Info] [4832] Ipc init: 0 2026-03-03 10:36:30 [Info] [4832] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-03 10:36:30 [Info] [4832] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-03 10:36:30 [Info] [4832] start ipc thread id[2884] 2026-03-03 10:36:30 [Info] [4832] Connect Yundun ipc server return state is 0 2026-03-03 10:36:30 [Info] [4832] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-03 10:36:30 [Info] [4832] CResourceMonitor::run Enter 2026-03-03 10:36:30 [Info] [4832] CIpcMsgHandlerMgr::run Enter 2026-03-03 10:36:30 [Info] [4832] Report thread 2026-03-03 10:36:30 [Info] [4832] Monitor thread 2026-03-03 10:36:30 [Info] [4832] Loader thread 2026-03-03 10:36:30 [Info] [4832] PythonEngineImpl Init... 2026-03-03 10:36:30 [Info] [4832] yundun connected 2026-03-03 10:36:31 [Info] [4832] recvmsg: HELLO 2026-03-03 10:36:31 [Info] [4832] recvmsg: WORK 2026-03-03 10:36:31 [Info] [4832] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 10:36:31 [Info] [4832] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 10:36:31 [Info] [4832] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 10:36:31 [Info] [4832] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 10:36:31 [Info] [4832] log fd cnt is [250], real fd cnt is [282] 2026-03-03 10:36:31 [Info] [4832] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-03 10:36:31 [Info] [4832] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-03 10:36:32 [Info] [4832] log memory size is 20480KB, real memory size is 14496KB 2026-03-03 10:36:32 [Info] [4832] item: --windows-registry-check 2026-03-03 10:36:32 [Info] [4832] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-03 10:36:32 [Info] [4832] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-03 10:36:32 [Info] [4832] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 10:36:32 [Info] [4832] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 10:36:32 [Info] [4832] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-03-03 10:36:32 [Info] [4832] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-03-03 10:36:33 [Info] [4832] Prepare stage1: --windows-registry-check 2026-03-03 10:36:33 [Info] [4832] Prepare stage2 2026-03-03 10:37:02 [Info] [4832] stage3: --windows-registry-check 2026-03-03 10:37:02 [Info] [4832] Loader after check 2026-03-03 10:37:03 [Info] [4832] Enter reuse wait state. 2026-03-03 10:37:05 [Info] [4832] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-03 10:37:06 [Info] [4832] recvmsg: EXIT 2026-03-03 10:37:06 [Info] [4832] Recv Exit Msg, Exit... 2026-03-03 10:48:06 [Info] [5028] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-03 10:48:06 [Info] [5028] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap212591772506085 2026-03-03 10:48:06 [Info] [5028] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-03 10:48:06 [Info] [5028] Resource monitor start 2026-03-03 10:48:06 [Info] [5028] ipc client init success 2026-03-03 10:48:06 [Info] [5028] Ipc init: 0 2026-03-03 10:48:06 [Info] [5028] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-03 10:48:06 [Info] [5028] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-03 10:48:06 [Info] [5028] start ipc thread id[4672] 2026-03-03 10:48:06 [Info] [5028] Connect Yundun ipc server return state is 0 2026-03-03 10:48:06 [Info] [5028] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-03 10:48:06 [Info] [5028] CResourceMonitor::run Enter 2026-03-03 10:48:06 [Info] [5028] CIpcMsgHandlerMgr::run Enter 2026-03-03 10:48:06 [Info] [5028] yundun connected 2026-03-03 10:48:06 [Info] [5028] Report thread 2026-03-03 10:48:06 [Info] [5028] Monitor thread 2026-03-03 10:48:06 [Info] [5028] Loader thread 2026-03-03 10:48:06 [Info] [5028] PythonEngineImpl Init... 2026-03-03 10:48:06 [Info] [5028] recvmsg: HELLO 2026-03-03 10:48:06 [Info] [5028] recvmsg: WORK 2026-03-03 10:48:07 [Info] [5028] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 10:48:07 [Info] [5028] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 10:48:07 [Info] [5028] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 10:48:07 [Info] [5028] log fd cnt is [250], real fd cnt is [264] 2026-03-03 10:48:08 [Info] [5028] log memory size is 20480KB, real memory size is 14272KB 2026-03-03 10:48:08 [Info] [5028] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 10:48:08 [Info] [5028] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-03 10:48:08 [Info] [5028] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-03 10:48:09 [Info] [5028] item: --windows-schedule-task-check 2026-03-03 10:48:09 [Info] [5028] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-03 10:48:09 [Info] [5028] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-03 10:48:09 [Info] [5028] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 10:48:09 [Info] [5028] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 10:48:10 [Info] [5028] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-03-03 10:48:10 [Info] [5028] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-03-03 10:48:10 [Info] [5028] Prepare stage1: --windows-schedule-task-check 2026-03-03 10:48:10 [Info] [5028] Prepare stage2 2026-03-03 10:48:11 [Warn] [5028] high cpu, cpu is 15 2026-03-03 10:48:11 [Info] [5028] try get sys version 2026-03-03 10:48:11 [Info] [5028] win sys info:2/10:0:3 2026-03-03 10:48:11 [Info] [5028] suit legal version, enable cpu control 2026-03-03 10:48:11 [Warn] [5028] High CPU Warning: 15 2026-03-03 10:48:11 [Warn] [5028] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-schedule-task-check.py line: 408 in func: GetScheduleTaskByCom File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks File:windows-schedule-task-check.py line: 425 in func: check File:windows-schedule-task-check.py line: 61 in func: main File:windows-schedule-task-check.py line: 433 in func: start 2026-03-03 10:48:12 [Info] [5028] log memory size is 30720KB, real memory size is 23220KB 2026-03-03 10:48:42 [Info] [5028] stage3: --windows-schedule-task-check 2026-03-03 10:48:42 [Info] [5028] Loader after check 2026-03-03 10:48:43 [Info] [5028] Enter reuse wait state. 2026-03-03 10:48:45 [Info] [5028] recvmsg: EXIT 2026-03-03 10:48:45 [Info] [5028] Recv Exit Msg, Exit... 2026-03-03 11:16:43 [Info] [1244] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-03 11:16:43 [Info] [1244] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap268691772507803 2026-03-03 11:16:43 [Info] [1244] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-03 11:16:43 [Info] [1244] Resource monitor start 2026-03-03 11:16:43 [Info] [1244] ipc client init success 2026-03-03 11:16:43 [Info] [1244] Ipc init: 0 2026-03-03 11:16:43 [Info] [1244] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-03 11:16:43 [Info] [1244] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-03 11:16:43 [Info] [1244] start ipc thread id[4872] 2026-03-03 11:16:43 [Info] [1244] Connect Yundun ipc server return state is 0 2026-03-03 11:16:43 [Info] [1244] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-03 11:16:43 [Info] [1244] CResourceMonitor::run Enter 2026-03-03 11:16:43 [Info] [1244] CIpcMsgHandlerMgr::run Enter 2026-03-03 11:16:43 [Info] [1244] Report thread 2026-03-03 11:16:43 [Info] [1244] Monitor thread 2026-03-03 11:16:43 [Info] [1244] Loader thread 2026-03-03 11:16:43 [Info] [1244] PythonEngineImpl Init... 2026-03-03 11:16:43 [Info] [1244] yundun connected 2026-03-03 11:16:43 [Info] [1244] recvmsg: HELLO 2026-03-03 11:16:43 [Info] [1244] recvmsg: WORK 2026-03-03 11:16:43 [Info] [1244] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 11:16:43 [Info] [1244] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 11:16:43 [Info] [1244] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 11:16:44 [Info] [1244] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 11:16:44 [Info] [1244] log fd cnt is [250], real fd cnt is [282] 2026-03-03 11:16:44 [Info] [1244] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-03 11:16:44 [Info] [1244] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-03 11:16:45 [Info] [1244] log memory size is 20480KB, real memory size is 14508KB 2026-03-03 11:16:45 [Info] [1244] item: --windows-autorun-item-check 2026-03-03 11:16:45 [Info] [1244] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-03 11:16:45 [Info] [1244] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-03 11:16:45 [Info] [1244] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 11:16:45 [Info] [1244] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 11:16:45 [Info] [1244] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-03-03 11:16:45 [Info] [1244] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-03-03 11:16:45 [Info] [1244] Prepare stage1: --windows-autorun-item-check 2026-03-03 11:16:45 [Info] [1244] Prepare stage2 2026-03-03 11:16:46 [Warn] [1244] high cpu, cpu is 17 2026-03-03 11:16:46 [Info] [1244] try get sys version 2026-03-03 11:16:46 [Info] [1244] win sys info:2/10:0:3 2026-03-03 11:16:46 [Info] [1244] suit legal version, enable cpu control 2026-03-03 11:16:46 [Warn] [1244] High CPU Warning: 17 2026-03-03 11:16:46 [Warn] [1244] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:__init__.py line: 3 in func: <module> File:windows-autorun-item-check.py line: 143 in func: <module> 2026-03-03 11:16:49 [Info] [1244] log memory size is 30720KB, real memory size is 22300KB 2026-03-03 11:16:56 [Info] [1244] stage3: --windows-autorun-item-check 2026-03-03 11:16:56 [Info] [1244] Loader after check 2026-03-03 11:16:56 [Warn] [1244] high cpu, cpu is 12 2026-03-03 11:16:56 [Warn] [1244] High CPU Warning: 12 2026-03-03 11:16:56 [Warn] [1244] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-03 11:16:57 [Info] [1244] Enter reuse wait state. 2026-03-03 11:16:58 [Info] [1244] recvmsg: EXIT 2026-03-03 11:16:58 [Info] [1244] Recv Exit Msg, Exit... 2026-03-03 11:32:28 [Info] [4228] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-03 11:32:28 [Info] [4228] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap299521772508747 2026-03-03 11:32:28 [Info] [4228] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-03 11:32:28 [Info] [4228] Resource monitor start 2026-03-03 11:32:28 [Info] [4228] ipc client init success 2026-03-03 11:32:28 [Info] [4228] Ipc init: 0 2026-03-03 11:32:28 [Info] [4228] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-03 11:32:28 [Info] [4228] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-03 11:32:28 [Info] [4228] start ipc thread id[172] 2026-03-03 11:32:28 [Info] [4228] Connect Yundun ipc server return state is 0 2026-03-03 11:32:28 [Info] [4228] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-03 11:32:28 [Info] [4228] CResourceMonitor::run Enter 2026-03-03 11:32:28 [Info] [4228] CIpcMsgHandlerMgr::run Enter 2026-03-03 11:32:28 [Info] [4228] Report thread 2026-03-03 11:32:28 [Info] [4228] Monitor thread 2026-03-03 11:32:28 [Info] [4228] Loader thread 2026-03-03 11:32:28 [Info] [4228] PythonEngineImpl Init... 2026-03-03 11:32:28 [Info] [4228] yundun connected 2026-03-03 11:32:28 [Info] [4228] recvmsg: HELLO 2026-03-03 11:32:28 [Info] [4228] recvmsg: WORK 2026-03-03 11:32:28 [Info] [4228] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 11:32:28 [Info] [4228] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 11:32:28 [Info] [4228] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 11:32:28 [Info] [4228] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 11:32:29 [Warn] [4228] high cpu, cpu is 12 2026-03-03 11:32:29 [Info] [4228] try get sys version 2026-03-03 11:32:29 [Info] [4228] win sys info:2/10:0:3 2026-03-03 11:32:29 [Info] [4228] suit legal version, enable cpu control 2026-03-03 11:32:29 [Warn] [4228] High CPU Warning: 12 2026-03-03 11:32:29 [Warn] [4228] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-03 11:32:29 [Info] [4228] log fd cnt is [250], real fd cnt is [282] 2026-03-03 11:32:29 [Info] [4228] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-03 11:32:29 [Info] [4228] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-03 11:32:30 [Info] [4228] log memory size is 20480KB, real memory size is 14524KB 2026-03-03 11:32:30 [Info] [4228] item: --sca 2026-03-03 11:32:30 [Info] [4228] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-03 11:32:30 [Info] [4228] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-03 11:32:30 [Info] [4228] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py 2026-03-03 11:32:30 [Info] [4228] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-03-03 11:32:30 [Info] [4228] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py 2026-03-03 11:32:30 [Info] [4228] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py 2026-03-03 11:32:30 [Info] [4228] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py 2026-03-03 11:32:30 [Info] [4228] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-03-03 11:32:30 [Info] [4228] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-03-03 11:32:30 [Info] [4228] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-03-03 11:32:31 [Info] [4228] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-03-03 11:32:31 [Info] [4228] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-03-03 11:32:31 [Info] [4228] Download redirect files success. 2026-03-03 11:32:31 [Info] [4228] Prepare stage1: --sca 2026-03-03 11:32:31 [Info] [4228] Prepare stage2 2026-03-03 11:32:34 [Info] [4228] log memory size is 30720KB, real memory size is 32312KB 2026-03-03 11:32:38 [Info] [4228] log memory size is 40960KB, real memory size is 32820KB 2026-03-03 11:33:05 [Warn] [4228] high cpu, cpu is 27 2026-03-03 11:33:05 [Warn] [4228] High CPU Warning: 27 2026-03-03 11:33:05 [Warn] [4228] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:sca_utils.py line: 3605 in func: get_listening_by_pid File:sca_utils.py line: 3629 in func: listening File:sca.py line: 205 in func: init_analyzer File:sca.py line: 390 in func: start 2026-03-03 11:33:06 [Info] [4228] stage3: --sca 2026-03-03 11:33:06 [Info] [4228] Loader after check 2026-03-03 11:33:07 [Info] [4228] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-03 11:33:07 [Info] [4228] Enter reuse wait state. 2026-03-03 11:33:11 [Info] [4228] recvmsg: EXIT 2026-03-03 11:33:11 [Info] [4228] Recv Exit Msg, Exit... 2026-03-03 11:44:35 [Info] [4968] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-03 11:44:35 [Info] [4968] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap323291772509475 2026-03-03 11:44:35 [Info] [4968] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-03 11:44:35 [Info] [4968] Resource monitor start 2026-03-03 11:44:35 [Info] [4968] ipc client init success 2026-03-03 11:44:35 [Info] [4968] Ipc init: 0 2026-03-03 11:44:35 [Info] [4968] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-03 11:44:35 [Info] [4968] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-03 11:44:35 [Info] [4968] start ipc thread id[1528] 2026-03-03 11:44:35 [Info] [4968] Connect Yundun ipc server return state is 0 2026-03-03 11:44:35 [Info] [4968] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-03 11:44:35 [Info] [4968] CResourceMonitor::run Enter 2026-03-03 11:44:35 [Info] [4968] CIpcMsgHandlerMgr::run Enter 2026-03-03 11:44:35 [Info] [4968] Report thread 2026-03-03 11:44:35 [Info] [4968] Monitor thread 2026-03-03 11:44:35 [Info] [4968] Loader thread 2026-03-03 11:44:35 [Info] [4968] PythonEngineImpl Init... 2026-03-03 11:44:35 [Info] [4968] yundun connected 2026-03-03 11:44:36 [Info] [4968] recvmsg: HELLO 2026-03-03 11:44:36 [Info] [4968] recvmsg: WORK 2026-03-03 11:44:36 [Info] [4968] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 11:44:36 [Info] [4968] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 11:44:36 [Info] [4968] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 11:44:36 [Info] [4968] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 11:44:36 [Info] [4968] log fd cnt is [250], real fd cnt is [282] 2026-03-03 11:44:36 [Info] [4968] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-03 11:44:36 [Info] [4968] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-03 11:44:37 [Info] [4968] log memory size is 20480KB, real memory size is 14516KB 2026-03-03 11:44:37 [Info] [4968] item: --tcp-connect-check 2026-03-03 11:44:37 [Info] [4968] cgroup name aegisRtap0 2026-03-03 11:44:37 [Info] [4968] try get sys version 2026-03-03 11:44:37 [Info] [4968] win sys info:2/10:0:3 2026-03-03 11:44:37 [Info] [4968] suit legal version, enable cpu control 2026-03-03 11:44:37 [Info] [4968] get AssignProcessToJobObject handle [00000478] 2026-03-03 11:44:37 [Info] [4968] Set setJobExtended. 2026-03-03 11:44:37 [Info] [4968] Set cpu [9%] 2026-03-03 11:44:37 [Info] [4968] Set cpu success 2026-03-03 11:44:37 [Info] [4968] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-03 11:44:37 [Info] [4968] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-03 11:44:37 [Info] [4968] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 11:44:37 [Info] [4968] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 11:44:38 [Info] [4968] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-03-03 11:44:38 [Info] [4968] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-03-03 11:44:38 [Info] [4968] Prepare stage1: --tcp-connect-check 2026-03-03 11:44:38 [Info] [4968] Prepare stage2 2026-03-03 11:44:42 [Info] [4968] stage3: --tcp-connect-check 2026-03-03 11:44:42 [Info] [4968] Loader after check 2026-03-03 11:44:43 [Info] [4968] Enter reuse wait state. 2026-03-03 11:44:47 [Info] [4968] recvmsg: EXIT 2026-03-03 11:44:47 [Info] [4968] Recv Exit Msg, Exit... 2026-03-03 13:16:08 [Info] [3860] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-03 13:16:08 [Info] [3860] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap174761772514961 2026-03-03 13:16:08 [Info] [3860] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-03 13:16:08 [Info] [3860] Resource monitor start 2026-03-03 13:16:08 [Info] [3860] ipc client init success 2026-03-03 13:16:08 [Info] [3860] Ipc init: 0 2026-03-03 13:16:08 [Info] [3860] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-03 13:16:08 [Info] [3860] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-03 13:16:08 [Info] [3860] start ipc thread id[2076] 2026-03-03 13:16:08 [Info] [3860] Connect Yundun ipc server return state is 0 2026-03-03 13:16:08 [Info] [3860] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-03 13:16:14 [Info] [3860] yundun connected 2026-03-03 13:16:14 [Info] [3860] CIpcMsgHandlerMgr::run Enter 2026-03-03 13:16:14 [Info] [3860] CResourceMonitor::run Enter 2026-03-03 13:16:14 [Info] [3860] recvmsg: HELLO 2026-03-03 13:16:14 [Info] [3860] recvmsg: WORK 2026-03-03 13:16:15 [Info] [3860] log fd cnt is [250], real fd cnt is [247] 2026-03-03 13:16:16 [Info] [3860] Loader thread 2026-03-03 13:16:16 [Info] [3860] PythonEngineImpl Init... 2026-03-03 13:16:16 [Info] [3860] Monitor thread 2026-03-03 13:16:16 [Info] [3860] Report thread 2026-03-03 13:16:17 [Info] [3860] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 13:16:17 [Info] [3860] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 13:16:17 [Info] [3860] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 13:16:19 [Info] [3860] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 13:16:19 [Info] [3860] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-03 13:16:19 [Info] [3860] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-03 13:16:20 [Info] [3860] item: --windows-sysinfoext-check 2026-03-03 13:16:20 [Info] [3860] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-03 13:16:20 [Info] [3860] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-03 13:16:20 [Info] [3860] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 13:16:20 [Info] [3860] log memory size is 20480KB, real memory size is 14616KB 2026-03-03 13:16:20 [Info] [3860] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 13:16:20 [Info] [3860] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-03 13:16:20 [Info] [3860] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-03 13:16:20 [Info] [3860] Prepare stage1: --windows-sysinfoext-check 2026-03-03 13:16:20 [Info] [3860] Prepare stage2 2026-03-03 13:16:21 [Warn] [3860] high cpu, cpu is 12 2026-03-03 13:16:21 [Info] [3860] try get sys version 2026-03-03 13:16:21 [Info] [3860] win sys info:2/10:0:3 2026-03-03 13:16:21 [Info] [3860] suit legal version, enable cpu control 2026-03-03 13:16:21 [Warn] [3860] High CPU Warning: 12 2026-03-03 13:16:22 [Warn] [3860] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-03 13:16:23 [Info] [3860] stage3: --windows-sysinfoext-check 2026-03-03 13:16:23 [Info] [3860] Loader after check 2026-03-03 13:16:24 [Warn] [3860] high cpu, cpu is 13 2026-03-03 13:16:24 [Warn] [3860] High CPU Warning: 13 2026-03-03 13:16:24 [Info] [3860] Enter reuse wait state. 2026-03-03 13:16:25 [Info] [3860] log memory size is 30720KB, real memory size is 22944KB 2026-03-03 13:16:28 [Info] [3860] recvmsg: EXIT 2026-03-03 13:16:28 [Info] [3860] Recv Exit Msg, Exit... 2026-03-03 18:45:05 [Info] [1940] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-03 18:45:05 [Info] [1940] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap163771772534693 2026-03-03 18:45:05 [Info] [1940] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-03 18:45:05 [Info] [1940] Resource monitor start 2026-03-03 18:45:05 [Info] [1940] ipc client init success 2026-03-03 18:45:05 [Info] [1940] Ipc init: 0 2026-03-03 18:45:05 [Info] [1940] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-03 18:45:05 [Info] [1940] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-03 18:45:05 [Info] [1940] start ipc thread id[464] 2026-03-03 18:45:05 [Info] [1940] Connect Yundun ipc server return state is 0 2026-03-03 18:45:05 [Info] [1940] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-03 18:45:05 [Info] [1940] CResourceMonitor::run Enter 2026-03-03 18:45:05 [Info] [1940] CIpcMsgHandlerMgr::run Enter 2026-03-03 18:45:05 [Info] [1940] Report thread 2026-03-03 18:45:05 [Info] [1940] Monitor thread 2026-03-03 18:45:05 [Info] [1940] Loader thread 2026-03-03 18:45:05 [Info] [1940] PythonEngineImpl Init... 2026-03-03 18:45:11 [Info] [1940] yundun connected 2026-03-03 18:45:13 [Info] [1940] log fd cnt is [250], real fd cnt is [261] 2026-03-03 18:45:13 [Info] [1940] recvmsg: HELLO 2026-03-03 18:45:13 [Info] [1940] recvmsg: WORK 2026-03-03 18:45:13 [Info] [1940] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 18:45:13 [Info] [1940] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 18:45:13 [Info] [1940] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 18:45:14 [Info] [1940] log memory size is 20480KB, real memory size is 12936KB 2026-03-03 18:45:17 [Info] [1940] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 18:45:18 [Info] [1940] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-03 18:45:18 [Info] [1940] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-03 18:45:19 [Info] [1940] item: --windows-sysinfoext-check 2026-03-03 18:45:19 [Info] [1940] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-03 18:45:19 [Info] [1940] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-03 18:45:19 [Info] [1940] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 18:45:19 [Info] [1940] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 18:45:19 [Info] [1940] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-03 18:45:19 [Info] [1940] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-03 18:45:19 [Info] [1940] Prepare stage1: --windows-sysinfoext-check 2026-03-03 18:45:19 [Info] [1940] Prepare stage2 2026-03-03 18:45:21 [Info] [1940] stage3: --windows-sysinfoext-check 2026-03-03 18:45:21 [Info] [1940] Loader after check 2026-03-03 18:45:21 [Warn] [1940] high cpu, cpu is 14 2026-03-03 18:45:21 [Info] [1940] try get sys version 2026-03-03 18:45:21 [Info] [1940] win sys info:2/10:0:3 2026-03-03 18:45:21 [Info] [1940] suit legal version, enable cpu control 2026-03-03 18:45:21 [Warn] [1940] High CPU Warning: 14 2026-03-03 18:45:21 [Warn] [1940] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-03 18:45:22 [Info] [1940] Enter reuse wait state. 2026-03-03 18:45:22 [Info] [1940] log memory size is 30720KB, real memory size is 22972KB 2026-03-03 18:45:25 [Info] [1940] recvmsg: EXIT 2026-03-03 18:45:25 [Info] [1940] Recv Exit Msg, Exit... 2026-03-03 21:09:37 [Info] [568] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-03 21:09:37 [Info] [568] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap119671772543377 2026-03-03 21:09:37 [Info] [568] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-03 21:09:37 [Info] [568] Resource monitor start 2026-03-03 21:09:37 [Info] [568] ipc client init success 2026-03-03 21:09:37 [Info] [568] Ipc init: 0 2026-03-03 21:09:37 [Info] [568] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-03 21:09:37 [Info] [568] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-03 21:09:37 [Info] [568] start ipc thread id[2000] 2026-03-03 21:09:37 [Info] [568] Connect Yundun ipc server return state is 0 2026-03-03 21:09:37 [Info] [568] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-03 21:09:37 [Info] [568] CResourceMonitor::run Enter 2026-03-03 21:09:37 [Info] [568] CIpcMsgHandlerMgr::run Enter 2026-03-03 21:09:37 [Info] [568] Report thread 2026-03-03 21:09:37 [Info] [568] Monitor thread 2026-03-03 21:09:37 [Info] [568] Loader thread 2026-03-03 21:09:37 [Info] [568] PythonEngineImpl Init... 2026-03-03 21:09:38 [Info] [568] yundun connected 2026-03-03 21:09:38 [Info] [568] recvmsg: HELLO 2026-03-03 21:09:38 [Info] [568] recvmsg: WORK 2026-03-03 21:09:38 [Info] [568] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 21:09:38 [Info] [568] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-03 21:09:38 [Info] [568] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 21:09:38 [Info] [568] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 21:09:38 [Info] [568] log fd cnt is [250], real fd cnt is [282] 2026-03-03 21:09:39 [Info] [568] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-03 21:09:39 [Info] [568] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-03 21:09:39 [Info] [568] log memory size is 20480KB, real memory size is 14508KB 2026-03-03 21:09:40 [Info] [568] item: --secnet_rasp_agent 2026-03-03 21:09:40 [Info] [568] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-03 21:09:40 [Info] [568] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-03 21:09:40 [Info] [568] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-03-03 21:09:40 [Info] [568] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-03 21:09:40 [Info] [568] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-03-03 21:09:40 [Info] [568] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-03-03 21:09:40 [Info] [568] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-03-03 21:09:40 [Info] [568] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-03-03 21:09:40 [Info] [568] Download redirect files success. 2026-03-03 21:09:40 [Info] [568] Prepare stage1: --secnet_rasp_agent 2026-03-03 21:09:40 [Info] [568] Prepare stage2 2026-03-03 21:09:40 [Warn] [568] high cpu, cpu is 13 2026-03-03 21:09:40 [Info] [568] try get sys version 2026-03-03 21:09:40 [Info] [568] win sys info:2/10:0:3 2026-03-03 21:09:40 [Info] [568] suit legal version, enable cpu control 2026-03-03 21:09:40 [Warn] [568] High CPU Warning: 13 2026-03-03 21:09:41 [Info] [568] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-03 21:09:41 [Info] [568] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-03 21:09:41 [Info] [568] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-03 21:09:41 [Warn] [568] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:subprocess.py line: 125 in func: _eintr_retry_call File:subprocess.py line: 475 in func: communicate File:subprocess.py line: 217 in func: check_output File:secnet_rasp_agent_lib.py line: 55 in func: read_host_uuid File:secnet_rasp_agent.py line: 218 in func: main File:secnet_rasp_agent.py line: 240 in func: start 2026-03-03 21:09:41 [Info] [568] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-03 21:09:41 [Info] [568] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-03-03 21:09:41 [Info] [568] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-03 21:09:41 [Info] [568] stage3: --secnet_rasp_agent 2026-03-03 21:09:41 [Info] [568] Loader after check 2026-03-03 21:09:42 [Info] [568] Enter reuse wait state. 2026-03-03 21:09:44 [Info] [568] log memory size is 30720KB, real memory size is 21120KB 2026-03-03 21:09:45 [Info] [568] recvmsg: EXIT 2026-03-03 21:09:45 [Info] [568] Recv Exit Msg, Exit... 2026-03-10 04:05:55 [Info] [1312] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-10 04:05:55 [Info] [1312] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap169391773086755 2026-03-10 04:05:55 [Info] [1312] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-10 04:05:55 [Info] [1312] Resource monitor start 2026-03-10 04:05:55 [Info] [1312] ipc client init success 2026-03-10 04:05:55 [Info] [1312] Ipc init: 0 2026-03-10 04:05:55 [Info] [1312] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-10 04:05:55 [Info] [1312] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-10 04:05:55 [Info] [1312] start ipc thread id[4384] 2026-03-10 04:05:55 [Info] [1312] Connect Yundun ipc server return state is 0 2026-03-10 04:05:55 [Info] [1312] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-10 04:05:55 [Info] [1312] CResourceMonitor::run Enter 2026-03-10 04:05:55 [Info] [1312] CIpcMsgHandlerMgr::run Enter 2026-03-10 04:05:55 [Info] [1312] Report thread 2026-03-10 04:05:55 [Info] [1312] Monitor thread 2026-03-10 04:05:55 [Info] [1312] Loader thread 2026-03-10 04:05:55 [Info] [1312] PythonEngineImpl Init... 2026-03-10 04:05:55 [Info] [1312] yundun connected 2026-03-10 04:05:56 [Info] [1312] recvmsg: HELLO 2026-03-10 04:05:56 [Info] [1312] recvmsg: WORK 2026-03-10 04:05:56 [Info] [1312] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 04:05:56 [Info] [1312] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 04:05:56 [Info] [1312] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 04:05:56 [Info] [1312] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 04:05:56 [Info] [1312] log fd cnt is [250], real fd cnt is [282] 2026-03-10 04:05:56 [Info] [1312] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-10 04:05:56 [Info] [1312] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-10 04:05:57 [Info] [1312] log memory size is 20480KB, real memory size is 14580KB 2026-03-10 04:05:58 [Info] [1312] item: --sca 2026-03-10 04:05:58 [Info] [1312] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-10 04:05:58 [Info] [1312] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-10 04:05:58 [Info] [1312] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py 2026-03-10 04:05:58 [Info] [1312] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-03-10 04:05:58 [Info] [1312] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py 2026-03-10 04:05:58 [Info] [1312] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py 2026-03-10 04:05:58 [Info] [1312] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py 2026-03-10 04:05:58 [Info] [1312] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-03-10 04:05:58 [Info] [1312] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-03-10 04:05:58 [Info] [1312] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-03-10 04:05:58 [Info] [1312] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-03-10 04:05:58 [Info] [1312] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-03-10 04:05:58 [Info] [1312] Download redirect files success. 2026-03-10 04:05:58 [Info] [1312] Prepare stage1: --sca 2026-03-10 04:05:58 [Info] [1312] Prepare stage2 2026-03-10 04:05:58 [Warn] [1312] high cpu, cpu is 24 2026-03-10 04:05:58 [Info] [1312] try get sys version 2026-03-10 04:05:58 [Info] [1312] win sys info:2/10:0:3 2026-03-10 04:05:58 [Info] [1312] suit legal version, enable cpu control 2026-03-10 04:05:58 [Warn] [1312] High CPU Warning: 24 2026-03-10 04:05:58 [Warn] [1312] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:zipfile.py line: 472 in func: _GenerateCRCTable File:zipfile.py line: 474 in func: _ZipDecrypter File:zipfile.py line: 443 in func: <module> File:sca_java_proc.py line: 6 in func: <module> File:sca.py line: 45 in func: <module> 2026-03-10 04:06:01 [Info] [1312] log memory size is 30720KB, real memory size is 32376KB 2026-03-10 04:06:05 [Info] [1312] log memory size is 40960KB, real memory size is 32872KB 2026-03-10 04:06:33 [Info] [1312] stage3: --sca 2026-03-10 04:06:33 [Info] [1312] Loader after check 2026-03-10 04:06:34 [Info] [1312] Enter reuse wait state. 2026-03-10 04:06:35 [Info] [1312] recvmsg: EXIT 2026-03-10 04:06:35 [Info] [1312] Recv Exit Msg, Exit... 2026-03-10 04:24:14 [Info] [3136] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-10 04:24:14 [Info] [3136] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap204461773087829 2026-03-10 04:24:14 [Info] [3136] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-10 04:24:14 [Info] [3136] Resource monitor start 2026-03-10 04:24:14 [Info] [3136] ipc client init success 2026-03-10 04:24:14 [Info] [3136] Ipc init: 0 2026-03-10 04:24:14 [Info] [3136] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-10 04:24:14 [Info] [3136] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-10 04:24:14 [Info] [3136] start ipc thread id[1476] 2026-03-10 04:24:14 [Info] [3136] Connect Yundun ipc server return state is 0 2026-03-10 04:24:14 [Info] [3136] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-10 04:24:15 [Info] [3136] CResourceMonitor::run Enter 2026-03-10 04:24:15 [Info] [3136] CIpcMsgHandlerMgr::run Enter 2026-03-10 04:24:15 [Info] [3136] yundun connected 2026-03-10 04:24:15 [Info] [3136] Report thread 2026-03-10 04:24:15 [Info] [3136] Monitor thread 2026-03-10 04:24:15 [Info] [3136] Loader thread 2026-03-10 04:24:15 [Info] [3136] PythonEngineImpl Init... 2026-03-10 04:24:15 [Info] [3136] recvmsg: HELLO 2026-03-10 04:24:16 [Info] [3136] recvmsg: WORK 2026-03-10 04:24:16 [Info] [3136] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 04:24:16 [Info] [3136] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 04:24:16 [Info] [3136] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 04:24:17 [Info] [3136] log fd cnt is [250], real fd cnt is [264] 2026-03-10 04:24:18 [Info] [3136] log memory size is 20480KB, real memory size is 14304KB 2026-03-10 04:24:18 [Info] [3136] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 04:24:18 [Info] [3136] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-10 04:24:18 [Info] [3136] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-10 04:24:19 [Info] [3136] item: --windows-sysinfoext-check 2026-03-10 04:24:19 [Info] [3136] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-10 04:24:19 [Info] [3136] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-10 04:24:19 [Info] [3136] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 04:24:19 [Info] [3136] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 04:24:19 [Info] [3136] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-10 04:24:19 [Info] [3136] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-10 04:24:20 [Info] [3136] Prepare stage1: --windows-sysinfoext-check 2026-03-10 04:24:20 [Info] [3136] Prepare stage2 2026-03-10 04:24:21 [Info] [3136] stage3: --windows-sysinfoext-check 2026-03-10 04:24:21 [Info] [3136] Loader after check 2026-03-10 04:24:22 [Info] [3136] log memory size is 30720KB, real memory size is 22908KB 2026-03-10 04:24:22 [Info] [3136] Enter reuse wait state. 2026-03-10 04:24:26 [Info] [3136] recvmsg: EXIT 2026-03-10 04:24:26 [Info] [3136] Recv Exit Msg, Exit... 2026-03-10 08:06:10 [Info] [4632] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-10 08:06:10 [Info] [4632] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap312441773101170 2026-03-10 08:06:10 [Info] [4632] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-10 08:06:10 [Info] [4632] Resource monitor start 2026-03-10 08:06:10 [Info] [4632] ipc client init success 2026-03-10 08:06:10 [Info] [4632] Ipc init: 0 2026-03-10 08:06:10 [Info] [4632] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-10 08:06:10 [Info] [4632] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-10 08:06:10 [Info] [4632] start ipc thread id[3420] 2026-03-10 08:06:10 [Info] [4632] Connect Yundun ipc server return state is 0 2026-03-10 08:06:10 [Info] [4632] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-10 08:06:10 [Info] [4632] CResourceMonitor::run Enter 2026-03-10 08:06:10 [Info] [4632] CIpcMsgHandlerMgr::run Enter 2026-03-10 08:06:10 [Info] [4632] yundun connected 2026-03-10 08:06:10 [Info] [4632] Report thread 2026-03-10 08:06:10 [Info] [4632] Monitor thread 2026-03-10 08:06:10 [Info] [4632] Loader thread 2026-03-10 08:06:10 [Info] [4632] PythonEngineImpl Init... 2026-03-10 08:06:12 [Info] [4632] recvmsg: HELLO 2026-03-10 08:06:12 [Info] [4632] log fd cnt is [250], real fd cnt is [263] 2026-03-10 08:06:12 [Info] [4632] recvmsg: WORK 2026-03-10 08:06:13 [Info] [4632] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 08:06:13 [Info] [4632] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 08:06:13 [Info] [4632] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 08:06:13 [Info] [4632] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 08:06:13 [Info] [4632] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-10 08:06:13 [Info] [4632] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-10 08:06:13 [Info] [4632] log memory size is 20480KB, real memory size is 14312KB 2026-03-10 08:06:15 [Info] [4632] item: --windows-vul-clean 2026-03-10 08:06:15 [Info] [4632] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-10 08:06:15 [Info] [4632] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-10 08:06:15 [Info] [4632] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 08:06:15 [Info] [4632] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 08:06:16 [Info] [4632] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-03-10 08:06:16 [Info] [4632] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-03-10 08:06:16 [Info] [4632] Prepare stage1: --windows-vul-clean 2026-03-10 08:06:16 [Info] [4632] Prepare stage2 2026-03-10 08:06:16 [Info] [4632] stage3: --windows-vul-clean 2026-03-10 08:06:16 [Info] [4632] Loader after check 2026-03-10 08:06:17 [Info] [4632] Enter reuse wait state. 2026-03-10 08:06:22 [Info] [4632] recvmsg: EXIT 2026-03-10 08:06:22 [Info] [4632] Recv Exit Msg, Exit... 2026-03-10 08:58:32 [Info] [1828] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-10 08:58:32 [Info] [1828] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap87371773104312 2026-03-10 08:58:32 [Info] [1828] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-10 08:58:32 [Info] [1828] Resource monitor start 2026-03-10 08:58:32 [Info] [1828] ipc client init success 2026-03-10 08:58:32 [Info] [1828] Ipc init: 0 2026-03-10 08:58:32 [Info] [1828] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-10 08:58:32 [Info] [1828] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-10 08:58:32 [Info] [1828] start ipc thread id[3256] 2026-03-10 08:58:32 [Info] [1828] Connect Yundun ipc server return state is 0 2026-03-10 08:58:32 [Info] [1828] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-10 08:58:32 [Info] [1828] CResourceMonitor::run Enter 2026-03-10 08:58:32 [Info] [1828] CIpcMsgHandlerMgr::run Enter 2026-03-10 08:58:32 [Info] [1828] Report thread 2026-03-10 08:58:32 [Info] [1828] Monitor thread 2026-03-10 08:58:32 [Info] [1828] Loader thread 2026-03-10 08:58:32 [Info] [1828] PythonEngineImpl Init... 2026-03-10 08:58:32 [Info] [1828] yundun connected 2026-03-10 08:58:33 [Info] [1828] recvmsg: HELLO 2026-03-10 08:58:33 [Info] [1828] recvmsg: WORK 2026-03-10 08:58:33 [Info] [1828] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 08:58:33 [Info] [1828] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 08:58:33 [Info] [1828] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 08:58:33 [Info] [1828] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 08:58:33 [Info] [1828] log fd cnt is [250], real fd cnt is [282] 2026-03-10 08:58:34 [Info] [1828] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-10 08:58:34 [Info] [1828] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-10 08:58:34 [Info] [1828] log memory size is 20480KB, real memory size is 14568KB 2026-03-10 08:58:35 [Info] [1828] item: --windows-process-check 2026-03-10 08:58:35 [Info] [1828] cgroup name aegisRtap0 2026-03-10 08:58:35 [Info] [1828] try get sys version 2026-03-10 08:58:35 [Info] [1828] win sys info:2/10:0:3 2026-03-10 08:58:35 [Info] [1828] suit legal version, enable cpu control 2026-03-10 08:58:35 [Info] [1828] get AssignProcessToJobObject handle [00000478] 2026-03-10 08:58:35 [Info] [1828] Set setJobExtended. 2026-03-10 08:58:35 [Info] [1828] Set cpu [9%] 2026-03-10 08:58:35 [Info] [1828] Set cpu success 2026-03-10 08:58:35 [Info] [1828] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-10 08:58:35 [Info] [1828] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-10 08:58:35 [Info] [1828] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 08:58:35 [Info] [1828] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 08:58:35 [Info] [1828] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-03-10 08:58:35 [Info] [1828] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-03-10 08:58:35 [Info] [1828] Prepare stage1: --windows-process-check 2026-03-10 08:58:35 [Info] [1828] Prepare stage2 2026-03-10 08:58:35 [Warn] [1828] high cpu, cpu is 13 2026-03-10 08:58:35 [Warn] [1828] High CPU Warning: 13 2026-03-10 08:58:36 [Warn] [1828] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-process-check.py line: 403 in func: check File:windows-process-check.py line: 94 in func: main File:windows-process-check.py line: 526 in func: start 2026-03-10 08:58:43 [Info] [1828] log memory size is 30720KB, real memory size is 20496KB 2026-03-10 08:58:53 [Info] [1828] stage3: --windows-process-check 2026-03-10 08:58:53 [Info] [1828] Loader after check 2026-03-10 08:58:54 [Info] [1828] Enter reuse wait state. 2026-03-10 08:58:54 [Info] [1828] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-10 08:58:56 [Info] [1828] recvmsg: EXIT 2026-03-10 08:58:56 [Info] [1828] Recv Exit Msg, Exit... 2026-03-10 09:53:59 [Info] [4184] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-10 09:53:59 [Info] [4184] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap195391773107620 2026-03-10 09:53:59 [Info] [4184] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-10 09:53:59 [Info] [4184] Resource monitor start 2026-03-10 09:53:59 [Info] [4184] ipc client init success 2026-03-10 09:53:59 [Info] [4184] Ipc init: 0 2026-03-10 09:53:59 [Info] [4184] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-10 09:53:59 [Info] [4184] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-10 09:53:59 [Info] [4184] start ipc thread id[4388] 2026-03-10 09:53:59 [Info] [4184] Connect Yundun ipc server return state is 0 2026-03-10 09:53:59 [Info] [4184] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-10 09:53:59 [Info] [4184] CResourceMonitor::run Enter 2026-03-10 09:53:59 [Info] [4184] CIpcMsgHandlerMgr::run Enter 2026-03-10 09:53:59 [Info] [4184] yundun connected 2026-03-10 09:53:59 [Info] [4184] Report thread 2026-03-10 09:53:59 [Info] [4184] Monitor thread 2026-03-10 09:53:59 [Info] [4184] Loader thread 2026-03-10 09:53:59 [Info] [4184] PythonEngineImpl Init... 2026-03-10 09:54:00 [Info] [4184] recvmsg: HELLO 2026-03-10 09:54:00 [Info] [4184] recvmsg: WORK 2026-03-10 09:54:00 [Info] [4184] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 09:54:00 [Info] [4184] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 09:54:00 [Info] [4184] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 09:54:01 [Info] [4184] log fd cnt is [250], real fd cnt is [274] 2026-03-10 09:54:04 [Info] [4184] log memory size is 20480KB, real memory size is 13424KB 2026-03-10 09:54:10 [Info] [4184] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 09:54:12 [Info] [4184] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-10 09:54:12 [Info] [4184] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-10 09:54:18 [Info] [4184] item: --windows-sysinfoext-check 2026-03-10 09:54:18 [Info] [4184] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-10 09:54:18 [Info] [4184] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-10 09:54:18 [Info] [4184] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 09:54:18 [Info] [4184] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 09:54:18 [Info] [4184] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-10 09:54:18 [Info] [4184] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-10 09:54:18 [Info] [4184] Prepare stage1: --windows-sysinfoext-check 2026-03-10 09:54:18 [Info] [4184] Prepare stage2 2026-03-10 09:54:25 [Info] [4184] log memory size is 30720KB, real memory size is 21944KB 2026-03-10 09:54:29 [Info] [4184] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-10 09:55:04 [Info] [4184] stage3: --windows-sysinfoext-check 2026-03-10 09:55:04 [Info] [4184] Loader after check 2026-03-10 09:55:06 [Info] [4184] Enter reuse wait state. 2026-03-10 09:55:07 [Info] [4184] recvmsg: EXIT 2026-03-10 09:55:07 [Info] [4184] Recv Exit Msg, Exit... 2026-03-10 10:34:01 [Info] [3832] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-10 10:34:01 [Info] [3832] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap274451773110041 2026-03-10 10:34:01 [Info] [3832] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-10 10:34:01 [Info] [3832] Resource monitor start 2026-03-10 10:34:01 [Info] [3832] ipc client init success 2026-03-10 10:34:01 [Info] [3832] Ipc init: 0 2026-03-10 10:34:01 [Info] [3832] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-10 10:34:01 [Info] [3832] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-10 10:34:01 [Info] [3832] start ipc thread id[4372] 2026-03-10 10:34:01 [Info] [3832] Connect Yundun ipc server return state is 0 2026-03-10 10:34:01 [Info] [3832] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-10 10:34:01 [Info] [3832] CResourceMonitor::run Enter 2026-03-10 10:34:01 [Info] [3832] CIpcMsgHandlerMgr::run Enter 2026-03-10 10:34:01 [Info] [3832] Report thread 2026-03-10 10:34:01 [Info] [3832] Monitor thread 2026-03-10 10:34:01 [Info] [3832] Loader thread 2026-03-10 10:34:01 [Info] [3832] PythonEngineImpl Init... 2026-03-10 10:34:01 [Info] [3832] yundun connected 2026-03-10 10:34:02 [Info] [3832] recvmsg: HELLO 2026-03-10 10:34:02 [Info] [3832] recvmsg: WORK 2026-03-10 10:34:02 [Info] [3832] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 10:34:02 [Info] [3832] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 10:34:02 [Info] [3832] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 10:34:02 [Info] [3832] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 10:34:02 [Info] [3832] log fd cnt is [250], real fd cnt is [282] 2026-03-10 10:34:02 [Info] [3832] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-10 10:34:02 [Info] [3832] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-10 10:34:03 [Info] [3832] log memory size is 20480KB, real memory size is 14516KB 2026-03-10 10:34:04 [Info] [3832] item: --windows-schedule-task-check 2026-03-10 10:34:04 [Info] [3832] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-10 10:34:04 [Info] [3832] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-10 10:34:04 [Info] [3832] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 10:34:04 [Info] [3832] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 10:34:04 [Info] [3832] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-03-10 10:34:04 [Info] [3832] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-03-10 10:34:04 [Info] [3832] Prepare stage1: --windows-schedule-task-check 2026-03-10 10:34:04 [Info] [3832] Prepare stage2 2026-03-10 10:34:07 [Info] [3832] log memory size is 30720KB, real memory size is 23268KB 2026-03-10 10:34:07 [Info] [3832] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-10 10:34:35 [Info] [3832] stage3: --windows-schedule-task-check 2026-03-10 10:34:35 [Info] [3832] Loader after check 2026-03-10 10:34:36 [Info] [3832] Enter reuse wait state. 2026-03-10 10:34:41 [Info] [3832] recvmsg: EXIT 2026-03-10 10:34:41 [Info] [3832] Recv Exit Msg, Exit... 2026-03-10 10:36:25 [Info] [4180] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-10 10:36:25 [Info] [4180] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap279151773110185 2026-03-10 10:36:25 [Info] [4180] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-10 10:36:25 [Info] [4180] Resource monitor start 2026-03-10 10:36:25 [Info] [4180] ipc client init success 2026-03-10 10:36:25 [Info] [4180] Ipc init: 0 2026-03-10 10:36:25 [Info] [4180] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-10 10:36:25 [Info] [4180] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-10 10:36:25 [Info] [4180] start ipc thread id[2636] 2026-03-10 10:36:25 [Info] [4180] Connect Yundun ipc server return state is 0 2026-03-10 10:36:25 [Info] [4180] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-10 10:36:25 [Info] [4180] CResourceMonitor::run Enter 2026-03-10 10:36:25 [Info] [4180] CIpcMsgHandlerMgr::run Enter 2026-03-10 10:36:25 [Info] [4180] Report thread 2026-03-10 10:36:25 [Info] [4180] Monitor thread 2026-03-10 10:36:25 [Info] [4180] Loader thread 2026-03-10 10:36:25 [Info] [4180] PythonEngineImpl Init... 2026-03-10 10:36:25 [Info] [4180] yundun connected 2026-03-10 10:36:26 [Info] [4180] recvmsg: HELLO 2026-03-10 10:36:26 [Info] [4180] recvmsg: WORK 2026-03-10 10:36:26 [Info] [4180] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 10:36:26 [Info] [4180] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 10:36:26 [Info] [4180] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 10:36:26 [Info] [4180] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 10:36:26 [Info] [4180] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-10 10:36:26 [Info] [4180] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-10 10:36:26 [Info] [4180] log fd cnt is [250], real fd cnt is [281] 2026-03-10 10:36:27 [Info] [4180] log memory size is 20480KB, real memory size is 14520KB 2026-03-10 10:36:28 [Info] [4180] item: --windows-driver-version-check 2026-03-10 10:36:28 [Info] [4180] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-10 10:36:28 [Info] [4180] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-10 10:36:28 [Info] [4180] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 10:36:28 [Info] [4180] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 10:36:28 [Info] [4180] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-03-10 10:36:28 [Info] [4180] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-03-10 10:36:28 [Info] [4180] Prepare stage1: --windows-driver-version-check 2026-03-10 10:36:28 [Info] [4180] Prepare stage2 2026-03-10 10:36:28 [Info] [4180] stage3: --windows-driver-version-check 2026-03-10 10:36:28 [Info] [4180] Loader after check 2026-03-10 10:36:29 [Info] [4180] Enter reuse wait state. 2026-03-10 10:36:33 [Info] [4180] recvmsg: EXIT 2026-03-10 10:36:33 [Info] [4180] Recv Exit Msg, Exit... 2026-03-10 10:44:15 [Info] [2912] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-10 10:44:15 [Info] [2912] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap294501773110655 2026-03-10 10:44:15 [Info] [2912] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-10 10:44:15 [Info] [2912] Resource monitor start 2026-03-10 10:44:15 [Info] [2912] ipc client init success 2026-03-10 10:44:15 [Info] [2912] Ipc init: 0 2026-03-10 10:44:15 [Info] [2912] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-10 10:44:15 [Info] [2912] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-10 10:44:15 [Info] [2912] start ipc thread id[3228] 2026-03-10 10:44:15 [Info] [2912] Connect Yundun ipc server return state is 0 2026-03-10 10:44:15 [Info] [2912] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-10 10:44:15 [Info] [2912] CResourceMonitor::run Enter 2026-03-10 10:44:15 [Info] [2912] CIpcMsgHandlerMgr::run Enter 2026-03-10 10:44:15 [Info] [2912] Report thread 2026-03-10 10:44:15 [Info] [2912] Monitor thread 2026-03-10 10:44:15 [Info] [2912] Loader thread 2026-03-10 10:44:15 [Info] [2912] PythonEngineImpl Init... 2026-03-10 10:44:16 [Info] [2912] yundun connected 2026-03-10 10:44:16 [Info] [2912] recvmsg: HELLO 2026-03-10 10:44:16 [Info] [2912] recvmsg: WORK 2026-03-10 10:44:16 [Info] [2912] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 10:44:16 [Info] [2912] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 10:44:16 [Info] [2912] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 10:44:17 [Info] [2912] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 10:44:17 [Info] [2912] log fd cnt is [250], real fd cnt is [286] 2026-03-10 10:44:17 [Info] [2912] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-10 10:44:17 [Info] [2912] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-10 10:44:18 [Info] [2912] log memory size is 20480KB, real memory size is 14500KB 2026-03-10 10:44:18 [Info] [2912] item: --windows-registry-check 2026-03-10 10:44:18 [Info] [2912] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-10 10:44:18 [Info] [2912] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-10 10:44:18 [Info] [2912] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 10:44:18 [Info] [2912] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 10:44:18 [Info] [2912] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-03-10 10:44:18 [Info] [2912] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-03-10 10:44:19 [Info] [2912] Prepare stage1: --windows-registry-check 2026-03-10 10:44:19 [Info] [2912] Prepare stage2 2026-03-10 10:44:47 [Info] [2912] stage3: --windows-registry-check 2026-03-10 10:44:47 [Info] [2912] Loader after check 2026-03-10 10:44:48 [Info] [2912] Enter reuse wait state. 2026-03-10 10:44:51 [Info] [2912] recvmsg: EXIT 2026-03-10 10:44:51 [Info] [2912] Recv Exit Msg, Exit... 2026-03-10 10:58:15 [Info] [2484] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-10 10:58:15 [Info] [2484] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap321931773111495 2026-03-10 10:58:15 [Info] [2484] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-10 10:58:15 [Info] [2484] Resource monitor start 2026-03-10 10:58:15 [Info] [2484] ipc client init success 2026-03-10 10:58:15 [Info] [2484] Ipc init: 0 2026-03-10 10:58:15 [Info] [2484] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-10 10:58:15 [Info] [2484] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-10 10:58:15 [Info] [2484] start ipc thread id[3732] 2026-03-10 10:58:15 [Info] [2484] Connect Yundun ipc server return state is 0 2026-03-10 10:58:15 [Info] [2484] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-10 10:58:15 [Info] [2484] CResourceMonitor::run Enter 2026-03-10 10:58:15 [Info] [2484] CIpcMsgHandlerMgr::run Enter 2026-03-10 10:58:15 [Info] [2484] Report thread 2026-03-10 10:58:15 [Info] [2484] Monitor thread 2026-03-10 10:58:15 [Info] [2484] Loader thread 2026-03-10 10:58:15 [Info] [2484] PythonEngineImpl Init... 2026-03-10 10:58:15 [Info] [2484] yundun connected 2026-03-10 10:58:16 [Info] [2484] recvmsg: HELLO 2026-03-10 10:58:17 [Info] [2484] recvmsg: WORK 2026-03-10 10:58:17 [Info] [2484] log fd cnt is [250], real fd cnt is [263] 2026-03-10 10:58:17 [Info] [2484] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 10:58:17 [Info] [2484] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 10:58:17 [Info] [2484] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 10:58:18 [Info] [2484] log memory size is 20480KB, real memory size is 13476KB 2026-03-10 10:58:18 [Info] [2484] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 10:58:19 [Info] [2484] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-10 10:58:19 [Info] [2484] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-10 10:58:20 [Info] [2484] item: --tcp-connect-check 2026-03-10 10:58:20 [Info] [2484] cgroup name aegisRtap0 2026-03-10 10:58:20 [Info] [2484] try get sys version 2026-03-10 10:58:20 [Info] [2484] win sys info:2/10:0:3 2026-03-10 10:58:20 [Info] [2484] suit legal version, enable cpu control 2026-03-10 10:58:20 [Info] [2484] get AssignProcessToJobObject handle [00000478] 2026-03-10 10:58:20 [Info] [2484] Set setJobExtended. 2026-03-10 10:58:20 [Info] [2484] Set cpu [9%] 2026-03-10 10:58:20 [Info] [2484] Set cpu success 2026-03-10 10:58:20 [Info] [2484] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-10 10:58:20 [Info] [2484] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-10 10:58:20 [Info] [2484] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 10:58:20 [Info] [2484] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 10:58:20 [Info] [2484] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-03-10 10:58:20 [Info] [2484] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-03-10 10:58:20 [Info] [2484] Prepare stage1: --tcp-connect-check 2026-03-10 10:58:20 [Info] [2484] Prepare stage2 2026-03-10 10:58:23 [Info] [2484] stage3: --tcp-connect-check 2026-03-10 10:58:23 [Info] [2484] Loader after check 2026-03-10 10:58:24 [Info] [2484] Enter reuse wait state. 2026-03-10 10:58:25 [Info] [2484] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-10 10:58:27 [Info] [2484] recvmsg: EXIT 2026-03-10 10:58:27 [Info] [2484] Recv Exit Msg, Exit... 2026-03-10 11:15:41 [Info] [640] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-10 11:15:41 [Info] [640] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap28381773112540 2026-03-10 11:15:41 [Info] [640] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-10 11:15:41 [Info] [640] Resource monitor start 2026-03-10 11:15:41 [Info] [640] ipc client init success 2026-03-10 11:15:41 [Info] [640] Ipc init: 0 2026-03-10 11:15:41 [Info] [640] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-10 11:15:41 [Info] [640] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-10 11:15:41 [Info] [640] start ipc thread id[4168] 2026-03-10 11:15:41 [Info] [640] Connect Yundun ipc server return state is 0 2026-03-10 11:15:41 [Info] [640] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-10 11:15:41 [Info] [640] CResourceMonitor::run Enter 2026-03-10 11:15:41 [Info] [640] CIpcMsgHandlerMgr::run Enter 2026-03-10 11:15:41 [Info] [640] yundun connected 2026-03-10 11:15:41 [Info] [640] Report thread 2026-03-10 11:15:41 [Info] [640] Monitor thread 2026-03-10 11:15:41 [Info] [640] Loader thread 2026-03-10 11:15:41 [Info] [640] PythonEngineImpl Init... 2026-03-10 11:15:41 [Info] [640] recvmsg: HELLO 2026-03-10 11:15:42 [Info] [640] recvmsg: WORK 2026-03-10 11:15:42 [Info] [640] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 11:15:42 [Info] [640] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 11:15:42 [Info] [640] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 11:15:42 [Info] [640] log fd cnt is [250], real fd cnt is [282] 2026-03-10 11:15:42 [Info] [640] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 11:15:42 [Info] [640] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-10 11:15:42 [Info] [640] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-10 11:15:43 [Info] [640] log memory size is 20480KB, real memory size is 14424KB 2026-03-10 11:15:46 [Info] [640] item: --windows-autorun-item-check 2026-03-10 11:15:46 [Info] [640] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-10 11:15:46 [Info] [640] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-10 11:15:46 [Info] [640] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 11:15:46 [Info] [640] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 11:15:47 [Info] [640] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-03-10 11:15:47 [Info] [640] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-03-10 11:15:47 [Info] [640] Prepare stage1: --windows-autorun-item-check 2026-03-10 11:15:47 [Info] [640] Prepare stage2 2026-03-10 11:15:48 [Info] [640] log memory size is 30720KB, real memory size is 22248KB 2026-03-10 11:15:59 [Info] [640] stage3: --windows-autorun-item-check 2026-03-10 11:15:59 [Info] [640] Loader after check 2026-03-10 11:16:00 [Info] [640] Enter reuse wait state. 2026-03-10 11:16:00 [Info] [640] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-10 11:16:04 [Info] [640] recvmsg: EXIT 2026-03-10 11:16:04 [Info] [640] Recv Exit Msg, Exit... 2026-03-10 15:22:39 [Info] [1188] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-10 15:22:39 [Info] [1188] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap183841773127335 2026-03-10 15:22:39 [Info] [1188] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-10 15:22:39 [Info] [1188] Resource monitor start 2026-03-10 15:22:39 [Info] [1188] ipc client init success 2026-03-10 15:22:39 [Info] [1188] Ipc init: 0 2026-03-10 15:22:39 [Info] [1188] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-10 15:22:39 [Info] [1188] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-10 15:22:39 [Info] [1188] start ipc thread id[2280] 2026-03-10 15:22:39 [Info] [1188] Connect Yundun ipc server return state is 0 2026-03-10 15:22:39 [Info] [1188] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-10 15:22:39 [Info] [1188] CResourceMonitor::run Enter 2026-03-10 15:22:39 [Info] [1188] CIpcMsgHandlerMgr::run Enter 2026-03-10 15:22:39 [Info] [1188] yundun connected 2026-03-10 15:22:39 [Info] [1188] Report thread 2026-03-10 15:22:39 [Info] [1188] Monitor thread 2026-03-10 15:22:39 [Info] [1188] Loader thread 2026-03-10 15:22:39 [Info] [1188] PythonEngineImpl Init... 2026-03-10 15:22:40 [Info] [1188] recvmsg: HELLO 2026-03-10 15:22:40 [Info] [1188] recvmsg: WORK 2026-03-10 15:22:40 [Info] [1188] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 15:22:40 [Info] [1188] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 15:22:40 [Info] [1188] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 15:22:40 [Info] [1188] log fd cnt is [250], real fd cnt is [264] 2026-03-10 15:22:42 [Info] [1188] log memory size is 20480KB, real memory size is 13332KB 2026-03-10 15:22:44 [Info] [1188] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 15:22:46 [Info] [1188] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-10 15:22:46 [Info] [1188] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-10 15:22:46 [Info] [1188] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-10 15:22:49 [Info] [1188] item: --windows-sysinfoext-check 2026-03-10 15:22:49 [Info] [1188] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-10 15:22:49 [Info] [1188] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-10 15:22:49 [Info] [1188] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 15:22:49 [Info] [1188] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 15:22:50 [Info] [1188] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-10 15:22:50 [Info] [1188] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-10 15:22:50 [Info] [1188] Prepare stage1: --windows-sysinfoext-check 2026-03-10 15:22:50 [Info] [1188] Prepare stage2 2026-03-10 15:23:04 [Info] [1188] log memory size is 30720KB, real memory size is 21980KB 2026-03-10 15:23:25 [Info] [1188] stage3: --windows-sysinfoext-check 2026-03-10 15:23:25 [Info] [1188] Loader after check 2026-03-10 15:23:25 [Warn] [1188] high cpu, cpu is 13 2026-03-10 15:23:25 [Info] [1188] try get sys version 2026-03-10 15:23:25 [Info] [1188] win sys info:2/10:0:3 2026-03-10 15:23:25 [Info] [1188] suit legal version, enable cpu control 2026-03-10 15:23:25 [Warn] [1188] High CPU Warning: 13 2026-03-10 15:23:25 [Warn] [1188] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-10 15:23:26 [Info] [1188] Enter reuse wait state. 2026-03-10 15:23:30 [Info] [1188] recvmsg: EXIT 2026-03-10 15:23:30 [Info] [1188] Recv Exit Msg, Exit... 2026-03-10 19:19:34 [Info] [4688] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-10 19:19:34 [Info] [4688] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap321151773141574 2026-03-10 19:19:34 [Info] [4688] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-10 19:19:34 [Info] [4688] Resource monitor start 2026-03-10 19:19:34 [Info] [4688] ipc client init success 2026-03-10 19:19:34 [Info] [4688] Ipc init: 0 2026-03-10 19:19:34 [Info] [4688] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-10 19:19:34 [Info] [4688] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-10 19:19:34 [Info] [4688] start ipc thread id[4476] 2026-03-10 19:19:34 [Info] [4688] Connect Yundun ipc server return state is 0 2026-03-10 19:19:34 [Info] [4688] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-10 19:19:34 [Info] [4688] CResourceMonitor::run Enter 2026-03-10 19:19:34 [Info] [4688] CIpcMsgHandlerMgr::run Enter 2026-03-10 19:19:34 [Info] [4688] yundun connected 2026-03-10 19:19:34 [Info] [4688] Report thread 2026-03-10 19:19:34 [Info] [4688] Monitor thread 2026-03-10 19:19:34 [Info] [4688] Loader thread 2026-03-10 19:19:34 [Info] [4688] PythonEngineImpl Init... 2026-03-10 19:19:35 [Info] [4688] recvmsg: HELLO 2026-03-10 19:19:35 [Info] [4688] recvmsg: WORK 2026-03-10 19:19:35 [Info] [4688] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 19:19:35 [Info] [4688] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 19:19:35 [Info] [4688] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 19:19:35 [Info] [4688] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 19:19:35 [Info] [4688] log fd cnt is [250], real fd cnt is [286] 2026-03-10 19:19:35 [Info] [4688] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-10 19:19:35 [Info] [4688] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-10 19:19:36 [Info] [4688] log memory size is 20480KB, real memory size is 14508KB 2026-03-10 19:19:37 [Info] [4688] item: --secnet_rasp_agent 2026-03-10 19:19:37 [Info] [4688] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-10 19:19:37 [Info] [4688] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-10 19:19:37 [Info] [4688] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-03-10 19:19:38 [Info] [4688] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-10 19:19:38 [Info] [4688] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-03-10 19:19:39 [Info] [4688] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-03-10 19:19:39 [Info] [4688] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-03-10 19:19:40 [Info] [4688] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-03-10 19:19:40 [Info] [4688] Download redirect files success. 2026-03-10 19:19:40 [Info] [4688] Prepare stage1: --secnet_rasp_agent 2026-03-10 19:19:40 [Info] [4688] Prepare stage2 2026-03-10 19:19:41 [Info] [4688] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-10 19:19:41 [Info] [4688] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-10 19:19:41 [Info] [4688] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 19:19:41 [Info] [4688] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 19:19:41 [Info] [4688] log memory size is 30720KB, real memory size is 21260KB 2026-03-10 19:19:41 [Info] [4688] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-03-10 19:19:41 [Info] [4688] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-10 19:19:41 [Info] [4688] stage3: --secnet_rasp_agent 2026-03-10 19:19:41 [Info] [4688] Loader after check 2026-03-10 19:19:42 [Info] [4688] Enter reuse wait state. 2026-03-10 19:19:46 [Info] [4688] recvmsg: EXIT 2026-03-10 19:19:46 [Info] [4688] Recv Exit Msg, Exit... 2026-03-10 20:50:32 [Info] [2192] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-10 20:50:32 [Info] [2192] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap171341773147021 2026-03-10 20:50:32 [Info] [2192] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-10 20:50:32 [Info] [2192] Resource monitor start 2026-03-10 20:50:32 [Info] [2192] ipc client init success 2026-03-10 20:50:32 [Info] [2192] Ipc init: 0 2026-03-10 20:50:32 [Info] [2192] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-10 20:50:32 [Info] [2192] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-10 20:50:32 [Info] [2192] start ipc thread id[2196] 2026-03-10 20:50:32 [Info] [2192] Connect Yundun ipc server return state is 0 2026-03-10 20:50:32 [Info] [2192] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-10 20:50:32 [Info] [2192] CResourceMonitor::run Enter 2026-03-10 20:50:32 [Info] [2192] CIpcMsgHandlerMgr::run Enter 2026-03-10 20:50:32 [Info] [2192] Report thread 2026-03-10 20:50:32 [Info] [2192] Monitor thread 2026-03-10 20:50:32 [Info] [2192] Loader thread 2026-03-10 20:50:32 [Info] [2192] PythonEngineImpl Init... 2026-03-10 20:50:35 [Info] [2192] yundun connected 2026-03-10 20:50:35 [Info] [2192] log fd cnt is [250], real fd cnt is [261] 2026-03-10 20:50:35 [Info] [2192] recvmsg: HELLO 2026-03-10 20:50:35 [Info] [2192] recvmsg: WORK 2026-03-10 20:50:35 [Info] [2192] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 20:50:35 [Info] [2192] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 20:50:35 [Info] [2192] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 20:50:36 [Info] [2192] log memory size is 20480KB, real memory size is 13312KB 2026-03-10 20:50:38 [Info] [800] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-10 20:50:38 [Info] [800] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap171871773147037 2026-03-10 20:50:38 [Info] [800] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-10 20:50:38 [Info] [800] Resource monitor start 2026-03-10 20:50:38 [Info] [800] ipc client init success 2026-03-10 20:50:38 [Info] [800] Ipc init: 0 2026-03-10 20:50:38 [Info] [800] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-10 20:50:38 [Info] [800] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-10 20:50:38 [Info] [800] start ipc thread id[3116] 2026-03-10 20:50:38 [Info] [800] Connect Yundun ipc server return state is 0 2026-03-10 20:50:38 [Info] [800] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-10 20:50:38 [Info] [800] CResourceMonitor::run Enter 2026-03-10 20:50:38 [Info] [800] CIpcMsgHandlerMgr::run Enter 2026-03-10 20:50:38 [Info] [800] yundun connected 2026-03-10 20:50:38 [Info] [800] Report thread 2026-03-10 20:50:38 [Info] [800] Monitor thread 2026-03-10 20:50:38 [Info] [800] Loader thread 2026-03-10 20:50:38 [Info] [800] PythonEngineImpl Init... 2026-03-10 20:50:39 [Info] [800] recvmsg: HELLO 2026-03-10 20:50:39 [Info] [2192] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 20:50:39 [Info] [800] recvmsg: WORK 2026-03-10 20:50:40 [Info] [2192] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-10 20:50:39 [Info] [800] log fd cnt is [250], real fd cnt is [263] 2026-03-10 20:50:40 [Info] [800] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-10 20:50:40 [Info] [800] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 20:50:40 [Info] [800] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-10 20:50:40 [Info] [800] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 20:50:40 [Info] [2192] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-10 20:50:40 [Info] [2192] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-10 20:50:40 [Info] [800] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 20:50:40 [Info] [800] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-10 20:50:40 [Info] [800] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-10 20:50:40 [Info] [800] log memory size is 20480KB, real memory size is 14344KB 2026-03-10 20:50:41 [Info] [2192] item: --windows-sysinfoext-check 2026-03-10 20:50:41 [Info] [2192] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-10 20:50:41 [Info] [2192] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-10 20:50:41 [Info] [2192] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 20:50:41 [Info] [2192] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 20:50:41 [Info] [2192] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-10 20:50:41 [Info] [2192] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-10 20:50:41 [Info] [2192] Prepare stage1: --windows-sysinfoext-check 2026-03-10 20:50:41 [Info] [2192] Prepare stage2 2026-03-10 20:50:42 [Info] [800] item: --windows-vul-check 2026-03-10 20:50:42 [Info] [800] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-10 20:50:42 [Info] [800] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-10 20:50:42 [Info] [800] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py 2026-03-10 20:50:42 [Info] [800] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-10 20:50:42 [Info] [800] Download redirect files success. 2026-03-10 20:50:42 [Info] [800] Prepare stage1: --windows-vul-check 2026-03-10 20:50:42 [Info] [800] Prepare stage2 2026-03-10 20:50:42 [Info] [800] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-03-10 20:50:42 [Info] [800] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-03-10 20:50:42 [Info] [800] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-10 20:50:42 [Info] [800] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-10 20:50:42 [Info] [800] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-03-10 20:50:42 [Info] [800] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-03-10 20:50:43 [Info] [800] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0 2026-03-10 20:50:43 [Info] [800] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0 2026-03-10 20:50:43 [Info] [800] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat 2026-03-10 20:50:43 [Info] [800] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat 2026-03-10 20:50:43 [Info] [800] stage3: --windows-vul-check 2026-03-10 20:50:43 [Info] [800] Loader after check 2026-03-10 20:50:43 [Warn] [800] high cpu, cpu is 27 2026-03-10 20:50:43 [Info] [800] try get sys version 2026-03-10 20:50:43 [Info] [800] win sys info:2/10:0:3 2026-03-10 20:50:43 [Info] [800] suit legal version, enable cpu control 2026-03-10 20:50:43 [Warn] [800] High CPU Warning: 27 2026-03-10 20:50:43 [Warn] [800] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-10 20:50:44 [Info] [2192] stage3: --windows-sysinfoext-check 2026-03-10 20:50:44 [Info] [2192] Loader after check 2026-03-10 20:50:44 [Info] [2192] log memory size is 30720KB, real memory size is 22868KB 2026-03-10 20:50:44 [Info] [800] Enter reuse wait state. 2026-03-10 20:50:44 [Info] [800] log memory size is 30720KB, real memory size is 23244KB 2026-03-10 20:50:45 [Info] [2192] Enter reuse wait state. 2026-03-10 20:50:49 [Info] [2192] recvmsg: EXIT 2026-03-10 20:50:49 [Info] [2192] Recv Exit Msg, Exit... 2026-03-10 20:50:51 [Info] [800] recvmsg: EXIT 2026-03-10 20:50:51 [Info] [800] Recv Exit Msg, Exit... 2026-03-17 03:26:18 [Info] [2296] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-17 03:26:18 [Info] [2296] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap180801773689166 2026-03-17 03:26:18 [Info] [2296] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-17 03:26:18 [Info] [2296] Resource monitor start 2026-03-17 03:26:18 [Info] [2296] ipc client init success 2026-03-17 03:26:18 [Info] [2296] Ipc init: 0 2026-03-17 03:26:18 [Info] [2296] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-17 03:26:18 [Info] [2296] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-17 03:26:18 [Info] [2296] start ipc thread id[944] 2026-03-17 03:26:18 [Info] [2296] Connect Yundun ipc server return state is 0 2026-03-17 03:26:18 [Info] [2296] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-17 03:26:18 [Info] [2296] CResourceMonitor::run Enter 2026-03-17 03:26:18 [Info] [2296] CIpcMsgHandlerMgr::run Enter 2026-03-17 03:26:18 [Info] [2296] Report thread 2026-03-17 03:26:18 [Info] [2296] Monitor thread 2026-03-17 03:26:18 [Info] [2296] Loader thread 2026-03-17 03:26:18 [Info] [2296] PythonEngineImpl Init... 2026-03-17 03:26:18 [Info] [2296] yundun connected 2026-03-17 03:26:19 [Info] [2296] recvmsg: HELLO 2026-03-17 03:26:19 [Info] [2296] recvmsg: WORK 2026-03-17 03:26:19 [Info] [2296] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 03:26:19 [Info] [2296] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 03:26:19 [Info] [2296] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 03:26:19 [Info] [2296] log fd cnt is [250], real fd cnt is [274] 2026-03-17 03:26:19 [Info] [2296] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 03:26:19 [Info] [2296] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-17 03:26:19 [Info] [2296] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-17 03:26:20 [Info] [2296] log memory size is 20480KB, real memory size is 14800KB 2026-03-17 03:26:21 [Info] [2296] item: --windows-sysinfoext-check 2026-03-17 03:26:21 [Info] [2296] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-17 03:26:21 [Info] [2296] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-17 03:26:21 [Info] [2296] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 03:26:21 [Info] [2296] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 03:26:21 [Info] [2296] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-17 03:26:21 [Info] [2296] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-17 03:26:21 [Info] [2296] Prepare stage1: --windows-sysinfoext-check 2026-03-17 03:26:21 [Info] [2296] Prepare stage2 2026-03-17 03:26:21 [Warn] [2296] high cpu, cpu is 12 2026-03-17 03:26:21 [Info] [2296] try get sys version 2026-03-17 03:26:21 [Info] [2296] win sys info:2/10:0:3 2026-03-17 03:26:21 [Info] [2296] suit legal version, enable cpu control 2026-03-17 03:26:21 [Warn] [2296] High CPU Warning: 12 2026-03-17 03:26:21 [Warn] [2296] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:__init__.py line: 87 in func: Moniker File:__init__.py line: 72 in func: GetObject File:wmi.py line: 1276 in func: connect File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-03-17 03:26:23 [Info] [2296] stage3: --windows-sysinfoext-check 2026-03-17 03:26:23 [Info] [2296] Loader after check 2026-03-17 03:26:24 [Info] [2296] Enter reuse wait state. 2026-03-17 03:26:24 [Info] [2296] log memory size is 30720KB, real memory size is 23188KB 2026-03-17 03:26:25 [Info] [2296] recvmsg: EXIT 2026-03-17 03:26:25 [Info] [2296] Recv Exit Msg, Exit... 2026-03-17 04:22:27 [Info] [1976] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-17 04:22:27 [Info] [1976] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap291211773692547 2026-03-17 04:22:27 [Info] [1976] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-17 04:22:27 [Info] [1976] Resource monitor start 2026-03-17 04:22:27 [Info] [1976] ipc client init success 2026-03-17 04:22:27 [Info] [1976] Ipc init: 0 2026-03-17 04:22:27 [Info] [1976] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-17 04:22:27 [Info] [1976] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-17 04:22:27 [Info] [1976] start ipc thread id[2452] 2026-03-17 04:22:27 [Info] [1976] Connect Yundun ipc server return state is 0 2026-03-17 04:22:27 [Info] [1976] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-17 04:22:27 [Info] [1976] CResourceMonitor::run Enter 2026-03-17 04:22:27 [Info] [1976] CIpcMsgHandlerMgr::run Enter 2026-03-17 04:22:27 [Info] [1976] Report thread 2026-03-17 04:22:27 [Info] [1976] Monitor thread 2026-03-17 04:22:27 [Info] [1976] Loader thread 2026-03-17 04:22:27 [Info] [1976] PythonEngineImpl Init... 2026-03-17 04:22:27 [Info] [1976] yundun connected 2026-03-17 04:22:28 [Info] [1976] recvmsg: HELLO 2026-03-17 04:22:28 [Info] [1976] recvmsg: WORK 2026-03-17 04:22:28 [Info] [1976] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 04:22:28 [Info] [1976] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 04:22:28 [Info] [1976] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 04:22:28 [Info] [1976] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 04:22:28 [Info] [1976] log fd cnt is [250], real fd cnt is [282] 2026-03-17 04:22:28 [Info] [1976] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-17 04:22:28 [Info] [1976] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-17 04:22:29 [Info] [1976] log memory size is 20480KB, real memory size is 14828KB 2026-03-17 04:22:29 [Info] [1976] item: --sca 2026-03-17 04:22:29 [Info] [1976] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-17 04:22:29 [Info] [1976] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-17 04:22:29 [Info] [1976] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py 2026-03-17 04:22:29 [Info] [1976] start do http get request for update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py 2026-03-17 04:22:30 [Info] [1976] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py.md5 2026-03-17 04:22:30 [Info] [1976] start do http get request for aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py.md5 2026-03-17 04:22:30 [Info] [1976] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py.md5, http code : 200, curl ret : 0 2026-03-17 04:22:30 [Info] [1976] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py, http code : 200, curl ret : 0 2026-03-17 04:22:30 [Info] [1976] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca.py 2026-03-17 04:22:30 [Info] [1976] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-03-17 04:22:30 [Info] [1976] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py 2026-03-17 04:22:30 [Info] [1976] start do http get request for update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py 2026-03-17 04:22:30 [Info] [1976] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py.md5 2026-03-17 04:22:30 [Info] [1976] start do http get request for aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py.md5 2026-03-17 04:22:30 [Info] [1976] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py.md5, http code : 200, curl ret : 0 2026-03-17 04:22:30 [Info] [1976] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py, http code : 200, curl ret : 0 2026-03-17 04:22:30 [Info] [1976] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca_utils.py 2026-03-17 04:22:30 [Info] [1976] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py 2026-03-17 04:22:30 [Info] [1976] start do http get request for update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py 2026-03-17 04:22:30 [Info] [1976] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py.md5 2026-03-17 04:22:30 [Info] [1976] start do http get request for aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py.md5 2026-03-17 04:22:30 [Info] [1976] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py.md5, http code : 200, curl ret : 0 2026-03-17 04:22:30 [Info] [1976] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py, http code : 200, curl ret : 0 2026-03-17 04:22:30 [Info] [1976] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca_common_proc.py 2026-03-17 04:22:31 [Info] [1976] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py 2026-03-17 04:22:31 [Info] [1976] start do http get request for update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py 2026-03-17 04:22:31 [Info] [1976] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py.md5 2026-03-17 04:22:31 [Info] [1976] start do http get request for aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py.md5 2026-03-17 04:22:31 [Info] [1976] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py.md5, http code : 200, curl ret : 0 2026-03-17 04:22:31 [Info] [1976] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py, http code : 200, curl ret : 0 2026-03-17 04:22:31 [Info] [1976] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca_java_proc.py 2026-03-17 04:22:31 [Info] [1976] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_node_proc.py 2026-03-17 04:22:31 [Info] [1976] start do http get request for update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_node_proc.py 2026-03-17 04:22:31 [Info] [1976] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_node_proc.py.md5 2026-03-17 04:22:31 [Info] [1976] start do http get request for aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_node_proc.py.md5 2026-03-17 04:22:31 [Info] [1976] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_node_proc.py.md5, http code : 200, curl ret : 0 2026-03-17 04:22:31 [Info] [1976] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_node_proc.py, http code : 200, curl ret : 0 2026-03-17 04:22:31 [Info] [1976] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca_node_proc.py 2026-03-17 04:22:31 [Info] [1976] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-03-17 04:22:32 [Info] [1976] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_business_type.py 2026-03-17 04:22:32 [Info] [1976] start do http get request for update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_business_type.py 2026-03-17 04:22:32 [Info] [1976] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_business_type.py.md5 2026-03-17 04:22:32 [Info] [1976] start do http get request for aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_business_type.py.md5 2026-03-17 04:22:32 [Info] [1976] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_business_type.py.md5, http code : 200, curl ret : 0 2026-03-17 04:22:32 [Info] [1976] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_business_type.py, http code : 200, curl ret : 0 2026-03-17 04:22:32 [Info] [1976] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca_business_type.py 2026-03-17 04:22:32 [Info] [1976] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-03-17 04:22:32 [Info] [1976] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-03-17 04:22:32 [Info] [1976] Download redirect files success. 2026-03-17 04:22:32 [Info] [1976] Prepare stage1: --sca 2026-03-17 04:22:32 [Info] [1976] Prepare stage2 2026-03-17 04:22:33 [Info] [1976] log memory size is 30720KB, real memory size is 28768KB 2026-03-17 04:22:34 [Warn] [1976] high cpu, cpu is 23 2026-03-17 04:22:34 [Info] [1976] try get sys version 2026-03-17 04:22:34 [Info] [1976] win sys info:2/10:0:3 2026-03-17 04:22:34 [Info] [1976] suit legal version, enable cpu control 2026-03-17 04:22:34 [Warn] [1976] High CPU Warning: 23 2026-03-17 04:22:34 [Warn] [1976] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-17 04:22:37 [Info] [1976] log memory size is 40960KB, real memory size is 33144KB 2026-03-17 04:23:08 [Info] [1976] stage3: --sca 2026-03-17 04:23:08 [Info] [1976] Loader after check 2026-03-17 04:23:09 [Info] [1976] Enter reuse wait state. 2026-03-17 04:23:11 [Info] [1976] recvmsg: EXIT 2026-03-17 04:23:11 [Info] [1976] Recv Exit Msg, Exit... 2026-03-17 07:52:59 [Info] [5136] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-17 07:52:59 [Info] [5136] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap48321773705178 2026-03-17 07:52:59 [Info] [5136] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-17 07:52:59 [Info] [5136] Resource monitor start 2026-03-17 07:52:59 [Info] [5136] ipc client init success 2026-03-17 07:52:59 [Info] [5136] Ipc init: 0 2026-03-17 07:52:59 [Info] [5136] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-17 07:52:59 [Info] [5136] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-17 07:52:59 [Info] [5136] start ipc thread id[4228] 2026-03-17 07:52:59 [Info] [5136] Connect Yundun ipc server return state is 0 2026-03-17 07:52:59 [Info] [5136] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-17 07:52:59 [Info] [5136] CResourceMonitor::run Enter 2026-03-17 07:52:59 [Info] [5136] CIpcMsgHandlerMgr::run Enter 2026-03-17 07:52:59 [Info] [5136] yundun connected 2026-03-17 07:52:59 [Info] [5136] Report thread 2026-03-17 07:52:59 [Info] [5136] Monitor thread 2026-03-17 07:52:59 [Info] [5136] Loader thread 2026-03-17 07:52:59 [Info] [5136] PythonEngineImpl Init... 2026-03-17 07:52:59 [Info] [5136] recvmsg: HELLO 2026-03-17 07:52:59 [Info] [5136] recvmsg: WORK 2026-03-17 07:52:59 [Info] [5136] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 07:52:59 [Info] [5136] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 07:52:59 [Info] [5136] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 07:52:59 [Info] [5136] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 07:53:00 [Info] [5136] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-17 07:53:00 [Info] [5136] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-17 07:53:00 [Info] [5136] log fd cnt is [250], real fd cnt is [281] 2026-03-17 07:53:01 [Info] [5136] log memory size is 20480KB, real memory size is 14764KB 2026-03-17 07:53:01 [Info] [5136] item: --windows-vul-clean 2026-03-17 07:53:01 [Info] [5136] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-17 07:53:01 [Info] [5136] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-17 07:53:01 [Info] [5136] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 07:53:01 [Info] [5136] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 07:53:01 [Info] [5136] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-03-17 07:53:01 [Info] [5136] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-03-17 07:53:01 [Info] [5136] Prepare stage1: --windows-vul-clean 2026-03-17 07:53:01 [Info] [5136] Prepare stage2 2026-03-17 07:53:01 [Info] [5136] stage3: --windows-vul-clean 2026-03-17 07:53:01 [Info] [5136] Loader after check 2026-03-17 07:53:02 [Info] [5136] Enter reuse wait state. 2026-03-17 07:53:06 [Info] [5136] recvmsg: EXIT 2026-03-17 07:53:06 [Info] [5136] Recv Exit Msg, Exit... 2026-03-17 08:54:44 [Info] [4568] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-17 08:54:44 [Info] [4568] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap168991773708873 2026-03-17 08:54:44 [Info] [4568] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-17 08:54:44 [Info] [4568] Resource monitor start 2026-03-17 08:54:44 [Info] [4568] ipc client init success 2026-03-17 08:54:44 [Info] [4568] Ipc init: 0 2026-03-17 08:54:44 [Info] [4568] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-17 08:54:44 [Info] [4568] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-17 08:54:44 [Info] [4568] start ipc thread id[5724] 2026-03-17 08:54:44 [Info] [4568] Connect Yundun ipc server return state is 0 2026-03-17 08:54:44 [Info] [4568] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-17 08:54:44 [Info] [4568] CResourceMonitor::run Enter 2026-03-17 08:54:44 [Info] [4568] CIpcMsgHandlerMgr::run Enter 2026-03-17 08:54:44 [Info] [4568] Report thread 2026-03-17 08:54:44 [Info] [4568] Monitor thread 2026-03-17 08:54:44 [Info] [4568] Loader thread 2026-03-17 08:54:44 [Info] [4568] PythonEngineImpl Init... 2026-03-17 08:54:49 [Info] [4568] yundun connected 2026-03-17 08:54:49 [Info] [4568] recvmsg: HELLO 2026-03-17 08:54:49 [Info] [4568] recvmsg: WORK 2026-03-17 08:54:52 [Info] [4568] log fd cnt is [250], real fd cnt is [261] 2026-03-17 08:54:53 [Info] [4568] log memory size is 20480KB, real memory size is 11840KB 2026-03-17 08:54:53 [Info] [4568] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 08:54:53 [Info] [4568] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 08:54:53 [Info] [4568] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 08:54:58 [Info] [4568] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 08:54:59 [Info] [4568] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-17 08:54:59 [Info] [4568] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-17 08:55:00 [Info] [4568] item: --windows-sysinfoext-check 2026-03-17 08:55:00 [Info] [4568] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-17 08:55:00 [Info] [4568] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-17 08:55:00 [Info] [4568] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 08:55:00 [Info] [4568] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 08:55:00 [Info] [4568] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-17 08:55:00 [Info] [4568] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-17 08:55:00 [Info] [4568] Prepare stage1: --windows-sysinfoext-check 2026-03-17 08:55:00 [Info] [4568] Prepare stage2 2026-03-17 08:55:01 [Info] [4568] log memory size is 30720KB, real memory size is 22956KB 2026-03-17 08:55:02 [Info] [4568] stage3: --windows-sysinfoext-check 2026-03-17 08:55:02 [Info] [4568] Loader after check 2026-03-17 08:55:03 [Info] [4568] Enter reuse wait state. 2026-03-17 08:55:04 [Info] [4568] recvmsg: EXIT 2026-03-17 08:55:04 [Info] [4568] Recv Exit Msg, Exit... 2026-03-17 09:09:28 [Info] [4412] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-17 09:09:28 [Info] [4412] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap198211773709768 2026-03-17 09:09:28 [Info] [4412] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-17 09:09:28 [Info] [4412] Resource monitor start 2026-03-17 09:09:28 [Info] [4412] ipc client init success 2026-03-17 09:09:28 [Info] [4412] Ipc init: 0 2026-03-17 09:09:28 [Info] [4412] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-17 09:09:28 [Info] [4412] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-17 09:09:28 [Info] [4412] start ipc thread id[2116] 2026-03-17 09:09:28 [Info] [4412] Connect Yundun ipc server return state is 0 2026-03-17 09:09:28 [Info] [4412] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-17 09:09:28 [Info] [4412] CResourceMonitor::run Enter 2026-03-17 09:09:28 [Info] [4412] CIpcMsgHandlerMgr::run Enter 2026-03-17 09:09:28 [Info] [4412] Report thread 2026-03-17 09:09:28 [Info] [4412] Monitor thread 2026-03-17 09:09:28 [Info] [4412] Loader thread 2026-03-17 09:09:28 [Info] [4412] PythonEngineImpl Init... 2026-03-17 09:09:28 [Info] [4412] yundun connected 2026-03-17 09:09:28 [Info] [4412] recvmsg: HELLO 2026-03-17 09:09:28 [Info] [4412] recvmsg: WORK 2026-03-17 09:09:28 [Info] [4412] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 09:09:28 [Info] [4412] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 09:09:28 [Info] [4412] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 09:09:29 [Info] [4412] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 09:09:29 [Info] [4412] log fd cnt is [250], real fd cnt is [282] 2026-03-17 09:09:29 [Info] [4412] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-17 09:09:29 [Info] [4412] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-17 09:09:30 [Info] [4412] log memory size is 20480KB, real memory size is 14808KB 2026-03-17 09:09:30 [Info] [4412] item: --windows-process-check 2026-03-17 09:09:30 [Info] [4412] cgroup name aegisRtap0 2026-03-17 09:09:30 [Info] [4412] try get sys version 2026-03-17 09:09:30 [Info] [4412] win sys info:2/10:0:3 2026-03-17 09:09:30 [Info] [4412] suit legal version, enable cpu control 2026-03-17 09:09:30 [Info] [4412] get AssignProcessToJobObject handle [00000478] 2026-03-17 09:09:30 [Info] [4412] Set setJobExtended. 2026-03-17 09:09:30 [Info] [4412] Set cpu [9%] 2026-03-17 09:09:30 [Info] [4412] Set cpu success 2026-03-17 09:09:30 [Info] [4412] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-17 09:09:30 [Info] [4412] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-17 09:09:30 [Info] [4412] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 09:09:30 [Info] [4412] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 09:09:30 [Info] [4412] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-03-17 09:09:30 [Info] [4412] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-03-17 09:09:31 [Info] [4412] Prepare stage1: --windows-process-check 2026-03-17 09:09:31 [Info] [4412] Prepare stage2 2026-03-17 09:09:32 [Info] [4412] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-17 09:09:34 [Info] [4412] log memory size is 30720KB, real memory size is 20632KB 2026-03-17 09:09:49 [Info] [4412] stage3: --windows-process-check 2026-03-17 09:09:49 [Info] [4412] Loader after check 2026-03-17 09:09:50 [Info] [4412] Enter reuse wait state. 2026-03-17 09:09:52 [Info] [4412] recvmsg: EXIT 2026-03-17 09:09:52 [Info] [4412] Recv Exit Msg, Exit... 2026-03-17 10:33:59 [Info] [2332] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-17 10:33:59 [Info] [2332] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap36101773714838 2026-03-17 10:33:59 [Info] [2332] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-17 10:33:59 [Info] [2332] Resource monitor start 2026-03-17 10:33:59 [Info] [2332] ipc client init success 2026-03-17 10:33:59 [Info] [2332] Ipc init: 0 2026-03-17 10:33:59 [Info] [2332] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-17 10:33:59 [Info] [2332] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-17 10:33:59 [Info] [2332] CResourceMonitor::run Enter 2026-03-17 10:33:59 [Info] [2332] CIpcMsgHandlerMgr::run Enter 2026-03-17 10:33:59 [Info] [2332] start ipc thread id[4152] 2026-03-17 10:33:59 [Info] [2332] Connect Yundun ipc server return state is 0 2026-03-17 10:33:59 [Info] [2332] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-17 10:33:59 [Info] [2332] yundun connected 2026-03-17 10:33:59 [Info] [2332] Report thread 2026-03-17 10:33:59 [Info] [2332] Monitor thread 2026-03-17 10:33:59 [Info] [2332] Loader thread 2026-03-17 10:33:59 [Info] [2332] PythonEngineImpl Init... 2026-03-17 10:33:59 [Info] [2332] recvmsg: HELLO 2026-03-17 10:33:59 [Info] [2332] recvmsg: WORK 2026-03-17 10:34:00 [Info] [2332] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 10:34:00 [Info] [2332] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 10:34:00 [Info] [2332] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 10:34:00 [Info] [2332] log fd cnt is [250], real fd cnt is [282] 2026-03-17 10:34:00 [Info] [2332] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 10:34:00 [Info] [2332] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-17 10:34:00 [Info] [2332] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-17 10:34:01 [Info] [2332] log memory size is 20480KB, real memory size is 14840KB 2026-03-17 10:34:01 [Info] [2332] item: --windows-schedule-task-check 2026-03-17 10:34:01 [Info] [2332] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-17 10:34:01 [Info] [2332] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-17 10:34:01 [Info] [2332] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 10:34:01 [Info] [2332] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 10:34:02 [Info] [2332] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-03-17 10:34:02 [Info] [2332] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-03-17 10:34:02 [Info] [2332] Prepare stage1: --windows-schedule-task-check 2026-03-17 10:34:02 [Info] [2332] Prepare stage2 2026-03-17 10:34:03 [Info] [2332] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-17 10:34:04 [Info] [5260] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-17 10:34:04 [Info] [5260] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap36291773714844 2026-03-17 10:34:04 [Info] [5260] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-17 10:34:04 [Info] [5260] Resource monitor start 2026-03-17 10:34:04 [Info] [5260] ipc client init success 2026-03-17 10:34:04 [Info] [5260] Ipc init: 0 2026-03-17 10:34:04 [Info] [5260] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-17 10:34:04 [Info] [5260] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-17 10:34:04 [Info] [5260] start ipc thread id[5944] 2026-03-17 10:34:04 [Info] [5260] Connect Yundun ipc server return state is 0 2026-03-17 10:34:04 [Info] [5260] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-17 10:34:04 [Info] [5260] CResourceMonitor::run Enter 2026-03-17 10:34:04 [Info] [5260] CIpcMsgHandlerMgr::run Enter 2026-03-17 10:34:04 [Info] [5260] Report thread 2026-03-17 10:34:04 [Info] [5260] Monitor thread 2026-03-17 10:34:04 [Info] [5260] Loader thread 2026-03-17 10:34:04 [Info] [5260] PythonEngineImpl Init... 2026-03-17 10:34:04 [Info] [5260] yundun connected 2026-03-17 10:34:04 [Info] [5260] recvmsg: HELLO 2026-03-17 10:34:04 [Info] [5260] recvmsg: WORK 2026-03-17 10:34:05 [Info] [5260] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 10:34:05 [Info] [5260] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 10:34:05 [Info] [5260] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 10:34:05 [Info] [5260] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 10:34:05 [Info] [5260] log fd cnt is [250], real fd cnt is [282] 2026-03-17 10:34:05 [Info] [5260] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-17 10:34:05 [Info] [5260] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-17 10:34:05 [Info] [2332] log memory size is 30720KB, real memory size is 23488KB 2026-03-17 10:34:06 [Info] [5260] log memory size is 20480KB, real memory size is 14784KB 2026-03-17 10:34:06 [Info] [5260] item: --windows-driver-version-check 2026-03-17 10:34:06 [Info] [5260] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-17 10:34:06 [Info] [5260] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-17 10:34:06 [Info] [5260] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 10:34:06 [Info] [5260] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 10:34:06 [Info] [5260] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-03-17 10:34:06 [Info] [5260] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-03-17 10:34:07 [Info] [5260] Prepare stage1: --windows-driver-version-check 2026-03-17 10:34:07 [Info] [5260] Prepare stage2 2026-03-17 10:34:07 [Info] [5260] stage3: --windows-driver-version-check 2026-03-17 10:34:07 [Info] [5260] Loader after check 2026-03-17 10:34:08 [Info] [5260] Enter reuse wait state. 2026-03-17 10:34:12 [Info] [5260] recvmsg: EXIT 2026-03-17 10:34:12 [Info] [5260] Recv Exit Msg, Exit... 2026-03-17 10:34:51 [Info] [2332] stage3: --windows-schedule-task-check 2026-03-17 10:34:51 [Info] [2332] Loader after check 2026-03-17 10:34:52 [Info] [2332] Enter reuse wait state. 2026-03-17 10:34:55 [Info] [2332] recvmsg: EXIT 2026-03-17 10:34:55 [Info] [2332] Recv Exit Msg, Exit... 2026-03-17 10:46:51 [Info] [1452] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-17 10:46:51 [Info] [1452] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap61341773715611 2026-03-17 10:46:51 [Info] [1452] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-17 10:46:51 [Info] [1452] Resource monitor start 2026-03-17 10:46:51 [Info] [1452] ipc client init success 2026-03-17 10:46:51 [Info] [1452] Ipc init: 0 2026-03-17 10:46:51 [Info] [1452] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-17 10:46:51 [Info] [1452] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-17 10:46:51 [Info] [1452] start ipc thread id[6020] 2026-03-17 10:46:51 [Info] [1452] Connect Yundun ipc server return state is 0 2026-03-17 10:46:51 [Info] [1452] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-17 10:46:51 [Info] [1452] CResourceMonitor::run Enter 2026-03-17 10:46:51 [Info] [1452] CIpcMsgHandlerMgr::run Enter 2026-03-17 10:46:51 [Info] [1452] yundun connected 2026-03-17 10:46:51 [Info] [1452] Report thread 2026-03-17 10:46:51 [Info] [1452] Monitor thread 2026-03-17 10:46:51 [Info] [1452] Loader thread 2026-03-17 10:46:51 [Info] [1452] PythonEngineImpl Init... 2026-03-17 10:46:52 [Info] [1452] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-17 10:46:52 [Info] [1452] recvmsg: HELLO 2026-03-17 10:46:52 [Info] [1452] recvmsg: WORK 2026-03-17 10:46:52 [Info] [1452] log fd cnt is [250], real fd cnt is [263] 2026-03-17 10:46:52 [Info] [1452] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 10:46:52 [Info] [1452] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 10:46:52 [Info] [1452] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 10:46:53 [Info] [1452] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 10:46:53 [Info] [1452] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-17 10:46:53 [Info] [1452] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-17 10:46:53 [Info] [1452] log memory size is 20480KB, real memory size is 14600KB 2026-03-17 10:46:54 [Info] [1452] item: --windows-registry-check 2026-03-17 10:46:54 [Info] [1452] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-17 10:46:54 [Info] [1452] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-17 10:46:54 [Info] [1452] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 10:46:55 [Info] [1452] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 10:46:55 [Info] [1452] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-03-17 10:46:55 [Info] [1452] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-03-17 10:46:55 [Info] [1452] Prepare stage1: --windows-registry-check 2026-03-17 10:46:55 [Info] [1452] Prepare stage2 2026-03-17 10:47:30 [Info] [1452] stage3: --windows-registry-check 2026-03-17 10:47:30 [Info] [1452] Loader after check 2026-03-17 10:47:31 [Info] [1452] Enter reuse wait state. 2026-03-17 10:47:35 [Info] [1452] recvmsg: EXIT 2026-03-17 10:47:35 [Info] [1452] Recv Exit Msg, Exit... 2026-03-17 11:11:52 [Info] [3780] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-17 11:11:52 [Info] [3780] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap110231773717108 2026-03-17 11:11:52 [Info] [3780] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-17 11:11:53 [Info] [3780] Resource monitor start 2026-03-17 11:11:53 [Info] [3780] ipc client init success 2026-03-17 11:11:53 [Info] [3780] Ipc init: 0 2026-03-17 11:11:53 [Info] [3780] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-17 11:11:54 [Info] [3780] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-17 11:11:54 [Info] [3780] CResourceMonitor::run Enter 2026-03-17 11:11:54 [Info] [3780] CIpcMsgHandlerMgr::run Enter 2026-03-17 11:11:54 [Info] [3780] start ipc thread id[5360] 2026-03-17 11:11:54 [Info] [3780] Connect Yundun ipc server return state is 0 2026-03-17 11:11:54 [Info] [3780] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-17 11:11:54 [Info] [3780] yundun connected 2026-03-17 11:11:54 [Info] [3780] Report thread 2026-03-17 11:11:54 [Info] [3780] Monitor thread 2026-03-17 11:11:54 [Info] [3780] Loader thread 2026-03-17 11:11:54 [Info] [3780] PythonEngineImpl Init... 2026-03-17 11:11:54 [Info] [3780] recvmsg: HELLO 2026-03-17 11:11:54 [Info] [3780] recvmsg: WORK 2026-03-17 11:11:55 [Info] [3780] log fd cnt is [250], real fd cnt is [263] 2026-03-17 11:11:55 [Info] [3780] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 11:11:55 [Info] [3780] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 11:11:55 [Info] [3780] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 11:11:56 [Info] [3780] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 11:11:56 [Info] [3780] log memory size is 20480KB, real memory size is 14580KB 2026-03-17 11:11:56 [Info] [3780] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-17 11:11:56 [Info] [3780] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-17 11:11:58 [Info] [3780] item: --windows-autorun-item-check 2026-03-17 11:11:58 [Info] [3780] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-17 11:11:58 [Info] [3780] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-17 11:11:58 [Info] [3780] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 11:11:58 [Info] [3780] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 11:11:58 [Info] [3780] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-03-17 11:11:58 [Info] [3780] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-03-17 11:11:59 [Info] [3780] Prepare stage1: --windows-autorun-item-check 2026-03-17 11:11:59 [Info] [3780] Prepare stage2 2026-03-17 11:12:02 [Info] [3780] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-17 11:12:05 [Info] [3780] log memory size is 30720KB, real memory size is 22512KB 2026-03-17 11:12:14 [Warn] [3780] high cpu, cpu is 18 2026-03-17 11:12:14 [Info] [3780] try get sys version 2026-03-17 11:12:14 [Info] [3780] win sys info:2/10:0:3 2026-03-17 11:12:14 [Info] [3780] suit legal version, enable cpu control 2026-03-17 11:12:14 [Warn] [3780] High CPU Warning: 18 2026-03-17 11:12:14 [Warn] [3780] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-autorun-item-check.py line: 487 in func: GetFileMd5 File:windows-autorun-item-check.py line: 513 in func: check File:windows-autorun-item-check.py line: 80 in func: main File:windows-autorun-item-check.py line: 534 in func: start 2026-03-17 11:12:14 [Info] [3780] stage3: --windows-autorun-item-check 2026-03-17 11:12:14 [Info] [3780] Loader after check 2026-03-17 11:12:15 [Info] [3780] Enter reuse wait state. 2026-03-17 11:12:17 [Info] [3780] recvmsg: EXIT 2026-03-17 11:12:17 [Info] [3780] Recv Exit Msg, Exit... 2026-03-17 11:48:22 [Info] [2504] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-17 11:48:22 [Info] [2504] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap181841773719301 2026-03-17 11:48:22 [Info] [2504] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-17 11:48:22 [Info] [2504] Resource monitor start 2026-03-17 11:48:22 [Info] [2504] ipc client init success 2026-03-17 11:48:22 [Info] [2504] Ipc init: 0 2026-03-17 11:48:22 [Info] [2504] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-17 11:48:23 [Info] [2504] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-17 11:48:23 [Info] [2504] CResourceMonitor::run Enter 2026-03-17 11:48:23 [Info] [2504] start ipc thread id[5472] 2026-03-17 11:48:23 [Info] [2504] Connect Yundun ipc server return state is 0 2026-03-17 11:48:23 [Info] [2504] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-17 11:48:23 [Info] [2504] CIpcMsgHandlerMgr::run Enter 2026-03-17 11:48:23 [Info] [2504] yundun connected 2026-03-17 11:48:23 [Info] [2504] Report thread 2026-03-17 11:48:23 [Info] [2504] Monitor thread 2026-03-17 11:48:23 [Info] [2504] Loader thread 2026-03-17 11:48:23 [Info] [2504] PythonEngineImpl Init... 2026-03-17 11:48:23 [Info] [2504] recvmsg: HELLO 2026-03-17 11:48:23 [Info] [2504] recvmsg: WORK 2026-03-17 11:48:24 [Info] [2504] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 11:48:24 [Info] [2504] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 11:48:24 [Info] [2504] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 11:48:24 [Info] [2504] log fd cnt is [250], real fd cnt is [274] 2026-03-17 11:48:24 [Info] [2504] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 11:48:24 [Info] [2504] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-17 11:48:24 [Info] [2504] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-17 11:48:25 [Info] [2504] log memory size is 20480KB, real memory size is 14848KB 2026-03-17 11:48:25 [Info] [2504] item: --tcp-connect-check 2026-03-17 11:48:25 [Info] [2504] cgroup name aegisRtap0 2026-03-17 11:48:25 [Info] [2504] try get sys version 2026-03-17 11:48:25 [Info] [2504] win sys info:2/10:0:3 2026-03-17 11:48:25 [Info] [2504] suit legal version, enable cpu control 2026-03-17 11:48:25 [Info] [2504] get AssignProcessToJobObject handle [00000478] 2026-03-17 11:48:25 [Info] [2504] Set setJobExtended. 2026-03-17 11:48:25 [Info] [2504] Set cpu [9%] 2026-03-17 11:48:25 [Info] [2504] Set cpu success 2026-03-17 11:48:25 [Info] [2504] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-17 11:48:25 [Info] [2504] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-17 11:48:25 [Info] [2504] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 11:48:26 [Info] [2504] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 11:48:26 [Info] [2504] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-03-17 11:48:26 [Info] [2504] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-03-17 11:48:26 [Info] [2504] Prepare stage1: --tcp-connect-check 2026-03-17 11:48:26 [Info] [2504] Prepare stage2 2026-03-17 11:48:31 [Info] [2504] stage3: --tcp-connect-check 2026-03-17 11:48:31 [Info] [2504] Loader after check 2026-03-17 11:48:32 [Info] [2504] Enter reuse wait state. 2026-03-17 11:48:34 [Info] [2504] recvmsg: EXIT 2026-03-17 11:48:34 [Info] [2504] Recv Exit Msg, Exit... 2026-03-17 12:05:37 [Info] [3008] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-17 12:05:37 [Info] [3008] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap215641773720336 2026-03-17 12:05:37 [Info] [3008] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-17 12:05:37 [Info] [3008] Resource monitor start 2026-03-17 12:05:37 [Info] [3008] ipc client init success 2026-03-17 12:05:37 [Info] [3008] Ipc init: 0 2026-03-17 12:05:37 [Info] [3008] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-17 12:05:37 [Info] [3008] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-17 12:05:37 [Info] [3008] CResourceMonitor::run Enter 2026-03-17 12:05:37 [Info] [3008] start ipc thread id[3052] 2026-03-17 12:05:37 [Info] [3008] Connect Yundun ipc server return state is 0 2026-03-17 12:05:37 [Info] [3008] CIpcMsgHandlerMgr::run Enter 2026-03-17 12:05:37 [Info] [3008] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-17 12:05:37 [Info] [3008] yundun connected 2026-03-17 12:05:37 [Info] [3008] Report thread 2026-03-17 12:05:37 [Info] [3008] Monitor thread 2026-03-17 12:05:37 [Info] [3008] Loader thread 2026-03-17 12:05:37 [Info] [3008] PythonEngineImpl Init... 2026-03-17 12:05:38 [Info] [3008] recvmsg: HELLO 2026-03-17 12:05:38 [Info] [3008] recvmsg: WORK 2026-03-17 12:05:38 [Info] [3008] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 12:05:38 [Info] [3008] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 12:05:38 [Info] [3008] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 12:05:38 [Info] [3008] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 12:05:38 [Info] [3008] log fd cnt is [250], real fd cnt is [282] 2026-03-17 12:05:38 [Info] [3008] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-17 12:05:38 [Info] [3008] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-17 12:05:39 [Info] [3008] log memory size is 20480KB, real memory size is 14840KB 2026-03-17 12:05:39 [Info] [3008] item: --windows-sysinfoext-check 2026-03-17 12:05:39 [Info] [3008] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-17 12:05:39 [Info] [3008] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-17 12:05:39 [Info] [3008] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 12:05:39 [Info] [3008] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 12:05:40 [Info] [3008] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-17 12:05:40 [Info] [3008] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-17 12:05:40 [Info] [3008] Prepare stage1: --windows-sysinfoext-check 2026-03-17 12:05:40 [Info] [3008] Prepare stage2 2026-03-17 12:05:42 [Info] [3008] stage3: --windows-sysinfoext-check 2026-03-17 12:05:42 [Info] [3008] Loader after check 2026-03-17 12:05:42 [Info] [2208] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-17 12:05:42 [Info] [2208] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap215831773720342 2026-03-17 12:05:42 [Info] [2208] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-17 12:05:42 [Info] [2208] Resource monitor start 2026-03-17 12:05:42 [Info] [2208] ipc client init success 2026-03-17 12:05:42 [Info] [2208] Ipc init: 0 2026-03-17 12:05:42 [Info] [2208] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-17 12:05:42 [Info] [2208] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-17 12:05:42 [Info] [2208] start ipc thread id[2492] 2026-03-17 12:05:42 [Info] [2208] Connect Yundun ipc server return state is 0 2026-03-17 12:05:42 [Info] [2208] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-17 12:05:42 [Info] [2208] CResourceMonitor::run Enter 2026-03-17 12:05:42 [Info] [2208] CIpcMsgHandlerMgr::run Enter 2026-03-17 12:05:42 [Info] [2208] yundun connected 2026-03-17 12:05:42 [Info] [2208] Report thread 2026-03-17 12:05:42 [Info] [2208] Monitor thread 2026-03-17 12:05:42 [Info] [2208] Loader thread 2026-03-17 12:05:42 [Info] [2208] PythonEngineImpl Init... 2026-03-17 12:05:43 [Info] [2208] recvmsg: HELLO 2026-03-17 12:05:43 [Info] [2208] recvmsg: WORK 2026-03-17 12:05:43 [Info] [2208] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 12:05:43 [Info] [2208] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 12:05:43 [Info] [2208] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 12:05:43 [Info] [2208] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 12:05:43 [Info] [3008] Enter reuse wait state. 2026-03-17 12:05:43 [Info] [3008] log memory size is 30720KB, real memory size is 23280KB 2026-03-17 12:05:43 [Info] [2208] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-17 12:05:43 [Info] [2208] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-17 12:05:43 [Info] [2208] log fd cnt is [250], real fd cnt is [281] 2026-03-17 12:05:45 [Info] [2208] log memory size is 20480KB, real memory size is 14792KB 2026-03-17 12:05:46 [Info] [2208] item: --alihips-dumpcheck 2026-03-17 12:05:46 [Info] [2208] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/alihips-dumpcheck.py.md5 2026-03-17 12:05:46 [Info] [2208] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/alihips-dumpcheck.py.md5 2026-03-17 12:05:46 [Info] [2208] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 12:05:46 [Info] [2208] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 12:05:46 [Info] [2208] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/alihips-dumpcheck.py.md5, http code : 200, curl ret : 0 2026-03-17 12:05:46 [Info] [2208] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/alihips-dumpcheck.py.md5 2026-03-17 12:05:46 [Info] [3008] recvmsg: EXIT 2026-03-17 12:05:46 [Info] [3008] Recv Exit Msg, Exit... 2026-03-17 12:05:46 [Info] [2208] Prepare stage1: --alihips-dumpcheck 2026-03-17 12:05:46 [Info] [2208] Prepare stage2 2026-03-17 12:05:51 [Info] [2208] stage3: --alihips-dumpcheck 2026-03-17 12:05:51 [Info] [2208] Loader after check 2026-03-17 12:05:52 [Info] [2208] Enter reuse wait state. 2026-03-17 12:05:56 [Info] [2208] recvmsg: EXIT 2026-03-17 12:05:56 [Info] [2208] Recv Exit Msg, Exit... 2026-03-17 14:05:51 [Info] [3068] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-17 14:05:51 [Info] [3068] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap123541773727550 2026-03-17 14:05:51 [Info] [3068] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-17 14:05:51 [Info] [3068] Resource monitor start 2026-03-17 14:05:51 [Info] [3068] ipc client init success 2026-03-17 14:05:51 [Info] [3068] Ipc init: 0 2026-03-17 14:05:51 [Info] [3068] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-17 14:05:51 [Info] [3068] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-17 14:05:51 [Info] [3068] CResourceMonitor::run Enter 2026-03-17 14:05:51 [Info] [3068] CIpcMsgHandlerMgr::run Enter 2026-03-17 14:05:51 [Info] [3068] start ipc thread id[1164] 2026-03-17 14:05:51 [Info] [3068] Connect Yundun ipc server return state is 0 2026-03-17 14:05:51 [Info] [3068] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-17 14:05:51 [Info] [3068] yundun connected 2026-03-17 14:05:51 [Info] [3068] Report thread 2026-03-17 14:05:51 [Info] [3068] Monitor thread 2026-03-17 14:05:51 [Info] [3068] Loader thread 2026-03-17 14:05:51 [Info] [3068] PythonEngineImpl Init... 2026-03-17 14:05:51 [Info] [3068] recvmsg: HELLO 2026-03-17 14:05:51 [Info] [3068] recvmsg: WORK 2026-03-17 14:05:52 [Info] [3068] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 14:05:52 [Info] [3068] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 14:05:52 [Info] [3068] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 14:05:52 [Info] [3068] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 14:05:52 [Info] [3068] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-17 14:05:52 [Info] [3068] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-17 14:05:52 [Info] [3068] log fd cnt is [250], real fd cnt is [281] 2026-03-17 14:05:53 [Info] [3068] log memory size is 20480KB, real memory size is 14904KB 2026-03-17 14:05:53 [Info] [3068] item: --windows-sysinfoext-check 2026-03-17 14:05:53 [Info] [3068] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-17 14:05:53 [Info] [3068] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-17 14:05:53 [Info] [3068] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 14:05:53 [Info] [3068] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 14:05:53 [Info] [3068] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-17 14:05:53 [Info] [3068] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-17 14:05:54 [Info] [3068] Prepare stage1: --windows-sysinfoext-check 2026-03-17 14:05:54 [Info] [3068] Prepare stage2 2026-03-17 14:05:56 [Info] [2500] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-17 14:05:56 [Info] [2500] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap123731773727556 2026-03-17 14:05:56 [Info] [2500] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-17 14:05:56 [Info] [2500] Resource monitor start 2026-03-17 14:05:56 [Info] [2500] ipc client init success 2026-03-17 14:05:56 [Info] [2500] Ipc init: 0 2026-03-17 14:05:56 [Info] [2500] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-17 14:05:56 [Info] [2500] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-17 14:05:56 [Info] [2500] start ipc thread id[2548] 2026-03-17 14:05:56 [Info] [2500] Connect Yundun ipc server return state is 0 2026-03-17 14:05:56 [Info] [2500] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-17 14:05:56 [Info] [2500] CResourceMonitor::run Enter 2026-03-17 14:05:56 [Info] [2500] CIpcMsgHandlerMgr::run Enter 2026-03-17 14:05:56 [Info] [2500] yundun connected 2026-03-17 14:05:56 [Info] [2500] Report thread 2026-03-17 14:05:56 [Info] [2500] Monitor thread 2026-03-17 14:05:56 [Info] [2500] Loader thread 2026-03-17 14:05:56 [Info] [2500] PythonEngineImpl Init... 2026-03-17 14:05:56 [Info] [3068] stage3: --windows-sysinfoext-check 2026-03-17 14:05:56 [Info] [3068] Loader after check 2026-03-17 14:05:57 [Info] [2500] recvmsg: HELLO 2026-03-17 14:05:57 [Info] [2500] recvmsg: WORK 2026-03-17 14:05:57 [Info] [2500] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 14:05:57 [Info] [2500] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 14:05:57 [Info] [2500] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 14:05:57 [Info] [2500] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 14:05:57 [Info] [2500] log fd cnt is [250], real fd cnt is [282] 2026-03-17 14:05:57 [Info] [2500] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-17 14:05:57 [Info] [2500] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-17 14:05:58 [Info] [3068] log memory size is 30720KB, real memory size is 23324KB 2026-03-17 14:05:58 [Info] [3068] Enter reuse wait state. 2026-03-17 14:05:58 [Info] [2500] log memory size is 20480KB, real memory size is 14736KB 2026-03-17 14:05:59 [Info] [2500] item: --alihips-dumpcheck 2026-03-17 14:05:59 [Info] [2500] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/alihips-dumpcheck.py.md5 2026-03-17 14:05:59 [Info] [2500] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/alihips-dumpcheck.py.md5 2026-03-17 14:05:59 [Info] [2500] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 14:05:59 [Info] [2500] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 14:05:59 [Info] [2500] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/alihips-dumpcheck.py.md5, http code : 200, curl ret : 0 2026-03-17 14:05:59 [Info] [2500] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/alihips-dumpcheck.py.md5 2026-03-17 14:06:00 [Info] [3068] recvmsg: EXIT 2026-03-17 14:06:00 [Info] [3068] Recv Exit Msg, Exit... 2026-03-17 14:06:00 [Info] [2500] Prepare stage1: --alihips-dumpcheck 2026-03-17 14:06:00 [Info] [2500] Prepare stage2 2026-03-17 14:06:05 [Info] [2500] stage3: --alihips-dumpcheck 2026-03-17 14:06:05 [Info] [2500] Loader after check 2026-03-17 14:06:06 [Info] [2500] Enter reuse wait state. 2026-03-17 14:06:10 [Info] [2500] recvmsg: EXIT 2026-03-17 14:06:10 [Info] [2500] Recv Exit Msg, Exit... 2026-03-17 19:05:52 [Info] [1960] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-17 19:05:52 [Info] [1960] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap55981773745550 2026-03-17 19:05:52 [Info] [1960] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-17 19:05:52 [Info] [1960] Resource monitor start 2026-03-17 19:05:52 [Info] [1960] ipc client init success 2026-03-17 19:05:52 [Info] [1960] Ipc init: 0 2026-03-17 19:05:52 [Info] [1960] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-17 19:05:52 [Info] [1960] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-17 19:05:52 [Info] [1960] CResourceMonitor::run Enter 2026-03-17 19:05:52 [Info] [1960] start ipc thread id[4304] 2026-03-17 19:05:52 [Info] [1960] Connect Yundun ipc server return state is 0 2026-03-17 19:05:52 [Info] [1960] CIpcMsgHandlerMgr::run Enter 2026-03-17 19:05:52 [Info] [1960] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-17 19:05:52 [Info] [1960] yundun connected 2026-03-17 19:05:52 [Info] [1960] Report thread 2026-03-17 19:05:52 [Info] [1960] Monitor thread 2026-03-17 19:05:52 [Info] [1960] Loader thread 2026-03-17 19:05:52 [Info] [1960] PythonEngineImpl Init... 2026-03-17 19:05:52 [Info] [1960] recvmsg: HELLO 2026-03-17 19:05:52 [Info] [1960] recvmsg: WORK 2026-03-17 19:05:52 [Info] [1960] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 19:05:52 [Info] [1960] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 19:05:52 [Info] [1960] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 19:05:53 [Warn] [1960] high cpu, cpu is 12 2026-03-17 19:05:53 [Info] [1960] try get sys version 2026-03-17 19:05:53 [Info] [1960] win sys info:2/10:0:3 2026-03-17 19:05:53 [Info] [1960] suit legal version, enable cpu control 2026-03-17 19:05:53 [Warn] [1960] High CPU Warning: 12 2026-03-17 19:05:53 [Warn] [1960] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-17 19:05:53 [Info] [1960] log fd cnt is [250], real fd cnt is [282] 2026-03-17 19:05:53 [Info] [1960] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 19:05:53 [Info] [1960] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-17 19:05:53 [Info] [1960] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-17 19:05:54 [Info] [1960] log memory size is 20480KB, real memory size is 14860KB 2026-03-17 19:05:54 [Info] [1960] item: --secnet_rasp_agent 2026-03-17 19:05:54 [Info] [1960] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-17 19:05:54 [Info] [1960] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-17 19:05:54 [Info] [1960] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-03-17 19:05:54 [Info] [1960] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-17 19:05:54 [Info] [1960] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-03-17 19:05:55 [Info] [1960] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-03-17 19:05:55 [Info] [1960] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-03-17 19:05:55 [Info] [1960] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-03-17 19:05:55 [Info] [1960] Download redirect files success. 2026-03-17 19:05:55 [Info] [1960] Prepare stage1: --secnet_rasp_agent 2026-03-17 19:05:55 [Info] [1960] Prepare stage2 2026-03-17 19:05:57 [Info] [1960] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-17 19:05:57 [Info] [1960] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-17 19:05:57 [Info] [1960] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 19:05:57 [Info] [1960] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 19:05:57 [Info] [1960] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-03-17 19:05:57 [Info] [1960] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-17 19:05:57 [Info] [1960] stage3: --secnet_rasp_agent 2026-03-17 19:05:57 [Info] [1960] Loader after check 2026-03-17 19:05:58 [Info] [1960] log memory size is 30720KB, real memory size is 21388KB 2026-03-17 19:05:58 [Info] [1960] Enter reuse wait state. 2026-03-17 19:06:03 [Info] [1960] recvmsg: EXIT 2026-03-17 19:06:03 [Info] [1960] Recv Exit Msg, Exit... 2026-03-17 19:26:57 [Info] [2488] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-17 19:26:57 [Info] [2488] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap97001773746806 2026-03-17 19:26:57 [Info] [2488] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-17 19:26:57 [Info] [2488] Resource monitor start 2026-03-17 19:26:57 [Info] [2488] ipc client init success 2026-03-17 19:26:57 [Info] [2488] Ipc init: 0 2026-03-17 19:26:57 [Info] [2488] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-17 19:26:57 [Info] [2488] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-17 19:26:57 [Info] [2488] start ipc thread id[4484] 2026-03-17 19:26:57 [Info] [2488] Connect Yundun ipc server return state is 0 2026-03-17 19:26:57 [Info] [2488] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-17 19:26:57 [Info] [2488] CResourceMonitor::run Enter 2026-03-17 19:26:57 [Info] [2488] CIpcMsgHandlerMgr::run Enter 2026-03-17 19:26:57 [Info] [2488] Report thread 2026-03-17 19:26:57 [Info] [2488] Monitor thread 2026-03-17 19:26:57 [Info] [2488] Loader thread 2026-03-17 19:26:57 [Info] [2488] PythonEngineImpl Init... 2026-03-17 19:27:00 [Info] [2488] yundun connected 2026-03-17 19:27:01 [Info] [2488] log fd cnt is [250], real fd cnt is [261] 2026-03-17 19:27:01 [Info] [2488] recvmsg: HELLO 2026-03-17 19:27:01 [Info] [2488] recvmsg: WORK 2026-03-17 19:27:01 [Info] [2488] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 19:27:01 [Info] [2488] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-17 19:27:01 [Info] [2488] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 19:27:01 [Info] [2488] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 19:27:01 [Info] [2488] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-17 19:27:01 [Info] [2488] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-17 19:27:02 [Info] [2488] log memory size is 20480KB, real memory size is 14788KB 2026-03-17 19:27:03 [Info] [2488] item: --windows-sysinfoext-check 2026-03-17 19:27:03 [Info] [2488] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-17 19:27:03 [Info] [2488] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-17 19:27:03 [Info] [2488] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-17 19:27:03 [Info] [2488] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-17 19:27:03 [Info] [2488] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-17 19:27:03 [Info] [2488] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-17 19:27:03 [Info] [2488] Prepare stage1: --windows-sysinfoext-check 2026-03-17 19:27:03 [Info] [2488] Prepare stage2 2026-03-17 19:27:06 [Info] [2488] log memory size is 30720KB, real memory size is 22956KB 2026-03-17 19:27:07 [Info] [2488] stage3: --windows-sysinfoext-check 2026-03-17 19:27:07 [Info] [2488] Loader after check 2026-03-17 19:27:07 [Warn] [2488] high cpu, cpu is 12 2026-03-17 19:27:07 [Info] [2488] try get sys version 2026-03-17 19:27:07 [Info] [2488] win sys info:2/10:0:3 2026-03-17 19:27:07 [Info] [2488] suit legal version, enable cpu control 2026-03-17 19:27:07 [Warn] [2488] High CPU Warning: 12 2026-03-17 19:27:07 [Warn] [2488] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-17 19:27:08 [Info] [2488] Enter reuse wait state. 2026-03-17 19:27:09 [Info] [2488] recvmsg: EXIT 2026-03-17 19:27:09 [Info] [2488] Recv Exit Msg, Exit...