| Server IP : 123.56.80.60 / Your IP : 216.73.216.78 Web Server : Apache/2.4.54 (Win32) OpenSSL/1.1.1s PHP/7.4.33 mod_fcgid/2.3.10-dev System : Windows NT iZhx3sob14hnz7Z 10.0 build 14393 (Windows Server 2016) i586 User : SYSTEM ( 0) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /Program Files (x86)/Alibaba/Aegis/AliSecCheck/data/rtap/log/ |
Upload File : |
2026-03-23 01:19:15 [Info] [3700] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-23 01:19:15 [Info] [3700] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap149011774199945 2026-03-23 01:19:15 [Info] [3700] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-23 01:19:25 [Info] [3700] Resource monitor start 2026-03-23 01:19:25 [Info] [3700] ipc client init success 2026-03-23 01:19:25 [Info] [3700] Ipc init: 0 2026-03-23 01:19:25 [Info] [3700] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-23 01:19:25 [Info] [3700] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-23 01:19:25 [Info] [3700] start ipc thread id[3932] 2026-03-23 01:19:25 [Info] [3700] Connect Yundun ipc server return state is 0 2026-03-23 01:19:25 [Info] [3700] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-23 01:19:27 [Info] [3700] CResourceMonitor::run Enter 2026-03-23 01:19:27 [Info] [3700] CIpcMsgHandlerMgr::run Enter 2026-03-23 01:19:27 [Info] [3700] yundun connected 2026-03-23 01:19:27 [Info] [3700] Report thread 2026-03-23 01:19:27 [Info] [3700] Monitor thread 2026-03-23 01:19:27 [Info] [3700] Loader thread 2026-03-23 01:19:27 [Info] [3700] PythonEngineImpl Init... 2026-03-23 01:19:33 [Info] [3700] log fd cnt is [250], real fd cnt is [261] 2026-03-23 01:19:33 [Info] [3700] recvmsg: HELLO 2026-03-23 01:19:33 [Info] [3700] recvmsg: WORK 2026-03-23 01:19:33 [Info] [3700] no use encode, return to old mode 2026-03-23 01:19:33 [Info] [3700] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 01:19:33 [Info] [3700] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 01:19:33 [Info] [3700] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 01:19:34 [Info] [3700] log memory size is 20480KB, real memory size is 13140KB 2026-03-23 01:19:39 [Info] [3700] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 01:19:40 [Info] [3700] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-23 01:19:40 [Info] [3700] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-23 01:19:42 [Info] [3700] item: --windows-sysinfoext-check 2026-03-23 01:19:42 [Info] [3700] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-23 01:19:42 [Info] [3700] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-23 01:19:42 [Info] [3700] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 01:19:42 [Info] [3700] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 01:19:42 [Info] [3700] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-23 01:19:42 [Info] [3700] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-23 01:19:42 [Info] [3700] Prepare stage1: --windows-sysinfoext-check 2026-03-23 01:19:42 [Info] [3700] Prepare stage2 2026-03-23 01:19:43 [Warn] [3700] high cpu, cpu is 18 2026-03-23 01:19:43 [Info] [3700] try get sys version 2026-03-23 01:19:43 [Info] [3700] win sys info:2/10:0:3 2026-03-23 01:19:43 [Info] [3700] suit legal version, enable cpu control 2026-03-23 01:19:43 [Warn] [3700] High CPU Warning: 18 2026-03-23 01:19:44 [Warn] [3700] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-23 01:19:44 [Info] [3700] stage3: --windows-sysinfoext-check 2026-03-23 01:19:44 [Info] [3700] Loader after check 2026-03-23 01:19:45 [Info] [3700] Enter reuse wait state. 2026-03-23 01:19:47 [Info] [3700] log memory size is 30720KB, real memory size is 23340KB 2026-03-23 01:19:50 [Info] [3700] recvmsg: EXIT 2026-03-23 01:19:50 [Info] [3700] Recv Exit Msg, Exit... 2026-03-23 04:50:14 [Info] [1828] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-23 04:50:14 [Info] [1828] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap235051774212614 2026-03-23 04:50:14 [Info] [1828] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-23 04:50:14 [Info] [1828] Resource monitor start 2026-03-23 04:50:14 [Info] [1828] ipc client init success 2026-03-23 04:50:14 [Info] [1828] Ipc init: 0 2026-03-23 04:50:14 [Info] [1828] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-23 04:50:14 [Info] [1828] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-23 04:50:14 [Info] [1828] start ipc thread id[3376] 2026-03-23 04:50:14 [Info] [1828] Connect Yundun ipc server return state is 0 2026-03-23 04:50:14 [Info] [1828] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-23 04:50:14 [Info] [1828] CResourceMonitor::run Enter 2026-03-23 04:50:14 [Info] [1828] CIpcMsgHandlerMgr::run Enter 2026-03-23 04:50:14 [Info] [1828] Report thread 2026-03-23 04:50:14 [Info] [1828] Monitor thread 2026-03-23 04:50:14 [Info] [1828] Loader thread 2026-03-23 04:50:14 [Info] [1828] PythonEngineImpl Init... 2026-03-23 04:50:14 [Info] [1828] yundun connected 2026-03-23 04:50:14 [Info] [1828] recvmsg: HELLO 2026-03-23 04:50:14 [Info] [1828] recvmsg: WORK 2026-03-23 04:50:14 [Info] [1828] no use encode, return to old mode 2026-03-23 04:50:14 [Info] [1828] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 04:50:14 [Info] [1828] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 04:50:14 [Info] [1828] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 04:50:15 [Info] [1828] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 04:50:15 [Info] [1828] log fd cnt is [250], real fd cnt is [286] 2026-03-23 04:50:15 [Info] [1828] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-23 04:50:15 [Info] [1828] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-23 04:50:16 [Info] [1828] log memory size is 20480KB, real memory size is 14776KB 2026-03-23 04:50:16 [Info] [1828] item: --sca 2026-03-23 04:50:16 [Info] [1828] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-23 04:50:16 [Info] [1828] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-23 04:50:16 [Info] [1828] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-03-23 04:50:16 [Info] [1828] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-03-23 04:50:16 [Info] [1828] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-03-23 04:50:16 [Info] [1828] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-03-23 04:50:16 [Info] [1828] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-03-23 04:50:16 [Info] [1828] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-03-23 04:50:17 [Info] [1828] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-03-23 04:50:17 [Info] [1828] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-03-23 04:50:17 [Info] [1828] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-03-23 04:50:17 [Info] [1828] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-03-23 04:50:17 [Info] [1828] Download redirect files success. 2026-03-23 04:50:17 [Info] [1828] Prepare stage1: --sca 2026-03-23 04:50:17 [Info] [1828] Prepare stage2 2026-03-23 04:50:19 [Warn] [1828] high cpu, cpu is 23 2026-03-23 04:50:19 [Info] [1828] try get sys version 2026-03-23 04:50:19 [Info] [1828] win sys info:2/10:0:3 2026-03-23 04:50:19 [Info] [1828] suit legal version, enable cpu control 2026-03-23 04:50:19 [Warn] [1828] High CPU Warning: 23 2026-03-23 04:50:19 [Warn] [1828] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-23 04:50:20 [Info] [1828] log memory size is 30720KB, real memory size is 32888KB 2026-03-23 04:50:24 [Info] [1828] log memory size is 40960KB, real memory size is 33168KB 2026-03-23 04:50:38 [Info] [1828] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-23 04:50:52 [Warn] [1828] high cpu, cpu is 15 2026-03-23 04:50:52 [Warn] [1828] High CPU Warning: 15 2026-03-23 04:50:52 [Warn] [1828] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:sca.py line: 213 in func: init_analyzer File:sca.py line: 390 in func: start 2026-03-23 04:50:53 [Info] [1828] stage3: --sca 2026-03-23 04:50:53 [Info] [1828] Loader after check 2026-03-23 04:50:54 [Info] [1828] Enter reuse wait state. 2026-03-23 04:50:58 [Info] [1828] recvmsg: EXIT 2026-03-23 04:50:58 [Info] [1828] Recv Exit Msg, Exit... 2026-03-23 06:47:16 [Info] [3960] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-23 06:47:16 [Info] [3960] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap136351774219626 2026-03-23 06:47:16 [Info] [3960] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-23 06:47:16 [Info] [3960] Resource monitor start 2026-03-23 06:47:16 [Info] [3960] ipc client init success 2026-03-23 06:47:16 [Info] [3960] Ipc init: 0 2026-03-23 06:47:16 [Info] [3960] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-23 06:47:16 [Info] [3960] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-23 06:47:16 [Info] [3960] start ipc thread id[1996] 2026-03-23 06:47:16 [Info] [3960] Connect Yundun ipc server return state is 0 2026-03-23 06:47:16 [Info] [3960] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-23 06:47:25 [Info] [3960] Loader thread 2026-03-23 06:47:25 [Info] [3960] PythonEngineImpl Init... 2026-03-23 06:47:25 [Info] [3960] Monitor thread 2026-03-23 06:47:25 [Info] [3960] Report thread 2026-03-23 06:47:25 [Info] [3960] yundun connected 2026-03-23 06:47:25 [Info] [3960] CIpcMsgHandlerMgr::run Enter 2026-03-23 06:47:25 [Info] [3960] CResourceMonitor::run Enter 2026-03-23 06:47:26 [Info] [3960] recvmsg: HELLO 2026-03-23 06:47:26 [Info] [3960] recvmsg: WORK 2026-03-23 06:47:26 [Info] [3960] no use encode, return to old mode 2026-03-23 06:47:26 [Info] [3960] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 06:47:26 [Info] [3960] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 06:47:26 [Info] [3960] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 06:47:26 [Info] [3960] log fd cnt is [250], real fd cnt is [264] 2026-03-23 06:47:27 [Info] [3960] log memory size is 20480KB, real memory size is 13164KB 2026-03-23 06:47:45 [Warn] [3960] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-23 06:47:55 [Warn] [3960] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 7 2026-03-23 06:47:55 [Info] [3960] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 06:47:55 [Info] [3960] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-23 06:47:55 [Info] [3960] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-23 06:47:56 [Info] [3960] item: --windows-sysinfoext-check 2026-03-23 06:47:56 [Info] [3960] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-23 06:47:56 [Info] [3960] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-23 06:47:56 [Info] [3960] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 06:47:56 [Info] [3960] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 06:47:56 [Info] [3960] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-23 06:47:56 [Info] [3960] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-23 06:47:56 [Info] [3960] Prepare stage1: --windows-sysinfoext-check 2026-03-23 06:47:56 [Info] [3960] Prepare stage2 2026-03-23 06:47:57 [Warn] [3960] high cpu, cpu is 12 2026-03-23 06:47:57 [Info] [3960] try get sys version 2026-03-23 06:47:57 [Info] [3960] win sys info:2/10:0:3 2026-03-23 06:47:57 [Info] [3960] suit legal version, enable cpu control 2026-03-23 06:47:57 [Warn] [3960] High CPU Warning: 12 2026-03-23 06:47:57 [Warn] [3960] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:<string> line: 12 in func: __init__ File:wmi.py line: 1145 in func: __getattr__ File:wmi.py line: 783 in func: __init__ File:wmi.py line: 1156 in func: _cached_classes File:wmi.py line: 1145 in func: __getattr__ File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-03-23 06:47:58 [Info] [3960] stage3: --windows-sysinfoext-check 2026-03-23 06:47:58 [Info] [3960] Loader after check 2026-03-23 06:47:59 [Warn] [3960] high cpu, cpu is 14 2026-03-23 06:47:59 [Warn] [3960] High CPU Warning: 14 2026-03-23 06:47:59 [Info] [3960] Enter reuse wait state. 2026-03-23 06:48:00 [Info] [3960] log memory size is 30720KB, real memory size is 23428KB 2026-03-23 06:48:01 [Info] [3960] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-23 06:48:03 [Info] [3960] recvmsg: EXIT 2026-03-23 06:48:03 [Info] [3960] Recv Exit Msg, Exit... 2026-03-23 07:51:55 [Info] [1816] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-23 07:51:55 [Info] [1816] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap263351774223515 2026-03-23 07:51:55 [Info] [1816] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-23 07:51:55 [Info] [1816] Resource monitor start 2026-03-23 07:51:55 [Info] [1816] ipc client init success 2026-03-23 07:51:55 [Info] [1816] Ipc init: 0 2026-03-23 07:51:55 [Info] [1816] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-23 07:51:55 [Info] [1816] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-23 07:51:55 [Info] [1816] start ipc thread id[1972] 2026-03-23 07:51:55 [Info] [1816] Connect Yundun ipc server return state is 0 2026-03-23 07:51:55 [Info] [1816] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-23 07:51:55 [Info] [1816] CResourceMonitor::run Enter 2026-03-23 07:51:55 [Info] [1816] CIpcMsgHandlerMgr::run Enter 2026-03-23 07:51:55 [Info] [1816] Report thread 2026-03-23 07:51:55 [Info] [1816] Monitor thread 2026-03-23 07:51:55 [Info] [1816] Loader thread 2026-03-23 07:51:55 [Info] [1816] PythonEngineImpl Init... 2026-03-23 07:51:55 [Info] [1816] yundun connected 2026-03-23 07:51:56 [Info] [1816] recvmsg: HELLO 2026-03-23 07:51:56 [Info] [1816] recvmsg: WORK 2026-03-23 07:51:56 [Info] [1816] no use encode, return to old mode 2026-03-23 07:51:56 [Info] [1816] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 07:51:56 [Info] [1816] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 07:51:56 [Info] [1816] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 07:51:56 [Info] [1816] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 07:51:56 [Info] [1816] log fd cnt is [250], real fd cnt is [282] 2026-03-23 07:51:57 [Info] [1816] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-23 07:51:57 [Info] [1816] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-23 07:51:57 [Info] [1816] log memory size is 20480KB, real memory size is 14832KB 2026-03-23 07:51:58 [Info] [1816] item: --windows-vul-clean 2026-03-23 07:51:58 [Info] [1816] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-23 07:51:58 [Info] [1816] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-23 07:51:58 [Info] [1816] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 07:51:58 [Info] [1816] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 07:51:58 [Info] [1816] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-03-23 07:51:58 [Info] [1816] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-03-23 07:51:58 [Info] [1816] Prepare stage1: --windows-vul-clean 2026-03-23 07:51:58 [Info] [1816] Prepare stage2 2026-03-23 07:51:58 [Info] [1816] stage3: --windows-vul-clean 2026-03-23 07:51:58 [Info] [1816] Loader after check 2026-03-23 07:51:59 [Info] [1816] Enter reuse wait state. 2026-03-23 07:52:03 [Info] [1816] recvmsg: EXIT 2026-03-23 07:52:03 [Info] [1816] Recv Exit Msg, Exit... 2026-03-23 08:53:07 [Info] [4216] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-23 08:53:07 [Info] [4216] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap55581774227187 2026-03-23 08:53:07 [Info] [4216] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-23 08:53:07 [Info] [4216] Resource monitor start 2026-03-23 08:53:07 [Info] [4216] ipc client init success 2026-03-23 08:53:07 [Info] [4216] Ipc init: 0 2026-03-23 08:53:07 [Info] [4216] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-23 08:53:07 [Info] [4216] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-23 08:53:07 [Info] [4216] start ipc thread id[3952] 2026-03-23 08:53:07 [Info] [4216] Connect Yundun ipc server return state is 0 2026-03-23 08:53:07 [Info] [4216] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-23 08:53:07 [Info] [4216] CResourceMonitor::run Enter 2026-03-23 08:53:07 [Info] [4216] CIpcMsgHandlerMgr::run Enter 2026-03-23 08:53:07 [Info] [4216] Report thread 2026-03-23 08:53:07 [Info] [4216] Monitor thread 2026-03-23 08:53:07 [Info] [4216] Loader thread 2026-03-23 08:53:07 [Info] [4216] PythonEngineImpl Init... 2026-03-23 08:53:07 [Info] [4216] yundun connected 2026-03-23 08:53:08 [Info] [4216] recvmsg: HELLO 2026-03-23 08:53:08 [Info] [4216] recvmsg: WORK 2026-03-23 08:53:08 [Info] [4216] no use encode, return to old mode 2026-03-23 08:53:08 [Info] [4216] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 08:53:08 [Info] [4216] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 08:53:08 [Info] [4216] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 08:53:08 [Info] [4216] log fd cnt is [250], real fd cnt is [282] 2026-03-23 08:53:08 [Info] [4216] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 08:53:09 [Info] [4216] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-23 08:53:09 [Info] [4216] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-23 08:53:09 [Info] [4216] log memory size is 20480KB, real memory size is 14828KB 2026-03-23 08:53:10 [Info] [4216] item: --windows-process-check 2026-03-23 08:53:10 [Info] [4216] cgroup name aegisRtap0 2026-03-23 08:53:10 [Info] [4216] try get sys version 2026-03-23 08:53:10 [Info] [4216] win sys info:2/10:0:3 2026-03-23 08:53:10 [Info] [4216] suit legal version, enable cpu control 2026-03-23 08:53:10 [Info] [4216] get AssignProcessToJobObject handle [00000478] 2026-03-23 08:53:10 [Info] [4216] Set setJobExtended. 2026-03-23 08:53:10 [Info] [4216] Set cpu [9%] 2026-03-23 08:53:10 [Info] [4216] Set cpu success 2026-03-23 08:53:10 [Info] [4216] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-23 08:53:10 [Info] [4216] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-23 08:53:10 [Info] [4216] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 08:53:10 [Info] [4216] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 08:53:10 [Info] [4216] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-03-23 08:53:10 [Info] [4216] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-03-23 08:53:10 [Info] [4216] Prepare stage1: --windows-process-check 2026-03-23 08:53:10 [Info] [4216] Prepare stage2 2026-03-23 08:53:10 [Warn] [4216] high cpu, cpu is 12 2026-03-23 08:53:10 [Warn] [4216] High CPU Warning: 12 2026-03-23 08:53:10 [Warn] [4216] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-process-check.py line: 403 in func: check File:windows-process-check.py line: 94 in func: main File:windows-process-check.py line: 526 in func: start 2026-03-23 08:53:13 [Info] [4216] log memory size is 30720KB, real memory size is 20600KB 2026-03-23 08:53:29 [Info] [4216] stage3: --windows-process-check 2026-03-23 08:53:29 [Info] [4216] Loader after check 2026-03-23 08:53:30 [Info] [4216] Enter reuse wait state. 2026-03-23 08:53:31 [Info] [4216] recvmsg: EXIT 2026-03-23 08:53:31 [Info] [4216] Recv Exit Msg, Exit... 2026-03-23 10:44:11 [Info] [2352] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-23 10:44:11 [Info] [2352] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap273201774233851 2026-03-23 10:44:11 [Info] [2352] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-23 10:44:11 [Info] [2352] Resource monitor start 2026-03-23 10:44:11 [Info] [2352] ipc client init success 2026-03-23 10:44:11 [Info] [2352] Ipc init: 0 2026-03-23 10:44:11 [Info] [2352] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-23 10:44:11 [Info] [2352] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-23 10:44:11 [Info] [2352] start ipc thread id[3644] 2026-03-23 10:44:11 [Info] [2352] Connect Yundun ipc server return state is 0 2026-03-23 10:44:11 [Info] [2352] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-23 10:44:11 [Info] [2352] CResourceMonitor::run Enter 2026-03-23 10:44:11 [Info] [2352] CIpcMsgHandlerMgr::run Enter 2026-03-23 10:44:11 [Info] [2352] Report thread 2026-03-23 10:44:11 [Info] [2352] Monitor thread 2026-03-23 10:44:11 [Info] [2352] Loader thread 2026-03-23 10:44:11 [Info] [2352] PythonEngineImpl Init... 2026-03-23 10:44:11 [Info] [2352] yundun connected 2026-03-23 10:44:13 [Info] [2352] recvmsg: HELLO 2026-03-23 10:44:13 [Info] [2352] recvmsg: WORK 2026-03-23 10:44:13 [Info] [2352] no use encode, return to old mode 2026-03-23 10:44:13 [Info] [2352] log fd cnt is [250], real fd cnt is [263] 2026-03-23 10:44:13 [Info] [2352] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 10:44:13 [Info] [2352] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 10:44:13 [Info] [2352] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 10:44:13 [Info] [2352] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 10:44:14 [Info] [2352] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-23 10:44:14 [Info] [2352] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-23 10:44:14 [Info] [2352] log memory size is 20480KB, real memory size is 14744KB 2026-03-23 10:44:15 [Info] [2352] item: --windows-schedule-task-check 2026-03-23 10:44:15 [Info] [2352] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-23 10:44:15 [Info] [2352] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-23 10:44:15 [Info] [2352] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 10:44:15 [Info] [2352] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 10:44:15 [Info] [2352] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-03-23 10:44:15 [Info] [2352] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-03-23 10:44:15 [Info] [2352] Prepare stage1: --windows-schedule-task-check 2026-03-23 10:44:15 [Info] [2352] Prepare stage2 2026-03-23 10:44:16 [Info] [2352] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-23 10:44:18 [Info] [2352] log memory size is 30720KB, real memory size is 23564KB 2026-03-23 10:44:37 [Info] [5096] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-23 10:44:37 [Info] [5096] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap274051774233877 2026-03-23 10:44:37 [Info] [5096] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-23 10:44:37 [Info] [5096] Resource monitor start 2026-03-23 10:44:37 [Info] [5096] ipc client init success 2026-03-23 10:44:37 [Info] [5096] Ipc init: 0 2026-03-23 10:44:37 [Info] [5096] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-23 10:44:37 [Info] [5096] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-23 10:44:37 [Info] [5096] start ipc thread id[4840] 2026-03-23 10:44:37 [Info] [5096] Connect Yundun ipc server return state is 0 2026-03-23 10:44:37 [Info] [5096] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-23 10:44:37 [Info] [5096] CResourceMonitor::run Enter 2026-03-23 10:44:37 [Info] [5096] CIpcMsgHandlerMgr::run Enter 2026-03-23 10:44:37 [Info] [5096] Report thread 2026-03-23 10:44:37 [Info] [5096] Monitor thread 2026-03-23 10:44:37 [Info] [5096] Loader thread 2026-03-23 10:44:37 [Info] [5096] PythonEngineImpl Init... 2026-03-23 10:44:37 [Info] [5096] yundun connected 2026-03-23 10:44:37 [Info] [5096] recvmsg: HELLO 2026-03-23 10:44:37 [Info] [5096] recvmsg: WORK 2026-03-23 10:44:37 [Info] [5096] no use encode, return to old mode 2026-03-23 10:44:37 [Info] [5096] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 10:44:37 [Info] [5096] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 10:44:37 [Info] [5096] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 10:44:38 [Info] [5096] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 10:44:38 [Info] [5096] log fd cnt is [250], real fd cnt is [282] 2026-03-23 10:44:38 [Info] [5096] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-23 10:44:38 [Info] [5096] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-23 10:44:39 [Info] [5096] log memory size is 20480KB, real memory size is 14848KB 2026-03-23 10:44:39 [Info] [5096] item: --windows-registry-check 2026-03-23 10:44:39 [Info] [5096] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-23 10:44:39 [Info] [5096] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-23 10:44:39 [Info] [5096] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 10:44:39 [Info] [5096] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 10:44:39 [Info] [5096] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-03-23 10:44:39 [Info] [5096] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-03-23 10:44:40 [Info] [5096] Prepare stage1: --windows-registry-check 2026-03-23 10:44:40 [Info] [5096] Prepare stage2 2026-03-23 10:44:46 [Info] [4764] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-23 10:44:46 [Info] [4764] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap274341774233886 2026-03-23 10:44:46 [Info] [4764] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-23 10:44:46 [Info] [4764] Resource monitor start 2026-03-23 10:44:46 [Info] [4764] ipc client init success 2026-03-23 10:44:46 [Info] [4764] Ipc init: 0 2026-03-23 10:44:46 [Info] [4764] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-23 10:44:46 [Info] [4764] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-23 10:44:46 [Info] [4764] start ipc thread id[4136] 2026-03-23 10:44:46 [Info] [4764] Connect Yundun ipc server return state is 0 2026-03-23 10:44:46 [Info] [4764] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-23 10:44:46 [Info] [4764] CResourceMonitor::run Enter 2026-03-23 10:44:46 [Info] [4764] CIpcMsgHandlerMgr::run Enter 2026-03-23 10:44:46 [Info] [4764] Report thread 2026-03-23 10:44:46 [Info] [4764] Monitor thread 2026-03-23 10:44:46 [Info] [4764] Loader thread 2026-03-23 10:44:46 [Info] [4764] PythonEngineImpl Init... 2026-03-23 10:44:46 [Info] [4764] yundun connected 2026-03-23 10:44:47 [Info] [4764] recvmsg: HELLO 2026-03-23 10:44:47 [Info] [4764] recvmsg: WORK 2026-03-23 10:44:47 [Info] [4764] no use encode, return to old mode 2026-03-23 10:44:47 [Info] [4764] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 10:44:47 [Info] [4764] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 10:44:47 [Info] [4764] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 10:44:47 [Info] [4764] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 10:44:47 [Info] [4764] log fd cnt is [250], real fd cnt is [282] 2026-03-23 10:44:47 [Info] [4764] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-23 10:44:47 [Info] [4764] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-23 10:44:48 [Info] [4764] log memory size is 20480KB, real memory size is 14828KB 2026-03-23 10:44:49 [Info] [4764] item: --windows-driver-version-check 2026-03-23 10:44:49 [Info] [4764] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-23 10:44:49 [Info] [4764] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-23 10:44:49 [Info] [4764] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 10:44:49 [Info] [4764] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 10:44:49 [Info] [4764] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-03-23 10:44:49 [Info] [4764] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-03-23 10:44:49 [Info] [4764] Prepare stage1: --windows-driver-version-check 2026-03-23 10:44:49 [Info] [4764] Prepare stage2 2026-03-23 10:44:49 [Info] [4764] stage3: --windows-driver-version-check 2026-03-23 10:44:49 [Info] [4764] Loader after check 2026-03-23 10:44:49 [Info] [2352] stage3: --windows-schedule-task-check 2026-03-23 10:44:49 [Info] [2352] Loader after check 2026-03-23 10:44:50 [Info] [4764] Enter reuse wait state. 2026-03-23 10:44:50 [Info] [2352] Enter reuse wait state. 2026-03-23 10:44:54 [Info] [2352] recvmsg: EXIT 2026-03-23 10:44:54 [Info] [2352] Recv Exit Msg, Exit... 2026-03-23 10:44:56 [Info] [4764] recvmsg: EXIT 2026-03-23 10:44:56 [Info] [4764] Recv Exit Msg, Exit... 2026-03-23 10:45:10 [Info] [5096] stage3: --windows-registry-check 2026-03-23 10:45:10 [Info] [5096] Loader after check 2026-03-23 10:45:11 [Info] [5096] Enter reuse wait state. 2026-03-23 10:45:14 [Info] [5096] recvmsg: EXIT 2026-03-23 10:45:14 [Info] [5096] Recv Exit Msg, Exit... 2026-03-23 11:11:42 [Info] [2236] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-23 11:11:42 [Info] [2236] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap327111774235502 2026-03-23 11:11:42 [Info] [2236] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-23 11:11:42 [Info] [2236] Resource monitor start 2026-03-23 11:11:42 [Info] [2236] ipc client init success 2026-03-23 11:11:42 [Info] [2236] Ipc init: 0 2026-03-23 11:11:42 [Info] [2236] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-23 11:11:42 [Info] [2236] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-23 11:11:42 [Info] [2236] start ipc thread id[3508] 2026-03-23 11:11:42 [Info] [2236] Connect Yundun ipc server return state is 0 2026-03-23 11:11:42 [Info] [2236] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-23 11:11:42 [Info] [2236] CResourceMonitor::run Enter 2026-03-23 11:11:42 [Info] [2236] CIpcMsgHandlerMgr::run Enter 2026-03-23 11:11:42 [Info] [2236] Report thread 2026-03-23 11:11:42 [Info] [2236] Monitor thread 2026-03-23 11:11:42 [Info] [2236] Loader thread 2026-03-23 11:11:42 [Info] [2236] PythonEngineImpl Init... 2026-03-23 11:11:42 [Info] [2236] yundun connected 2026-03-23 11:11:42 [Info] [2236] recvmsg: HELLO 2026-03-23 11:11:42 [Info] [2236] recvmsg: WORK 2026-03-23 11:11:42 [Info] [2236] no use encode, return to old mode 2026-03-23 11:11:42 [Info] [2236] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 11:11:42 [Info] [2236] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 11:11:42 [Info] [2236] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 11:11:43 [Info] [2236] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 11:11:43 [Info] [2236] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-23 11:11:43 [Info] [2236] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-23 11:11:43 [Info] [2236] log fd cnt is [250], real fd cnt is [281] 2026-03-23 11:11:44 [Info] [2236] log memory size is 20480KB, real memory size is 14872KB 2026-03-23 11:11:44 [Info] [2236] item: --windows-autorun-item-check 2026-03-23 11:11:44 [Info] [2236] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-23 11:11:44 [Info] [2236] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-23 11:11:44 [Info] [2236] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 11:11:44 [Info] [2236] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 11:11:44 [Info] [2236] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-03-23 11:11:44 [Info] [2236] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-03-23 11:11:44 [Info] [2236] Prepare stage1: --windows-autorun-item-check 2026-03-23 11:11:44 [Info] [2236] Prepare stage2 2026-03-23 11:11:48 [Info] [2236] log memory size is 30720KB, real memory size is 22552KB 2026-03-23 11:11:54 [Info] [2236] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-23 11:11:55 [Info] [2236] stage3: --windows-autorun-item-check 2026-03-23 11:11:55 [Info] [2236] Loader after check 2026-03-23 11:11:55 [Warn] [2236] high cpu, cpu is 15 2026-03-23 11:11:55 [Info] [2236] try get sys version 2026-03-23 11:11:55 [Info] [2236] win sys info:2/10:0:3 2026-03-23 11:11:55 [Info] [2236] suit legal version, enable cpu control 2026-03-23 11:11:55 [Warn] [2236] High CPU Warning: 15 2026-03-23 11:11:55 [Warn] [2236] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-23 11:11:56 [Info] [2236] Enter reuse wait state. 2026-03-23 11:12:01 [Info] [2236] recvmsg: EXIT 2026-03-23 11:12:01 [Info] [2236] Recv Exit Msg, Exit... 2026-03-23 11:44:02 [Info] [2368] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-23 11:44:02 [Info] [2368] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap62791774237442 2026-03-23 11:44:02 [Info] [2368] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-23 11:44:02 [Info] [2368] Resource monitor start 2026-03-23 11:44:02 [Info] [2368] ipc client init success 2026-03-23 11:44:02 [Info] [2368] Ipc init: 0 2026-03-23 11:44:02 [Info] [2368] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-23 11:44:02 [Info] [2368] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-23 11:44:02 [Info] [2368] start ipc thread id[3964] 2026-03-23 11:44:02 [Info] [2368] Connect Yundun ipc server return state is 0 2026-03-23 11:44:02 [Info] [2368] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-23 11:44:02 [Info] [2368] CResourceMonitor::run Enter 2026-03-23 11:44:02 [Info] [2368] CIpcMsgHandlerMgr::run Enter 2026-03-23 11:44:02 [Info] [2368] Report thread 2026-03-23 11:44:02 [Info] [2368] Monitor thread 2026-03-23 11:44:02 [Info] [2368] Loader thread 2026-03-23 11:44:02 [Info] [2368] PythonEngineImpl Init... 2026-03-23 11:44:02 [Info] [2368] yundun connected 2026-03-23 11:44:03 [Info] [2368] recvmsg: HELLO 2026-03-23 11:44:03 [Info] [2368] recvmsg: WORK 2026-03-23 11:44:03 [Info] [2368] no use encode, return to old mode 2026-03-23 11:44:03 [Info] [2368] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 11:44:03 [Info] [2368] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 11:44:03 [Info] [2368] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 11:44:03 [Info] [2368] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 11:44:03 [Info] [2368] log fd cnt is [250], real fd cnt is [282] 2026-03-23 11:44:03 [Info] [2368] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-23 11:44:03 [Info] [2368] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-23 11:44:04 [Info] [2368] log memory size is 20480KB, real memory size is 14820KB 2026-03-23 11:44:04 [Info] [2368] item: --tcp-connect-check 2026-03-23 11:44:04 [Info] [2368] cgroup name aegisRtap0 2026-03-23 11:44:04 [Info] [2368] try get sys version 2026-03-23 11:44:04 [Info] [2368] win sys info:2/10:0:3 2026-03-23 11:44:04 [Info] [2368] suit legal version, enable cpu control 2026-03-23 11:44:04 [Info] [2368] get AssignProcessToJobObject handle [00000478] 2026-03-23 11:44:04 [Info] [2368] Set setJobExtended. 2026-03-23 11:44:04 [Info] [2368] Set cpu [9%] 2026-03-23 11:44:04 [Info] [2368] Set cpu success 2026-03-23 11:44:04 [Info] [2368] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-23 11:44:04 [Info] [2368] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-23 11:44:04 [Info] [2368] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 11:44:05 [Info] [2368] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 11:44:05 [Info] [2368] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-03-23 11:44:05 [Info] [2368] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-03-23 11:44:05 [Info] [2368] Prepare stage1: --tcp-connect-check 2026-03-23 11:44:05 [Info] [2368] Prepare stage2 2026-03-23 11:44:08 [Info] [2368] stage3: --tcp-connect-check 2026-03-23 11:44:08 [Info] [2368] Loader after check 2026-03-23 11:44:09 [Info] [2368] Enter reuse wait state. 2026-03-23 11:44:14 [Info] [2368] recvmsg: EXIT 2026-03-23 11:44:14 [Info] [2368] Recv Exit Msg, Exit... 2026-03-23 12:15:45 [Info] [2552] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-23 12:15:45 [Info] [2552] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap124501774239332 2026-03-23 12:15:45 [Info] [2552] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-23 12:15:45 [Info] [2552] Resource monitor start 2026-03-23 12:15:45 [Info] [2552] ipc client init success 2026-03-23 12:15:45 [Info] [2552] Ipc init: 0 2026-03-23 12:15:45 [Info] [2552] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-23 12:15:45 [Info] [2552] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-23 12:15:50 [Info] [2552] CIpcMsgHandlerMgr::run Enter 2026-03-23 12:15:50 [Info] [2552] CResourceMonitor::run Enter 2026-03-23 12:15:50 [Info] [2552] start ipc thread id[4076] 2026-03-23 12:15:50 [Info] [2552] Connect Yundun ipc server return state is 0 2026-03-23 12:15:50 [Info] [2552] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-23 12:15:51 [Info] [2552] log fd cnt is [250], real fd cnt is [242] 2026-03-23 12:15:54 [Info] [2552] Loader thread 2026-03-23 12:15:54 [Info] [2552] PythonEngineImpl Init... 2026-03-23 12:15:54 [Info] [2552] Monitor thread 2026-03-23 12:15:54 [Info] [2552] Report thread 2026-03-23 12:15:54 [Info] [2552] yundun connected 2026-03-23 12:15:54 [Info] [2552] recvmsg: HELLO 2026-03-23 12:15:54 [Info] [2552] recvmsg: WORK 2026-03-23 12:15:54 [Info] [2552] no use encode, return to old mode 2026-03-23 12:15:54 [Info] [2552] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 12:15:54 [Info] [2552] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 12:15:54 [Info] [2552] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 12:15:56 [Info] [2552] log memory size is 20480KB, real memory size is 13144KB 2026-03-23 12:16:05 [Warn] [2552] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-23 12:16:13 [Info] [2552] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-23 12:16:15 [Warn] [2552] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-23 12:16:16 [Info] [2552] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 12:16:16 [Info] [2552] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-23 12:16:16 [Info] [2552] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-23 12:16:17 [Info] [2552] item: --windows-sysinfoext-check 2026-03-23 12:16:17 [Info] [2552] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-23 12:16:17 [Info] [2552] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-23 12:16:17 [Info] [2552] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 12:16:17 [Info] [2552] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 12:16:17 [Info] [2552] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-23 12:16:17 [Info] [2552] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-23 12:16:17 [Info] [2552] Prepare stage1: --windows-sysinfoext-check 2026-03-23 12:16:17 [Info] [2552] Prepare stage2 2026-03-23 12:16:19 [Info] [2552] stage3: --windows-sysinfoext-check 2026-03-23 12:16:19 [Info] [2552] Loader after check 2026-03-23 12:16:20 [Info] [2552] log memory size is 30720KB, real memory size is 23248KB 2026-03-23 12:16:20 [Info] [2552] Enter reuse wait state. 2026-03-23 12:16:23 [Info] [2552] recvmsg: EXIT 2026-03-23 12:16:23 [Info] [2552] Recv Exit Msg, Exit... 2026-03-23 17:43:49 [Info] [744] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-23 17:43:49 [Info] [744] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap111881774259014 2026-03-23 17:43:49 [Info] [744] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-23 17:43:49 [Info] [744] Resource monitor start 2026-03-23 17:43:49 [Info] [744] ipc client init success 2026-03-23 17:43:49 [Info] [744] Ipc init: 0 2026-03-23 17:43:49 [Info] [744] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-23 17:43:49 [Info] [744] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-23 17:43:49 [Info] [744] start ipc thread id[2148] 2026-03-23 17:43:49 [Info] [744] Connect Yundun ipc server return state is 0 2026-03-23 17:43:49 [Info] [744] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-23 17:43:49 [Info] [744] CResourceMonitor::run Enter 2026-03-23 17:43:49 [Info] [744] CIpcMsgHandlerMgr::run Enter 2026-03-23 17:43:49 [Info] [744] Report thread 2026-03-23 17:43:49 [Info] [744] Monitor thread 2026-03-23 17:43:49 [Info] [744] Loader thread 2026-03-23 17:43:49 [Info] [744] PythonEngineImpl Init... 2026-03-23 17:43:49 [Info] [744] yundun connected 2026-03-23 17:43:55 [Info] [744] log fd cnt is [250], real fd cnt is [261] 2026-03-23 17:43:55 [Info] [744] recvmsg: HELLO 2026-03-23 17:43:55 [Info] [744] recvmsg: WORK 2026-03-23 17:43:55 [Info] [744] no use encode, return to old mode 2026-03-23 17:43:55 [Info] [744] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 17:43:55 [Info] [744] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 17:43:55 [Info] [744] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 17:43:56 [Info] [744] log memory size is 20480KB, real memory size is 13148KB 2026-03-23 17:44:06 [Warn] [744] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-23 17:44:11 [Info] [744] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-23 17:44:16 [Warn] [744] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-23 17:44:26 [Warn] [744] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-23 17:44:27 [Info] [744] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 17:44:27 [Info] [744] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-23 17:44:27 [Info] [744] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-23 17:44:28 [Info] [744] item: --windows-sysinfoext-check 2026-03-23 17:44:28 [Info] [744] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-23 17:44:28 [Info] [744] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-23 17:44:28 [Info] [744] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 17:44:28 [Info] [744] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 17:44:28 [Info] [744] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-23 17:44:28 [Info] [744] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-23 17:44:28 [Info] [744] Prepare stage1: --windows-sysinfoext-check 2026-03-23 17:44:28 [Info] [744] Prepare stage2 2026-03-23 17:44:29 [Warn] [744] high cpu, cpu is 26 2026-03-23 17:44:29 [Info] [744] try get sys version 2026-03-23 17:44:29 [Info] [744] win sys info:2/10:0:3 2026-03-23 17:44:29 [Info] [744] suit legal version, enable cpu control 2026-03-23 17:44:29 [Warn] [744] High CPU Warning: 26 2026-03-23 17:44:29 [Warn] [744] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-23 17:44:31 [Info] [744] stage3: --windows-sysinfoext-check 2026-03-23 17:44:31 [Info] [744] Loader after check 2026-03-23 17:44:32 [Info] [744] Enter reuse wait state. 2026-03-23 17:44:32 [Info] [744] log memory size is 30720KB, real memory size is 23376KB 2026-03-23 17:44:34 [Info] [744] recvmsg: EXIT 2026-03-23 17:44:34 [Info] [744] Recv Exit Msg, Exit... 2026-03-23 20:50:44 [Info] [2364] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-23 20:50:44 [Info] [2364] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap150921774270244 2026-03-23 20:50:44 [Info] [2364] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-23 20:50:44 [Info] [2364] Resource monitor start 2026-03-23 20:50:44 [Info] [2364] ipc client init success 2026-03-23 20:50:44 [Info] [2364] Ipc init: 0 2026-03-23 20:50:44 [Info] [2364] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-23 20:50:44 [Info] [2364] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-23 20:50:44 [Info] [2364] start ipc thread id[4252] 2026-03-23 20:50:44 [Info] [2364] Connect Yundun ipc server return state is 0 2026-03-23 20:50:44 [Info] [2364] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-23 20:50:45 [Info] [2364] CResourceMonitor::run Enter 2026-03-23 20:50:45 [Info] [2364] CIpcMsgHandlerMgr::run Enter 2026-03-23 20:50:45 [Info] [2364] yundun connected 2026-03-23 20:50:45 [Info] [2364] Report thread 2026-03-23 20:50:45 [Info] [2364] Monitor thread 2026-03-23 20:50:45 [Info] [2364] Loader thread 2026-03-23 20:50:45 [Info] [2364] PythonEngineImpl Init... 2026-03-23 20:50:46 [Info] [2364] recvmsg: HELLO 2026-03-23 20:50:47 [Info] [2364] log fd cnt is [250], real fd cnt is [263] 2026-03-23 20:50:47 [Info] [2364] recvmsg: WORK 2026-03-23 20:50:47 [Info] [2364] no use encode, return to old mode 2026-03-23 20:50:47 [Info] [2364] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 20:50:47 [Info] [2364] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 20:50:47 [Info] [2364] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 20:50:48 [Info] [2364] log memory size is 20480KB, real memory size is 13656KB 2026-03-23 20:50:48 [Info] [2364] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 20:50:49 [Info] [2364] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-23 20:50:49 [Info] [2364] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-23 20:50:51 [Info] [2364] item: --secnet_rasp_agent 2026-03-23 20:50:51 [Info] [2364] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-23 20:50:51 [Info] [2364] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-23 20:50:51 [Info] [2364] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-03-23 20:50:52 [Info] [2364] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-23 20:50:52 [Info] [2364] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-03-23 20:50:52 [Info] [2364] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-03-23 20:50:52 [Info] [2364] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-23 20:50:53 [Info] [2364] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-03-23 20:50:53 [Info] [2364] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-03-23 20:50:53 [Info] [2364] Download redirect files success. 2026-03-23 20:50:53 [Info] [2364] Prepare stage1: --secnet_rasp_agent 2026-03-23 20:50:53 [Info] [2364] Prepare stage2 2026-03-23 20:50:53 [Warn] [2364] high cpu, cpu is 11 2026-03-23 20:50:53 [Info] [2364] try get sys version 2026-03-23 20:50:53 [Info] [2364] win sys info:2/10:0:3 2026-03-23 20:50:53 [Info] [2364] suit legal version, enable cpu control 2026-03-23 20:50:53 [Warn] [2364] High CPU Warning: 11 2026-03-23 20:50:53 [Info] [2364] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-23 20:50:53 [Info] [2364] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-23 20:50:53 [Info] [2364] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 20:50:53 [Warn] [2364] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:subprocess.py line: 125 in func: _eintr_retry_call File:subprocess.py line: 475 in func: communicate File:subprocess.py line: 217 in func: check_output File:secnet_rasp_agent_lib.py line: 55 in func: read_host_uuid File:secnet_rasp_agent.py line: 218 in func: main File:secnet_rasp_agent.py line: 240 in func: start 2026-03-23 20:50:54 [Info] [2364] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 20:50:54 [Info] [2364] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-03-23 20:50:54 [Info] [2364] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-23 20:50:54 [Info] [2364] stage3: --secnet_rasp_agent 2026-03-23 20:50:54 [Info] [2364] Loader after check 2026-03-23 20:50:56 [Info] [2364] Enter reuse wait state. 2026-03-23 20:50:57 [Info] [2364] log memory size is 30720KB, real memory size is 21416KB 2026-03-23 20:51:00 [Info] [2364] recvmsg: EXIT 2026-03-23 20:51:00 [Info] [2364] Recv Exit Msg, Exit... 2026-03-23 23:11:36 [Info] [636] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-23 23:11:36 [Info] [636] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap99211774278695 2026-03-23 23:11:36 [Info] [636] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-23 23:11:36 [Info] [636] Resource monitor start 2026-03-23 23:11:36 [Info] [636] ipc client init success 2026-03-23 23:11:36 [Info] [636] Ipc init: 0 2026-03-23 23:11:36 [Info] [636] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-23 23:11:36 [Info] [636] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-23 23:11:36 [Info] [636] start ipc thread id[3932] 2026-03-23 23:11:36 [Info] [636] Connect Yundun ipc server return state is 0 2026-03-23 23:11:36 [Info] [636] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-23 23:11:41 [Info] [636] Monitor thread 2026-03-23 23:11:41 [Info] [636] Report thread 2026-03-23 23:11:41 [Info] [636] yundun connected 2026-03-23 23:11:41 [Info] [636] CIpcMsgHandlerMgr::run Enter 2026-03-23 23:11:41 [Info] [636] CResourceMonitor::run Enter 2026-03-23 23:11:41 [Info] [636] recvmsg: HELLO 2026-03-23 23:11:41 [Info] [636] recvmsg: WORK 2026-03-23 23:11:41 [Info] [636] no use encode, return to old mode 2026-03-23 23:11:42 [Info] [636] log fd cnt is [250], real fd cnt is [250] 2026-03-23 23:11:43 [Info] [636] Loader thread 2026-03-23 23:11:43 [Info] [636] PythonEngineImpl Init... 2026-03-23 23:11:43 [Info] [636] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 23:11:43 [Info] [636] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-23 23:11:43 [Info] [636] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 23:11:47 [Info] [636] log memory size is 20480KB, real memory size is 13156KB 2026-03-23 23:11:51 [Info] [636] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-23 23:12:06 [Warn] [636] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-23 23:12:16 [Warn] [636] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 7 2026-03-23 23:12:26 [Warn] [636] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-23 23:12:27 [Info] [636] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 23:12:27 [Info] [636] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-23 23:12:27 [Info] [636] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-23 23:12:30 [Info] [636] item: --windows-sysinfoext-check 2026-03-23 23:12:30 [Info] [636] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-23 23:12:30 [Info] [636] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-23 23:12:30 [Info] [636] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-23 23:12:30 [Info] [636] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-23 23:12:30 [Info] [636] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-23 23:12:30 [Info] [636] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-23 23:12:30 [Info] [636] Prepare stage1: --windows-sysinfoext-check 2026-03-23 23:12:30 [Info] [636] Prepare stage2 2026-03-23 23:12:31 [Info] [636] log memory size is 30720KB, real memory size is 20708KB 2026-03-23 23:12:34 [Info] [636] stage3: --windows-sysinfoext-check 2026-03-23 23:12:34 [Info] [636] Loader after check 2026-03-23 23:12:34 [Warn] [636] high cpu, cpu is 12 2026-03-23 23:12:34 [Info] [636] try get sys version 2026-03-23 23:12:34 [Info] [636] win sys info:2/10:0:3 2026-03-23 23:12:34 [Info] [636] suit legal version, enable cpu control 2026-03-23 23:12:34 [Warn] [636] High CPU Warning: 12 2026-03-23 23:12:34 [Warn] [636] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-23 23:12:35 [Info] [636] Enter reuse wait state. 2026-03-23 23:12:38 [Info] [636] recvmsg: EXIT 2026-03-23 23:12:38 [Info] [636] Recv Exit Msg, Exit... 2026-03-30 02:53:22 [Info] [4312] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-30 02:53:22 [Info] [4312] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap94671774810377 2026-03-30 02:53:22 [Info] [4312] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-30 02:53:22 [Info] [4312] Resource monitor start 2026-03-30 02:53:22 [Info] [4312] ipc client init success 2026-03-30 02:53:22 [Info] [4312] Ipc init: 0 2026-03-30 02:53:22 [Info] [4312] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-30 02:53:22 [Info] [4312] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-30 02:53:27 [Info] [4312] CIpcMsgHandlerMgr::run Enter 2026-03-30 02:53:27 [Info] [4312] CResourceMonitor::run Enter 2026-03-30 02:53:27 [Info] [4312] start ipc thread id[2880] 2026-03-30 02:53:27 [Info] [4312] Connect Yundun ipc server return state is 0 2026-03-30 02:53:27 [Info] [4312] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-30 02:53:28 [Info] [4312] log fd cnt is [250], real fd cnt is [242] 2026-03-30 02:53:32 [Info] [4312] Loader thread 2026-03-30 02:53:32 [Info] [4312] PythonEngineImpl Init... 2026-03-30 02:53:32 [Info] [4312] Monitor thread 2026-03-30 02:53:32 [Info] [4312] Report thread 2026-03-30 02:53:32 [Info] [4312] yundun connected 2026-03-30 02:53:32 [Info] [4312] recvmsg: HELLO 2026-03-30 02:53:32 [Info] [4312] recvmsg: WORK 2026-03-30 02:53:32 [Info] [4312] no use encode, return to old mode 2026-03-30 02:53:32 [Info] [4312] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 02:53:32 [Info] [4312] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 02:53:32 [Info] [4312] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 02:53:33 [Info] [4312] log memory size is 20480KB, real memory size is 13148KB 2026-03-30 02:53:39 [Info] [4312] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 02:53:40 [Info] [4312] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-30 02:53:40 [Info] [4312] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-30 02:53:42 [Info] [4312] item: --windows-sysinfoext-check 2026-03-30 02:53:42 [Info] [4312] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-30 02:53:42 [Info] [4312] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-30 02:53:42 [Info] [4312] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 02:53:42 [Info] [4312] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 02:53:42 [Info] [4312] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-30 02:53:42 [Info] [4312] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-30 02:53:42 [Info] [4312] Prepare stage1: --windows-sysinfoext-check 2026-03-30 02:53:42 [Info] [4312] Prepare stage2 2026-03-30 02:53:44 [Warn] [4312] high cpu, cpu is 13 2026-03-30 02:53:44 [Info] [4312] try get sys version 2026-03-30 02:53:44 [Info] [4312] win sys info:2/10:0:3 2026-03-30 02:53:44 [Info] [4312] suit legal version, enable cpu control 2026-03-30 02:53:44 [Warn] [4312] High CPU Warning: 13 2026-03-30 02:53:45 [Warn] [4312] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-30 02:53:45 [Info] [4312] stage3: --windows-sysinfoext-check 2026-03-30 02:53:45 [Info] [4312] Loader after check 2026-03-30 02:53:46 [Info] [4312] log memory size is 30720KB, real memory size is 23308KB 2026-03-30 02:53:46 [Info] [4312] Enter reuse wait state. 2026-03-30 02:53:51 [Info] [4312] recvmsg: EXIT 2026-03-30 02:53:51 [Info] [4312] Recv Exit Msg, Exit... 2026-03-30 05:23:19 [Info] [4496] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-30 05:23:19 [Info] [4496] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap61611774819399 2026-03-30 05:23:19 [Info] [4496] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-30 05:23:19 [Info] [4496] Resource monitor start 2026-03-30 05:23:19 [Info] [4496] ipc client init success 2026-03-30 05:23:19 [Info] [4496] Ipc init: 0 2026-03-30 05:23:19 [Info] [4496] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-30 05:23:19 [Info] [4496] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-30 05:23:19 [Info] [4496] start ipc thread id[1448] 2026-03-30 05:23:19 [Info] [4496] Connect Yundun ipc server return state is 0 2026-03-30 05:23:19 [Info] [4496] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-30 05:23:19 [Info] [4496] CResourceMonitor::run Enter 2026-03-30 05:23:19 [Info] [4496] CIpcMsgHandlerMgr::run Enter 2026-03-30 05:23:19 [Info] [4496] Report thread 2026-03-30 05:23:19 [Info] [4496] Monitor thread 2026-03-30 05:23:19 [Info] [4496] Loader thread 2026-03-30 05:23:19 [Info] [4496] PythonEngineImpl Init... 2026-03-30 05:23:19 [Info] [4496] yundun connected 2026-03-30 05:23:20 [Info] [4496] recvmsg: HELLO 2026-03-30 05:23:20 [Info] [4496] recvmsg: WORK 2026-03-30 05:23:20 [Info] [4496] no use encode, return to old mode 2026-03-30 05:23:20 [Info] [4496] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 05:23:20 [Info] [4496] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 05:23:20 [Info] [4496] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 05:23:20 [Info] [4496] log fd cnt is [250], real fd cnt is [282] 2026-03-30 05:23:20 [Info] [4496] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 05:23:21 [Info] [4496] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-30 05:23:21 [Info] [4496] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-30 05:23:21 [Info] [4496] log memory size is 20480KB, real memory size is 14648KB 2026-03-30 05:23:22 [Info] [4496] item: --sca 2026-03-30 05:23:22 [Info] [4496] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-30 05:23:22 [Info] [4496] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-30 05:23:22 [Info] [4496] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-03-30 05:23:23 [Info] [4496] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-03-30 05:23:23 [Info] [4496] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-03-30 05:23:23 [Info] [4496] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-03-30 05:23:23 [Info] [4496] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-03-30 05:23:23 [Info] [4496] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-03-30 05:23:23 [Info] [4496] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-03-30 05:23:23 [Info] [4496] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-03-30 05:23:23 [Info] [4496] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-03-30 05:23:23 [Info] [4496] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-03-30 05:23:23 [Info] [4496] Download redirect files success. 2026-03-30 05:23:23 [Info] [4496] Prepare stage1: --sca 2026-03-30 05:23:23 [Info] [4496] Prepare stage2 2026-03-30 05:23:24 [Warn] [4496] high cpu, cpu is 20 2026-03-30 05:23:24 [Info] [4496] try get sys version 2026-03-30 05:23:24 [Info] [4496] win sys info:2/10:0:3 2026-03-30 05:23:24 [Info] [4496] suit legal version, enable cpu control 2026-03-30 05:23:24 [Warn] [4496] High CPU Warning: 20 2026-03-30 05:23:24 [Warn] [4496] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:sca_utils.py line: 69 in func: <module> File:sca.py line: 44 in func: <module> 2026-03-30 05:23:25 [Info] [4496] log memory size is 30720KB, real memory size is 32516KB 2026-03-30 05:23:29 [Info] [4496] log memory size is 40960KB, real memory size is 33144KB 2026-03-30 05:23:59 [Info] [4496] stage3: --sca 2026-03-30 05:23:59 [Info] [4496] Loader after check 2026-03-30 05:24:00 [Info] [4496] Enter reuse wait state. 2026-03-30 05:24:03 [Info] [4496] recvmsg: EXIT 2026-03-30 05:24:03 [Info] [4496] Recv Exit Msg, Exit... 2026-03-30 08:05:15 [Info] [2028] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-30 08:05:15 [Info] [2028] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap51221774829115 2026-03-30 08:05:15 [Info] [2028] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-30 08:05:15 [Info] [2028] Resource monitor start 2026-03-30 08:05:15 [Info] [2028] ipc client init success 2026-03-30 08:05:15 [Info] [2028] Ipc init: 0 2026-03-30 08:05:15 [Info] [2028] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-30 08:05:15 [Info] [2028] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-30 08:05:15 [Info] [2028] start ipc thread id[2820] 2026-03-30 08:05:15 [Info] [2028] Connect Yundun ipc server return state is 0 2026-03-30 08:05:15 [Info] [2028] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-30 08:05:15 [Info] [2028] CResourceMonitor::run Enter 2026-03-30 08:05:15 [Info] [2028] CIpcMsgHandlerMgr::run Enter 2026-03-30 08:05:15 [Info] [2028] Report thread 2026-03-30 08:05:15 [Info] [2028] Monitor thread 2026-03-30 08:05:15 [Info] [2028] Loader thread 2026-03-30 08:05:15 [Info] [2028] PythonEngineImpl Init... 2026-03-30 08:05:15 [Info] [2028] yundun connected 2026-03-30 08:05:16 [Info] [2028] recvmsg: HELLO 2026-03-30 08:05:16 [Info] [2028] recvmsg: WORK 2026-03-30 08:05:16 [Info] [2028] no use encode, return to old mode 2026-03-30 08:05:16 [Info] [2028] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 08:05:16 [Info] [2028] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 08:05:16 [Info] [2028] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 08:05:16 [Info] [2028] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 08:05:16 [Info] [2028] log fd cnt is [250], real fd cnt is [282] 2026-03-30 08:05:16 [Info] [2028] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-30 08:05:16 [Info] [2028] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-30 08:05:17 [Info] [2028] log memory size is 20480KB, real memory size is 14852KB 2026-03-30 08:05:17 [Info] [2028] item: --windows-vul-clean 2026-03-30 08:05:17 [Info] [2028] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-30 08:05:17 [Info] [2028] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-30 08:05:17 [Info] [2028] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 08:05:17 [Info] [2028] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 08:05:17 [Info] [2028] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-03-30 08:05:17 [Info] [2028] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-03-30 08:05:18 [Info] [2028] Prepare stage1: --windows-vul-clean 2026-03-30 08:05:18 [Info] [2028] Prepare stage2 2026-03-30 08:05:18 [Info] [2028] stage3: --windows-vul-clean 2026-03-30 08:05:18 [Info] [2028] Loader after check 2026-03-30 08:05:19 [Info] [2028] Enter reuse wait state. 2026-03-30 08:05:20 [Info] [2028] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-30 08:05:23 [Info] [2028] recvmsg: EXIT 2026-03-30 08:05:23 [Info] [2028] Recv Exit Msg, Exit... 2026-03-30 08:20:20 [Info] [3812] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-30 08:20:20 [Info] [3812] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap80381774830008 2026-03-30 08:20:20 [Info] [3812] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-30 08:20:20 [Info] [3812] Resource monitor start 2026-03-30 08:20:20 [Info] [3812] ipc client init success 2026-03-30 08:20:20 [Info] [3812] Ipc init: 0 2026-03-30 08:20:20 [Info] [3812] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-30 08:20:20 [Info] [3812] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-30 08:20:20 [Info] [3812] start ipc thread id[4460] 2026-03-30 08:20:20 [Info] [3812] Connect Yundun ipc server return state is 0 2026-03-30 08:20:20 [Info] [3812] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-30 08:20:20 [Info] [3812] CResourceMonitor::run Enter 2026-03-30 08:20:20 [Info] [3812] CIpcMsgHandlerMgr::run Enter 2026-03-30 08:20:20 [Info] [3812] Report thread 2026-03-30 08:20:20 [Info] [3812] Monitor thread 2026-03-30 08:20:20 [Info] [3812] Loader thread 2026-03-30 08:20:20 [Info] [3812] PythonEngineImpl Init... 2026-03-30 08:20:20 [Info] [3812] yundun connected 2026-03-30 08:20:27 [Info] [3812] recvmsg: HELLO 2026-03-30 08:20:28 [Info] [3812] log fd cnt is [250], real fd cnt is [263] 2026-03-30 08:20:29 [Info] [3812] log memory size is 20480KB, real memory size is 12908KB 2026-03-30 08:20:30 [Info] [3812] recvmsg: WORK 2026-03-30 08:20:30 [Info] [3812] no use encode, return to old mode 2026-03-30 08:20:31 [Info] [3812] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 08:20:31 [Info] [3812] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 08:20:31 [Info] [3812] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 08:20:36 [Info] [3812] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 08:20:36 [Info] [3812] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-30 08:20:36 [Info] [3812] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-30 08:20:37 [Info] [3812] item: --windows-sysinfoext-check 2026-03-30 08:20:37 [Info] [3812] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-30 08:20:37 [Info] [3812] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-30 08:20:37 [Info] [3812] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 08:20:37 [Info] [3812] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 08:20:37 [Info] [3812] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-30 08:20:37 [Info] [3812] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-30 08:20:37 [Info] [3812] Prepare stage1: --windows-sysinfoext-check 2026-03-30 08:20:37 [Info] [3812] Prepare stage2 2026-03-30 08:20:38 [Warn] [3812] high cpu, cpu is 23 2026-03-30 08:20:38 [Info] [3812] try get sys version 2026-03-30 08:20:38 [Info] [3812] win sys info:2/10:0:3 2026-03-30 08:20:38 [Info] [3812] suit legal version, enable cpu control 2026-03-30 08:20:38 [Warn] [3812] High CPU Warning: 23 2026-03-30 08:20:39 [Warn] [3812] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-30 08:20:39 [Info] [3812] stage3: --windows-sysinfoext-check 2026-03-30 08:20:39 [Info] [3812] Loader after check 2026-03-30 08:20:40 [Info] [3812] Enter reuse wait state. 2026-03-30 08:20:42 [Info] [3812] log memory size is 30720KB, real memory size is 23356KB 2026-03-30 08:20:45 [Info] [3812] recvmsg: EXIT 2026-03-30 08:20:45 [Info] [3812] Recv Exit Msg, Exit... 2026-03-30 08:52:43 [Info] [4200] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-30 08:52:43 [Info] [4200] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap144221774831963 2026-03-30 08:52:43 [Info] [4200] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-30 08:52:43 [Info] [4200] Resource monitor start 2026-03-30 08:52:43 [Info] [4200] ipc client init success 2026-03-30 08:52:43 [Info] [4200] Ipc init: 0 2026-03-30 08:52:43 [Info] [4200] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-30 08:52:43 [Info] [4200] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-30 08:52:43 [Info] [4200] start ipc thread id[1400] 2026-03-30 08:52:43 [Info] [4200] Connect Yundun ipc server return state is 0 2026-03-30 08:52:43 [Info] [4200] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-30 08:52:43 [Info] [4200] CResourceMonitor::run Enter 2026-03-30 08:52:43 [Info] [4200] CIpcMsgHandlerMgr::run Enter 2026-03-30 08:52:43 [Info] [4200] Report thread 2026-03-30 08:52:43 [Info] [4200] Monitor thread 2026-03-30 08:52:43 [Info] [4200] Loader thread 2026-03-30 08:52:43 [Info] [4200] PythonEngineImpl Init... 2026-03-30 08:52:43 [Info] [4200] yundun connected 2026-03-30 08:52:43 [Info] [4200] recvmsg: HELLO 2026-03-30 08:52:44 [Info] [4200] recvmsg: WORK 2026-03-30 08:52:44 [Info] [4200] no use encode, return to old mode 2026-03-30 08:52:44 [Info] [4200] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 08:52:44 [Info] [4200] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 08:52:44 [Info] [4200] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 08:52:44 [Info] [4200] log fd cnt is [250], real fd cnt is [282] 2026-03-30 08:52:44 [Info] [4200] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 08:52:44 [Info] [4200] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-30 08:52:44 [Info] [4200] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-30 08:52:45 [Info] [4200] log memory size is 20480KB, real memory size is 14752KB 2026-03-30 08:52:45 [Info] [4200] item: --windows-process-check 2026-03-30 08:52:45 [Info] [4200] cgroup name aegisRtap0 2026-03-30 08:52:45 [Info] [4200] try get sys version 2026-03-30 08:52:45 [Info] [4200] win sys info:2/10:0:3 2026-03-30 08:52:45 [Info] [4200] suit legal version, enable cpu control 2026-03-30 08:52:45 [Info] [4200] get AssignProcessToJobObject handle [00000478] 2026-03-30 08:52:45 [Info] [4200] Set setJobExtended. 2026-03-30 08:52:45 [Info] [4200] Set cpu [9%] 2026-03-30 08:52:45 [Info] [4200] Set cpu success 2026-03-30 08:52:45 [Info] [4200] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-30 08:52:45 [Info] [4200] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-30 08:52:45 [Info] [4200] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 08:52:45 [Info] [4200] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 08:52:46 [Info] [4200] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-03-30 08:52:46 [Info] [4200] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-03-30 08:52:46 [Info] [4200] Prepare stage1: --windows-process-check 2026-03-30 08:52:46 [Info] [4200] Prepare stage2 2026-03-30 08:52:49 [Info] [4200] log memory size is 30720KB, real memory size is 20588KB 2026-03-30 08:53:05 [Info] [4200] stage3: --windows-process-check 2026-03-30 08:53:05 [Info] [4200] Loader after check 2026-03-30 08:53:06 [Info] [4200] Enter reuse wait state. 2026-03-30 08:53:10 [Info] [4200] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-30 08:53:11 [Info] [4200] recvmsg: EXIT 2026-03-30 08:53:11 [Info] [4200] Recv Exit Msg, Exit... 2026-03-30 10:33:10 [Info] [3540] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-30 10:33:10 [Info] [3540] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap13321774837989 2026-03-30 10:33:10 [Info] [3540] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-30 10:33:10 [Info] [3540] Resource monitor start 2026-03-30 10:33:10 [Info] [3540] ipc client init success 2026-03-30 10:33:10 [Info] [3540] Ipc init: 0 2026-03-30 10:33:10 [Info] [3540] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-30 10:33:10 [Info] [3540] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-30 10:33:10 [Info] [3540] start ipc thread id[2716] 2026-03-30 10:33:10 [Info] [3540] Connect Yundun ipc server return state is 0 2026-03-30 10:33:10 [Info] [3540] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-30 10:33:10 [Info] [3540] CResourceMonitor::run Enter 2026-03-30 10:33:10 [Info] [3540] CIpcMsgHandlerMgr::run Enter 2026-03-30 10:33:10 [Info] [3540] Report thread 2026-03-30 10:33:10 [Info] [3540] Monitor thread 2026-03-30 10:33:10 [Info] [3540] Loader thread 2026-03-30 10:33:10 [Info] [3540] PythonEngineImpl Init... 2026-03-30 10:33:10 [Info] [3540] yundun connected 2026-03-30 10:33:10 [Info] [3540] recvmsg: HELLO 2026-03-30 10:33:10 [Info] [3540] recvmsg: WORK 2026-03-30 10:33:10 [Info] [3540] no use encode, return to old mode 2026-03-30 10:33:11 [Info] [3540] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 10:33:11 [Info] [3540] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 10:33:11 [Info] [3540] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 10:33:11 [Info] [3540] log fd cnt is [250], real fd cnt is [282] 2026-03-30 10:33:11 [Info] [3540] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 10:33:11 [Info] [3540] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-30 10:33:11 [Info] [3540] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-30 10:33:12 [Info] [3540] log memory size is 20480KB, real memory size is 14812KB 2026-03-30 10:33:12 [Info] [3540] item: --windows-registry-check 2026-03-30 10:33:12 [Info] [3540] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-30 10:33:12 [Info] [3540] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-30 10:33:12 [Info] [3540] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 10:33:12 [Info] [3540] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 10:33:12 [Info] [3540] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-03-30 10:33:12 [Info] [3540] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-03-30 10:33:13 [Info] [3540] Prepare stage1: --windows-registry-check 2026-03-30 10:33:13 [Info] [3540] Prepare stage2 2026-03-30 10:33:17 [Info] [3540] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-30 10:33:48 [Info] [3540] stage3: --windows-registry-check 2026-03-30 10:33:48 [Info] [3540] Loader after check 2026-03-30 10:33:49 [Info] [3540] Enter reuse wait state. 2026-03-30 10:33:50 [Info] [3540] recvmsg: EXIT 2026-03-30 10:33:50 [Info] [3540] Recv Exit Msg, Exit... 2026-03-30 10:34:30 [Info] [920] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-30 10:34:30 [Info] [920] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap15971774838070 2026-03-30 10:34:30 [Info] [920] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-30 10:34:30 [Info] [920] Resource monitor start 2026-03-30 10:34:30 [Info] [920] ipc client init success 2026-03-30 10:34:30 [Info] [920] Ipc init: 0 2026-03-30 10:34:30 [Info] [920] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-30 10:34:30 [Info] [920] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-30 10:34:30 [Info] [920] start ipc thread id[3292] 2026-03-30 10:34:30 [Info] [920] Connect Yundun ipc server return state is 0 2026-03-30 10:34:30 [Info] [920] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-30 10:34:30 [Info] [920] CResourceMonitor::run Enter 2026-03-30 10:34:30 [Info] [920] CIpcMsgHandlerMgr::run Enter 2026-03-30 10:34:30 [Info] [920] Report thread 2026-03-30 10:34:30 [Info] [920] Monitor thread 2026-03-30 10:34:30 [Info] [920] Loader thread 2026-03-30 10:34:30 [Info] [920] PythonEngineImpl Init... 2026-03-30 10:34:30 [Info] [920] yundun connected 2026-03-30 10:34:31 [Info] [920] recvmsg: HELLO 2026-03-30 10:34:31 [Info] [920] recvmsg: WORK 2026-03-30 10:34:31 [Info] [920] no use encode, return to old mode 2026-03-30 10:34:31 [Info] [920] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 10:34:31 [Info] [920] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 10:34:31 [Info] [920] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 10:34:31 [Info] [920] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 10:34:31 [Info] [920] log fd cnt is [250], real fd cnt is [282] 2026-03-30 10:34:32 [Info] [920] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-30 10:34:32 [Info] [920] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-30 10:34:32 [Info] [920] log memory size is 20480KB, real memory size is 14784KB 2026-03-30 10:34:33 [Info] [920] item: --windows-driver-version-check 2026-03-30 10:34:33 [Info] [920] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-30 10:34:33 [Info] [920] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-30 10:34:33 [Info] [920] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 10:34:33 [Info] [920] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 10:34:33 [Info] [920] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-03-30 10:34:33 [Info] [920] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-03-30 10:34:33 [Info] [920] Prepare stage1: --windows-driver-version-check 2026-03-30 10:34:33 [Info] [920] Prepare stage2 2026-03-30 10:34:33 [Info] [920] stage3: --windows-driver-version-check 2026-03-30 10:34:33 [Info] [920] Loader after check 2026-03-30 10:34:34 [Info] [920] Enter reuse wait state. 2026-03-30 10:34:38 [Info] [920] recvmsg: EXIT 2026-03-30 10:34:38 [Info] [920] Recv Exit Msg, Exit... 2026-03-30 10:45:55 [Info] [4460] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-30 10:45:55 [Info] [4460] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap38341774838755 2026-03-30 10:45:55 [Info] [4460] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-30 10:45:55 [Info] [4460] Resource monitor start 2026-03-30 10:45:55 [Info] [4460] ipc client init success 2026-03-30 10:45:55 [Info] [4460] Ipc init: 0 2026-03-30 10:45:55 [Info] [4460] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-30 10:45:55 [Info] [4460] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-30 10:45:55 [Info] [4460] start ipc thread id[4452] 2026-03-30 10:45:55 [Info] [4460] Connect Yundun ipc server return state is 0 2026-03-30 10:45:55 [Info] [4460] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-30 10:45:55 [Info] [4460] CResourceMonitor::run Enter 2026-03-30 10:45:55 [Info] [4460] CIpcMsgHandlerMgr::run Enter 2026-03-30 10:45:55 [Info] [4460] Report thread 2026-03-30 10:45:55 [Info] [4460] Monitor thread 2026-03-30 10:45:55 [Info] [4460] Loader thread 2026-03-30 10:45:55 [Info] [4460] PythonEngineImpl Init... 2026-03-30 10:45:55 [Info] [4460] yundun connected 2026-03-30 10:45:56 [Info] [4460] recvmsg: HELLO 2026-03-30 10:45:56 [Info] [4460] recvmsg: WORK 2026-03-30 10:45:56 [Info] [4460] no use encode, return to old mode 2026-03-30 10:45:56 [Info] [4460] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 10:45:56 [Info] [4460] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 10:45:56 [Info] [4460] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 10:45:56 [Info] [4460] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 10:45:56 [Info] [4460] log fd cnt is [250], real fd cnt is [282] 2026-03-30 10:45:56 [Info] [4460] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-30 10:45:56 [Info] [4460] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-30 10:45:57 [Info] [4460] log memory size is 20480KB, real memory size is 14824KB 2026-03-30 10:45:57 [Info] [4460] item: --windows-schedule-task-check 2026-03-30 10:45:57 [Info] [4460] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-30 10:45:57 [Info] [4460] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-30 10:45:57 [Info] [4460] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 10:45:58 [Info] [4460] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 10:45:58 [Info] [4460] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-03-30 10:45:58 [Info] [4460] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-03-30 10:45:58 [Info] [4460] Prepare stage1: --windows-schedule-task-check 2026-03-30 10:45:58 [Info] [4460] Prepare stage2 2026-03-30 10:45:58 [Warn] [4460] high cpu, cpu is 13 2026-03-30 10:45:58 [Info] [4460] try get sys version 2026-03-30 10:45:58 [Info] [4460] win sys info:2/10:0:3 2026-03-30 10:45:58 [Info] [4460] suit legal version, enable cpu control 2026-03-30 10:45:58 [Warn] [4460] High CPU Warning: 13 2026-03-30 10:45:58 [Warn] [4460] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:dynamic.py line: 91 in func: _GetGoodDispatch File:dynamic.py line: 114 in func: _GetGoodDispatchAndUserName File:__init__.py line: 95 in func: Dispatch File:windows-schedule-task-check.py line: 365 in func: GetScheduleTaskByCom File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks File:windows-schedule-task-check.py line: 425 in func: check File:windows-schedule-task-check.py line: 61 in func: main File:windows-schedule-task-check.py line: 433 in func: start 2026-03-30 10:46:01 [Info] [4460] log memory size is 30720KB, real memory size is 23652KB 2026-03-30 10:46:29 [Info] [4460] stage3: --windows-schedule-task-check 2026-03-30 10:46:29 [Info] [4460] Loader after check 2026-03-30 10:46:30 [Info] [4460] Enter reuse wait state. 2026-03-30 10:46:35 [Info] [4460] recvmsg: EXIT 2026-03-30 10:46:35 [Info] [4460] Recv Exit Msg, Exit... 2026-03-30 11:16:16 [Info] [3820] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-30 11:16:16 [Info] [3820] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap97801774840576 2026-03-30 11:16:16 [Info] [3820] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-30 11:16:16 [Info] [3820] Resource monitor start 2026-03-30 11:16:16 [Info] [3820] ipc client init success 2026-03-30 11:16:16 [Info] [3820] Ipc init: 0 2026-03-30 11:16:16 [Info] [3820] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-30 11:16:16 [Info] [3820] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-30 11:16:16 [Info] [3820] start ipc thread id[2540] 2026-03-30 11:16:16 [Info] [3820] Connect Yundun ipc server return state is 0 2026-03-30 11:16:16 [Info] [3820] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-30 11:16:16 [Info] [3820] CResourceMonitor::run Enter 2026-03-30 11:16:16 [Info] [3820] CIpcMsgHandlerMgr::run Enter 2026-03-30 11:16:16 [Info] [3820] Report thread 2026-03-30 11:16:16 [Info] [3820] Monitor thread 2026-03-30 11:16:16 [Info] [3820] Loader thread 2026-03-30 11:16:16 [Info] [3820] PythonEngineImpl Init... 2026-03-30 11:16:16 [Info] [3820] yundun connected 2026-03-30 11:16:17 [Info] [3820] recvmsg: HELLO 2026-03-30 11:16:17 [Info] [3820] recvmsg: WORK 2026-03-30 11:16:17 [Info] [3820] no use encode, return to old mode 2026-03-30 11:16:17 [Info] [3820] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 11:16:17 [Info] [3820] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 11:16:17 [Info] [3820] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 11:16:17 [Info] [3820] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 11:16:17 [Info] [3820] log fd cnt is [250], real fd cnt is [282] 2026-03-30 11:16:17 [Info] [3820] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-30 11:16:17 [Info] [3820] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-30 11:16:18 [Info] [3820] log memory size is 20480KB, real memory size is 14820KB 2026-03-30 11:16:18 [Info] [3820] item: --windows-autorun-item-check 2026-03-30 11:16:18 [Info] [3820] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-30 11:16:18 [Info] [3820] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-30 11:16:18 [Info] [3820] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 11:16:18 [Info] [3820] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 11:16:18 [Info] [3820] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-03-30 11:16:18 [Info] [3820] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-03-30 11:16:19 [Info] [3820] Prepare stage1: --windows-autorun-item-check 2026-03-30 11:16:19 [Info] [3820] Prepare stage2 2026-03-30 11:16:22 [Info] [3820] log memory size is 30720KB, real memory size is 22592KB 2026-03-30 11:16:29 [Info] [3820] stage3: --windows-autorun-item-check 2026-03-30 11:16:29 [Info] [3820] Loader after check 2026-03-30 11:16:30 [Info] [3820] Enter reuse wait state. 2026-03-30 11:16:32 [Info] [3820] recvmsg: EXIT 2026-03-30 11:16:32 [Info] [3820] Recv Exit Msg, Exit... 2026-03-30 11:39:51 [Info] [2096] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-30 11:39:51 [Info] [2096] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap143981774841990 2026-03-30 11:39:51 [Info] [2096] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-30 11:39:51 [Info] [2096] Resource monitor start 2026-03-30 11:39:51 [Info] [2096] ipc client init success 2026-03-30 11:39:51 [Info] [2096] Ipc init: 0 2026-03-30 11:39:51 [Info] [2096] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-30 11:39:51 [Info] [2096] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-30 11:39:51 [Info] [2096] start ipc thread id[4484] 2026-03-30 11:39:51 [Info] [2096] Connect Yundun ipc server return state is 0 2026-03-30 11:39:51 [Info] [2096] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-30 11:39:51 [Info] [2096] CResourceMonitor::run Enter 2026-03-30 11:39:51 [Info] [2096] CIpcMsgHandlerMgr::run Enter 2026-03-30 11:39:51 [Info] [2096] Report thread 2026-03-30 11:39:51 [Info] [2096] Monitor thread 2026-03-30 11:39:51 [Info] [2096] Loader thread 2026-03-30 11:39:51 [Info] [2096] PythonEngineImpl Init... 2026-03-30 11:39:51 [Info] [2096] yundun connected 2026-03-30 11:39:51 [Info] [2096] recvmsg: HELLO 2026-03-30 11:39:51 [Info] [2096] recvmsg: WORK 2026-03-30 11:39:51 [Info] [2096] no use encode, return to old mode 2026-03-30 11:39:51 [Info] [2096] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 11:39:51 [Info] [2096] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 11:39:51 [Info] [2096] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 11:39:51 [Info] [2096] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 11:39:52 [Info] [2096] log fd cnt is [250], real fd cnt is [282] 2026-03-30 11:39:52 [Info] [2096] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-30 11:39:52 [Info] [2096] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-30 11:39:53 [Info] [2096] log memory size is 20480KB, real memory size is 14816KB 2026-03-30 11:39:53 [Info] [2096] item: --tcp-connect-check 2026-03-30 11:39:53 [Info] [2096] cgroup name aegisRtap0 2026-03-30 11:39:53 [Info] [2096] try get sys version 2026-03-30 11:39:53 [Info] [2096] win sys info:2/10:0:3 2026-03-30 11:39:53 [Info] [2096] suit legal version, enable cpu control 2026-03-30 11:39:53 [Info] [2096] get AssignProcessToJobObject handle [00000478] 2026-03-30 11:39:53 [Info] [2096] Set setJobExtended. 2026-03-30 11:39:53 [Info] [2096] Set cpu [9%] 2026-03-30 11:39:53 [Info] [2096] Set cpu success 2026-03-30 11:39:53 [Info] [2096] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-30 11:39:53 [Info] [2096] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-30 11:39:53 [Info] [2096] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 11:39:53 [Info] [2096] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 11:39:53 [Info] [2096] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-03-30 11:39:53 [Info] [2096] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-03-30 11:39:53 [Info] [2096] Prepare stage1: --tcp-connect-check 2026-03-30 11:39:53 [Info] [2096] Prepare stage2 2026-03-30 11:39:56 [Info] [2096] stage3: --tcp-connect-check 2026-03-30 11:39:56 [Info] [2096] Loader after check 2026-03-30 11:39:57 [Info] [2096] Enter reuse wait state. 2026-03-30 11:40:02 [Info] [2096] recvmsg: EXIT 2026-03-30 11:40:02 [Info] [2096] Recv Exit Msg, Exit... 2026-03-30 13:49:27 [Info] [4344] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-30 13:49:27 [Info] [4344] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap69971774849758 2026-03-30 13:49:27 [Info] [4344] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-30 13:49:27 [Info] [4344] Resource monitor start 2026-03-30 13:49:27 [Info] [4344] ipc client init success 2026-03-30 13:49:27 [Info] [4344] Ipc init: 0 2026-03-30 13:49:27 [Info] [4344] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-30 13:49:27 [Info] [4344] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-30 13:49:27 [Info] [4344] start ipc thread id[2204] 2026-03-30 13:49:27 [Info] [4344] Connect Yundun ipc server return state is 0 2026-03-30 13:49:27 [Info] [4344] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-30 13:49:27 [Info] [4344] CResourceMonitor::run Enter 2026-03-30 13:49:27 [Info] [4344] CIpcMsgHandlerMgr::run Enter 2026-03-30 13:49:27 [Info] [4344] Report thread 2026-03-30 13:49:27 [Info] [4344] Monitor thread 2026-03-30 13:49:27 [Info] [4344] Loader thread 2026-03-30 13:49:27 [Info] [4344] PythonEngineImpl Init... 2026-03-30 13:49:33 [Info] [4344] yundun connected 2026-03-30 13:49:34 [Info] [4344] recvmsg: HELLO 2026-03-30 13:49:34 [Info] [4344] recvmsg: WORK 2026-03-30 13:49:34 [Info] [4344] no use encode, return to old mode 2026-03-30 13:49:34 [Info] [4344] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 13:49:34 [Info] [4344] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 13:49:34 [Info] [4344] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 13:49:36 [Info] [4344] log fd cnt is [250], real fd cnt is [264] 2026-03-30 13:49:37 [Info] [4344] log memory size is 20480KB, real memory size is 13136KB 2026-03-30 13:49:57 [Warn] [4344] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-30 13:50:07 [Warn] [4344] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-30 13:50:07 [Info] [4344] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 13:50:07 [Info] [4344] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-30 13:50:07 [Info] [4344] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-30 13:50:08 [Info] [4344] item: --windows-sysinfoext-check 2026-03-30 13:50:08 [Info] [4344] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-30 13:50:08 [Info] [4344] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-30 13:50:08 [Info] [4344] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 13:50:08 [Info] [4344] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 13:50:09 [Info] [4344] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-30 13:50:09 [Info] [4344] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-30 13:50:09 [Info] [4344] Prepare stage1: --windows-sysinfoext-check 2026-03-30 13:50:09 [Info] [4344] Prepare stage2 2026-03-30 13:50:09 [Info] [4344] log memory size is 30720KB, real memory size is 23096KB 2026-03-30 13:50:10 [Info] [4344] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-30 13:50:10 [Info] [4344] stage3: --windows-sysinfoext-check 2026-03-30 13:50:10 [Info] [4344] Loader after check 2026-03-30 13:50:11 [Info] [4344] Enter reuse wait state. 2026-03-30 13:50:13 [Info] [4344] recvmsg: EXIT 2026-03-30 13:50:13 [Info] [4344] Recv Exit Msg, Exit... 2026-03-30 19:04:09 [Info] [4108] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-30 19:04:09 [Info] [4108] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap31441774868647 2026-03-30 19:04:09 [Info] [4108] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-30 19:04:09 [Info] [4108] Resource monitor start 2026-03-30 19:04:09 [Info] [4108] ipc client init success 2026-03-30 19:04:09 [Info] [4108] Ipc init: 0 2026-03-30 19:04:09 [Info] [4108] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-30 19:04:09 [Info] [4108] CResourceMonitor::run Enter 2026-03-30 19:04:09 [Info] [4108] CIpcMsgHandlerMgr::run Enter 2026-03-30 19:04:09 [Info] [4108] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-30 19:04:09 [Info] [4108] start ipc thread id[3124] 2026-03-30 19:04:09 [Info] [4108] Connect Yundun ipc server return state is 0 2026-03-30 19:04:09 [Info] [4108] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-30 19:04:09 [Info] [4108] yundun connected 2026-03-30 19:04:09 [Info] [4108] Report thread 2026-03-30 19:04:09 [Info] [4108] Monitor thread 2026-03-30 19:04:09 [Info] [4108] Loader thread 2026-03-30 19:04:09 [Info] [4108] PythonEngineImpl Init... 2026-03-30 19:04:10 [Info] [4108] recvmsg: HELLO 2026-03-30 19:04:10 [Info] [4108] recvmsg: WORK 2026-03-30 19:04:10 [Info] [4108] no use encode, return to old mode 2026-03-30 19:04:10 [Info] [4108] log fd cnt is [250], real fd cnt is [263] 2026-03-30 19:04:10 [Info] [4108] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 19:04:10 [Info] [4108] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 19:04:10 [Info] [4108] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 19:04:10 [Info] [4108] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 19:04:10 [Info] [4108] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-30 19:04:10 [Info] [4108] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-30 19:04:11 [Info] [4108] log memory size is 20480KB, real memory size is 14912KB 2026-03-30 19:04:12 [Info] [4108] item: --secnet_rasp_agent 2026-03-30 19:04:12 [Info] [4108] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-30 19:04:12 [Info] [4108] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-30 19:04:12 [Info] [4108] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-03-30 19:04:12 [Info] [4108] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-30 19:04:12 [Info] [4108] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-03-30 19:04:12 [Info] [4108] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-03-30 19:04:12 [Info] [4108] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-03-30 19:04:12 [Info] [4108] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-03-30 19:04:12 [Info] [4108] Download redirect files success. 2026-03-30 19:04:12 [Info] [4108] Prepare stage1: --secnet_rasp_agent 2026-03-30 19:04:12 [Info] [4108] Prepare stage2 2026-03-30 19:04:21 [Info] [4108] log memory size is 30720KB, real memory size is 21124KB 2026-03-30 19:04:27 [Info] [4108] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-30 19:04:27 [Info] [4108] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-30 19:04:27 [Info] [4108] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 19:04:27 [Info] [4108] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 19:04:27 [Info] [4108] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-03-30 19:04:27 [Info] [4108] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-30 19:04:27 [Info] [4108] stage3: --secnet_rasp_agent 2026-03-30 19:04:27 [Info] [4108] Loader after check 2026-03-30 19:04:28 [Info] [4108] Enter reuse wait state. 2026-03-30 19:04:33 [Info] [4108] recvmsg: EXIT 2026-03-30 19:04:33 [Info] [4108] Recv Exit Msg, Exit... 2026-03-30 19:18:20 [Info] [3312] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-30 19:18:20 [Info] [3312] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap58451774869474 2026-03-30 19:18:20 [Info] [3312] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-30 19:18:20 [Info] [3312] Resource monitor start 2026-03-30 19:18:20 [Info] [3312] ipc client init success 2026-03-30 19:18:20 [Info] [3312] Ipc init: 0 2026-03-30 19:18:20 [Info] [3312] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-30 19:18:20 [Info] [3312] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-30 19:18:25 [Info] [3312] CIpcMsgHandlerMgr::run Enter 2026-03-30 19:18:25 [Info] [3312] CResourceMonitor::run Enter 2026-03-30 19:18:25 [Info] [3312] start ipc thread id[2428] 2026-03-30 19:18:25 [Info] [3312] Connect Yundun ipc server return state is 0 2026-03-30 19:18:25 [Info] [3312] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-30 19:18:26 [Info] [3312] log fd cnt is [250], real fd cnt is [242] 2026-03-30 19:18:30 [Info] [3312] Loader thread 2026-03-30 19:18:30 [Info] [3312] PythonEngineImpl Init... 2026-03-30 19:18:30 [Info] [3312] Monitor thread 2026-03-30 19:18:30 [Info] [3312] Report thread 2026-03-30 19:18:30 [Info] [3312] yundun connected 2026-03-30 19:18:30 [Info] [3312] recvmsg: HELLO 2026-03-30 19:18:30 [Info] [3312] recvmsg: WORK 2026-03-30 19:18:30 [Info] [3312] no use encode, return to old mode 2026-03-30 19:18:30 [Info] [3312] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 19:18:30 [Info] [3312] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 19:18:30 [Info] [3312] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 19:18:31 [Info] [3312] log memory size is 20480KB, real memory size is 13152KB 2026-03-30 19:18:38 [Info] [3184] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-30 19:18:38 [Info] [3184] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap59661774869511 2026-03-30 19:18:38 [Info] [3184] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-30 19:18:38 [Info] [3184] Resource monitor start 2026-03-30 19:18:38 [Info] [3184] ipc client init success 2026-03-30 19:18:38 [Info] [3184] Ipc init: 0 2026-03-30 19:18:38 [Info] [3184] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-30 19:18:38 [Info] [3184] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-30 19:18:38 [Info] [3184] start ipc thread id[4212] 2026-03-30 19:18:38 [Info] [3184] Connect Yundun ipc server return state is 0 2026-03-30 19:18:38 [Info] [3184] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-30 19:18:39 [Info] [3184] CResourceMonitor::run Enter 2026-03-30 19:18:39 [Info] [3184] CIpcMsgHandlerMgr::run Enter 2026-03-30 19:18:39 [Info] [3184] yundun connected 2026-03-30 19:18:39 [Info] [3184] Report thread 2026-03-30 19:18:39 [Info] [3184] Monitor thread 2026-03-30 19:18:39 [Info] [3184] Loader thread 2026-03-30 19:18:39 [Info] [3184] PythonEngineImpl Init... 2026-03-30 19:18:39 [Info] [3184] recvmsg: HELLO 2026-03-30 19:18:40 [Info] [3184] recvmsg: WORK 2026-03-30 19:18:40 [Info] [3184] no use encode, return to old mode 2026-03-30 19:18:40 [Warn] [3312] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-30 19:18:40 [Info] [3184] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 19:18:40 [Info] [3184] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-30 19:18:40 [Info] [3184] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 19:18:40 [Info] [3184] log fd cnt is [250], real fd cnt is [264] 2026-03-30 19:18:42 [Info] [3184] log memory size is 20480KB, real memory size is 13644KB 2026-03-30 19:18:43 [Info] [3184] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 19:18:44 [Info] [3184] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-30 19:18:46 [Info] [3312] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-30 19:18:44 [Info] [3184] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-30 19:18:46 [Info] [3184] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-30 19:18:49 [Info] [3184] item: --windows-vul-check 2026-03-30 19:18:49 [Info] [3184] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-30 19:18:50 [Info] [3184] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-30 19:18:50 [Warn] [3312] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-30 19:18:50 [Info] [3184] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py 2026-03-30 19:18:50 [Info] [3184] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-30 19:18:50 [Info] [3184] Download redirect files success. 2026-03-30 19:18:50 [Info] [3184] Prepare stage1: --windows-vul-check 2026-03-30 19:18:50 [Info] [3184] Prepare stage2 2026-03-30 19:18:51 [Info] [3184] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-03-30 19:18:51 [Info] [3184] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-03-30 19:18:51 [Info] [3184] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 19:18:51 [Info] [3184] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 19:18:52 [Info] [3184] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-03-30 19:18:52 [Info] [3184] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-03-30 19:18:52 [Info] [3184] log memory size is 30720KB, real memory size is 22684KB 2026-03-30 19:18:52 [Info] [3184] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0 2026-03-30 19:18:52 [Info] [3184] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0 2026-03-30 19:18:52 [Info] [3184] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat 2026-03-30 19:18:52 [Info] [3184] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat 2026-03-30 19:18:52 [Info] [3184] stage3: --windows-vul-check 2026-03-30 19:18:52 [Info] [3184] Loader after check 2026-03-30 19:18:53 [Warn] [3184] high cpu, cpu is 29 2026-03-30 19:18:53 [Info] [3184] try get sys version 2026-03-30 19:18:53 [Info] [3184] win sys info:2/10:0:3 2026-03-30 19:18:53 [Info] [3184] suit legal version, enable cpu control 2026-03-30 19:18:53 [Warn] [3184] High CPU Warning: 29 2026-03-30 19:18:53 [Warn] [3184] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-30 19:18:53 [Info] [3184] Enter reuse wait state. 2026-03-30 19:18:57 [Info] [3184] recvmsg: EXIT 2026-03-30 19:18:57 [Info] [3184] Recv Exit Msg, Exit... 2026-03-30 19:19:00 [Warn] [3312] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-30 19:19:01 [Info] [3312] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 19:19:01 [Info] [3312] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-30 19:19:01 [Info] [3312] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-30 19:19:02 [Info] [3312] item: --windows-sysinfoext-check 2026-03-30 19:19:02 [Info] [3312] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-30 19:19:02 [Info] [3312] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-30 19:19:02 [Info] [3312] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-30 19:19:02 [Info] [3312] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-30 19:19:02 [Info] [3312] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-30 19:19:02 [Info] [3312] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-30 19:19:02 [Info] [3312] Prepare stage1: --windows-sysinfoext-check 2026-03-30 19:19:02 [Info] [3312] Prepare stage2 2026-03-30 19:19:03 [Info] [3312] log memory size is 30720KB, real memory size is 23156KB 2026-03-30 19:19:06 [Info] [3312] stage3: --windows-sysinfoext-check 2026-03-30 19:19:06 [Info] [3312] Loader after check 2026-03-30 19:19:06 [Warn] [3312] high cpu, cpu is 13 2026-03-30 19:19:06 [Info] [3312] try get sys version 2026-03-30 19:19:06 [Info] [3312] win sys info:2/10:0:3 2026-03-30 19:19:06 [Info] [3312] suit legal version, enable cpu control 2026-03-30 19:19:06 [Warn] [3312] High CPU Warning: 13 2026-03-30 19:19:06 [Warn] [3312] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-30 19:19:07 [Info] [3312] Enter reuse wait state. 2026-03-30 19:19:11 [Info] [3312] recvmsg: EXIT 2026-03-30 19:19:11 [Info] [3312] Recv Exit Msg, Exit... 2026-04-06 04:23:18 [Info] [608] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-06 04:23:18 [Info] [608] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap31911775420551 2026-04-06 04:23:18 [Info] [608] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-06 04:23:18 [Info] [608] Resource monitor start 2026-04-06 04:23:18 [Info] [608] ipc client init success 2026-04-06 04:23:18 [Info] [608] Ipc init: 0 2026-04-06 04:23:18 [Info] [608] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-06 04:23:18 [Info] [608] CResourceMonitor::run Enter 2026-04-06 04:23:18 [Info] [608] CIpcMsgHandlerMgr::run Enter 2026-04-06 04:23:18 [Info] [608] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-06 04:23:18 [Info] [608] start ipc thread id[1928] 2026-04-06 04:23:18 [Info] [608] Connect Yundun ipc server return state is 0 2026-04-06 04:23:18 [Info] [608] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-06 04:23:18 [Info] [608] yundun connected 2026-04-06 04:23:18 [Info] [608] Report thread 2026-04-06 04:23:18 [Info] [608] Monitor thread 2026-04-06 04:23:18 [Info] [608] Loader thread 2026-04-06 04:23:18 [Info] [608] PythonEngineImpl Init... 2026-04-06 04:23:19 [Info] [608] recvmsg: HELLO 2026-04-06 04:23:19 [Info] [608] recvmsg: WORK 2026-04-06 04:23:19 [Info] [608] no use encode, return to old mode 2026-04-06 04:23:19 [Info] [608] log fd cnt is [250], real fd cnt is [262] 2026-04-06 04:23:19 [Info] [608] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 04:23:19 [Info] [608] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 04:23:19 [Info] [608] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 04:23:19 [Info] [608] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 04:23:20 [Info] [608] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-06 04:23:20 [Info] [608] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-06 04:23:20 [Info] [608] log memory size is 20480KB, real memory size is 14872KB 2026-04-06 04:23:21 [Info] [608] item: --windows-sysinfoext-check 2026-04-06 04:23:21 [Info] [608] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-06 04:23:21 [Info] [608] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-06 04:23:21 [Info] [608] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 04:23:21 [Info] [608] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 04:23:21 [Info] [608] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-06 04:23:21 [Info] [608] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-06 04:23:21 [Info] [608] Prepare stage1: --windows-sysinfoext-check 2026-04-06 04:23:21 [Info] [608] Prepare stage2 2026-04-06 04:23:23 [Warn] [608] high cpu, cpu is 18 2026-04-06 04:23:23 [Info] [608] try get sys version 2026-04-06 04:23:23 [Info] [608] win sys info:2/10:0:3 2026-04-06 04:23:23 [Info] [608] suit legal version, enable cpu control 2026-04-06 04:23:23 [Warn] [608] High CPU Warning: 18 2026-04-06 04:23:24 [Warn] [608] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-06 04:23:25 [Info] [608] log memory size is 30720KB, real memory size is 23152KB 2026-04-06 04:23:25 [Info] [608] stage3: --windows-sysinfoext-check 2026-04-06 04:23:25 [Info] [608] Loader after check 2026-04-06 04:23:26 [Warn] [608] high cpu, cpu is 13 2026-04-06 04:23:26 [Warn] [608] High CPU Warning: 13 2026-04-06 04:23:26 [Info] [608] Enter reuse wait state. 2026-04-06 04:23:30 [Info] [608] recvmsg: EXIT 2026-04-06 04:23:30 [Info] [608] Recv Exit Msg, Exit... 2026-04-06 05:16:45 [Info] [2472] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-06 05:16:45 [Info] [2472] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap138171775423805 2026-04-06 05:16:45 [Info] [2472] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-06 05:16:45 [Info] [2472] Resource monitor start 2026-04-06 05:16:45 [Info] [2472] ipc client init success 2026-04-06 05:16:45 [Info] [2472] Ipc init: 0 2026-04-06 05:16:45 [Info] [2472] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-06 05:16:45 [Info] [2472] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-06 05:16:45 [Info] [2472] start ipc thread id[1420] 2026-04-06 05:16:45 [Info] [2472] Connect Yundun ipc server return state is 0 2026-04-06 05:16:45 [Info] [2472] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-06 05:16:45 [Info] [2472] CResourceMonitor::run Enter 2026-04-06 05:16:45 [Info] [2472] CIpcMsgHandlerMgr::run Enter 2026-04-06 05:16:45 [Info] [2472] yundun connected 2026-04-06 05:16:45 [Info] [2472] Report thread 2026-04-06 05:16:45 [Info] [2472] Monitor thread 2026-04-06 05:16:45 [Info] [2472] Loader thread 2026-04-06 05:16:45 [Info] [2472] PythonEngineImpl Init... 2026-04-06 05:16:46 [Info] [2472] recvmsg: HELLO 2026-04-06 05:16:46 [Info] [2472] recvmsg: WORK 2026-04-06 05:16:46 [Info] [2472] no use encode, return to old mode 2026-04-06 05:16:46 [Info] [2472] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 05:16:46 [Info] [2472] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 05:16:46 [Info] [2472] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 05:16:46 [Info] [2472] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 05:16:46 [Info] [2472] log fd cnt is [250], real fd cnt is [282] 2026-04-06 05:16:47 [Info] [2472] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-06 05:16:47 [Info] [2472] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-06 05:16:47 [Info] [2472] log memory size is 20480KB, real memory size is 14832KB 2026-04-06 05:16:48 [Info] [2472] item: --sca 2026-04-06 05:16:48 [Info] [2472] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-06 05:16:48 [Info] [2472] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-06 05:16:48 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-04-06 05:16:48 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-04-06 05:16:48 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-04-06 05:16:48 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-04-06 05:16:48 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-04-06 05:16:48 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-04-06 05:16:48 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-04-06 05:16:48 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-04-06 05:16:49 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-04-06 05:16:49 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-04-06 05:16:49 [Info] [2472] Download redirect files success. 2026-04-06 05:16:49 [Info] [2472] Prepare stage1: --sca 2026-04-06 05:16:49 [Info] [2472] Prepare stage2 2026-04-06 05:16:51 [Warn] [2472] high cpu, cpu is 21 2026-04-06 05:16:51 [Info] [2472] try get sys version 2026-04-06 05:16:51 [Info] [2472] win sys info:2/10:0:3 2026-04-06 05:16:51 [Info] [2472] suit legal version, enable cpu control 2026-04-06 05:16:51 [Warn] [2472] High CPU Warning: 21 2026-04-06 05:16:51 [Warn] [2472] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:zipfile.py line: 3 in func: <module> File:sca_java_proc.py line: 6 in func: <module> File:sca.py line: 45 in func: <module> 2026-04-06 05:16:52 [Info] [2472] log memory size is 30720KB, real memory size is 32724KB 2026-04-06 05:16:56 [Info] [2472] log memory size is 40960KB, real memory size is 33236KB 2026-04-06 05:17:30 [Warn] [2472] high cpu, cpu is 29 2026-04-06 05:17:30 [Warn] [2472] High CPU Warning: 29 2026-04-06 05:17:30 [Warn] [2472] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:sca.py line: 188 in func: init_analyzer File:sca.py line: 390 in func: start 2026-04-06 05:17:32 [Info] [2472] stage3: --sca 2026-04-06 05:17:32 [Info] [2472] Loader after check 2026-04-06 05:17:33 [Info] [2472] Enter reuse wait state. 2026-04-06 05:17:38 [Info] [2472] recvmsg: EXIT 2026-04-06 05:17:38 [Info] [2472] Recv Exit Msg, Exit... 2026-04-06 07:52:59 [Info] [5048] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-06 07:52:59 [Info] [5048] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap116571775433178 2026-04-06 07:52:59 [Info] [5048] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-06 07:52:59 [Info] [5048] Resource monitor start 2026-04-06 07:52:59 [Info] [5048] CResourceMonitor::run Enter 2026-04-06 07:52:59 [Info] [5048] CIpcMsgHandlerMgr::run Enter 2026-04-06 07:52:59 [Info] [5048] ipc client init success 2026-04-06 07:52:59 [Info] [5048] Ipc init: 0 2026-04-06 07:52:59 [Info] [5048] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-06 07:52:59 [Info] [5048] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-06 07:52:59 [Info] [5048] start ipc thread id[1048] 2026-04-06 07:52:59 [Info] [5048] Connect Yundun ipc server return state is 0 2026-04-06 07:53:00 [Info] [5048] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-06 07:53:00 [Info] [5048] yundun connected 2026-04-06 07:53:00 [Info] [5048] Report thread 2026-04-06 07:53:00 [Info] [5048] Monitor thread 2026-04-06 07:53:00 [Info] [5048] Loader thread 2026-04-06 07:53:00 [Info] [5048] PythonEngineImpl Init... 2026-04-06 07:53:00 [Info] [5048] recvmsg: HELLO 2026-04-06 07:53:00 [Info] [5048] recvmsg: WORK 2026-04-06 07:53:00 [Info] [5048] no use encode, return to old mode 2026-04-06 07:53:00 [Info] [5048] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 07:53:00 [Info] [5048] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 07:53:00 [Info] [5048] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 07:53:00 [Info] [5048] log fd cnt is [250], real fd cnt is [282] 2026-04-06 07:53:00 [Info] [5048] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 07:53:01 [Info] [5048] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-06 07:53:01 [Info] [5048] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-06 07:53:01 [Info] [5048] log memory size is 20480KB, real memory size is 14784KB 2026-04-06 07:53:02 [Info] [5048] item: --windows-vul-clean 2026-04-06 07:53:02 [Info] [5048] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-06 07:53:02 [Info] [5048] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-06 07:53:02 [Info] [5048] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 07:53:02 [Info] [5048] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 07:53:02 [Info] [5048] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-04-06 07:53:02 [Info] [5048] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-04-06 07:53:02 [Info] [5048] Prepare stage1: --windows-vul-clean 2026-04-06 07:53:02 [Info] [5048] Prepare stage2 2026-04-06 07:53:03 [Info] [5048] stage3: --windows-vul-clean 2026-04-06 07:53:03 [Info] [5048] Loader after check 2026-04-06 07:53:04 [Info] [5048] Enter reuse wait state. 2026-04-06 07:53:07 [Info] [5048] recvmsg: EXIT 2026-04-06 07:53:07 [Info] [5048] Recv Exit Msg, Exit... 2026-04-06 09:05:41 [Info] [2488] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-06 09:05:41 [Info] [2488] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap259051775437541 2026-04-06 09:05:41 [Info] [2488] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-06 09:05:41 [Info] [2488] Resource monitor start 2026-04-06 09:05:41 [Info] [2488] ipc client init success 2026-04-06 09:05:41 [Info] [2488] Ipc init: 0 2026-04-06 09:05:41 [Info] [2488] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-06 09:05:41 [Info] [2488] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-06 09:05:41 [Info] [2488] start ipc thread id[3476] 2026-04-06 09:05:41 [Info] [2488] Connect Yundun ipc server return state is 0 2026-04-06 09:05:41 [Info] [2488] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-06 09:05:41 [Info] [2488] CResourceMonitor::run Enter 2026-04-06 09:05:41 [Info] [2488] CIpcMsgHandlerMgr::run Enter 2026-04-06 09:05:41 [Info] [2488] Report thread 2026-04-06 09:05:41 [Info] [2488] Monitor thread 2026-04-06 09:05:41 [Info] [2488] Loader thread 2026-04-06 09:05:41 [Info] [2488] PythonEngineImpl Init... 2026-04-06 09:05:41 [Info] [2488] yundun connected 2026-04-06 09:05:42 [Info] [2488] recvmsg: HELLO 2026-04-06 09:05:42 [Info] [2488] recvmsg: WORK 2026-04-06 09:05:42 [Info] [2488] no use encode, return to old mode 2026-04-06 09:05:42 [Info] [2488] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 09:05:42 [Info] [2488] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 09:05:42 [Info] [2488] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 09:05:42 [Info] [2488] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 09:05:42 [Info] [2488] log fd cnt is [250], real fd cnt is [282] 2026-04-06 09:05:42 [Info] [2488] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-06 09:05:42 [Info] [2488] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-06 09:05:43 [Info] [2488] log memory size is 20480KB, real memory size is 14836KB 2026-04-06 09:05:43 [Info] [2488] item: --windows-process-check 2026-04-06 09:05:43 [Info] [2488] cgroup name aegisRtap0 2026-04-06 09:05:43 [Info] [2488] try get sys version 2026-04-06 09:05:43 [Info] [2488] win sys info:2/10:0:3 2026-04-06 09:05:43 [Info] [2488] suit legal version, enable cpu control 2026-04-06 09:05:43 [Info] [2488] get AssignProcessToJobObject handle [00000478] 2026-04-06 09:05:43 [Info] [2488] Set setJobExtended. 2026-04-06 09:05:43 [Info] [2488] Set cpu [9%] 2026-04-06 09:05:43 [Info] [2488] Set cpu success 2026-04-06 09:05:43 [Info] [2488] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-06 09:05:43 [Info] [2488] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-06 09:05:43 [Info] [2488] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 09:05:43 [Info] [2488] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 09:05:44 [Info] [2488] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-04-06 09:05:44 [Info] [2488] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-04-06 09:05:44 [Info] [2488] Prepare stage1: --windows-process-check 2026-04-06 09:05:44 [Info] [2488] Prepare stage2 2026-04-06 09:05:47 [Info] [2488] log memory size is 30720KB, real memory size is 20684KB 2026-04-06 09:06:06 [Info] [2488] stage3: --windows-process-check 2026-04-06 09:06:06 [Info] [2488] Loader after check 2026-04-06 09:06:07 [Info] [2488] Enter reuse wait state. 2026-04-06 09:06:09 [Info] [2488] recvmsg: EXIT 2026-04-06 09:06:09 [Info] [2488] Recv Exit Msg, Exit... 2026-04-06 09:51:37 [Info] [5024] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-06 09:51:37 [Info] [5024] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap20231775440262 2026-04-06 09:51:37 [Info] [5024] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-06 09:51:37 [Info] [5024] Resource monitor start 2026-04-06 09:51:37 [Info] [5024] ipc client init success 2026-04-06 09:51:37 [Info] [5024] Ipc init: 0 2026-04-06 09:51:37 [Info] [5024] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-06 09:51:37 [Info] [5024] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-06 09:51:37 [Info] [5024] start ipc thread id[4688] 2026-04-06 09:51:37 [Info] [5024] Connect Yundun ipc server return state is 0 2026-04-06 09:51:37 [Info] [5024] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-06 09:51:38 [Info] [5024] CResourceMonitor::run Enter 2026-04-06 09:51:38 [Info] [5024] CIpcMsgHandlerMgr::run Enter 2026-04-06 09:51:38 [Info] [5024] yundun connected 2026-04-06 09:51:38 [Info] [5024] Report thread 2026-04-06 09:51:38 [Info] [5024] Monitor thread 2026-04-06 09:51:38 [Info] [5024] Loader thread 2026-04-06 09:51:38 [Info] [5024] PythonEngineImpl Init... 2026-04-06 09:51:38 [Info] [5024] recvmsg: HELLO 2026-04-06 09:51:39 [Info] [5024] recvmsg: WORK 2026-04-06 09:51:39 [Info] [5024] no use encode, return to old mode 2026-04-06 09:51:39 [Info] [5024] log fd cnt is [250], real fd cnt is [263] 2026-04-06 09:51:39 [Info] [5024] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 09:51:39 [Info] [5024] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 09:51:39 [Info] [5024] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 09:51:40 [Info] [5024] log memory size is 20480KB, real memory size is 13640KB 2026-04-06 09:51:41 [Info] [5024] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 09:51:41 [Info] [5024] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-06 09:51:41 [Info] [5024] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-06 09:51:44 [Info] [5024] item: --windows-sysinfoext-check 2026-04-06 09:51:44 [Info] [5024] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-06 09:51:44 [Info] [5024] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-06 09:51:44 [Info] [5024] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 09:51:45 [Info] [5024] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 09:51:45 [Info] [5024] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-06 09:51:45 [Info] [5024] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-06 09:51:46 [Info] [5024] Prepare stage1: --windows-sysinfoext-check 2026-04-06 09:51:46 [Info] [5024] Prepare stage2 2026-04-06 09:51:55 [Info] [5024] log memory size is 30720KB, real memory size is 21044KB 2026-04-06 09:51:59 [Info] [5024] stage3: --windows-sysinfoext-check 2026-04-06 09:51:59 [Info] [5024] Loader after check 2026-04-06 09:52:00 [Info] [5024] Enter reuse wait state. 2026-04-06 09:52:04 [Info] [5024] recvmsg: EXIT 2026-04-06 09:52:04 [Info] [5024] Recv Exit Msg, Exit... 2026-04-06 10:32:57 [Info] [2508] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-06 10:32:57 [Info] [2508] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap102351775442777 2026-04-06 10:32:57 [Info] [2508] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-06 10:32:57 [Info] [2508] Resource monitor start 2026-04-06 10:32:57 [Info] [2508] ipc client init success 2026-04-06 10:32:57 [Info] [2508] Ipc init: 0 2026-04-06 10:32:57 [Info] [2508] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-06 10:32:57 [Info] [2508] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-06 10:32:57 [Info] [2508] start ipc thread id[4976] 2026-04-06 10:32:57 [Info] [2508] Connect Yundun ipc server return state is 0 2026-04-06 10:32:57 [Info] [2508] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-06 10:32:57 [Info] [2508] CResourceMonitor::run Enter 2026-04-06 10:32:57 [Info] [2508] CIpcMsgHandlerMgr::run Enter 2026-04-06 10:32:57 [Info] [2508] Report thread 2026-04-06 10:32:57 [Info] [2508] Monitor thread 2026-04-06 10:32:57 [Info] [2508] Loader thread 2026-04-06 10:32:57 [Info] [2508] PythonEngineImpl Init... 2026-04-06 10:32:57 [Info] [2508] yundun connected 2026-04-06 10:32:58 [Info] [2508] recvmsg: HELLO 2026-04-06 10:32:58 [Info] [2508] recvmsg: WORK 2026-04-06 10:32:58 [Info] [2508] no use encode, return to old mode 2026-04-06 10:32:58 [Info] [2508] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 10:32:58 [Info] [2508] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 10:32:58 [Info] [2508] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 10:32:58 [Info] [2508] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 10:32:58 [Info] [2508] log fd cnt is [250], real fd cnt is [282] 2026-04-06 10:32:59 [Info] [2508] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-06 10:32:59 [Info] [2508] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-06 10:32:59 [Info] [2508] log memory size is 20480KB, real memory size is 14636KB 2026-04-06 10:33:00 [Info] [2508] item: --windows-schedule-task-check 2026-04-06 10:33:00 [Info] [2508] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-06 10:33:00 [Info] [2508] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-06 10:33:00 [Info] [2508] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 10:33:01 [Info] [2508] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 10:33:01 [Info] [2508] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-04-06 10:33:01 [Info] [2508] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-04-06 10:33:01 [Info] [2508] Prepare stage1: --windows-schedule-task-check 2026-04-06 10:33:01 [Info] [2508] Prepare stage2 2026-04-06 10:33:04 [Info] [2508] log memory size is 30720KB, real memory size is 23556KB 2026-04-06 10:33:06 [Info] [3092] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-06 10:33:06 [Info] [3092] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap102651775442786 2026-04-06 10:33:06 [Info] [3092] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-06 10:33:06 [Info] [3092] Resource monitor start 2026-04-06 10:33:06 [Info] [3092] ipc client init success 2026-04-06 10:33:06 [Info] [3092] Ipc init: 0 2026-04-06 10:33:06 [Info] [3092] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-06 10:33:06 [Info] [3092] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-06 10:33:06 [Info] [3092] start ipc thread id[4808] 2026-04-06 10:33:06 [Info] [3092] Connect Yundun ipc server return state is 0 2026-04-06 10:33:06 [Info] [3092] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-06 10:33:07 [Info] [3092] CResourceMonitor::run Enter 2026-04-06 10:33:07 [Info] [3092] CIpcMsgHandlerMgr::run Enter 2026-04-06 10:33:07 [Info] [3092] yundun connected 2026-04-06 10:33:07 [Info] [3092] Report thread 2026-04-06 10:33:07 [Info] [3092] Monitor thread 2026-04-06 10:33:07 [Info] [3092] Loader thread 2026-04-06 10:33:07 [Info] [3092] PythonEngineImpl Init... 2026-04-06 10:33:07 [Info] [3092] recvmsg: HELLO 2026-04-06 10:33:07 [Info] [3092] recvmsg: WORK 2026-04-06 10:33:07 [Info] [3092] no use encode, return to old mode 2026-04-06 10:33:08 [Info] [3092] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 10:33:08 [Info] [3092] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 10:33:08 [Info] [3092] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 10:33:08 [Info] [3092] log fd cnt is [250], real fd cnt is [264] 2026-04-06 10:33:09 [Info] [3092] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 10:33:09 [Info] [3092] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-06 10:33:09 [Info] [3092] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-06 10:33:09 [Info] [3092] log memory size is 20480KB, real memory size is 14608KB 2026-04-06 10:33:11 [Info] [3092] item: --windows-driver-version-check 2026-04-06 10:33:11 [Info] [3092] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-06 10:33:11 [Info] [3092] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-06 10:33:11 [Info] [3092] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 10:33:11 [Info] [3092] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 10:33:11 [Info] [3092] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-04-06 10:33:11 [Info] [3092] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-04-06 10:33:11 [Info] [3092] Prepare stage1: --windows-driver-version-check 2026-04-06 10:33:11 [Info] [3092] Prepare stage2 2026-04-06 10:33:11 [Info] [3092] stage3: --windows-driver-version-check 2026-04-06 10:33:11 [Info] [3092] Loader after check 2026-04-06 10:33:13 [Info] [3092] Enter reuse wait state. 2026-04-06 10:33:18 [Info] [3092] recvmsg: EXIT 2026-04-06 10:33:18 [Info] [3092] Recv Exit Msg, Exit... 2026-04-06 10:33:42 [Info] [2508] stage3: --windows-schedule-task-check 2026-04-06 10:33:42 [Info] [2508] Loader after check 2026-04-06 10:33:43 [Info] [2508] Enter reuse wait state. 2026-04-06 10:33:45 [Info] [2508] recvmsg: EXIT 2026-04-06 10:33:45 [Info] [2508] Recv Exit Msg, Exit... 2026-04-06 10:46:03 [Info] [2092] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-06 10:46:03 [Info] [2092] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap128021775443563 2026-04-06 10:46:03 [Info] [2092] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-06 10:46:03 [Info] [2092] Resource monitor start 2026-04-06 10:46:03 [Info] [2092] ipc client init success 2026-04-06 10:46:03 [Info] [2092] Ipc init: 0 2026-04-06 10:46:03 [Info] [2092] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-06 10:46:03 [Info] [2092] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-06 10:46:03 [Info] [2092] start ipc thread id[5040] 2026-04-06 10:46:03 [Info] [2092] Connect Yundun ipc server return state is 0 2026-04-06 10:46:03 [Info] [2092] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-06 10:46:03 [Info] [2092] CResourceMonitor::run Enter 2026-04-06 10:46:03 [Info] [2092] CIpcMsgHandlerMgr::run Enter 2026-04-06 10:46:03 [Info] [2092] Report thread 2026-04-06 10:46:03 [Info] [2092] Monitor thread 2026-04-06 10:46:03 [Info] [2092] Loader thread 2026-04-06 10:46:03 [Info] [2092] PythonEngineImpl Init... 2026-04-06 10:46:03 [Info] [2092] yundun connected 2026-04-06 10:46:03 [Info] [2092] recvmsg: HELLO 2026-04-06 10:46:03 [Info] [2092] recvmsg: WORK 2026-04-06 10:46:03 [Info] [2092] no use encode, return to old mode 2026-04-06 10:46:03 [Info] [2092] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 10:46:03 [Info] [2092] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 10:46:03 [Info] [2092] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 10:46:04 [Info] [2092] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 10:46:04 [Info] [2092] log fd cnt is [250], real fd cnt is [286] 2026-04-06 10:46:04 [Info] [2092] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-06 10:46:04 [Info] [2092] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-06 10:46:05 [Info] [2092] log memory size is 20480KB, real memory size is 14828KB 2026-04-06 10:46:05 [Info] [2092] item: --windows-registry-check 2026-04-06 10:46:05 [Info] [2092] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-06 10:46:05 [Info] [2092] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-06 10:46:05 [Info] [2092] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 10:46:05 [Info] [2092] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 10:46:05 [Info] [2092] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-04-06 10:46:05 [Info] [2092] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-04-06 10:46:05 [Info] [2092] Prepare stage1: --windows-registry-check 2026-04-06 10:46:05 [Info] [2092] Prepare stage2 2026-04-06 10:46:25 [Info] [2092] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-06 10:46:34 [Info] [2092] stage3: --windows-registry-check 2026-04-06 10:46:34 [Info] [2092] Loader after check 2026-04-06 10:46:35 [Info] [2092] Enter reuse wait state. 2026-04-06 10:46:38 [Info] [2092] recvmsg: EXIT 2026-04-06 10:46:38 [Info] [2092] Recv Exit Msg, Exit... 2026-04-06 11:01:51 [Info] [3044] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-06 11:01:51 [Info] [3044] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap158981775444511 2026-04-06 11:01:51 [Info] [3044] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-06 11:01:51 [Info] [3044] Resource monitor start 2026-04-06 11:01:51 [Info] [3044] ipc client init success 2026-04-06 11:01:51 [Info] [3044] Ipc init: 0 2026-04-06 11:01:51 [Info] [3044] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-06 11:01:51 [Info] [3044] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-06 11:01:51 [Info] [3044] start ipc thread id[2376] 2026-04-06 11:01:51 [Info] [3044] Connect Yundun ipc server return state is 0 2026-04-06 11:01:51 [Info] [3044] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-06 11:01:51 [Info] [3044] CResourceMonitor::run Enter 2026-04-06 11:01:51 [Info] [3044] CIpcMsgHandlerMgr::run Enter 2026-04-06 11:01:51 [Info] [3044] Report thread 2026-04-06 11:01:51 [Info] [3044] Monitor thread 2026-04-06 11:01:51 [Info] [3044] Loader thread 2026-04-06 11:01:51 [Info] [3044] PythonEngineImpl Init... 2026-04-06 11:01:51 [Info] [3044] yundun connected 2026-04-06 11:01:52 [Info] [3044] recvmsg: HELLO 2026-04-06 11:01:52 [Info] [3044] recvmsg: WORK 2026-04-06 11:01:52 [Info] [3044] no use encode, return to old mode 2026-04-06 11:01:52 [Info] [3044] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 11:01:52 [Info] [3044] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 11:01:52 [Info] [3044] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 11:01:52 [Info] [3044] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 11:01:52 [Info] [3044] log fd cnt is [250], real fd cnt is [282] 2026-04-06 11:01:52 [Info] [3044] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-06 11:01:52 [Info] [3044] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-06 11:01:53 [Info] [3044] log memory size is 20480KB, real memory size is 14836KB 2026-04-06 11:01:53 [Info] [3044] item: --tcp-connect-check 2026-04-06 11:01:53 [Info] [3044] cgroup name aegisRtap0 2026-04-06 11:01:53 [Info] [3044] try get sys version 2026-04-06 11:01:53 [Info] [3044] win sys info:2/10:0:3 2026-04-06 11:01:53 [Info] [3044] suit legal version, enable cpu control 2026-04-06 11:01:53 [Info] [3044] get AssignProcessToJobObject handle [00000478] 2026-04-06 11:01:53 [Info] [3044] Set setJobExtended. 2026-04-06 11:01:53 [Info] [3044] Set cpu [9%] 2026-04-06 11:01:53 [Info] [3044] Set cpu success 2026-04-06 11:01:53 [Info] [3044] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-06 11:01:53 [Info] [3044] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-06 11:01:53 [Info] [3044] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 11:01:54 [Info] [3044] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 11:01:54 [Info] [3044] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-04-06 11:01:54 [Info] [3044] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-04-06 11:01:54 [Info] [3044] Prepare stage1: --tcp-connect-check 2026-04-06 11:01:54 [Info] [3044] Prepare stage2 2026-04-06 11:01:57 [Info] [3044] stage3: --tcp-connect-check 2026-04-06 11:01:57 [Info] [3044] Loader after check 2026-04-06 11:01:58 [Info] [3044] Enter reuse wait state. 2026-04-06 11:02:03 [Info] [3044] recvmsg: EXIT 2026-04-06 11:02:03 [Info] [3044] Recv Exit Msg, Exit... 2026-04-06 11:16:31 [Info] [2132] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-06 11:16:31 [Info] [2132] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap187721775445391 2026-04-06 11:16:31 [Info] [2132] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-06 11:16:31 [Info] [2132] Resource monitor start 2026-04-06 11:16:31 [Info] [2132] ipc client init success 2026-04-06 11:16:31 [Info] [2132] Ipc init: 0 2026-04-06 11:16:31 [Info] [2132] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-06 11:16:31 [Info] [2132] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-06 11:16:31 [Info] [2132] start ipc thread id[4336] 2026-04-06 11:16:31 [Info] [2132] Connect Yundun ipc server return state is 0 2026-04-06 11:16:31 [Info] [2132] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-06 11:16:31 [Info] [2132] CResourceMonitor::run Enter 2026-04-06 11:16:31 [Info] [2132] CIpcMsgHandlerMgr::run Enter 2026-04-06 11:16:31 [Info] [2132] Report thread 2026-04-06 11:16:31 [Info] [2132] Monitor thread 2026-04-06 11:16:31 [Info] [2132] Loader thread 2026-04-06 11:16:31 [Info] [2132] PythonEngineImpl Init... 2026-04-06 11:16:31 [Info] [2132] yundun connected 2026-04-06 11:16:32 [Info] [2132] recvmsg: HELLO 2026-04-06 11:16:32 [Info] [2132] recvmsg: WORK 2026-04-06 11:16:32 [Info] [2132] no use encode, return to old mode 2026-04-06 11:16:32 [Info] [2132] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 11:16:32 [Info] [2132] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 11:16:32 [Info] [2132] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 11:16:32 [Info] [2132] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 11:16:32 [Info] [2132] log fd cnt is [250], real fd cnt is [286] 2026-04-06 11:16:32 [Info] [2132] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-06 11:16:32 [Info] [2132] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-06 11:16:33 [Info] [2132] log memory size is 20480KB, real memory size is 14760KB 2026-04-06 11:16:33 [Info] [2132] item: --windows-autorun-item-check 2026-04-06 11:16:33 [Info] [2132] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-06 11:16:33 [Info] [2132] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-06 11:16:33 [Info] [2132] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 11:16:34 [Info] [2132] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 11:16:34 [Info] [2132] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-04-06 11:16:34 [Info] [2132] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-04-06 11:16:34 [Info] [2132] Prepare stage1: --windows-autorun-item-check 2026-04-06 11:16:34 [Info] [2132] Prepare stage2 2026-04-06 11:16:34 [Warn] [2132] high cpu, cpu is 11 2026-04-06 11:16:34 [Info] [2132] try get sys version 2026-04-06 11:16:34 [Info] [2132] win sys info:2/10:0:3 2026-04-06 11:16:34 [Info] [2132] suit legal version, enable cpu control 2026-04-06 11:16:34 [Warn] [2132] High CPU Warning: 11 2026-04-06 11:16:34 [Warn] [2132] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:__init__.py line: 950 in func: _open File:__init__.py line: 920 in func: __init__ File:__init__.py line: 1554 in func: basicConfig File:windows-autorun-item-check.py line: 529 in func: set_log_path File:windows-autorun-item-check.py line: 533 in func: start 2026-04-06 11:16:37 [Info] [2132] log memory size is 30720KB, real memory size is 22612KB 2026-04-06 11:16:44 [Info] [2132] stage3: --windows-autorun-item-check 2026-04-06 11:16:44 [Info] [2132] Loader after check 2026-04-06 11:16:45 [Info] [2132] Enter reuse wait state. 2026-04-06 11:16:47 [Info] [2132] recvmsg: EXIT 2026-04-06 11:16:47 [Info] [2132] Recv Exit Msg, Exit... 2026-04-06 15:21:18 [Info] [4524] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-06 15:21:18 [Info] [4524] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap10601775460036 2026-04-06 15:21:18 [Info] [4524] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-06 15:21:18 [Info] [4524] Resource monitor start 2026-04-06 15:21:18 [Info] [4524] ipc client init success 2026-04-06 15:21:18 [Info] [4524] Ipc init: 0 2026-04-06 15:21:18 [Info] [4524] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-06 15:21:18 [Info] [4524] CResourceMonitor::run Enter 2026-04-06 15:21:18 [Info] [4524] CIpcMsgHandlerMgr::run Enter 2026-04-06 15:21:18 [Info] [4524] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-06 15:21:18 [Info] [4524] start ipc thread id[3724] 2026-04-06 15:21:18 [Info] [4524] Connect Yundun ipc server return state is 0 2026-04-06 15:21:19 [Info] [4524] log fd cnt is [250], real fd cnt is [233] 2026-04-06 15:21:19 [Info] [4524] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-06 15:21:19 [Info] [4524] yundun connected 2026-04-06 15:21:19 [Info] [4524] Report thread 2026-04-06 15:21:19 [Info] [4524] Monitor thread 2026-04-06 15:21:19 [Info] [4524] Loader thread 2026-04-06 15:21:19 [Info] [4524] PythonEngineImpl Init... 2026-04-06 15:21:19 [Info] [4524] recvmsg: HELLO 2026-04-06 15:21:19 [Info] [4524] recvmsg: WORK 2026-04-06 15:21:19 [Info] [4524] no use encode, return to old mode 2026-04-06 15:21:19 [Info] [4524] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 15:21:19 [Info] [4524] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 15:21:19 [Info] [4524] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 15:21:20 [Info] [4524] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 15:21:20 [Info] [4524] log memory size is 20480KB, real memory size is 14568KB 2026-04-06 15:21:20 [Info] [4524] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-06 15:21:20 [Info] [4524] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-06 15:21:21 [Info] [4524] item: --windows-sysinfoext-check 2026-04-06 15:21:21 [Info] [4524] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-06 15:21:21 [Info] [4524] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-06 15:21:21 [Info] [4524] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 15:21:21 [Info] [4524] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 15:21:22 [Info] [4524] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-06 15:21:22 [Info] [4524] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-06 15:21:22 [Info] [4524] Prepare stage1: --windows-sysinfoext-check 2026-04-06 15:21:22 [Info] [4524] Prepare stage2 2026-04-06 15:21:23 [Warn] [4524] high cpu, cpu is 20 2026-04-06 15:21:23 [Info] [4524] try get sys version 2026-04-06 15:21:23 [Info] [4524] win sys info:2/10:0:3 2026-04-06 15:21:23 [Info] [4524] suit legal version, enable cpu control 2026-04-06 15:21:23 [Warn] [4524] High CPU Warning: 20 2026-04-06 15:21:23 [Warn] [4524] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:<string> line: 12 in func: __init__ File:wmi.py line: 1145 in func: __getattr__ File:wmi.py line: 783 in func: __init__ File:wmi.py line: 1156 in func: _cached_classes File:wmi.py line: 1145 in func: __getattr__ File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-04-06 15:21:24 [Info] [4524] log memory size is 30720KB, real memory size is 23096KB 2026-04-06 15:21:26 [Info] [4524] stage3: --windows-sysinfoext-check 2026-04-06 15:21:26 [Info] [4524] Loader after check 2026-04-06 15:21:27 [Info] [4524] Enter reuse wait state. 2026-04-06 15:21:30 [Info] [4524] recvmsg: EXIT 2026-04-06 15:21:30 [Info] [4524] Recv Exit Msg, Exit... 2026-04-06 19:18:18 [Info] [2092] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-06 19:18:18 [Info] [2092] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap148661775474298 2026-04-06 19:18:18 [Info] [2092] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-06 19:18:18 [Info] [2092] Resource monitor start 2026-04-06 19:18:18 [Info] [2092] ipc client init success 2026-04-06 19:18:18 [Info] [2092] Ipc init: 0 2026-04-06 19:18:18 [Info] [2092] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-06 19:18:18 [Info] [2092] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-06 19:18:18 [Info] [2092] start ipc thread id[1980] 2026-04-06 19:18:18 [Info] [2092] Connect Yundun ipc server return state is 0 2026-04-06 19:18:18 [Info] [2092] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-06 19:18:18 [Info] [2092] CResourceMonitor::run Enter 2026-04-06 19:18:18 [Info] [2092] CIpcMsgHandlerMgr::run Enter 2026-04-06 19:18:18 [Info] [2092] Report thread 2026-04-06 19:18:18 [Info] [2092] Monitor thread 2026-04-06 19:18:18 [Info] [2092] Loader thread 2026-04-06 19:18:18 [Info] [2092] PythonEngineImpl Init... 2026-04-06 19:18:18 [Info] [2092] yundun connected 2026-04-06 19:18:18 [Info] [2092] recvmsg: HELLO 2026-04-06 19:18:18 [Info] [2092] recvmsg: WORK 2026-04-06 19:18:18 [Info] [2092] no use encode, return to old mode 2026-04-06 19:18:19 [Info] [2092] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 19:18:19 [Info] [2092] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 19:18:19 [Info] [2092] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 19:18:19 [Info] [2092] log fd cnt is [250], real fd cnt is [264] 2026-04-06 19:18:19 [Info] [2092] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 19:18:19 [Info] [2092] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-06 19:18:19 [Info] [2092] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-06 19:18:20 [Info] [2092] log memory size is 20480KB, real memory size is 14808KB 2026-04-06 19:18:21 [Info] [2092] item: --secnet_rasp_agent 2026-04-06 19:18:21 [Info] [2092] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-06 19:18:21 [Info] [2092] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-06 19:18:21 [Info] [2092] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-04-06 19:18:21 [Info] [2092] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-06 19:18:21 [Info] [2092] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-04-06 19:18:21 [Info] [2092] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-04-06 19:18:21 [Info] [2092] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-04-06 19:18:21 [Info] [2092] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-04-06 19:18:21 [Info] [2092] Download redirect files success. 2026-04-06 19:18:21 [Info] [2092] Prepare stage1: --secnet_rasp_agent 2026-04-06 19:18:21 [Info] [2092] Prepare stage2 2026-04-06 19:18:25 [Info] [2092] log memory size is 30720KB, real memory size is 21012KB 2026-04-06 19:18:31 [Info] [2092] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-06 19:18:35 [Info] [2092] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-06 19:18:35 [Info] [2092] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-06 19:18:35 [Info] [2092] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 19:18:35 [Info] [2092] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 19:18:35 [Info] [2092] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-04-06 19:18:35 [Info] [2092] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-06 19:18:35 [Info] [2092] stage3: --secnet_rasp_agent 2026-04-06 19:18:35 [Info] [2092] Loader after check 2026-04-06 19:18:36 [Info] [2092] Enter reuse wait state. 2026-04-06 19:18:42 [Info] [2092] recvmsg: EXIT 2026-04-06 19:18:42 [Info] [2092] Recv Exit Msg, Exit... 2026-04-06 20:48:01 [Info] [2440] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-06 20:48:01 [Info] [2440] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap324351775479678 2026-04-06 20:48:01 [Info] [2440] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-06 20:48:01 [Info] [2440] Resource monitor start 2026-04-06 20:48:01 [Info] [2440] ipc client init success 2026-04-06 20:48:01 [Info] [2440] Ipc init: 0 2026-04-06 20:48:01 [Info] [2440] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-06 20:48:01 [Info] [2440] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-06 20:48:01 [Info] [2440] start ipc thread id[1912] 2026-04-06 20:48:01 [Info] [2440] Connect Yundun ipc server return state is 0 2026-04-06 20:48:01 [Info] [2440] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-06 20:48:08 [Info] [2440] CIpcMsgHandlerMgr::run Enter 2026-04-06 20:48:08 [Info] [2440] CResourceMonitor::run Enter 2026-04-06 20:48:09 [Info] [2440] log fd cnt is [250], real fd cnt is [242] 2026-04-06 20:48:10 [Info] [2440] Loader thread 2026-04-06 20:48:10 [Info] [2440] PythonEngineImpl Init... 2026-04-06 20:48:10 [Info] [2440] Monitor thread 2026-04-06 20:48:10 [Info] [2440] Report thread 2026-04-06 20:48:10 [Info] [2440] yundun connected 2026-04-06 20:48:10 [Info] [2440] recvmsg: HELLO 2026-04-06 20:48:10 [Info] [2440] recvmsg: WORK 2026-04-06 20:48:10 [Info] [2440] no use encode, return to old mode 2026-04-06 20:48:10 [Info] [2440] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 20:48:10 [Info] [2440] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-06 20:48:10 [Info] [2440] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 20:48:14 [Info] [2440] log memory size is 20480KB, real memory size is 13144KB 2026-04-06 20:48:32 [Warn] [2440] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-06 20:48:42 [Warn] [2440] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-06 20:48:52 [Warn] [2440] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-06 20:48:52 [Info] [2440] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 20:48:53 [Info] [2440] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-06 20:48:53 [Info] [2440] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-06 20:48:53 [Info] [2440] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-06 20:48:54 [Info] [2440] item: --windows-sysinfoext-check 2026-04-06 20:48:54 [Info] [2440] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-06 20:48:54 [Info] [2440] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-06 20:48:54 [Info] [2440] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-06 20:48:54 [Info] [2440] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-06 20:48:54 [Info] [2440] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-06 20:48:54 [Info] [2440] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-06 20:48:54 [Info] [2440] Prepare stage1: --windows-sysinfoext-check 2026-04-06 20:48:54 [Info] [2440] Prepare stage2 2026-04-06 20:48:55 [Warn] [2440] high cpu, cpu is 18 2026-04-06 20:48:55 [Info] [2440] try get sys version 2026-04-06 20:48:55 [Info] [2440] win sys info:2/10:0:3 2026-04-06 20:48:55 [Info] [2440] suit legal version, enable cpu control 2026-04-06 20:48:55 [Warn] [2440] High CPU Warning: 18 2026-04-06 20:48:55 [Warn] [2440] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:util.py line: 84 in func: next File:wmi.py line: 491 in func: __init__ File:wmi.py line: 1009 in func: query File:wmi.py line: 817 in func: query File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-04-06 20:48:57 [Info] [2440] stage3: --windows-sysinfoext-check 2026-04-06 20:48:57 [Info] [2440] Loader after check 2026-04-06 20:48:57 [Warn] [2440] high cpu, cpu is 17 2026-04-06 20:48:57 [Warn] [2440] High CPU Warning: 17 2026-04-06 20:48:58 [Info] [2440] Enter reuse wait state. 2026-04-06 20:48:58 [Info] [2440] log memory size is 30720KB, real memory size is 23432KB 2026-04-06 20:49:00 [Info] [2440] recvmsg: EXIT 2026-04-06 20:49:00 [Info] [2440] Recv Exit Msg, Exit... 2026-04-13 00:45:01 [Info] [3948] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-13 00:45:01 [Info] [3948] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap22331776012285 2026-04-13 00:45:01 [Info] [3948] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-13 00:45:01 [Info] [3948] Resource monitor start 2026-04-13 00:45:01 [Info] [3948] ipc client init success 2026-04-13 00:45:01 [Info] [3948] Ipc init: 0 2026-04-13 00:45:01 [Info] [3948] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-13 00:45:01 [Info] [3948] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-13 00:45:01 [Info] [3948] start ipc thread id[3580] 2026-04-13 00:45:01 [Info] [3948] Connect Yundun ipc server return state is 0 2026-04-13 00:45:01 [Info] [3948] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-13 00:45:01 [Info] [3948] CResourceMonitor::run Enter 2026-04-13 00:45:01 [Info] [3948] CIpcMsgHandlerMgr::run Enter 2026-04-13 00:45:01 [Info] [3948] Report thread 2026-04-13 00:45:01 [Info] [3948] Monitor thread 2026-04-13 00:45:01 [Info] [3948] Loader thread 2026-04-13 00:45:01 [Info] [3948] PythonEngineImpl Init... 2026-04-13 00:45:07 [Info] [3948] log fd cnt is [250], real fd cnt is [257] 2026-04-13 00:45:07 [Info] [3948] yundun connected 2026-04-13 00:45:07 [Info] [3948] recvmsg: HELLO 2026-04-13 00:45:07 [Info] [3948] recvmsg: WORK 2026-04-13 00:45:07 [Info] [3948] no use encode, return to old mode 2026-04-13 00:45:07 [Info] [3948] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 00:45:07 [Info] [3948] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 00:45:07 [Info] [3948] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 00:45:08 [Info] [3948] log memory size is 20480KB, real memory size is 13164KB 2026-04-13 00:45:36 [Warn] [3948] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-13 00:45:46 [Warn] [3948] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-13 00:45:56 [Warn] [3948] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-13 00:45:56 [Info] [3948] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 00:45:56 [Info] [3948] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-13 00:45:56 [Info] [3948] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-13 00:45:57 [Info] [3948] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-13 00:45:57 [Info] [3948] item: --windows-sysinfoext-check 2026-04-13 00:45:57 [Info] [3948] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-13 00:45:57 [Info] [3948] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-13 00:45:57 [Info] [3948] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 00:45:58 [Info] [3948] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 00:45:58 [Info] [3948] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-13 00:45:58 [Info] [3948] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-13 00:45:58 [Info] [3948] Prepare stage1: --windows-sysinfoext-check 2026-04-13 00:45:58 [Info] [3948] Prepare stage2 2026-04-13 00:46:00 [Info] [3948] stage3: --windows-sysinfoext-check 2026-04-13 00:46:00 [Info] [3948] Loader after check 2026-04-13 00:46:00 [Info] [3948] log memory size is 30720KB, real memory size is 23256KB 2026-04-13 00:46:01 [Info] [3948] Enter reuse wait state. 2026-04-13 00:46:05 [Info] [3948] recvmsg: EXIT 2026-04-13 00:46:05 [Info] [3948] Recv Exit Msg, Exit... 2026-04-13 01:41:38 [Info] [5028] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-13 01:41:38 [Info] [5028] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap133781776015698 2026-04-13 01:41:38 [Info] [5028] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-13 01:41:38 [Info] [5028] Resource monitor start 2026-04-13 01:41:38 [Info] [5028] ipc client init success 2026-04-13 01:41:38 [Info] [5028] Ipc init: 0 2026-04-13 01:41:38 [Info] [5028] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-13 01:41:38 [Info] [5028] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-13 01:41:38 [Info] [5028] start ipc thread id[4192] 2026-04-13 01:41:38 [Info] [5028] Connect Yundun ipc server return state is 0 2026-04-13 01:41:38 [Info] [5028] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-13 01:41:38 [Info] [5028] CResourceMonitor::run Enter 2026-04-13 01:41:38 [Info] [5028] CIpcMsgHandlerMgr::run Enter 2026-04-13 01:41:38 [Info] [5028] Report thread 2026-04-13 01:41:38 [Info] [5028] Monitor thread 2026-04-13 01:41:38 [Info] [5028] Loader thread 2026-04-13 01:41:38 [Info] [5028] PythonEngineImpl Init... 2026-04-13 01:41:38 [Info] [5028] yundun connected 2026-04-13 01:41:39 [Info] [5028] recvmsg: HELLO 2026-04-13 01:41:39 [Info] [5028] recvmsg: WORK 2026-04-13 01:41:39 [Info] [5028] no use encode, return to old mode 2026-04-13 01:41:39 [Info] [5028] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 01:41:39 [Info] [5028] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 01:41:39 [Info] [5028] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 01:41:39 [Info] [5028] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 01:41:39 [Info] [5028] log fd cnt is [250], real fd cnt is [286] 2026-04-13 01:41:39 [Info] [5028] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-13 01:41:39 [Info] [5028] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-13 01:41:40 [Info] [5028] log memory size is 20480KB, real memory size is 14772KB 2026-04-13 01:41:40 [Info] [5028] item: --sca 2026-04-13 01:41:40 [Info] [5028] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-13 01:41:40 [Info] [5028] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-13 01:41:41 [Info] [5028] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-04-13 01:41:41 [Info] [5028] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-04-13 01:41:41 [Info] [5028] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-04-13 01:41:41 [Info] [5028] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-04-13 01:41:41 [Info] [5028] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-04-13 01:41:41 [Info] [5028] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-04-13 01:41:41 [Info] [5028] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-04-13 01:41:41 [Info] [5028] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-04-13 01:41:41 [Info] [5028] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-04-13 01:41:41 [Info] [5028] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-04-13 01:41:41 [Info] [5028] Download redirect files success. 2026-04-13 01:41:41 [Info] [5028] Prepare stage1: --sca 2026-04-13 01:41:41 [Info] [5028] Prepare stage2 2026-04-13 01:41:43 [Warn] [5028] high cpu, cpu is 27 2026-04-13 01:41:43 [Info] [5028] try get sys version 2026-04-13 01:41:43 [Info] [5028] win sys info:2/10:0:3 2026-04-13 01:41:43 [Info] [5028] suit legal version, enable cpu control 2026-04-13 01:41:43 [Warn] [5028] High CPU Warning: 27 2026-04-13 01:41:44 [Warn] [5028] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-13 01:41:45 [Info] [5028] log memory size is 30720KB, real memory size is 32888KB 2026-04-13 01:41:49 [Info] [5028] log memory size is 40960KB, real memory size is 33164KB 2026-04-13 01:42:17 [Info] [5028] stage3: --sca 2026-04-13 01:42:17 [Info] [5028] Loader after check 2026-04-13 01:42:18 [Info] [5028] Enter reuse wait state. 2026-04-13 01:42:22 [Info] [5028] recvmsg: EXIT 2026-04-13 01:42:22 [Info] [5028] Recv Exit Msg, Exit... 2026-04-13 06:14:59 [Info] [4816] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-13 06:14:59 [Info] [4816] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap12671776032058 2026-04-13 06:14:59 [Info] [4816] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-13 06:15:11 [Info] [4816] Resource monitor start 2026-04-13 06:15:11 [Info] [4816] ipc client init success 2026-04-13 06:15:11 [Info] [4816] Ipc init: 0 2026-04-13 06:15:11 [Info] [4816] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-13 06:15:16 [Info] [4816] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-13 06:15:16 [Info] [4816] start ipc thread id[1624] 2026-04-13 06:15:16 [Info] [4816] Connect Yundun ipc server return state is 0 2026-04-13 06:15:18 [Info] [4816] CIpcMsgHandlerMgr::run Enter 2026-04-13 06:15:18 [Info] [4816] CResourceMonitor::run Enter 2026-04-13 06:15:18 [Info] [4816] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-13 06:15:19 [Info] [4816] log fd cnt is [250], real fd cnt is [242] 2026-04-13 06:15:20 [Info] [4816] Monitor thread 2026-04-13 06:15:20 [Info] [4816] Report thread 2026-04-13 06:15:20 [Info] [4816] yundun connected 2026-04-13 06:15:20 [Info] [4816] recvmsg: HELLO 2026-04-13 06:15:20 [Info] [4816] recvmsg: WORK 2026-04-13 06:15:20 [Info] [4816] no use encode, return to old mode 2026-04-13 06:15:23 [Info] [4816] Loader thread 2026-04-13 06:15:23 [Info] [4816] PythonEngineImpl Init... 2026-04-13 06:15:24 [Info] [4816] log memory size is 20480KB, real memory size is 10588KB 2026-04-13 06:15:25 [Info] [4816] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 06:15:25 [Info] [4816] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 06:15:25 [Info] [4816] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 06:15:26 [Info] [4816] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 06:15:26 [Info] [4816] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-13 06:15:26 [Info] [4816] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-13 06:15:28 [Info] [4816] item: --windows-sysinfoext-check 2026-04-13 06:15:28 [Info] [4816] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-13 06:15:28 [Info] [4816] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-13 06:15:28 [Info] [4816] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 06:15:28 [Info] [4816] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 06:15:28 [Info] [4816] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-13 06:15:28 [Info] [4816] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-13 06:15:28 [Info] [4816] Prepare stage1: --windows-sysinfoext-check 2026-04-13 06:15:28 [Info] [4816] Prepare stage2 2026-04-13 06:15:29 [Info] [4816] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-13 06:15:29 [Warn] [4816] high cpu, cpu is 18 2026-04-13 06:15:29 [Info] [4816] try get sys version 2026-04-13 06:15:29 [Info] [4816] win sys info:2/10:0:3 2026-04-13 06:15:29 [Info] [4816] suit legal version, enable cpu control 2026-04-13 06:15:29 [Warn] [4816] High CPU Warning: 18 2026-04-13 06:15:30 [Warn] [4816] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-13 06:15:31 [Info] [4816] stage3: --windows-sysinfoext-check 2026-04-13 06:15:31 [Info] [4816] Loader after check 2026-04-13 06:15:32 [Warn] [4816] high cpu, cpu is 13 2026-04-13 06:15:32 [Warn] [4816] High CPU Warning: 13 2026-04-13 06:15:32 [Info] [4816] Enter reuse wait state. 2026-04-13 06:15:33 [Info] [4816] log memory size is 30720KB, real memory size is 23400KB 2026-04-13 06:15:36 [Info] [4816] recvmsg: EXIT 2026-04-13 06:15:36 [Info] [4816] Recv Exit Msg, Exit... 2026-04-13 07:43:25 [Info] [3756] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-13 07:43:25 [Info] [3756] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap187281776037405 2026-04-13 07:43:25 [Info] [3756] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-13 07:43:25 [Info] [3756] Resource monitor start 2026-04-13 07:43:25 [Info] [3756] ipc client init success 2026-04-13 07:43:25 [Info] [3756] Ipc init: 0 2026-04-13 07:43:25 [Info] [3756] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-13 07:43:25 [Info] [3756] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-13 07:43:25 [Info] [3756] start ipc thread id[4692] 2026-04-13 07:43:25 [Info] [3756] Connect Yundun ipc server return state is 0 2026-04-13 07:43:25 [Info] [3756] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-13 07:43:25 [Info] [3756] CResourceMonitor::run Enter 2026-04-13 07:43:25 [Info] [3756] CIpcMsgHandlerMgr::run Enter 2026-04-13 07:43:25 [Info] [3756] Report thread 2026-04-13 07:43:25 [Info] [3756] Monitor thread 2026-04-13 07:43:25 [Info] [3756] Loader thread 2026-04-13 07:43:25 [Info] [3756] PythonEngineImpl Init... 2026-04-13 07:43:25 [Info] [3756] yundun connected 2026-04-13 07:43:25 [Info] [3756] recvmsg: HELLO 2026-04-13 07:43:25 [Info] [3756] recvmsg: WORK 2026-04-13 07:43:25 [Info] [3756] no use encode, return to old mode 2026-04-13 07:43:25 [Info] [3756] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 07:43:25 [Info] [3756] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 07:43:25 [Info] [3756] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 07:43:26 [Info] [3756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 07:43:26 [Info] [3756] log fd cnt is [250], real fd cnt is [282] 2026-04-13 07:43:26 [Info] [3756] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-13 07:43:26 [Info] [3756] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-13 07:43:27 [Info] [3756] log memory size is 20480KB, real memory size is 14808KB 2026-04-13 07:43:27 [Info] [3756] item: --windows-vul-clean 2026-04-13 07:43:27 [Info] [3756] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-13 07:43:27 [Info] [3756] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-13 07:43:27 [Info] [3756] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 07:43:27 [Info] [3756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 07:43:27 [Info] [3756] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-04-13 07:43:27 [Info] [3756] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-04-13 07:43:27 [Info] [3756] Prepare stage1: --windows-vul-clean 2026-04-13 07:43:27 [Info] [3756] Prepare stage2 2026-04-13 07:43:28 [Info] [3756] stage3: --windows-vul-clean 2026-04-13 07:43:28 [Info] [3756] Loader after check 2026-04-13 07:43:29 [Info] [3756] Enter reuse wait state. 2026-04-13 07:43:32 [Info] [3756] recvmsg: EXIT 2026-04-13 07:43:32 [Info] [3756] Recv Exit Msg, Exit... 2026-04-13 08:48:29 [Info] [1484] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-13 08:48:29 [Info] [1484] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap314771776041309 2026-04-13 08:48:29 [Info] [1484] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-13 08:48:29 [Info] [1484] Resource monitor start 2026-04-13 08:48:29 [Info] [1484] ipc client init success 2026-04-13 08:48:29 [Info] [1484] Ipc init: 0 2026-04-13 08:48:29 [Info] [1484] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-13 08:48:29 [Info] [1484] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-13 08:48:29 [Info] [1484] start ipc thread id[4212] 2026-04-13 08:48:29 [Info] [1484] Connect Yundun ipc server return state is 0 2026-04-13 08:48:29 [Info] [1484] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-13 08:48:29 [Info] [1484] CResourceMonitor::run Enter 2026-04-13 08:48:29 [Info] [1484] CIpcMsgHandlerMgr::run Enter 2026-04-13 08:48:29 [Info] [1484] yundun connected 2026-04-13 08:48:29 [Info] [1484] Report thread 2026-04-13 08:48:29 [Info] [1484] Monitor thread 2026-04-13 08:48:29 [Info] [1484] Loader thread 2026-04-13 08:48:29 [Info] [1484] PythonEngineImpl Init... 2026-04-13 08:48:31 [Info] [1484] recvmsg: HELLO 2026-04-13 08:48:31 [Info] [1484] log fd cnt is [250], real fd cnt is [263] 2026-04-13 08:48:31 [Info] [1484] recvmsg: WORK 2026-04-13 08:48:31 [Info] [1484] no use encode, return to old mode 2026-04-13 08:48:32 [Info] [1484] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 08:48:32 [Info] [1484] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 08:48:32 [Info] [1484] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 08:48:32 [Info] [1484] log memory size is 20480KB, real memory size is 13516KB 2026-04-13 08:48:33 [Info] [1484] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 08:48:33 [Info] [1484] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-13 08:48:33 [Info] [1484] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-13 08:48:35 [Info] [1484] item: --windows-process-check 2026-04-13 08:48:35 [Info] [1484] cgroup name aegisRtap0 2026-04-13 08:48:35 [Info] [1484] try get sys version 2026-04-13 08:48:35 [Info] [1484] win sys info:2/10:0:3 2026-04-13 08:48:35 [Info] [1484] suit legal version, enable cpu control 2026-04-13 08:48:35 [Info] [1484] get AssignProcessToJobObject handle [00000478] 2026-04-13 08:48:35 [Info] [1484] Set setJobExtended. 2026-04-13 08:48:35 [Info] [1484] Set cpu [9%] 2026-04-13 08:48:35 [Info] [1484] Set cpu success 2026-04-13 08:48:35 [Info] [1484] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-13 08:48:35 [Info] [1484] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-13 08:48:35 [Info] [1484] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 08:48:35 [Info] [1484] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 08:48:36 [Info] [1484] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-04-13 08:48:36 [Info] [1484] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-04-13 08:48:36 [Info] [1484] Prepare stage1: --windows-process-check 2026-04-13 08:48:36 [Info] [1484] Prepare stage2 2026-04-13 08:48:37 [Info] [1484] log memory size is 30720KB, real memory size is 20624KB 2026-04-13 08:48:55 [Info] [1484] stage3: --windows-process-check 2026-04-13 08:48:55 [Info] [1484] Loader after check 2026-04-13 08:48:55 [Info] [1484] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-13 08:48:56 [Info] [1484] Enter reuse wait state. 2026-04-13 08:48:57 [Info] [1484] recvmsg: EXIT 2026-04-13 08:48:57 [Info] [1484] Recv Exit Msg, Exit... 2026-04-13 10:23:56 [Info] [2736] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-13 10:23:56 [Info] [2736] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap174111776047036 2026-04-13 10:23:56 [Info] [2736] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-13 10:23:56 [Info] [2736] Resource monitor start 2026-04-13 10:23:56 [Info] [2736] ipc client init success 2026-04-13 10:23:56 [Info] [2736] Ipc init: 0 2026-04-13 10:23:56 [Info] [2736] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-13 10:23:56 [Info] [2736] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-13 10:23:56 [Info] [2736] start ipc thread id[868] 2026-04-13 10:23:56 [Info] [2736] Connect Yundun ipc server return state is 0 2026-04-13 10:23:56 [Info] [2736] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-13 10:23:56 [Info] [2736] CResourceMonitor::run Enter 2026-04-13 10:23:56 [Info] [2736] CIpcMsgHandlerMgr::run Enter 2026-04-13 10:23:56 [Info] [2736] Report thread 2026-04-13 10:23:56 [Info] [2736] Monitor thread 2026-04-13 10:23:56 [Info] [2736] Loader thread 2026-04-13 10:23:56 [Info] [2736] PythonEngineImpl Init... 2026-04-13 10:23:56 [Info] [2736] yundun connected 2026-04-13 10:23:57 [Info] [2736] recvmsg: HELLO 2026-04-13 10:23:57 [Info] [2736] recvmsg: WORK 2026-04-13 10:23:57 [Info] [2736] no use encode, return to old mode 2026-04-13 10:23:57 [Info] [2736] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 10:23:57 [Info] [2736] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 10:23:57 [Info] [2736] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 10:23:57 [Info] [2736] log fd cnt is [250], real fd cnt is [282] 2026-04-13 10:23:57 [Info] [2736] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 10:23:57 [Info] [2736] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-13 10:23:57 [Info] [2736] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-13 10:23:58 [Info] [2736] log memory size is 20480KB, real memory size is 14764KB 2026-04-13 10:23:58 [Info] [2736] item: --windows-schedule-task-check 2026-04-13 10:23:58 [Info] [2736] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-13 10:23:58 [Info] [2736] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-13 10:23:58 [Info] [2736] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 10:23:59 [Info] [2736] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 10:23:59 [Info] [2736] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-04-13 10:23:59 [Info] [2736] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-04-13 10:23:59 [Info] [2736] Prepare stage1: --windows-schedule-task-check 2026-04-13 10:23:59 [Info] [2736] Prepare stage2 2026-04-13 10:24:02 [Info] [2736] log memory size is 30720KB, real memory size is 23644KB 2026-04-13 10:24:30 [Info] [2736] stage3: --windows-schedule-task-check 2026-04-13 10:24:30 [Info] [2736] Loader after check 2026-04-13 10:24:31 [Info] [2736] Enter reuse wait state. 2026-04-13 10:24:33 [Info] [276] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-13 10:24:33 [Info] [276] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap175321776047073 2026-04-13 10:24:33 [Info] [276] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-13 10:24:33 [Info] [276] Resource monitor start 2026-04-13 10:24:33 [Info] [276] ipc client init success 2026-04-13 10:24:33 [Info] [276] Ipc init: 0 2026-04-13 10:24:33 [Info] [276] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-13 10:24:33 [Info] [276] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-13 10:24:33 [Info] [276] start ipc thread id[2028] 2026-04-13 10:24:33 [Info] [276] Connect Yundun ipc server return state is 0 2026-04-13 10:24:33 [Info] [276] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-13 10:24:33 [Info] [276] CResourceMonitor::run Enter 2026-04-13 10:24:33 [Info] [276] CIpcMsgHandlerMgr::run Enter 2026-04-13 10:24:33 [Info] [276] Report thread 2026-04-13 10:24:33 [Info] [276] Monitor thread 2026-04-13 10:24:33 [Info] [276] Loader thread 2026-04-13 10:24:33 [Info] [276] PythonEngineImpl Init... 2026-04-13 10:24:33 [Info] [276] yundun connected 2026-04-13 10:24:34 [Info] [276] recvmsg: HELLO 2026-04-13 10:24:34 [Info] [276] recvmsg: WORK 2026-04-13 10:24:34 [Info] [276] no use encode, return to old mode 2026-04-13 10:24:34 [Info] [276] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 10:24:34 [Info] [276] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 10:24:34 [Info] [276] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 10:24:34 [Info] [276] log fd cnt is [250], real fd cnt is [282] 2026-04-13 10:24:34 [Info] [276] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 10:24:35 [Info] [276] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-13 10:24:35 [Info] [276] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-13 10:24:35 [Info] [276] log memory size is 20480KB, real memory size is 14764KB 2026-04-13 10:24:36 [Info] [276] item: --windows-registry-check 2026-04-13 10:24:36 [Info] [276] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-13 10:24:36 [Info] [276] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-13 10:24:36 [Info] [276] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 10:24:36 [Info] [276] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 10:24:36 [Info] [276] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-04-13 10:24:36 [Info] [276] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-04-13 10:24:36 [Info] [276] Prepare stage1: --windows-registry-check 2026-04-13 10:24:36 [Info] [276] Prepare stage2 2026-04-13 10:24:37 [Info] [2736] recvmsg: EXIT 2026-04-13 10:24:37 [Info] [2736] Recv Exit Msg, Exit... 2026-04-13 10:24:54 [Info] [276] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-13 10:24:57 [Info] [4968] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-13 10:24:57 [Info] [4968] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap176101776047097 2026-04-13 10:24:57 [Info] [4968] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-13 10:24:57 [Info] [4968] Resource monitor start 2026-04-13 10:24:57 [Info] [4968] ipc client init success 2026-04-13 10:24:57 [Info] [4968] Ipc init: 0 2026-04-13 10:24:57 [Info] [4968] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-13 10:24:57 [Info] [4968] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-13 10:24:57 [Info] [4968] start ipc thread id[3700] 2026-04-13 10:24:57 [Info] [4968] Connect Yundun ipc server return state is 0 2026-04-13 10:24:57 [Info] [4968] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-13 10:24:57 [Info] [4968] CResourceMonitor::run Enter 2026-04-13 10:24:57 [Info] [4968] CIpcMsgHandlerMgr::run Enter 2026-04-13 10:24:57 [Info] [4968] Report thread 2026-04-13 10:24:57 [Info] [4968] Monitor thread 2026-04-13 10:24:57 [Info] [4968] Loader thread 2026-04-13 10:24:57 [Info] [4968] PythonEngineImpl Init... 2026-04-13 10:24:57 [Info] [4968] yundun connected 2026-04-13 10:24:57 [Info] [4968] recvmsg: HELLO 2026-04-13 10:24:57 [Info] [4968] recvmsg: WORK 2026-04-13 10:24:57 [Info] [4968] no use encode, return to old mode 2026-04-13 10:24:57 [Info] [4968] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 10:24:57 [Info] [4968] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 10:24:57 [Info] [4968] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 10:24:58 [Info] [4968] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 10:24:58 [Info] [4968] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-13 10:24:58 [Info] [4968] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-13 10:24:58 [Info] [4968] log fd cnt is [250], real fd cnt is [281] 2026-04-13 10:24:59 [Info] [4968] log memory size is 20480KB, real memory size is 14856KB 2026-04-13 10:24:59 [Info] [4968] item: --windows-driver-version-check 2026-04-13 10:24:59 [Info] [4968] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-13 10:24:59 [Info] [4968] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-13 10:24:59 [Info] [4968] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 10:24:59 [Info] [4968] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 10:24:59 [Info] [4968] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-04-13 10:24:59 [Info] [4968] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-04-13 10:24:59 [Info] [4968] Prepare stage1: --windows-driver-version-check 2026-04-13 10:24:59 [Info] [4968] Prepare stage2 2026-04-13 10:25:00 [Info] [4968] stage3: --windows-driver-version-check 2026-04-13 10:25:00 [Info] [4968] Loader after check 2026-04-13 10:25:01 [Info] [4968] Enter reuse wait state. 2026-04-13 10:25:04 [Info] [4968] recvmsg: EXIT 2026-04-13 10:25:04 [Info] [4968] Recv Exit Msg, Exit... 2026-04-13 10:25:06 [Info] [276] stage3: --windows-registry-check 2026-04-13 10:25:06 [Info] [276] Loader after check 2026-04-13 10:25:07 [Info] [276] Enter reuse wait state. 2026-04-13 10:25:11 [Info] [276] recvmsg: EXIT 2026-04-13 10:25:11 [Info] [276] Recv Exit Msg, Exit... 2026-04-13 10:26:27 [Info] [3420] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-13 10:26:27 [Info] [3420] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap179041776047187 2026-04-13 10:26:27 [Info] [3420] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-13 10:26:27 [Info] [3420] Resource monitor start 2026-04-13 10:26:27 [Info] [3420] ipc client init success 2026-04-13 10:26:27 [Info] [3420] Ipc init: 0 2026-04-13 10:26:27 [Info] [3420] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-13 10:26:27 [Info] [3420] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-13 10:26:27 [Info] [3420] start ipc thread id[4168] 2026-04-13 10:26:27 [Info] [3420] Connect Yundun ipc server return state is 0 2026-04-13 10:26:27 [Info] [3420] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-13 10:26:27 [Info] [3420] CResourceMonitor::run Enter 2026-04-13 10:26:27 [Info] [3420] CIpcMsgHandlerMgr::run Enter 2026-04-13 10:26:27 [Info] [3420] Report thread 2026-04-13 10:26:27 [Info] [3420] Monitor thread 2026-04-13 10:26:27 [Info] [3420] Loader thread 2026-04-13 10:26:27 [Info] [3420] PythonEngineImpl Init... 2026-04-13 10:26:27 [Info] [3420] yundun connected 2026-04-13 10:26:28 [Info] [3420] recvmsg: HELLO 2026-04-13 10:26:28 [Info] [3420] recvmsg: WORK 2026-04-13 10:26:28 [Info] [3420] no use encode, return to old mode 2026-04-13 10:26:28 [Info] [3420] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 10:26:28 [Info] [3420] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 10:26:28 [Info] [3420] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 10:26:28 [Info] [3420] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 10:26:28 [Info] [3420] log fd cnt is [250], real fd cnt is [282] 2026-04-13 10:26:28 [Info] [3420] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-13 10:26:28 [Info] [3420] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-13 10:26:30 [Info] [3420] log memory size is 20480KB, real memory size is 14640KB 2026-04-13 10:26:31 [Info] [3420] item: --tcp-connect-check 2026-04-13 10:26:31 [Info] [3420] cgroup name aegisRtap0 2026-04-13 10:26:31 [Info] [3420] try get sys version 2026-04-13 10:26:31 [Info] [3420] win sys info:2/10:0:3 2026-04-13 10:26:31 [Info] [3420] suit legal version, enable cpu control 2026-04-13 10:26:31 [Info] [3420] get AssignProcessToJobObject handle [00000478] 2026-04-13 10:26:31 [Info] [3420] Set setJobExtended. 2026-04-13 10:26:31 [Info] [3420] Set cpu [9%] 2026-04-13 10:26:31 [Info] [3420] Set cpu success 2026-04-13 10:26:31 [Info] [3420] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-13 10:26:31 [Info] [3420] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-13 10:26:31 [Info] [3420] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 10:26:31 [Info] [3420] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 10:26:31 [Info] [3420] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-04-13 10:26:31 [Info] [3420] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-04-13 10:26:31 [Info] [3420] Prepare stage1: --tcp-connect-check 2026-04-13 10:26:31 [Info] [3420] Prepare stage2 2026-04-13 10:26:34 [Info] [3420] stage3: --tcp-connect-check 2026-04-13 10:26:34 [Info] [3420] Loader after check 2026-04-13 10:26:35 [Info] [3420] Enter reuse wait state. 2026-04-13 10:26:39 [Info] [3420] recvmsg: EXIT 2026-04-13 10:26:39 [Info] [3420] Recv Exit Msg, Exit... 2026-04-13 11:08:51 [Info] [4784] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-13 11:08:51 [Info] [4784] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap262121776049731 2026-04-13 11:08:51 [Info] [4784] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-13 11:08:51 [Info] [4784] Resource monitor start 2026-04-13 11:08:51 [Info] [4784] ipc client init success 2026-04-13 11:08:51 [Info] [4784] Ipc init: 0 2026-04-13 11:08:51 [Info] [4784] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-13 11:08:51 [Info] [4784] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-13 11:08:51 [Info] [4784] start ipc thread id[1076] 2026-04-13 11:08:51 [Info] [4784] Connect Yundun ipc server return state is 0 2026-04-13 11:08:51 [Info] [4784] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-13 11:08:51 [Info] [4784] CResourceMonitor::run Enter 2026-04-13 11:08:51 [Info] [4784] CIpcMsgHandlerMgr::run Enter 2026-04-13 11:08:51 [Info] [4784] Report thread 2026-04-13 11:08:51 [Info] [4784] Monitor thread 2026-04-13 11:08:51 [Info] [4784] Loader thread 2026-04-13 11:08:51 [Info] [4784] PythonEngineImpl Init... 2026-04-13 11:08:51 [Info] [4784] yundun connected 2026-04-13 11:08:52 [Info] [4784] recvmsg: HELLO 2026-04-13 11:08:52 [Info] [4784] recvmsg: WORK 2026-04-13 11:08:52 [Info] [4784] no use encode, return to old mode 2026-04-13 11:08:52 [Info] [4784] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 11:08:52 [Info] [4784] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 11:08:52 [Info] [4784] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 11:08:52 [Info] [4784] log fd cnt is [250], real fd cnt is [274] 2026-04-13 11:08:52 [Info] [4784] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 11:08:52 [Info] [4784] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-13 11:08:52 [Info] [4784] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-13 11:08:53 [Info] [4784] log memory size is 20480KB, real memory size is 14804KB 2026-04-13 11:08:53 [Info] [4784] item: --windows-autorun-item-check 2026-04-13 11:08:53 [Info] [4784] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-13 11:08:53 [Info] [4784] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-13 11:08:53 [Info] [4784] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 11:08:54 [Info] [4784] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 11:08:54 [Info] [4784] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-04-13 11:08:54 [Info] [4784] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-04-13 11:08:54 [Info] [4784] Prepare stage1: --windows-autorun-item-check 2026-04-13 11:08:54 [Info] [4784] Prepare stage2 2026-04-13 11:08:57 [Info] [4784] log memory size is 30720KB, real memory size is 22552KB 2026-04-13 11:09:04 [Warn] [4784] high cpu, cpu is 17 2026-04-13 11:09:04 [Info] [4784] try get sys version 2026-04-13 11:09:04 [Info] [4784] win sys info:2/10:0:3 2026-04-13 11:09:04 [Info] [4784] suit legal version, enable cpu control 2026-04-13 11:09:04 [Warn] [4784] High CPU Warning: 17 2026-04-13 11:09:04 [Warn] [4784] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-autorun-item-check.py line: 514 in func: check File:windows-autorun-item-check.py line: 80 in func: main File:windows-autorun-item-check.py line: 534 in func: start 2026-04-13 11:09:04 [Info] [4784] stage3: --windows-autorun-item-check 2026-04-13 11:09:04 [Info] [4784] Loader after check 2026-04-13 11:09:05 [Info] [4784] Enter reuse wait state. 2026-04-13 11:09:07 [Info] [4784] recvmsg: EXIT 2026-04-13 11:09:07 [Info] [4784] Recv Exit Msg, Exit... 2026-04-13 11:44:50 [Info] [4076] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-13 11:44:50 [Info] [4076] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap4521776051877 2026-04-13 11:44:50 [Info] [4076] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-13 11:44:50 [Info] [4076] Resource monitor start 2026-04-13 11:44:50 [Info] [4076] ipc client init success 2026-04-13 11:44:50 [Info] [4076] Ipc init: 0 2026-04-13 11:44:50 [Info] [4076] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-13 11:44:50 [Info] [4076] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-13 11:44:50 [Info] [4076] start ipc thread id[4688] 2026-04-13 11:44:50 [Info] [4076] Connect Yundun ipc server return state is 0 2026-04-13 11:44:50 [Info] [4076] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-13 11:44:50 [Info] [4076] CResourceMonitor::run Enter 2026-04-13 11:44:50 [Info] [4076] CIpcMsgHandlerMgr::run Enter 2026-04-13 11:44:50 [Info] [4076] Report thread 2026-04-13 11:44:50 [Info] [4076] Monitor thread 2026-04-13 11:44:50 [Info] [4076] Loader thread 2026-04-13 11:44:50 [Info] [4076] PythonEngineImpl Init... 2026-04-13 11:44:56 [Info] [4076] yundun connected 2026-04-13 11:44:56 [Info] [4076] recvmsg: HELLO 2026-04-13 11:44:56 [Info] [4076] recvmsg: WORK 2026-04-13 11:44:56 [Info] [4076] no use encode, return to old mode 2026-04-13 11:44:56 [Info] [4076] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 11:44:56 [Info] [4076] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 11:44:56 [Info] [4076] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 11:44:57 [Info] [4076] log fd cnt is [250], real fd cnt is [264] 2026-04-13 11:44:58 [Info] [4076] log memory size is 20480KB, real memory size is 13144KB 2026-04-13 11:45:28 [Warn] [4076] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-13 11:45:33 [Info] [4076] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-13 11:45:38 [Warn] [4076] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-13 11:45:48 [Warn] [4076] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-13 11:45:48 [Info] [4076] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 11:45:48 [Info] [4076] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-13 11:45:48 [Info] [4076] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-13 11:45:50 [Info] [4076] item: --windows-sysinfoext-check 2026-04-13 11:45:50 [Info] [4076] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-13 11:45:50 [Info] [4076] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-13 11:45:50 [Info] [4076] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 11:45:50 [Info] [4076] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 11:45:50 [Info] [4076] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-13 11:45:50 [Info] [4076] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-13 11:45:50 [Info] [4076] Prepare stage1: --windows-sysinfoext-check 2026-04-13 11:45:50 [Info] [4076] Prepare stage2 2026-04-13 11:45:50 [Info] [4076] log memory size is 30720KB, real memory size is 22788KB 2026-04-13 11:45:52 [Info] [4076] stage3: --windows-sysinfoext-check 2026-04-13 11:45:52 [Info] [4076] Loader after check 2026-04-13 11:45:53 [Info] [4076] Enter reuse wait state. 2026-04-13 11:45:57 [Info] [4076] log fd cnt is [300], real fd cnt is [397] 2026-04-13 11:45:57 [Info] [4076] recvmsg: EXIT 2026-04-13 11:45:57 [Info] [4076] Recv Exit Msg, Exit... 2026-04-13 17:13:24 [Info] [276] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-13 17:13:24 [Info] [276] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap319271776071550 2026-04-13 17:13:24 [Info] [276] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-13 17:13:24 [Info] [276] Resource monitor start 2026-04-13 17:13:24 [Info] [276] ipc client init success 2026-04-13 17:13:24 [Info] [276] Ipc init: 0 2026-04-13 17:13:24 [Info] [276] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-13 17:13:24 [Info] [276] CResourceMonitor::run Enter 2026-04-13 17:13:24 [Info] [276] CIpcMsgHandlerMgr::run Enter 2026-04-13 17:13:25 [Info] [276] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-13 17:13:25 [Info] [276] start ipc thread id[1884] 2026-04-13 17:13:25 [Info] [276] Connect Yundun ipc server return state is 0 2026-04-13 17:13:25 [Info] [276] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-13 17:13:25 [Info] [276] yundun connected 2026-04-13 17:13:25 [Info] [276] Report thread 2026-04-13 17:13:25 [Info] [276] Monitor thread 2026-04-13 17:13:25 [Info] [276] Loader thread 2026-04-13 17:13:25 [Info] [276] PythonEngineImpl Init... 2026-04-13 17:13:25 [Info] [276] recvmsg: HELLO 2026-04-13 17:13:25 [Info] [276] recvmsg: WORK 2026-04-13 17:13:25 [Info] [276] no use encode, return to old mode 2026-04-13 17:13:26 [Info] [276] log fd cnt is [250], real fd cnt is [258] 2026-04-13 17:13:26 [Info] [276] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 17:13:26 [Info] [276] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 17:13:26 [Info] [276] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 17:13:27 [Info] [276] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 17:13:27 [Info] [276] log memory size is 20480KB, real memory size is 14656KB 2026-04-13 17:13:27 [Info] [276] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-13 17:13:27 [Info] [276] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-13 17:13:27 [Info] [276] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-13 17:13:28 [Info] [276] item: --windows-sysinfoext-check 2026-04-13 17:13:28 [Info] [276] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-13 17:13:28 [Info] [276] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-13 17:13:28 [Info] [276] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 17:13:28 [Info] [276] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 17:13:28 [Info] [276] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-13 17:13:28 [Info] [276] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-13 17:13:29 [Info] [276] Prepare stage1: --windows-sysinfoext-check 2026-04-13 17:13:29 [Info] [276] Prepare stage2 2026-04-13 17:13:30 [Warn] [276] high cpu, cpu is 15 2026-04-13 17:13:30 [Info] [276] try get sys version 2026-04-13 17:13:30 [Info] [276] win sys info:2/10:0:3 2026-04-13 17:13:30 [Info] [276] suit legal version, enable cpu control 2026-04-13 17:13:30 [Warn] [276] High CPU Warning: 15 2026-04-13 17:13:30 [Warn] [276] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:dynamic.py line: 287 in func: _ApplyTypes_ File:<COMObject winmgmts:> line: 3 in func: ExecQuery File:wmi.py line: 1001 in func: _raw_query File:wmi.py line: 1009 in func: query File:wmi.py line: 817 in func: query File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-04-13 17:13:31 [Info] [276] log memory size is 30720KB, real memory size is 23172KB 2026-04-13 17:13:32 [Info] [276] stage3: --windows-sysinfoext-check 2026-04-13 17:13:32 [Info] [276] Loader after check 2026-04-13 17:13:33 [Info] [276] Enter reuse wait state. 2026-04-13 17:13:36 [Info] [276] recvmsg: EXIT 2026-04-13 17:13:36 [Info] [276] Recv Exit Msg, Exit... 2026-04-13 18:28:09 [Info] [2468] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-13 18:28:09 [Info] [2468] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap139791776076088 2026-04-13 18:28:09 [Info] [2468] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-13 18:28:09 [Info] [2468] Resource monitor start 2026-04-13 18:28:09 [Info] [2468] ipc client init success 2026-04-13 18:28:09 [Info] [2468] Ipc init: 0 2026-04-13 18:28:09 [Info] [2468] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-13 18:28:09 [Info] [2468] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-13 18:28:09 [Info] [2468] start ipc thread id[2620] 2026-04-13 18:28:09 [Info] [2468] Connect Yundun ipc server return state is 0 2026-04-13 18:28:09 [Info] [2468] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-13 18:28:09 [Info] [2468] CResourceMonitor::run Enter 2026-04-13 18:28:09 [Info] [2468] CIpcMsgHandlerMgr::run Enter 2026-04-13 18:28:09 [Info] [2468] Report thread 2026-04-13 18:28:09 [Info] [2468] Monitor thread 2026-04-13 18:28:09 [Info] [2468] Loader thread 2026-04-13 18:28:09 [Info] [2468] PythonEngineImpl Init... 2026-04-13 18:28:09 [Info] [2468] yundun connected 2026-04-13 18:28:09 [Info] [2468] recvmsg: HELLO 2026-04-13 18:28:09 [Info] [2468] recvmsg: WORK 2026-04-13 18:28:09 [Info] [2468] no use encode, return to old mode 2026-04-13 18:28:09 [Info] [2468] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 18:28:09 [Info] [2468] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 18:28:09 [Info] [2468] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 18:28:10 [Info] [2468] log fd cnt is [250], real fd cnt is [282] 2026-04-13 18:28:10 [Info] [2468] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 18:28:10 [Info] [2468] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-13 18:28:10 [Info] [2468] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-13 18:28:11 [Info] [2468] log memory size is 20480KB, real memory size is 14764KB 2026-04-13 18:28:11 [Info] [2468] item: --secnet_rasp_agent 2026-04-13 18:28:11 [Info] [2468] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-13 18:28:11 [Info] [2468] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-13 18:28:11 [Info] [2468] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-04-13 18:28:11 [Info] [2468] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-13 18:28:11 [Info] [2468] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-04-13 18:28:11 [Info] [2468] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-04-13 18:28:11 [Info] [2468] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-04-13 18:28:11 [Info] [2468] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-04-13 18:28:11 [Info] [2468] Download redirect files success. 2026-04-13 18:28:11 [Info] [2468] Prepare stage1: --secnet_rasp_agent 2026-04-13 18:28:11 [Info] [2468] Prepare stage2 2026-04-13 18:28:12 [Info] [2468] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-13 18:28:12 [Info] [2468] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-13 18:28:12 [Info] [2468] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 18:28:13 [Info] [2468] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 18:28:13 [Info] [2468] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-04-13 18:28:13 [Info] [2468] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-13 18:28:13 [Info] [2468] stage3: --secnet_rasp_agent 2026-04-13 18:28:13 [Info] [2468] Loader after check 2026-04-13 18:28:14 [Info] [2468] Enter reuse wait state. 2026-04-13 18:28:15 [Info] [2468] log memory size is 30720KB, real memory size is 21280KB 2026-04-13 18:28:16 [Info] [2468] recvmsg: EXIT 2026-04-13 18:28:16 [Info] [2468] Recv Exit Msg, Exit... 2026-04-13 22:40:22 [Info] [88] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-13 22:40:22 [Info] [88] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap306061776091214 2026-04-13 22:40:22 [Info] [88] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-13 22:40:22 [Info] [88] Resource monitor start 2026-04-13 22:40:22 [Info] [88] ipc client init success 2026-04-13 22:40:22 [Info] [88] Ipc init: 0 2026-04-13 22:40:22 [Info] [88] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-13 22:40:22 [Info] [88] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-13 22:40:22 [Info] [88] start ipc thread id[3536] 2026-04-13 22:40:22 [Info] [88] Connect Yundun ipc server return state is 0 2026-04-13 22:40:22 [Info] [88] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-13 22:40:22 [Info] [88] CResourceMonitor::run Enter 2026-04-13 22:40:22 [Info] [88] CIpcMsgHandlerMgr::run Enter 2026-04-13 22:40:22 [Info] [88] Report thread 2026-04-13 22:40:22 [Info] [88] Monitor thread 2026-04-13 22:40:22 [Info] [88] Loader thread 2026-04-13 22:40:22 [Info] [88] PythonEngineImpl Init... 2026-04-13 22:40:28 [Info] [88] yundun connected 2026-04-13 22:40:54 [Info] [4760] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-13 22:40:30 [Info] [88] log fd cnt is [250], real fd cnt is [261] 2026-04-13 22:40:30 [Info] [88] recvmsg: HELLO 2026-04-13 22:40:30 [Info] [88] recvmsg: WORK 2026-04-13 22:40:30 [Info] [88] no use encode, return to old mode 2026-04-13 22:40:30 [Info] [88] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 22:40:30 [Info] [88] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 22:40:30 [Info] [88] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 22:40:31 [Info] [88] log memory size is 20480KB, real memory size is 13136KB 2026-04-13 22:40:54 [Warn] [88] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-13 22:41:03 [Info] [88] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-13 22:41:07 [Warn] [88] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-13 22:40:54 [Info] [4760] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap306521776091228 2026-04-13 22:40:54 [Info] [4760] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-13 22:40:54 [Info] [4760] Resource monitor start 2026-04-13 22:40:54 [Info] [4760] ipc client init success 2026-04-13 22:40:54 [Info] [4760] Ipc init: 0 2026-04-13 22:40:54 [Info] [4760] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-13 22:40:54 [Info] [4760] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-13 22:40:54 [Info] [4760] start ipc thread id[2620] 2026-04-13 22:40:54 [Info] [4760] Connect Yundun ipc server return state is 0 2026-04-13 22:40:54 [Info] [4760] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-13 22:40:58 [Info] [4760] Monitor thread 2026-04-13 22:40:58 [Info] [4760] Report thread 2026-04-13 22:40:58 [Info] [4760] yundun connected 2026-04-13 22:40:58 [Info] [4760] CIpcMsgHandlerMgr::run Enter 2026-04-13 22:40:58 [Info] [4760] CResourceMonitor::run Enter 2026-04-13 22:40:58 [Info] [4760] recvmsg: HELLO 2026-04-13 22:40:58 [Info] [4760] recvmsg: WORK 2026-04-13 22:40:58 [Info] [4760] no use encode, return to old mode 2026-04-13 22:40:59 [Info] [4760] log fd cnt is [250], real fd cnt is [250] 2026-04-13 22:41:00 [Info] [4760] Loader thread 2026-04-13 22:41:00 [Info] [4760] PythonEngineImpl Init... 2026-04-13 22:41:00 [Info] [4760] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 22:41:00 [Info] [4760] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-13 22:41:00 [Info] [4760] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 22:41:00 [Info] [4760] log memory size is 20480KB, real memory size is 13160KB 2026-04-13 22:41:03 [Info] [4760] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-13 22:41:08 [Info] [4760] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 22:41:09 [Info] [4760] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-13 22:41:09 [Info] [4760] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-13 22:41:13 [Info] [4760] item: --windows-vul-check 2026-04-13 22:41:13 [Info] [4760] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-13 22:41:13 [Info] [4760] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-13 22:41:13 [Info] [4760] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py 2026-04-13 22:41:13 [Info] [4760] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-13 22:41:13 [Info] [4760] Download redirect files success. 2026-04-13 22:41:13 [Info] [4760] Prepare stage1: --windows-vul-check 2026-04-13 22:41:13 [Info] [4760] Prepare stage2 2026-04-13 22:41:16 [Info] [4760] log memory size is 30720KB, real memory size is 21228KB 2026-04-13 22:41:18 [Warn] [88] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-13 22:41:19 [Info] [88] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 22:41:19 [Info] [88] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-13 22:41:19 [Info] [88] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-13 22:41:19 [Info] [4760] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-04-13 22:41:19 [Info] [4760] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-04-13 22:41:19 [Info] [4760] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 22:41:19 [Info] [4760] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 22:41:19 [Info] [4760] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-04-13 22:41:19 [Info] [4760] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-04-13 22:41:19 [Info] [4760] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0 2026-04-13 22:41:19 [Info] [4760] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0 2026-04-13 22:41:19 [Info] [4760] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat 2026-04-13 22:41:20 [Info] [4760] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat 2026-04-13 22:41:21 [Info] [4760] stage3: --windows-vul-check 2026-04-13 22:41:21 [Info] [4760] Loader after check 2026-04-13 22:41:22 [Info] [4760] Enter reuse wait state. 2026-04-13 22:41:22 [Info] [88] item: --windows-sysinfoext-check 2026-04-13 22:41:22 [Info] [88] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-13 22:41:22 [Info] [88] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-13 22:41:22 [Info] [88] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-13 22:41:22 [Info] [88] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-13 22:41:22 [Info] [88] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-13 22:41:22 [Info] [88] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-13 22:41:22 [Info] [88] Prepare stage1: --windows-sysinfoext-check 2026-04-13 22:41:22 [Info] [88] Prepare stage2 2026-04-13 22:41:23 [Info] [88] log memory size is 30720KB, real memory size is 20560KB 2026-04-13 22:41:23 [Info] [4760] recvmsg: EXIT 2026-04-13 22:41:23 [Info] [4760] Recv Exit Msg, Exit... 2026-04-13 22:41:30 [Info] [88] log fd cnt is [300], real fd cnt is [388] 2026-04-13 22:41:50 [Info] [88] stage3: --windows-sysinfoext-check 2026-04-13 22:41:50 [Info] [88] Loader after check 2026-04-13 22:41:51 [Info] [88] Enter reuse wait state. 2026-04-13 22:41:53 [Info] [88] recvmsg: EXIT 2026-04-13 22:41:53 [Info] [88] Recv Exit Msg, Exit... 2026-04-20 02:02:39 [Info] [2820] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-20 02:02:39 [Info] [2820] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap264391776621759 2026-04-20 02:02:39 [Info] [2820] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-20 02:02:40 [Info] [2820] Resource monitor start 2026-04-20 02:02:40 [Info] [2820] ipc client init success 2026-04-20 02:02:40 [Info] [2820] Ipc init: 0 2026-04-20 02:02:40 [Info] [2820] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-20 02:02:40 [Info] [2820] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-20 02:02:40 [Info] [2820] start ipc thread id[4260] 2026-04-20 02:02:40 [Info] [2820] Connect Yundun ipc server return state is 0 2026-04-20 02:02:40 [Info] [2820] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-20 02:02:40 [Info] [2820] CResourceMonitor::run Enter 2026-04-20 02:02:40 [Info] [2820] CIpcMsgHandlerMgr::run Enter 2026-04-20 02:02:40 [Info] [2820] Report thread 2026-04-20 02:02:40 [Info] [2820] Monitor thread 2026-04-20 02:02:40 [Info] [2820] Loader thread 2026-04-20 02:02:40 [Info] [2820] PythonEngineImpl Init... 2026-04-20 02:02:40 [Info] [2820] yundun connected 2026-04-20 02:02:40 [Info] [2820] recvmsg: HELLO 2026-04-20 02:02:40 [Info] [2820] recvmsg: WORK 2026-04-20 02:02:40 [Info] [2820] no use encode, return to old mode 2026-04-20 02:02:40 [Info] [2820] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 02:02:40 [Info] [2820] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 02:02:40 [Info] [2820] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 02:02:40 [Info] [2820] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 02:02:41 [Info] [2820] log fd cnt is [250], real fd cnt is [282] 2026-04-20 02:02:41 [Info] [2820] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-20 02:02:41 [Info] [2820] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-20 02:02:42 [Info] [2820] log memory size is 20480KB, real memory size is 14848KB 2026-04-20 02:02:42 [Info] [2820] item: --sca 2026-04-20 02:02:42 [Info] [2820] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-20 02:02:42 [Info] [2820] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-20 02:02:42 [Info] [2820] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-04-20 02:02:42 [Info] [2820] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-04-20 02:02:42 [Info] [2820] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-04-20 02:02:42 [Info] [2820] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-04-20 02:02:42 [Info] [2820] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-04-20 02:02:42 [Info] [2820] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-04-20 02:02:42 [Info] [2820] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-04-20 02:02:42 [Info] [2820] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-04-20 02:02:42 [Info] [2820] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-04-20 02:02:42 [Info] [2820] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-04-20 02:02:42 [Info] [2820] Download redirect files success. 2026-04-20 02:02:42 [Info] [2820] Prepare stage1: --sca 2026-04-20 02:02:42 [Info] [2820] Prepare stage2 2026-04-20 02:02:46 [Info] [2820] log memory size is 30720KB, real memory size is 32884KB 2026-04-20 02:02:50 [Info] [2820] log memory size is 40960KB, real memory size is 33164KB 2026-04-20 02:03:17 [Warn] [2820] high cpu, cpu is 26 2026-04-20 02:03:17 [Info] [2820] try get sys version 2026-04-20 02:03:17 [Info] [2820] win sys info:2/10:0:3 2026-04-20 02:03:17 [Info] [2820] suit legal version, enable cpu control 2026-04-20 02:03:17 [Warn] [2820] High CPU Warning: 26 2026-04-20 02:03:18 [Warn] [2820] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-20 02:03:19 [Info] [2820] stage3: --sca 2026-04-20 02:03:19 [Info] [2820] Loader after check 2026-04-20 02:03:20 [Info] [2820] Enter reuse wait state. 2026-04-20 02:03:23 [Info] [2820] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-20 02:03:24 [Info] [2820] recvmsg: EXIT 2026-04-20 02:03:24 [Info] [2820] Recv Exit Msg, Exit... 2026-04-20 02:26:54 [Info] [4196] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-20 02:26:54 [Info] [4196] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap311571776623204 2026-04-20 02:26:54 [Info] [4196] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-20 02:26:54 [Info] [4196] Resource monitor start 2026-04-20 02:26:54 [Info] [4196] ipc client init success 2026-04-20 02:26:54 [Info] [4196] Ipc init: 0 2026-04-20 02:26:54 [Info] [4196] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-20 02:26:54 [Info] [4196] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-20 02:26:54 [Info] [4196] start ipc thread id[4820] 2026-04-20 02:26:54 [Info] [4196] Connect Yundun ipc server return state is 0 2026-04-20 02:26:54 [Info] [4196] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-20 02:26:54 [Info] [4196] CResourceMonitor::run Enter 2026-04-20 02:26:54 [Info] [4196] CIpcMsgHandlerMgr::run Enter 2026-04-20 02:26:54 [Info] [4196] Report thread 2026-04-20 02:26:54 [Info] [4196] Monitor thread 2026-04-20 02:26:54 [Info] [4196] Loader thread 2026-04-20 02:26:54 [Info] [4196] PythonEngineImpl Init... 2026-04-20 02:27:00 [Info] [4196] yundun connected 2026-04-20 02:27:01 [Info] [4196] recvmsg: HELLO 2026-04-20 02:27:01 [Info] [4196] recvmsg: WORK 2026-04-20 02:27:01 [Info] [4196] no use encode, return to old mode 2026-04-20 02:27:01 [Info] [4196] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 02:27:01 [Info] [4196] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 02:27:01 [Info] [4196] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 02:27:02 [Info] [4196] log fd cnt is [250], real fd cnt is [264] 2026-04-20 02:27:03 [Info] [4196] log memory size is 20480KB, real memory size is 13148KB 2026-04-20 02:27:41 [Warn] [4196] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-20 02:27:51 [Warn] [4196] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-20 02:27:51 [Info] [4196] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 02:27:51 [Info] [4196] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-20 02:27:51 [Info] [4196] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-20 02:27:52 [Info] [4196] item: --windows-sysinfoext-check 2026-04-20 02:27:52 [Info] [4196] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-20 02:27:52 [Info] [4196] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-20 02:27:52 [Info] [4196] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 02:27:53 [Info] [4196] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 02:27:53 [Info] [4196] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-20 02:27:53 [Info] [4196] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-20 02:27:53 [Info] [4196] Prepare stage1: --windows-sysinfoext-check 2026-04-20 02:27:53 [Info] [4196] Prepare stage2 2026-04-20 02:27:55 [Info] [4196] stage3: --windows-sysinfoext-check 2026-04-20 02:27:55 [Info] [4196] Loader after check 2026-04-20 02:27:55 [Info] [4196] log memory size is 30720KB, real memory size is 23204KB 2026-04-20 02:27:56 [Info] [4196] Enter reuse wait state. 2026-04-20 02:27:58 [Info] [4196] recvmsg: EXIT 2026-04-20 02:27:58 [Info] [4196] Recv Exit Msg, Exit... 2026-04-20 07:44:04 [Info] [4232] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-20 07:44:04 [Info] [4232] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap277981776642244 2026-04-20 07:44:04 [Info] [4232] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-20 07:44:04 [Info] [4232] Resource monitor start 2026-04-20 07:44:04 [Info] [4232] ipc client init success 2026-04-20 07:44:04 [Info] [4232] Ipc init: 0 2026-04-20 07:44:04 [Info] [4232] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-20 07:44:04 [Info] [4232] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-20 07:44:04 [Info] [4232] start ipc thread id[3496] 2026-04-20 07:44:04 [Info] [4232] Connect Yundun ipc server return state is 0 2026-04-20 07:44:04 [Info] [4232] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-20 07:44:04 [Info] [4232] CResourceMonitor::run Enter 2026-04-20 07:44:04 [Info] [4232] CIpcMsgHandlerMgr::run Enter 2026-04-20 07:44:04 [Info] [4232] Report thread 2026-04-20 07:44:04 [Info] [4232] Monitor thread 2026-04-20 07:44:04 [Info] [4232] Loader thread 2026-04-20 07:44:04 [Info] [4232] PythonEngineImpl Init... 2026-04-20 07:44:04 [Info] [4232] yundun connected 2026-04-20 07:44:05 [Info] [4232] recvmsg: HELLO 2026-04-20 07:44:05 [Info] [4232] recvmsg: WORK 2026-04-20 07:44:05 [Info] [4232] no use encode, return to old mode 2026-04-20 07:44:05 [Info] [4232] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 07:44:05 [Info] [4232] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 07:44:05 [Info] [4232] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 07:44:05 [Info] [4232] log fd cnt is [250], real fd cnt is [282] 2026-04-20 07:44:05 [Info] [4232] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 07:44:05 [Info] [4232] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-20 07:44:05 [Info] [4232] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-20 07:44:06 [Info] [4232] log memory size is 20480KB, real memory size is 14796KB 2026-04-20 07:44:07 [Info] [4232] item: --windows-vul-clean 2026-04-20 07:44:07 [Info] [4232] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-20 07:44:07 [Info] [4232] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-20 07:44:07 [Info] [4232] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 07:44:07 [Info] [4232] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 07:44:07 [Info] [4232] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-04-20 07:44:07 [Info] [4232] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-04-20 07:44:07 [Info] [4232] Prepare stage1: --windows-vul-clean 2026-04-20 07:44:07 [Info] [4232] Prepare stage2 2026-04-20 07:44:07 [Info] [4232] stage3: --windows-vul-clean 2026-04-20 07:44:07 [Info] [4232] Loader after check 2026-04-20 07:44:08 [Info] [4232] Enter reuse wait state. 2026-04-20 07:44:12 [Info] [4232] recvmsg: EXIT 2026-04-20 07:44:12 [Info] [4232] Recv Exit Msg, Exit... 2026-04-20 07:55:37 [Info] [2720] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-20 07:55:37 [Info] [2720] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap299631776642907 2026-04-20 07:55:37 [Info] [2720] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-20 07:55:37 [Info] [2720] Resource monitor start 2026-04-20 07:55:37 [Info] [2720] ipc client init success 2026-04-20 07:55:37 [Info] [2720] Ipc init: 0 2026-04-20 07:55:37 [Info] [2720] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-20 07:55:37 [Info] [2720] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-20 07:55:37 [Info] [2720] start ipc thread id[5056] 2026-04-20 07:55:37 [Info] [2720] Connect Yundun ipc server return state is 0 2026-04-20 07:55:37 [Info] [2720] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-20 07:55:42 [Info] [2720] Loader thread 2026-04-20 07:55:42 [Info] [2720] PythonEngineImpl Init... 2026-04-20 07:55:42 [Info] [2720] Monitor thread 2026-04-20 07:55:42 [Info] [2720] Report thread 2026-04-20 07:55:42 [Info] [2720] yundun connected 2026-04-20 07:55:42 [Info] [2720] CIpcMsgHandlerMgr::run Enter 2026-04-20 07:55:42 [Info] [2720] CResourceMonitor::run Enter 2026-04-20 07:55:42 [Info] [2720] recvmsg: HELLO 2026-04-20 07:55:42 [Info] [2720] recvmsg: WORK 2026-04-20 07:55:42 [Info] [2720] no use encode, return to old mode 2026-04-20 07:55:42 [Info] [2720] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 07:55:42 [Info] [2720] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 07:55:42 [Info] [2720] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 07:55:43 [Info] [2720] log fd cnt is [250], real fd cnt is [264] 2026-04-20 07:55:44 [Info] [2720] log memory size is 20480KB, real memory size is 13184KB 2026-04-20 07:55:55 [Warn] [2720] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-20 07:56:05 [Warn] [2720] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-20 07:56:07 [Info] [2720] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-20 07:56:15 [Warn] [2720] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-20 07:56:15 [Info] [2720] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 07:56:15 [Info] [2720] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-20 07:56:15 [Info] [2720] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-20 07:56:16 [Info] [2720] item: --windows-sysinfoext-check 2026-04-20 07:56:16 [Info] [2720] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-20 07:56:16 [Info] [2720] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-20 07:56:16 [Info] [2720] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 07:56:17 [Info] [2720] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 07:56:17 [Info] [2720] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-20 07:56:17 [Info] [2720] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-20 07:56:17 [Info] [2720] Prepare stage1: --windows-sysinfoext-check 2026-04-20 07:56:17 [Info] [2720] Prepare stage2 2026-04-20 07:56:19 [Info] [2720] stage3: --windows-sysinfoext-check 2026-04-20 07:56:19 [Info] [2720] Loader after check 2026-04-20 07:56:20 [Info] [2720] Enter reuse wait state. 2026-04-20 07:56:20 [Info] [2720] log memory size is 30720KB, real memory size is 23420KB 2026-04-20 07:56:22 [Info] [2720] recvmsg: EXIT 2026-04-20 07:56:22 [Info] [2720] Recv Exit Msg, Exit... 2026-04-20 08:50:11 [Info] [4792] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-20 08:50:11 [Info] [4792] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap79851776646211 2026-04-20 08:50:11 [Info] [4792] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-20 08:50:11 [Info] [4792] Resource monitor start 2026-04-20 08:50:11 [Info] [4792] ipc client init success 2026-04-20 08:50:11 [Info] [4792] Ipc init: 0 2026-04-20 08:50:11 [Info] [4792] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-20 08:50:11 [Info] [4792] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-20 08:50:11 [Info] [4792] start ipc thread id[4116] 2026-04-20 08:50:11 [Info] [4792] Connect Yundun ipc server return state is 0 2026-04-20 08:50:11 [Info] [4792] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-20 08:50:11 [Info] [4792] CResourceMonitor::run Enter 2026-04-20 08:50:11 [Info] [4792] CIpcMsgHandlerMgr::run Enter 2026-04-20 08:50:11 [Info] [4792] yundun connected 2026-04-20 08:50:11 [Info] [4792] Report thread 2026-04-20 08:50:11 [Info] [4792] Monitor thread 2026-04-20 08:50:11 [Info] [4792] Loader thread 2026-04-20 08:50:11 [Info] [4792] PythonEngineImpl Init... 2026-04-20 08:50:12 [Info] [4792] recvmsg: HELLO 2026-04-20 08:50:13 [Info] [4792] recvmsg: WORK 2026-04-20 08:50:13 [Info] [4792] no use encode, return to old mode 2026-04-20 08:50:13 [Info] [4792] log fd cnt is [250], real fd cnt is [263] 2026-04-20 08:50:13 [Info] [4792] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 08:50:13 [Info] [4792] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 08:50:13 [Info] [4792] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 08:50:14 [Info] [4792] log memory size is 20480KB, real memory size is 13636KB 2026-04-20 08:50:14 [Info] [4792] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 08:50:15 [Info] [4792] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-20 08:50:15 [Info] [4792] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-20 08:50:16 [Info] [4792] item: --windows-process-check 2026-04-20 08:50:16 [Info] [4792] cgroup name aegisRtap0 2026-04-20 08:50:16 [Info] [4792] try get sys version 2026-04-20 08:50:16 [Info] [4792] win sys info:2/10:0:3 2026-04-20 08:50:16 [Info] [4792] suit legal version, enable cpu control 2026-04-20 08:50:16 [Info] [4792] get AssignProcessToJobObject handle [00000478] 2026-04-20 08:50:16 [Info] [4792] Set setJobExtended. 2026-04-20 08:50:16 [Info] [4792] Set cpu [9%] 2026-04-20 08:50:16 [Info] [4792] Set cpu success 2026-04-20 08:50:16 [Info] [4792] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-20 08:50:16 [Info] [4792] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-20 08:50:16 [Info] [4792] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 08:50:16 [Info] [4792] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 08:50:16 [Info] [4792] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-04-20 08:50:16 [Info] [4792] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-04-20 08:50:16 [Info] [4792] Prepare stage1: --windows-process-check 2026-04-20 08:50:16 [Info] [4792] Prepare stage2 2026-04-20 08:50:16 [Info] [4792] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-20 08:50:18 [Info] [4792] log memory size is 30720KB, real memory size is 20588KB 2026-04-20 08:50:34 [Info] [4792] stage3: --windows-process-check 2026-04-20 08:50:34 [Info] [4792] Loader after check 2026-04-20 08:50:35 [Info] [4792] Enter reuse wait state. 2026-04-20 08:50:39 [Info] [4792] recvmsg: EXIT 2026-04-20 08:50:39 [Info] [4792] Recv Exit Msg, Exit... 2026-04-20 10:24:32 [Info] [4304] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-20 10:24:32 [Info] [4304] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap264681776651871 2026-04-20 10:24:32 [Info] [4304] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-20 10:24:32 [Info] [4304] Resource monitor start 2026-04-20 10:24:32 [Info] [4304] ipc client init success 2026-04-20 10:24:32 [Info] [4304] Ipc init: 0 2026-04-20 10:24:32 [Info] [4304] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-20 10:24:32 [Info] [4304] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-20 10:24:32 [Info] [4304] start ipc thread id[3492] 2026-04-20 10:24:32 [Info] [4304] Connect Yundun ipc server return state is 0 2026-04-20 10:24:32 [Info] [4304] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-20 10:24:32 [Info] [4304] CResourceMonitor::run Enter 2026-04-20 10:24:32 [Info] [4304] CIpcMsgHandlerMgr::run Enter 2026-04-20 10:24:32 [Info] [4304] Report thread 2026-04-20 10:24:32 [Info] [4304] Monitor thread 2026-04-20 10:24:32 [Info] [4304] Loader thread 2026-04-20 10:24:32 [Info] [4304] PythonEngineImpl Init... 2026-04-20 10:24:32 [Info] [4304] yundun connected 2026-04-20 10:24:32 [Info] [4304] recvmsg: HELLO 2026-04-20 10:24:32 [Info] [4304] recvmsg: WORK 2026-04-20 10:24:32 [Info] [4304] no use encode, return to old mode 2026-04-20 10:24:32 [Info] [4304] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 10:24:32 [Info] [4304] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 10:24:32 [Info] [4304] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 10:24:33 [Info] [4304] log fd cnt is [250], real fd cnt is [282] 2026-04-20 10:24:33 [Info] [4304] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 10:24:33 [Info] [4304] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-20 10:24:33 [Info] [4304] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-20 10:24:34 [Info] [4304] log memory size is 20480KB, real memory size is 14756KB 2026-04-20 10:24:34 [Info] [4304] item: --windows-registry-check 2026-04-20 10:24:34 [Info] [4304] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-20 10:24:34 [Info] [4304] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-20 10:24:34 [Info] [4304] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 10:24:34 [Info] [4304] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 10:24:34 [Info] [4304] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-04-20 10:24:34 [Info] [4304] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-04-20 10:24:34 [Info] [4304] Prepare stage1: --windows-registry-check 2026-04-20 10:24:34 [Info] [4304] Prepare stage2 2026-04-20 10:24:41 [Info] [4304] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-20 10:24:41 [Info] [4880] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-20 10:24:41 [Info] [4880] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap265001776651881 2026-04-20 10:24:41 [Info] [4880] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-20 10:24:41 [Info] [4880] Resource monitor start 2026-04-20 10:24:41 [Info] [4880] ipc client init success 2026-04-20 10:24:41 [Info] [4880] Ipc init: 0 2026-04-20 10:24:41 [Info] [4880] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-20 10:24:41 [Info] [4880] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-20 10:24:41 [Info] [4880] start ipc thread id[2148] 2026-04-20 10:24:41 [Info] [4880] Connect Yundun ipc server return state is 0 2026-04-20 10:24:41 [Info] [4880] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-20 10:24:41 [Info] [4880] CResourceMonitor::run Enter 2026-04-20 10:24:41 [Info] [4880] CIpcMsgHandlerMgr::run Enter 2026-04-20 10:24:41 [Info] [4880] Report thread 2026-04-20 10:24:41 [Info] [4880] Monitor thread 2026-04-20 10:24:41 [Info] [4880] Loader thread 2026-04-20 10:24:41 [Info] [4880] PythonEngineImpl Init... 2026-04-20 10:24:41 [Info] [4880] yundun connected 2026-04-20 10:24:41 [Info] [4880] recvmsg: HELLO 2026-04-20 10:24:41 [Info] [4880] recvmsg: WORK 2026-04-20 10:24:41 [Info] [4880] no use encode, return to old mode 2026-04-20 10:24:41 [Info] [4880] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 10:24:41 [Info] [4880] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 10:24:41 [Info] [4880] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 10:24:42 [Info] [4880] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 10:24:42 [Info] [4880] log fd cnt is [250], real fd cnt is [282] 2026-04-20 10:24:42 [Info] [4880] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-20 10:24:42 [Info] [4880] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-20 10:24:43 [Info] [4880] log memory size is 20480KB, real memory size is 14856KB 2026-04-20 10:24:43 [Info] [4880] item: --windows-schedule-task-check 2026-04-20 10:24:43 [Info] [4880] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-20 10:24:43 [Info] [4880] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-20 10:24:43 [Info] [4880] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 10:24:43 [Info] [4880] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 10:24:43 [Info] [4880] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-04-20 10:24:43 [Info] [4880] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-04-20 10:24:43 [Info] [4880] Prepare stage1: --windows-schedule-task-check 2026-04-20 10:24:43 [Info] [4880] Prepare stage2 2026-04-20 10:24:44 [Warn] [4880] high cpu, cpu is 20 2026-04-20 10:24:44 [Info] [4880] try get sys version 2026-04-20 10:24:44 [Info] [4880] win sys info:2/10:0:3 2026-04-20 10:24:44 [Info] [4880] suit legal version, enable cpu control 2026-04-20 10:24:44 [Warn] [4880] High CPU Warning: 20 2026-04-20 10:24:44 [Warn] [4880] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-schedule-task-check.py line: 382 in func: GetScheduleTaskByCom File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks File:windows-schedule-task-check.py line: 425 in func: check File:windows-schedule-task-check.py line: 61 in func: main File:windows-schedule-task-check.py line: 433 in func: start 2026-04-20 10:24:47 [Info] [4880] log memory size is 30720KB, real memory size is 23696KB 2026-04-20 10:25:03 [Info] [4304] stage3: --windows-registry-check 2026-04-20 10:25:03 [Info] [4304] Loader after check 2026-04-20 10:25:04 [Info] [4304] Enter reuse wait state. 2026-04-20 10:25:09 [Info] [4304] recvmsg: EXIT 2026-04-20 10:25:09 [Info] [4304] Recv Exit Msg, Exit... 2026-04-20 10:25:15 [Info] [4880] stage3: --windows-schedule-task-check 2026-04-20 10:25:15 [Info] [4880] Loader after check 2026-04-20 10:25:16 [Info] [4880] Enter reuse wait state. 2026-04-20 10:25:19 [Info] [4880] recvmsg: EXIT 2026-04-20 10:25:19 [Info] [4880] Recv Exit Msg, Exit... 2026-04-20 10:25:23 [Info] [4972] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-20 10:25:23 [Info] [4972] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap266371776651923 2026-04-20 10:25:23 [Info] [4972] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-20 10:25:23 [Info] [4972] Resource monitor start 2026-04-20 10:25:23 [Info] [4972] ipc client init success 2026-04-20 10:25:23 [Info] [4972] Ipc init: 0 2026-04-20 10:25:23 [Info] [4972] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-20 10:25:23 [Info] [4972] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-20 10:25:23 [Info] [4972] start ipc thread id[4212] 2026-04-20 10:25:23 [Info] [4972] Connect Yundun ipc server return state is 0 2026-04-20 10:25:23 [Info] [4972] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-20 10:25:23 [Info] [4972] CResourceMonitor::run Enter 2026-04-20 10:25:23 [Info] [4972] CIpcMsgHandlerMgr::run Enter 2026-04-20 10:25:23 [Info] [4972] Report thread 2026-04-20 10:25:23 [Info] [4972] Monitor thread 2026-04-20 10:25:23 [Info] [4972] Loader thread 2026-04-20 10:25:23 [Info] [4972] PythonEngineImpl Init... 2026-04-20 10:25:23 [Info] [4972] yundun connected 2026-04-20 10:25:23 [Info] [4972] recvmsg: HELLO 2026-04-20 10:25:23 [Info] [4972] recvmsg: WORK 2026-04-20 10:25:23 [Info] [4972] no use encode, return to old mode 2026-04-20 10:25:23 [Info] [4972] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 10:25:23 [Info] [4972] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 10:25:23 [Info] [4972] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 10:25:24 [Info] [4972] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 10:25:24 [Info] [4972] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-20 10:25:24 [Info] [4972] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-20 10:25:24 [Info] [4972] log fd cnt is [250], real fd cnt is [281] 2026-04-20 10:25:25 [Info] [4972] log memory size is 20480KB, real memory size is 14856KB 2026-04-20 10:25:25 [Info] [4972] item: --windows-driver-version-check 2026-04-20 10:25:25 [Info] [4972] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-20 10:25:25 [Info] [4972] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-20 10:25:25 [Info] [4972] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 10:25:25 [Info] [4972] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 10:25:25 [Info] [4972] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-04-20 10:25:25 [Info] [4972] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-04-20 10:25:25 [Info] [4972] Prepare stage1: --windows-driver-version-check 2026-04-20 10:25:25 [Info] [4972] Prepare stage2 2026-04-20 10:25:25 [Info] [4972] stage3: --windows-driver-version-check 2026-04-20 10:25:25 [Info] [4972] Loader after check 2026-04-20 10:25:27 [Info] [4972] Enter reuse wait state. 2026-04-20 10:25:30 [Info] [4972] recvmsg: EXIT 2026-04-20 10:25:30 [Info] [4972] Recv Exit Msg, Exit... 2026-04-20 10:29:36 [Info] [1072] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-20 10:29:36 [Info] [1072] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap274641776652176 2026-04-20 10:29:36 [Info] [1072] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-20 10:29:36 [Info] [1072] Resource monitor start 2026-04-20 10:29:36 [Info] [1072] ipc client init success 2026-04-20 10:29:36 [Info] [1072] Ipc init: 0 2026-04-20 10:29:36 [Info] [1072] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-20 10:29:36 [Info] [1072] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-20 10:29:36 [Info] [1072] start ipc thread id[4824] 2026-04-20 10:29:36 [Info] [1072] Connect Yundun ipc server return state is 0 2026-04-20 10:29:36 [Info] [1072] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-20 10:29:36 [Info] [1072] CResourceMonitor::run Enter 2026-04-20 10:29:36 [Info] [1072] CIpcMsgHandlerMgr::run Enter 2026-04-20 10:29:36 [Info] [1072] yundun connected 2026-04-20 10:29:36 [Info] [1072] Report thread 2026-04-20 10:29:36 [Info] [1072] Monitor thread 2026-04-20 10:29:36 [Info] [1072] Loader thread 2026-04-20 10:29:36 [Info] [1072] PythonEngineImpl Init... 2026-04-20 10:29:37 [Info] [1072] recvmsg: HELLO 2026-04-20 10:29:37 [Info] [1072] recvmsg: WORK 2026-04-20 10:29:37 [Info] [1072] no use encode, return to old mode 2026-04-20 10:29:37 [Info] [1072] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 10:29:37 [Info] [1072] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 10:29:37 [Info] [1072] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 10:29:37 [Info] [1072] log fd cnt is [250], real fd cnt is [274] 2026-04-20 10:29:38 [Info] [1072] log memory size is 20480KB, real memory size is 14216KB 2026-04-20 10:29:38 [Info] [1072] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 10:29:38 [Info] [1072] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-20 10:29:38 [Info] [1072] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-20 10:29:39 [Info] [1072] item: --tcp-connect-check 2026-04-20 10:29:39 [Info] [1072] cgroup name aegisRtap0 2026-04-20 10:29:39 [Info] [1072] try get sys version 2026-04-20 10:29:39 [Info] [1072] win sys info:2/10:0:3 2026-04-20 10:29:39 [Info] [1072] suit legal version, enable cpu control 2026-04-20 10:29:39 [Info] [1072] get AssignProcessToJobObject handle [00000478] 2026-04-20 10:29:39 [Info] [1072] Set setJobExtended. 2026-04-20 10:29:39 [Info] [1072] Set cpu [9%] 2026-04-20 10:29:39 [Info] [1072] Set cpu success 2026-04-20 10:29:39 [Info] [1072] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-20 10:29:39 [Info] [1072] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-20 10:29:39 [Info] [1072] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 10:29:40 [Info] [1072] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 10:29:40 [Info] [1072] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-04-20 10:29:40 [Info] [1072] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-04-20 10:29:40 [Info] [1072] Prepare stage1: --tcp-connect-check 2026-04-20 10:29:40 [Info] [1072] Prepare stage2 2026-04-20 10:29:41 [Warn] [1072] high cpu, cpu is 12 2026-04-20 10:29:41 [Warn] [1072] High CPU Warning: 12 2026-04-20 10:29:41 [Warn] [1072] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:tcp-connect-check.py line: 758 in func: getTcpDetailInfos File:tcp-connect-check.py line: 796 in func: check File:tcp-connect-check.py line: 144 in func: main File:tcp-connect-check.py line: 818 in func: start 2026-04-20 10:29:43 [Info] [1072] stage3: --tcp-connect-check 2026-04-20 10:29:43 [Info] [1072] Loader after check 2026-04-20 10:29:44 [Info] [1072] Enter reuse wait state. 2026-04-20 10:29:48 [Info] [1072] recvmsg: EXIT 2026-04-20 10:29:48 [Info] [1072] Recv Exit Msg, Exit... 2026-04-20 11:08:46 [Info] [916] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-20 11:08:46 [Info] [916] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap23701776654526 2026-04-20 11:08:46 [Info] [916] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-20 11:08:46 [Info] [916] Resource monitor start 2026-04-20 11:08:46 [Info] [916] ipc client init success 2026-04-20 11:08:46 [Info] [916] Ipc init: 0 2026-04-20 11:08:46 [Info] [916] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-20 11:08:46 [Info] [916] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-20 11:08:46 [Info] [916] start ipc thread id[4132] 2026-04-20 11:08:46 [Info] [916] Connect Yundun ipc server return state is 0 2026-04-20 11:08:46 [Info] [916] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-20 11:08:46 [Info] [916] CResourceMonitor::run Enter 2026-04-20 11:08:46 [Info] [916] CIpcMsgHandlerMgr::run Enter 2026-04-20 11:08:46 [Info] [916] Report thread 2026-04-20 11:08:46 [Info] [916] Monitor thread 2026-04-20 11:08:46 [Info] [916] Loader thread 2026-04-20 11:08:46 [Info] [916] PythonEngineImpl Init... 2026-04-20 11:08:46 [Info] [916] yundun connected 2026-04-20 11:08:47 [Info] [916] recvmsg: HELLO 2026-04-20 11:08:47 [Info] [916] recvmsg: WORK 2026-04-20 11:08:47 [Info] [916] no use encode, return to old mode 2026-04-20 11:08:47 [Info] [916] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 11:08:47 [Info] [916] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 11:08:47 [Info] [916] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 11:08:47 [Info] [916] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 11:08:48 [Info] [916] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-20 11:08:48 [Info] [916] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-20 11:08:48 [Info] [916] log fd cnt is [250], real fd cnt is [281] 2026-04-20 11:08:49 [Info] [916] item: --windows-autorun-item-check 2026-04-20 11:08:49 [Info] [916] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-20 11:08:49 [Info] [916] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-20 11:08:49 [Info] [916] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 11:08:49 [Info] [916] log memory size is 20480KB, real memory size is 14916KB 2026-04-20 11:08:49 [Info] [916] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 11:08:50 [Info] [916] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-04-20 11:08:50 [Info] [916] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-04-20 11:08:50 [Info] [916] Prepare stage1: --windows-autorun-item-check 2026-04-20 11:08:50 [Info] [916] Prepare stage2 2026-04-20 11:08:50 [Warn] [916] high cpu, cpu is 12 2026-04-20 11:08:50 [Info] [916] try get sys version 2026-04-20 11:08:50 [Info] [916] win sys info:2/10:0:3 2026-04-20 11:08:50 [Info] [916] suit legal version, enable cpu control 2026-04-20 11:08:50 [Warn] [916] High CPU Warning: 12 2026-04-20 11:08:51 [Warn] [916] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-autorun-item-check.py line: 220 in func: EnumRegKeyValue File:windows-autorun-item-check.py line: 258 in func: GetAutoRunByReg File:windows-autorun-item-check.py line: 500 in func: check File:windows-autorun-item-check.py line: 80 in func: main File:windows-autorun-item-check.py line: 534 in func: start 2026-04-20 11:08:54 [Info] [916] log memory size is 30720KB, real memory size is 22592KB 2026-04-20 11:09:00 [Info] [916] stage3: --windows-autorun-item-check 2026-04-20 11:09:00 [Info] [916] Loader after check 2026-04-20 11:09:01 [Info] [916] Enter reuse wait state. 2026-04-20 11:09:06 [Info] [916] recvmsg: EXIT 2026-04-20 11:09:06 [Info] [916] Recv Exit Msg, Exit... 2026-04-20 13:25:37 [Info] [4108] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-20 13:25:37 [Info] [4108] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap291281776662720 2026-04-20 13:25:37 [Info] [4108] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-20 13:25:37 [Info] [4108] Resource monitor start 2026-04-20 13:25:37 [Info] [4108] ipc client init success 2026-04-20 13:25:37 [Info] [4108] Ipc init: 0 2026-04-20 13:25:37 [Info] [4108] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-20 13:25:37 [Info] [4108] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-20 13:25:37 [Info] [4108] start ipc thread id[2692] 2026-04-20 13:25:37 [Info] [4108] Connect Yundun ipc server return state is 0 2026-04-20 13:25:37 [Info] [4108] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-20 13:25:37 [Info] [4108] CResourceMonitor::run Enter 2026-04-20 13:25:37 [Info] [4108] CIpcMsgHandlerMgr::run Enter 2026-04-20 13:25:37 [Info] [4108] Report thread 2026-04-20 13:25:37 [Info] [4108] Monitor thread 2026-04-20 13:25:37 [Info] [4108] Loader thread 2026-04-20 13:25:37 [Info] [4108] PythonEngineImpl Init... 2026-04-20 13:25:42 [Info] [4108] yundun connected 2026-04-20 13:25:42 [Info] [4108] recvmsg: HELLO 2026-04-20 13:25:42 [Info] [4108] recvmsg: WORK 2026-04-20 13:25:42 [Info] [4108] no use encode, return to old mode 2026-04-20 13:25:42 [Info] [4108] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 13:25:42 [Info] [4108] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 13:25:42 [Info] [4108] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 13:25:43 [Info] [4108] log fd cnt is [250], real fd cnt is [264] 2026-04-20 13:25:44 [Info] [4108] log memory size is 20480KB, real memory size is 13128KB 2026-04-20 13:26:06 [Warn] [4108] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-20 13:26:06 [Info] [4108] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-20 13:26:16 [Warn] [4108] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-20 13:26:26 [Warn] [4108] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-20 13:26:26 [Info] [4108] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 13:26:27 [Info] [4108] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-20 13:26:27 [Info] [4108] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-20 13:26:28 [Info] [4108] item: --windows-sysinfoext-check 2026-04-20 13:26:28 [Info] [4108] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-20 13:26:28 [Info] [4108] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-20 13:26:28 [Info] [4108] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 13:26:28 [Info] [4108] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 13:26:28 [Info] [4108] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-20 13:26:28 [Info] [4108] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-20 13:26:28 [Info] [4108] Prepare stage1: --windows-sysinfoext-check 2026-04-20 13:26:28 [Info] [4108] Prepare stage2 2026-04-20 13:26:29 [Info] [4108] log memory size is 30720KB, real memory size is 23124KB 2026-04-20 13:26:30 [Info] [4108] stage3: --windows-sysinfoext-check 2026-04-20 13:26:30 [Info] [4108] Loader after check 2026-04-20 13:26:31 [Info] [4108] Enter reuse wait state. 2026-04-20 13:26:35 [Info] [4108] recvmsg: EXIT 2026-04-20 13:26:35 [Info] [4108] Recv Exit Msg, Exit... 2026-04-20 18:05:13 [Info] [4232] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-20 18:05:13 [Info] [4232] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap184311776679513 2026-04-20 18:05:13 [Info] [4232] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-20 18:05:13 [Info] [4232] Resource monitor start 2026-04-20 18:05:13 [Info] [4232] ipc client init success 2026-04-20 18:05:13 [Info] [4232] Ipc init: 0 2026-04-20 18:05:13 [Info] [4232] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-20 18:05:13 [Info] [4232] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-20 18:05:13 [Info] [4232] start ipc thread id[4980] 2026-04-20 18:05:13 [Info] [4232] Connect Yundun ipc server return state is 0 2026-04-20 18:05:13 [Info] [4232] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-20 18:05:13 [Info] [4232] CResourceMonitor::run Enter 2026-04-20 18:05:13 [Info] [4232] CIpcMsgHandlerMgr::run Enter 2026-04-20 18:05:13 [Info] [4232] Report thread 2026-04-20 18:05:13 [Info] [4232] Monitor thread 2026-04-20 18:05:13 [Info] [4232] Loader thread 2026-04-20 18:05:13 [Info] [4232] PythonEngineImpl Init... 2026-04-20 18:05:13 [Info] [4232] yundun connected 2026-04-20 18:05:14 [Info] [4232] recvmsg: HELLO 2026-04-20 18:05:14 [Info] [4232] recvmsg: WORK 2026-04-20 18:05:14 [Info] [4232] no use encode, return to old mode 2026-04-20 18:05:14 [Info] [4232] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 18:05:14 [Info] [4232] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 18:05:14 [Info] [4232] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 18:05:14 [Info] [4232] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 18:05:14 [Info] [4232] log fd cnt is [250], real fd cnt is [282] 2026-04-20 18:05:14 [Info] [4232] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-20 18:05:14 [Info] [4232] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-20 18:05:15 [Info] [4232] log memory size is 20480KB, real memory size is 14816KB 2026-04-20 18:05:15 [Info] [4232] item: --secnet_rasp_agent 2026-04-20 18:05:15 [Info] [4232] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-20 18:05:16 [Info] [4232] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-20 18:05:16 [Info] [4232] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-04-20 18:05:16 [Info] [4232] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-20 18:05:16 [Info] [4232] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-04-20 18:05:16 [Info] [4232] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-04-20 18:05:16 [Info] [4232] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-04-20 18:05:16 [Info] [4232] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-04-20 18:05:16 [Info] [4232] Download redirect files success. 2026-04-20 18:05:16 [Info] [4232] Prepare stage1: --secnet_rasp_agent 2026-04-20 18:05:16 [Info] [4232] Prepare stage2 2026-04-20 18:05:16 [Info] [4232] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-20 18:05:16 [Info] [4232] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-20 18:05:16 [Info] [4232] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 18:05:16 [Info] [4232] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 18:05:17 [Info] [4232] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-04-20 18:05:17 [Info] [4232] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-20 18:05:17 [Info] [4232] stage3: --secnet_rasp_agent 2026-04-20 18:05:17 [Info] [4232] Loader after check 2026-04-20 18:05:18 [Info] [4232] Enter reuse wait state. 2026-04-20 18:05:19 [Info] [4232] log memory size is 30720KB, real memory size is 21404KB 2026-04-20 18:05:21 [Info] [4232] recvmsg: EXIT 2026-04-20 18:05:21 [Info] [4232] Recv Exit Msg, Exit... 2026-04-20 18:53:43 [Info] [488] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-20 18:53:43 [Info] [488] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap278811776682407 2026-04-20 18:53:43 [Info] [488] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-20 18:53:43 [Info] [488] Resource monitor start 2026-04-20 18:53:43 [Info] [488] ipc client init success 2026-04-20 18:53:43 [Info] [488] Ipc init: 0 2026-04-20 18:53:43 [Info] [488] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-20 18:53:43 [Info] [488] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-20 18:53:43 [Info] [488] start ipc thread id[2896] 2026-04-20 18:53:43 [Info] [488] Connect Yundun ipc server return state is 0 2026-04-20 18:53:43 [Info] [488] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-20 18:53:43 [Info] [488] CResourceMonitor::run Enter 2026-04-20 18:53:43 [Info] [488] CIpcMsgHandlerMgr::run Enter 2026-04-20 18:53:43 [Info] [488] Report thread 2026-04-20 18:53:43 [Info] [488] Monitor thread 2026-04-20 18:53:43 [Info] [488] Loader thread 2026-04-20 18:53:43 [Info] [488] PythonEngineImpl Init... 2026-04-20 18:53:43 [Info] [488] yundun connected 2026-04-20 18:53:49 [Info] [488] recvmsg: HELLO 2026-04-20 18:53:49 [Info] [488] recvmsg: WORK 2026-04-20 18:53:49 [Info] [488] no use encode, return to old mode 2026-04-20 18:53:49 [Info] [488] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 18:53:49 [Info] [488] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-20 18:53:49 [Info] [488] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 18:53:51 [Info] [488] log fd cnt is [250], real fd cnt is [264] 2026-04-20 18:53:52 [Info] [488] log memory size is 20480KB, real memory size is 13148KB 2026-04-20 18:53:54 [Info] [488] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-20 18:54:23 [Warn] [488] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-20 18:54:33 [Warn] [488] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-20 18:54:33 [Info] [488] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 18:54:34 [Info] [488] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-20 18:54:34 [Info] [488] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-20 18:54:35 [Info] [488] item: --windows-sysinfoext-check 2026-04-20 18:54:35 [Info] [488] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-20 18:54:35 [Info] [488] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-20 18:54:35 [Info] [488] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-20 18:54:35 [Info] [488] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-20 18:54:35 [Info] [488] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-20 18:54:35 [Info] [488] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-20 18:54:35 [Info] [488] Prepare stage1: --windows-sysinfoext-check 2026-04-20 18:54:35 [Info] [488] Prepare stage2 2026-04-20 18:54:36 [Info] [488] log memory size is 30720KB, real memory size is 23100KB 2026-04-20 18:54:37 [Info] [488] stage3: --windows-sysinfoext-check 2026-04-20 18:54:37 [Info] [488] Loader after check 2026-04-20 18:54:37 [Warn] [488] high cpu, cpu is 18 2026-04-20 18:54:37 [Info] [488] try get sys version 2026-04-20 18:54:37 [Info] [488] win sys info:2/10:0:3 2026-04-20 18:54:37 [Info] [488] suit legal version, enable cpu control 2026-04-20 18:54:37 [Warn] [488] High CPU Warning: 18 2026-04-20 18:54:37 [Warn] [488] resource monitor exp type: High CPU Warning, script runing: 0 2026-04-20 18:54:38 [Info] [488] Enter reuse wait state. 2026-04-20 18:54:42 [Info] [488] recvmsg: EXIT 2026-04-20 18:54:42 [Info] [488] Recv Exit Msg, Exit... 2026-04-27 01:45:53 [Info] [4240] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-27 01:45:53 [Info] [4240] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap320961777225553 2026-04-27 01:45:53 [Info] [4240] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-27 01:45:53 [Info] [4240] Resource monitor start 2026-04-27 01:45:53 [Info] [4240] ipc client init success 2026-04-27 01:45:53 [Info] [4240] Ipc init: 0 2026-04-27 01:45:53 [Info] [4240] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-27 01:45:53 [Info] [4240] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-27 01:45:53 [Info] [4240] start ipc thread id[4456] 2026-04-27 01:45:53 [Info] [4240] Connect Yundun ipc server return state is 0 2026-04-27 01:45:53 [Info] [4240] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-27 01:45:53 [Info] [4240] CResourceMonitor::run Enter 2026-04-27 01:45:53 [Info] [4240] CIpcMsgHandlerMgr::run Enter 2026-04-27 01:45:53 [Info] [4240] Report thread 2026-04-27 01:45:53 [Info] [4240] Monitor thread 2026-04-27 01:45:53 [Info] [4240] Loader thread 2026-04-27 01:45:53 [Info] [4240] PythonEngineImpl Init... 2026-04-27 01:45:53 [Info] [4240] yundun connected 2026-04-27 01:45:53 [Info] [4240] recvmsg: HELLO 2026-04-27 01:45:53 [Info] [4240] recvmsg: WORK 2026-04-27 01:45:53 [Info] [4240] no use encode, return to old mode 2026-04-27 01:45:53 [Info] [4240] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 01:45:53 [Info] [4240] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 01:45:53 [Info] [4240] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 01:45:54 [Info] [4240] log fd cnt is [250], real fd cnt is [282] 2026-04-27 01:45:54 [Info] [4240] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 01:45:54 [Info] [4240] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-27 01:45:54 [Info] [4240] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-27 01:45:55 [Info] [4240] log memory size is 20480KB, real memory size is 14816KB 2026-04-27 01:45:55 [Info] [4240] item: --sca 2026-04-27 01:45:55 [Info] [4240] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-27 01:45:55 [Info] [4240] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-27 01:45:55 [Info] [4240] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-04-27 01:45:55 [Info] [4240] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-04-27 01:45:55 [Info] [4240] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-04-27 01:45:55 [Info] [4240] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-04-27 01:45:56 [Info] [4240] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-04-27 01:45:56 [Info] [4240] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-04-27 01:45:56 [Info] [4240] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-04-27 01:45:56 [Info] [4240] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-04-27 01:45:56 [Info] [4240] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-04-27 01:45:56 [Info] [4240] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-04-27 01:45:56 [Info] [4240] Download redirect files success. 2026-04-27 01:45:56 [Info] [4240] Prepare stage1: --sca 2026-04-27 01:45:56 [Info] [4240] Prepare stage2 2026-04-27 01:45:58 [Warn] [4240] high cpu, cpu is 27 2026-04-27 01:45:58 [Info] [4240] try get sys version 2026-04-27 01:45:58 [Info] [4240] win sys info:2/10:0:3 2026-04-27 01:45:58 [Info] [4240] suit legal version, enable cpu control 2026-04-27 01:45:58 [Warn] [4240] High CPU Warning: 27 2026-04-27 01:45:58 [Warn] [4240] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-27 01:45:59 [Info] [4240] log memory size is 30720KB, real memory size is 32668KB 2026-04-27 01:46:03 [Info] [4240] log memory size is 40960KB, real memory size is 33156KB 2026-04-27 01:46:31 [Warn] [4240] high cpu, cpu is 14 2026-04-27 01:46:31 [Warn] [4240] High CPU Warning: 14 2026-04-27 01:46:31 [Warn] [4240] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:sca.py line: 213 in func: init_analyzer File:sca.py line: 390 in func: start 2026-04-27 01:46:32 [Info] [4240] stage3: --sca 2026-04-27 01:46:32 [Info] [4240] Loader after check 2026-04-27 01:46:33 [Info] [4240] Enter reuse wait state. 2026-04-27 01:46:37 [Info] [4240] recvmsg: EXIT 2026-04-27 01:46:37 [Info] [4240] Recv Exit Msg, Exit... 2026-04-27 04:04:10 [Info] [4036] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-27 04:04:10 [Info] [4036] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap263961777233842 2026-04-27 04:04:10 [Info] [4036] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-27 04:04:15 [Info] [4036] Resource monitor start 2026-04-27 04:04:15 [Info] [4036] ipc client init success 2026-04-27 04:04:15 [Info] [4036] Ipc init: 0 2026-04-27 04:04:15 [Info] [4036] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-27 04:04:15 [Info] [4036] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-27 04:04:20 [Info] [4036] CIpcMsgHandlerMgr::run Enter 2026-04-27 04:04:20 [Info] [4036] CResourceMonitor::run Enter 2026-04-27 04:04:20 [Info] [4036] start ipc thread id[92] 2026-04-27 04:04:20 [Info] [4036] Connect Yundun ipc server return state is 0 2026-04-27 04:04:20 [Info] [4036] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-27 04:04:21 [Info] [4036] log fd cnt is [250], real fd cnt is [242] 2026-04-27 04:04:25 [Info] [4036] Loader thread 2026-04-27 04:04:25 [Info] [4036] PythonEngineImpl Init... 2026-04-27 04:04:25 [Info] [4036] Monitor thread 2026-04-27 04:04:25 [Info] [4036] Report thread 2026-04-27 04:04:25 [Info] [4036] yundun connected 2026-04-27 04:04:25 [Info] [4036] recvmsg: HELLO 2026-04-27 04:04:25 [Info] [4036] recvmsg: WORK 2026-04-27 04:04:25 [Info] [4036] no use encode, return to old mode 2026-04-27 04:04:25 [Info] [4036] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 04:04:25 [Info] [4036] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 04:04:25 [Info] [4036] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 04:04:26 [Info] [4036] log memory size is 20480KB, real memory size is 13148KB 2026-04-27 04:04:47 [Warn] [4036] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-27 04:04:57 [Warn] [4036] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-27 04:05:05 [Info] [4036] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-27 04:05:07 [Warn] [4036] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-27 04:05:07 [Info] [4036] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 04:05:08 [Info] [4036] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-27 04:05:08 [Info] [4036] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-27 04:05:09 [Info] [4036] item: --windows-sysinfoext-check 2026-04-27 04:05:09 [Info] [4036] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-27 04:05:09 [Info] [4036] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-27 04:05:09 [Info] [4036] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 04:05:09 [Info] [4036] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 04:05:09 [Info] [4036] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-27 04:05:09 [Info] [4036] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-27 04:05:09 [Info] [4036] Prepare stage1: --windows-sysinfoext-check 2026-04-27 04:05:09 [Info] [4036] Prepare stage2 2026-04-27 04:05:09 [Warn] [4036] high cpu, cpu is 18 2026-04-27 04:05:09 [Info] [4036] try get sys version 2026-04-27 04:05:09 [Info] [4036] win sys info:2/10:0:3 2026-04-27 04:05:09 [Info] [4036] suit legal version, enable cpu control 2026-04-27 04:05:09 [Warn] [4036] High CPU Warning: 18 2026-04-27 04:05:09 [Warn] [4036] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:utf_8.py line: 8 in func: <module> File:__init__.py line: 100 in func: search_function File:windows-sysinfoext-check.py line: 169 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-04-27 04:05:10 [Info] [4036] log memory size is 30720KB, real memory size is 23188KB 2026-04-27 04:05:11 [Info] [4036] stage3: --windows-sysinfoext-check 2026-04-27 04:05:11 [Info] [4036] Loader after check 2026-04-27 04:05:11 [Warn] [4036] high cpu, cpu is 13 2026-04-27 04:05:11 [Warn] [4036] High CPU Warning: 13 2026-04-27 04:05:12 [Info] [4036] Enter reuse wait state. 2026-04-27 04:05:17 [Info] [4036] recvmsg: EXIT 2026-04-27 04:05:17 [Info] [4036] Recv Exit Msg, Exit... 2026-04-27 07:45:22 [Info] [2344] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-27 07:45:22 [Info] [2344] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap42241777247121 2026-04-27 07:45:22 [Info] [2344] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-27 07:45:22 [Info] [2344] Resource monitor start 2026-04-27 07:45:22 [Info] [2344] ipc client init success 2026-04-27 07:45:22 [Info] [2344] Ipc init: 0 2026-04-27 07:45:22 [Info] [2344] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-27 07:45:22 [Info] [2344] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-27 07:45:22 [Info] [2344] start ipc thread id[4168] 2026-04-27 07:45:22 [Info] [2344] Connect Yundun ipc server return state is 0 2026-04-27 07:45:22 [Info] [2344] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-27 07:45:22 [Info] [2344] CResourceMonitor::run Enter 2026-04-27 07:45:22 [Info] [2344] CIpcMsgHandlerMgr::run Enter 2026-04-27 07:45:22 [Info] [2344] yundun connected 2026-04-27 07:45:22 [Info] [2344] Report thread 2026-04-27 07:45:22 [Info] [2344] Monitor thread 2026-04-27 07:45:22 [Info] [2344] Loader thread 2026-04-27 07:45:22 [Info] [2344] PythonEngineImpl Init... 2026-04-27 07:45:22 [Info] [2344] recvmsg: HELLO 2026-04-27 07:45:23 [Info] [2344] recvmsg: WORK 2026-04-27 07:45:23 [Info] [2344] no use encode, return to old mode 2026-04-27 07:45:23 [Info] [2344] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 07:45:23 [Info] [2344] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 07:45:23 [Info] [2344] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 07:45:23 [Info] [2344] log fd cnt is [250], real fd cnt is [264] 2026-04-27 07:45:25 [Info] [2344] log memory size is 20480KB, real memory size is 13644KB 2026-04-27 07:45:25 [Info] [2344] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 07:45:26 [Info] [2344] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-27 07:45:26 [Info] [2344] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-27 07:45:28 [Info] [2344] item: --windows-vul-clean 2026-04-27 07:45:28 [Info] [2344] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-27 07:45:28 [Info] [2344] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-27 07:45:28 [Info] [2344] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 07:45:28 [Info] [2344] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 07:45:29 [Info] [2344] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-04-27 07:45:29 [Info] [2344] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-04-27 07:45:29 [Info] [2344] Prepare stage1: --windows-vul-clean 2026-04-27 07:45:29 [Info] [2344] Prepare stage2 2026-04-27 07:45:29 [Info] [2344] stage3: --windows-vul-clean 2026-04-27 07:45:29 [Info] [2344] Loader after check 2026-04-27 07:45:30 [Info] [2344] Enter reuse wait state. 2026-04-27 07:45:33 [Info] [2344] recvmsg: EXIT 2026-04-27 07:45:33 [Info] [2344] Recv Exit Msg, Exit... 2026-04-27 08:44:20 [Info] [4404] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-27 08:44:20 [Info] [4404] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap157811777250660 2026-04-27 08:44:20 [Info] [4404] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-27 08:44:20 [Info] [4404] Resource monitor start 2026-04-27 08:44:20 [Info] [4404] ipc client init success 2026-04-27 08:44:20 [Info] [4404] Ipc init: 0 2026-04-27 08:44:20 [Info] [4404] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-27 08:44:20 [Info] [4404] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-27 08:44:20 [Info] [4404] start ipc thread id[2012] 2026-04-27 08:44:20 [Info] [4404] Connect Yundun ipc server return state is 0 2026-04-27 08:44:20 [Info] [4404] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-27 08:44:20 [Info] [4404] CResourceMonitor::run Enter 2026-04-27 08:44:20 [Info] [4404] CIpcMsgHandlerMgr::run Enter 2026-04-27 08:44:20 [Info] [4404] Report thread 2026-04-27 08:44:20 [Info] [4404] Monitor thread 2026-04-27 08:44:20 [Info] [4404] Loader thread 2026-04-27 08:44:20 [Info] [4404] PythonEngineImpl Init... 2026-04-27 08:44:20 [Info] [4404] yundun connected 2026-04-27 08:44:21 [Info] [4404] recvmsg: HELLO 2026-04-27 08:44:21 [Info] [4404] recvmsg: WORK 2026-04-27 08:44:21 [Info] [4404] no use encode, return to old mode 2026-04-27 08:44:21 [Info] [4404] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 08:44:21 [Info] [4404] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 08:44:21 [Info] [4404] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 08:44:21 [Info] [4404] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 08:44:21 [Info] [4404] log fd cnt is [250], real fd cnt is [282] 2026-04-27 08:44:21 [Info] [4404] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-27 08:44:21 [Info] [4404] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-27 08:44:22 [Info] [4404] log memory size is 20480KB, real memory size is 14640KB 2026-04-27 08:44:23 [Info] [4404] item: --windows-process-check 2026-04-27 08:44:23 [Info] [4404] cgroup name aegisRtap0 2026-04-27 08:44:23 [Info] [4404] try get sys version 2026-04-27 08:44:23 [Info] [4404] win sys info:2/10:0:3 2026-04-27 08:44:23 [Info] [4404] suit legal version, enable cpu control 2026-04-27 08:44:23 [Info] [4404] get AssignProcessToJobObject handle [00000478] 2026-04-27 08:44:23 [Info] [4404] Set setJobExtended. 2026-04-27 08:44:23 [Info] [4404] Set cpu [9%] 2026-04-27 08:44:23 [Info] [4404] Set cpu success 2026-04-27 08:44:23 [Info] [4404] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-27 08:44:23 [Info] [4404] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-27 08:44:23 [Info] [4404] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 08:44:24 [Info] [4404] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 08:44:24 [Info] [4404] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-04-27 08:44:24 [Info] [4404] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-04-27 08:44:24 [Info] [4404] Prepare stage1: --windows-process-check 2026-04-27 08:44:24 [Info] [4404] Prepare stage2 2026-04-27 08:44:27 [Info] [4404] log memory size is 30720KB, real memory size is 20604KB 2026-04-27 08:44:45 [Info] [4404] stage3: --windows-process-check 2026-04-27 08:44:45 [Info] [4404] Loader after check 2026-04-27 08:44:46 [Info] [4404] Enter reuse wait state. 2026-04-27 08:44:47 [Info] [4404] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-27 08:44:48 [Info] [4404] recvmsg: EXIT 2026-04-27 08:44:48 [Info] [4404] Recv Exit Msg, Exit... 2026-04-27 09:33:03 [Info] [2432] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-27 09:33:03 [Info] [2432] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap252901777253572 2026-04-27 09:33:03 [Info] [2432] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-27 09:33:03 [Info] [2432] Resource monitor start 2026-04-27 09:33:03 [Info] [2432] ipc client init success 2026-04-27 09:33:03 [Info] [2432] Ipc init: 0 2026-04-27 09:33:03 [Info] [2432] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-27 09:33:03 [Info] [2432] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-27 09:33:03 [Info] [2432] start ipc thread id[176] 2026-04-27 09:33:03 [Info] [2432] Connect Yundun ipc server return state is 0 2026-04-27 09:33:03 [Info] [2432] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-27 09:33:03 [Info] [2432] CResourceMonitor::run Enter 2026-04-27 09:33:03 [Info] [2432] CIpcMsgHandlerMgr::run Enter 2026-04-27 09:33:03 [Info] [2432] yundun connected 2026-04-27 09:33:03 [Info] [2432] Report thread 2026-04-27 09:33:03 [Info] [2432] Monitor thread 2026-04-27 09:33:03 [Info] [2432] Loader thread 2026-04-27 09:33:03 [Info] [2432] PythonEngineImpl Init... 2026-04-27 09:33:09 [Info] [2432] recvmsg: HELLO 2026-04-27 09:33:09 [Info] [2432] recvmsg: WORK 2026-04-27 09:33:09 [Info] [2432] no use encode, return to old mode 2026-04-27 09:33:09 [Info] [2432] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 09:33:09 [Info] [2432] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 09:33:09 [Info] [2432] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 09:33:11 [Info] [2432] log fd cnt is [250], real fd cnt is [264] 2026-04-27 09:33:12 [Info] [2432] log memory size is 20480KB, real memory size is 13148KB 2026-04-27 09:33:42 [Warn] [2432] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-27 09:33:52 [Warn] [2432] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 7 2026-04-27 09:33:53 [Info] [2432] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 09:33:53 [Info] [2432] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-27 09:33:53 [Info] [2432] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-27 09:33:54 [Info] [2432] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-27 09:33:55 [Info] [2432] item: --windows-sysinfoext-check 2026-04-27 09:33:55 [Info] [2432] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-27 09:33:55 [Info] [2432] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-27 09:33:55 [Info] [2432] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 09:33:55 [Info] [2432] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 09:33:55 [Info] [2432] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-27 09:33:55 [Info] [2432] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-27 09:33:55 [Info] [2432] Prepare stage1: --windows-sysinfoext-check 2026-04-27 09:33:55 [Info] [2432] Prepare stage2 2026-04-27 09:33:57 [Info] [2432] log memory size is 30720KB, real memory size is 23092KB 2026-04-27 09:33:59 [Info] [2432] stage3: --windows-sysinfoext-check 2026-04-27 09:33:59 [Info] [2432] Loader after check 2026-04-27 09:34:00 [Info] [2432] Enter reuse wait state. 2026-04-27 09:34:03 [Info] [2432] recvmsg: EXIT 2026-04-27 09:34:03 [Info] [2432] Recv Exit Msg, Exit... 2026-04-27 10:25:24 [Info] [1244] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-27 10:25:24 [Info] [1244] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap28151777256724 2026-04-27 10:25:24 [Info] [1244] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-27 10:25:24 [Info] [1244] Resource monitor start 2026-04-27 10:25:24 [Info] [1244] ipc client init success 2026-04-27 10:25:24 [Info] [1244] Ipc init: 0 2026-04-27 10:25:24 [Info] [1244] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-27 10:25:24 [Info] [1244] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-27 10:25:24 [Info] [1244] start ipc thread id[3316] 2026-04-27 10:25:24 [Info] [1244] Connect Yundun ipc server return state is 0 2026-04-27 10:25:24 [Info] [1244] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-27 10:25:24 [Info] [1244] CResourceMonitor::run Enter 2026-04-27 10:25:24 [Info] [1244] CIpcMsgHandlerMgr::run Enter 2026-04-27 10:25:24 [Info] [1244] Report thread 2026-04-27 10:25:24 [Info] [1244] Monitor thread 2026-04-27 10:25:24 [Info] [1244] Loader thread 2026-04-27 10:25:24 [Info] [1244] PythonEngineImpl Init... 2026-04-27 10:25:24 [Info] [1244] yundun connected 2026-04-27 10:25:24 [Info] [1244] recvmsg: HELLO 2026-04-27 10:25:24 [Info] [1244] recvmsg: WORK 2026-04-27 10:25:24 [Info] [1244] no use encode, return to old mode 2026-04-27 10:25:24 [Info] [1244] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 10:25:24 [Info] [1244] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 10:25:24 [Info] [1244] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 10:25:25 [Info] [1244] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 10:25:25 [Info] [1244] log fd cnt is [250], real fd cnt is [282] 2026-04-27 10:25:25 [Info] [1244] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-27 10:25:25 [Info] [1244] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-27 10:25:26 [Info] [1244] log memory size is 20480KB, real memory size is 14804KB 2026-04-27 10:25:26 [Info] [1244] item: --windows-schedule-task-check 2026-04-27 10:25:26 [Info] [1244] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-27 10:25:26 [Info] [1244] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-27 10:25:26 [Info] [1244] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 10:25:26 [Info] [1244] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 10:25:26 [Info] [1244] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-04-27 10:25:26 [Info] [1244] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-04-27 10:25:27 [Info] [1244] Prepare stage1: --windows-schedule-task-check 2026-04-27 10:25:27 [Info] [1244] Prepare stage2 2026-04-27 10:25:27 [Warn] [1244] high cpu, cpu is 12 2026-04-27 10:25:27 [Info] [1244] try get sys version 2026-04-27 10:25:27 [Info] [1244] win sys info:2/10:0:3 2026-04-27 10:25:27 [Info] [1244] suit legal version, enable cpu control 2026-04-27 10:25:27 [Warn] [1244] High CPU Warning: 12 2026-04-27 10:25:27 [Warn] [1244] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:<COMObject <unknown>> line: 2 in func: GetTasks File:windows-schedule-task-check.py line: 347 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 372 in func: GetScheduleTaskByCom File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks File:windows-schedule-task-check.py line: 425 in func: check File:windows-schedule-task-check.py line: 61 in func: main File:windows-schedule-task-check.py line: 433 in func: start 2026-04-27 10:25:30 [Info] [1244] log memory size is 30720KB, real memory size is 23636KB 2026-04-27 10:25:30 [Info] [1244] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-27 10:25:33 [Info] [4960] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-27 10:25:33 [Info] [4960] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap28441777256733 2026-04-27 10:25:33 [Info] [4960] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-27 10:25:33 [Info] [4960] Resource monitor start 2026-04-27 10:25:33 [Info] [4960] ipc client init success 2026-04-27 10:25:33 [Info] [4960] Ipc init: 0 2026-04-27 10:25:33 [Info] [4960] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-27 10:25:33 [Info] [4960] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-27 10:25:33 [Info] [4960] start ipc thread id[92] 2026-04-27 10:25:33 [Info] [4960] Connect Yundun ipc server return state is 0 2026-04-27 10:25:33 [Info] [4960] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-27 10:25:33 [Info] [4960] CResourceMonitor::run Enter 2026-04-27 10:25:33 [Info] [4960] CIpcMsgHandlerMgr::run Enter 2026-04-27 10:25:33 [Info] [4960] Report thread 2026-04-27 10:25:33 [Info] [4960] Monitor thread 2026-04-27 10:25:33 [Info] [4960] Loader thread 2026-04-27 10:25:33 [Info] [4960] PythonEngineImpl Init... 2026-04-27 10:25:33 [Info] [4960] yundun connected 2026-04-27 10:25:33 [Info] [4960] recvmsg: HELLO 2026-04-27 10:25:34 [Info] [4960] recvmsg: WORK 2026-04-27 10:25:34 [Info] [4960] no use encode, return to old mode 2026-04-27 10:25:34 [Info] [4960] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 10:25:34 [Info] [4960] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 10:25:34 [Info] [4960] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 10:25:34 [Info] [4960] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 10:25:34 [Info] [4960] log fd cnt is [250], real fd cnt is [282] 2026-04-27 10:25:34 [Info] [4960] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-27 10:25:34 [Info] [4960] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-27 10:25:35 [Info] [4960] log memory size is 20480KB, real memory size is 14832KB 2026-04-27 10:25:35 [Info] [4960] item: --windows-registry-check 2026-04-27 10:25:35 [Info] [4960] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-27 10:25:35 [Info] [4960] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-27 10:25:35 [Info] [4960] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 10:25:35 [Info] [4960] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 10:25:35 [Info] [4960] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-04-27 10:25:35 [Info] [4960] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-04-27 10:25:36 [Info] [4960] Prepare stage1: --windows-registry-check 2026-04-27 10:25:36 [Info] [4960] Prepare stage2 2026-04-27 10:25:58 [Info] [1244] stage3: --windows-schedule-task-check 2026-04-27 10:25:58 [Info] [1244] Loader after check 2026-04-27 10:25:59 [Info] [1244] Enter reuse wait state. 2026-04-27 10:26:01 [Info] [1244] recvmsg: EXIT 2026-04-27 10:26:01 [Info] [1244] Recv Exit Msg, Exit... 2026-04-27 10:26:04 [Info] [4960] stage3: --windows-registry-check 2026-04-27 10:26:04 [Info] [4960] Loader after check 2026-04-27 10:26:05 [Info] [4960] Enter reuse wait state. 2026-04-27 10:26:07 [Info] [4960] recvmsg: EXIT 2026-04-27 10:26:07 [Info] [4960] Recv Exit Msg, Exit... 2026-04-27 10:26:27 [Info] [4204] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-27 10:26:27 [Info] [4204] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap30211777256787 2026-04-27 10:26:27 [Info] [4204] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-27 10:26:27 [Info] [4204] Resource monitor start 2026-04-27 10:26:27 [Info] [4204] ipc client init success 2026-04-27 10:26:27 [Info] [4204] Ipc init: 0 2026-04-27 10:26:27 [Info] [4204] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-27 10:26:27 [Info] [4204] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-27 10:26:27 [Info] [4204] start ipc thread id[3080] 2026-04-27 10:26:27 [Info] [4204] Connect Yundun ipc server return state is 0 2026-04-27 10:26:27 [Info] [4204] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-27 10:26:27 [Info] [4204] CResourceMonitor::run Enter 2026-04-27 10:26:27 [Info] [4204] CIpcMsgHandlerMgr::run Enter 2026-04-27 10:26:27 [Info] [4204] Report thread 2026-04-27 10:26:27 [Info] [4204] Monitor thread 2026-04-27 10:26:27 [Info] [4204] Loader thread 2026-04-27 10:26:27 [Info] [4204] PythonEngineImpl Init... 2026-04-27 10:26:27 [Info] [4204] yundun connected 2026-04-27 10:26:27 [Info] [4204] recvmsg: HELLO 2026-04-27 10:26:27 [Info] [4204] recvmsg: WORK 2026-04-27 10:26:27 [Info] [4204] no use encode, return to old mode 2026-04-27 10:26:27 [Info] [4204] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 10:26:27 [Info] [4204] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 10:26:27 [Info] [4204] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 10:26:28 [Info] [4204] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 10:26:28 [Info] [4204] log fd cnt is [250], real fd cnt is [282] 2026-04-27 10:26:28 [Info] [4204] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-27 10:26:28 [Info] [4204] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-27 10:26:29 [Info] [4204] log memory size is 20480KB, real memory size is 14824KB 2026-04-27 10:26:29 [Info] [4204] item: --windows-driver-version-check 2026-04-27 10:26:29 [Info] [4204] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-27 10:26:29 [Info] [4204] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-27 10:26:29 [Info] [4204] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 10:26:29 [Info] [4204] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 10:26:29 [Info] [4204] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-04-27 10:26:29 [Info] [4204] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-04-27 10:26:29 [Info] [4204] Prepare stage1: --windows-driver-version-check 2026-04-27 10:26:29 [Info] [4204] Prepare stage2 2026-04-27 10:26:30 [Info] [4204] stage3: --windows-driver-version-check 2026-04-27 10:26:30 [Info] [4204] Loader after check 2026-04-27 10:26:31 [Info] [4204] Enter reuse wait state. 2026-04-27 10:26:34 [Info] [4204] recvmsg: EXIT 2026-04-27 10:26:34 [Info] [4204] Recv Exit Msg, Exit... 2026-04-27 10:32:37 [Info] [2952] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-27 10:32:37 [Info] [2952] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap42291777257157 2026-04-27 10:32:37 [Info] [2952] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-27 10:32:37 [Info] [2952] Resource monitor start 2026-04-27 10:32:37 [Info] [2952] ipc client init success 2026-04-27 10:32:37 [Info] [2952] Ipc init: 0 2026-04-27 10:32:37 [Info] [2952] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-27 10:32:37 [Info] [2952] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-27 10:32:37 [Info] [2952] start ipc thread id[3988] 2026-04-27 10:32:37 [Info] [2952] Connect Yundun ipc server return state is 0 2026-04-27 10:32:37 [Info] [2952] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-27 10:32:37 [Info] [2952] CResourceMonitor::run Enter 2026-04-27 10:32:37 [Info] [2952] CIpcMsgHandlerMgr::run Enter 2026-04-27 10:32:37 [Info] [2952] Report thread 2026-04-27 10:32:37 [Info] [2952] Monitor thread 2026-04-27 10:32:37 [Info] [2952] Loader thread 2026-04-27 10:32:37 [Info] [2952] PythonEngineImpl Init... 2026-04-27 10:32:37 [Info] [2952] yundun connected 2026-04-27 10:32:38 [Info] [2952] recvmsg: HELLO 2026-04-27 10:32:38 [Info] [2952] recvmsg: WORK 2026-04-27 10:32:38 [Info] [2952] no use encode, return to old mode 2026-04-27 10:32:38 [Info] [2952] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 10:32:38 [Info] [2952] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 10:32:38 [Info] [2952] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 10:32:38 [Info] [2952] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 10:32:38 [Info] [2952] log fd cnt is [250], real fd cnt is [286] 2026-04-27 10:32:39 [Info] [2952] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-27 10:32:39 [Info] [2952] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-27 10:32:39 [Info] [2952] log memory size is 20480KB, real memory size is 14816KB 2026-04-27 10:32:40 [Info] [2952] item: --tcp-connect-check 2026-04-27 10:32:40 [Info] [2952] cgroup name aegisRtap0 2026-04-27 10:32:40 [Info] [2952] try get sys version 2026-04-27 10:32:40 [Info] [2952] win sys info:2/10:0:3 2026-04-27 10:32:40 [Info] [2952] suit legal version, enable cpu control 2026-04-27 10:32:40 [Info] [2952] get AssignProcessToJobObject handle [00000478] 2026-04-27 10:32:40 [Info] [2952] Set setJobExtended. 2026-04-27 10:32:40 [Info] [2952] Set cpu [9%] 2026-04-27 10:32:40 [Info] [2952] Set cpu success 2026-04-27 10:32:40 [Info] [2952] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-27 10:32:40 [Info] [2952] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-27 10:32:40 [Info] [2952] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 10:32:40 [Info] [2952] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 10:32:40 [Info] [2952] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-04-27 10:32:40 [Info] [2952] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-04-27 10:32:40 [Info] [2952] Prepare stage1: --tcp-connect-check 2026-04-27 10:32:40 [Info] [2952] Prepare stage2 2026-04-27 10:32:43 [Info] [2952] stage3: --tcp-connect-check 2026-04-27 10:32:43 [Info] [2952] Loader after check 2026-04-27 10:32:44 [Info] [2952] Enter reuse wait state. 2026-04-27 10:32:49 [Info] [2952] recvmsg: EXIT 2026-04-27 10:32:49 [Info] [2952] Recv Exit Msg, Exit... 2026-04-27 11:09:10 [Info] [804] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-27 11:09:10 [Info] [804] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap113901777259350 2026-04-27 11:09:10 [Info] [804] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-27 11:09:10 [Info] [804] Resource monitor start 2026-04-27 11:09:10 [Info] [804] ipc client init success 2026-04-27 11:09:10 [Info] [804] Ipc init: 0 2026-04-27 11:09:10 [Info] [804] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-27 11:09:10 [Info] [804] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-27 11:09:10 [Info] [804] start ipc thread id[168] 2026-04-27 11:09:10 [Info] [804] Connect Yundun ipc server return state is 0 2026-04-27 11:09:10 [Info] [804] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-27 11:09:10 [Info] [804] CResourceMonitor::run Enter 2026-04-27 11:09:10 [Info] [804] CIpcMsgHandlerMgr::run Enter 2026-04-27 11:09:10 [Info] [804] Report thread 2026-04-27 11:09:10 [Info] [804] Monitor thread 2026-04-27 11:09:10 [Info] [804] Loader thread 2026-04-27 11:09:10 [Info] [804] PythonEngineImpl Init... 2026-04-27 11:09:10 [Info] [804] yundun connected 2026-04-27 11:09:11 [Info] [804] recvmsg: HELLO 2026-04-27 11:09:11 [Info] [804] recvmsg: WORK 2026-04-27 11:09:11 [Info] [804] no use encode, return to old mode 2026-04-27 11:09:11 [Info] [804] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 11:09:11 [Info] [804] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 11:09:11 [Info] [804] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 11:09:11 [Info] [804] log fd cnt is [250], real fd cnt is [274] 2026-04-27 11:09:13 [Info] [804] log memory size is 20480KB, real memory size is 13528KB 2026-04-27 11:09:13 [Info] [804] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 11:09:13 [Info] [804] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-27 11:09:13 [Info] [804] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-27 11:09:15 [Info] [804] item: --windows-autorun-item-check 2026-04-27 11:09:15 [Info] [804] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-27 11:09:15 [Info] [804] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-27 11:09:15 [Info] [804] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 11:09:15 [Info] [804] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 11:09:15 [Info] [804] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-04-27 11:09:15 [Info] [804] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-04-27 11:09:15 [Info] [804] Prepare stage1: --windows-autorun-item-check 2026-04-27 11:09:15 [Info] [804] Prepare stage2 2026-04-27 11:09:16 [Warn] [804] high cpu, cpu is 13 2026-04-27 11:09:16 [Info] [804] try get sys version 2026-04-27 11:09:16 [Info] [804] win sys info:2/10:0:3 2026-04-27 11:09:16 [Info] [804] suit legal version, enable cpu control 2026-04-27 11:09:16 [Warn] [804] High CPU Warning: 13 2026-04-27 11:09:16 [Warn] [804] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-autorun-item-check.py line: 220 in func: EnumRegKeyValue File:windows-autorun-item-check.py line: 262 in func: GetAutoRunByReg File:windows-autorun-item-check.py line: 500 in func: check File:windows-autorun-item-check.py line: 80 in func: main File:windows-autorun-item-check.py line: 534 in func: start 2026-04-27 11:09:17 [Info] [804] log memory size is 30720KB, real memory size is 22608KB 2026-04-27 11:09:25 [Info] [804] stage3: --windows-autorun-item-check 2026-04-27 11:09:25 [Info] [804] Loader after check 2026-04-27 11:09:26 [Info] [804] Enter reuse wait state. 2026-04-27 11:09:30 [Info] [804] recvmsg: EXIT 2026-04-27 11:09:30 [Info] [804] Recv Exit Msg, Exit... 2026-04-27 15:03:28 [Info] [4168] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-27 15:03:28 [Info] [4168] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap243411777273350 2026-04-27 15:03:28 [Info] [4168] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-27 15:03:29 [Info] [4168] Resource monitor start 2026-04-27 15:03:29 [Info] [4168] ipc client init success 2026-04-27 15:03:29 [Info] [4168] Ipc init: 0 2026-04-27 15:03:29 [Info] [4168] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-27 15:03:29 [Info] [4168] CResourceMonitor::run Enter 2026-04-27 15:03:29 [Info] [4168] CIpcMsgHandlerMgr::run Enter 2026-04-27 15:03:29 [Info] [4168] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-27 15:03:29 [Info] [4168] start ipc thread id[2096] 2026-04-27 15:03:29 [Info] [4168] Connect Yundun ipc server return state is 0 2026-04-27 15:03:30 [Info] [4168] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-27 15:03:30 [Info] [4168] yundun connected 2026-04-27 15:03:30 [Info] [4168] Report thread 2026-04-27 15:03:30 [Info] [4168] Monitor thread 2026-04-27 15:03:30 [Info] [4168] Loader thread 2026-04-27 15:03:30 [Info] [4168] PythonEngineImpl Init... 2026-04-27 15:03:30 [Info] [4168] recvmsg: HELLO 2026-04-27 15:03:30 [Info] [4168] recvmsg: WORK 2026-04-27 15:03:30 [Info] [4168] no use encode, return to old mode 2026-04-27 15:03:30 [Info] [4168] log fd cnt is [250], real fd cnt is [258] 2026-04-27 15:03:31 [Info] [4168] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 15:03:31 [Info] [4168] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 15:03:31 [Info] [4168] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 15:03:31 [Info] [4168] log memory size is 20480KB, real memory size is 14604KB 2026-04-27 15:03:31 [Info] [4168] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 15:03:31 [Info] [4168] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-27 15:03:31 [Info] [4168] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-27 15:03:33 [Info] [4168] item: --windows-sysinfoext-check 2026-04-27 15:03:33 [Info] [4168] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-27 15:03:33 [Info] [4168] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-27 15:03:33 [Info] [4168] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 15:03:33 [Info] [4168] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 15:03:33 [Info] [4168] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-27 15:03:33 [Info] [4168] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-27 15:03:33 [Info] [4168] Prepare stage1: --windows-sysinfoext-check 2026-04-27 15:03:33 [Info] [4168] Prepare stage2 2026-04-27 15:03:37 [Warn] [4168] high cpu, cpu is 13 2026-04-27 15:03:37 [Info] [4168] try get sys version 2026-04-27 15:03:37 [Info] [4168] win sys info:2/10:0:3 2026-04-27 15:03:37 [Info] [4168] suit legal version, enable cpu control 2026-04-27 15:03:37 [Warn] [4168] High CPU Warning: 13 2026-04-27 15:03:37 [Warn] [4168] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:<string> line: 12 in func: __init__ File:wmi.py line: 1145 in func: __getattr__ File:wmi.py line: 783 in func: __init__ File:wmi.py line: 1156 in func: _cached_classes File:wmi.py line: 1145 in func: __getattr__ File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-04-27 15:03:39 [Info] [4168] stage3: --windows-sysinfoext-check 2026-04-27 15:03:39 [Info] [4168] Loader after check 2026-04-27 15:03:40 [Info] [4168] log memory size is 30720KB, real memory size is 23276KB 2026-04-27 15:03:40 [Info] [4168] Enter reuse wait state. 2026-04-27 15:03:44 [Info] [4168] recvmsg: EXIT 2026-04-27 15:03:44 [Info] [4168] Recv Exit Msg, Exit... 2026-04-27 18:09:30 [Info] [84] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-27 18:09:30 [Info] [84] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap282121777284570 2026-04-27 18:09:30 [Info] [84] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-27 18:09:30 [Info] [84] Resource monitor start 2026-04-27 18:09:30 [Info] [84] ipc client init success 2026-04-27 18:09:30 [Info] [84] Ipc init: 0 2026-04-27 18:09:30 [Info] [84] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-27 18:09:30 [Info] [84] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-27 18:09:30 [Info] [84] start ipc thread id[756] 2026-04-27 18:09:30 [Info] [84] Connect Yundun ipc server return state is 0 2026-04-27 18:09:30 [Info] [84] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-27 18:09:30 [Info] [84] CResourceMonitor::run Enter 2026-04-27 18:09:30 [Info] [84] CIpcMsgHandlerMgr::run Enter 2026-04-27 18:09:30 [Info] [84] Report thread 2026-04-27 18:09:30 [Info] [84] Monitor thread 2026-04-27 18:09:30 [Info] [84] Loader thread 2026-04-27 18:09:30 [Info] [84] PythonEngineImpl Init... 2026-04-27 18:09:30 [Info] [84] yundun connected 2026-04-27 18:09:30 [Info] [84] recvmsg: HELLO 2026-04-27 18:09:31 [Info] [84] recvmsg: WORK 2026-04-27 18:09:31 [Info] [84] no use encode, return to old mode 2026-04-27 18:09:31 [Info] [84] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 18:09:31 [Info] [84] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 18:09:31 [Info] [84] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 18:09:31 [Info] [84] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 18:09:32 [Info] [84] log fd cnt is [250], real fd cnt is [282] 2026-04-27 18:09:33 [Info] [84] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-27 18:09:33 [Info] [84] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-27 18:09:33 [Info] [84] log memory size is 20480KB, real memory size is 14816KB 2026-04-27 18:09:34 [Info] [84] item: --secnet_rasp_agent 2026-04-27 18:09:34 [Info] [84] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-27 18:09:34 [Info] [84] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-27 18:09:34 [Info] [84] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-04-27 18:09:34 [Info] [84] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-27 18:09:34 [Info] [84] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-04-27 18:09:34 [Info] [84] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-04-27 18:09:34 [Info] [84] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-04-27 18:09:34 [Info] [84] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-04-27 18:09:34 [Info] [84] Download redirect files success. 2026-04-27 18:09:34 [Info] [84] Prepare stage1: --secnet_rasp_agent 2026-04-27 18:09:34 [Info] [84] Prepare stage2 2026-04-27 18:09:35 [Info] [84] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-27 18:09:35 [Info] [84] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-27 18:09:35 [Info] [84] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 18:09:35 [Info] [84] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 18:09:36 [Info] [84] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-04-27 18:09:36 [Info] [84] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-27 18:09:36 [Info] [84] stage3: --secnet_rasp_agent 2026-04-27 18:09:36 [Info] [84] Loader after check 2026-04-27 18:09:37 [Info] [84] Enter reuse wait state. 2026-04-27 18:09:37 [Info] [84] log memory size is 30720KB, real memory size is 21360KB 2026-04-27 18:09:42 [Info] [84] recvmsg: EXIT 2026-04-27 18:09:42 [Info] [84] Recv Exit Msg, Exit... 2026-04-27 20:31:05 [Info] [2252] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-27 20:31:05 [Info] [2252] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap231171777293044 2026-04-27 20:31:05 [Info] [2252] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-27 20:31:05 [Info] [2252] Resource monitor start 2026-04-27 20:31:05 [Info] [2252] ipc client init success 2026-04-27 20:31:05 [Info] [2252] Ipc init: 0 2026-04-27 20:31:05 [Info] [2252] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-27 20:31:05 [Info] [2252] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-27 20:31:05 [Info] [2252] start ipc thread id[3860] 2026-04-27 20:31:05 [Info] [2252] Connect Yundun ipc server return state is 0 2026-04-27 20:31:05 [Info] [2252] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-27 20:31:09 [Info] [2252] Loader thread 2026-04-27 20:31:24 [Info] [5004] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-27 20:31:09 [Info] [2252] PythonEngineImpl Init... 2026-04-27 20:31:09 [Info] [2252] Monitor thread 2026-04-27 20:31:09 [Info] [2252] Report thread 2026-04-27 20:31:09 [Info] [2252] yundun connected 2026-04-27 20:31:09 [Info] [2252] CIpcMsgHandlerMgr::run Enter 2026-04-27 20:31:09 [Info] [2252] CResourceMonitor::run Enter 2026-04-27 20:31:09 [Info] [2252] recvmsg: HELLO 2026-04-27 20:31:09 [Info] [2252] recvmsg: WORK 2026-04-27 20:31:09 [Info] [2252] no use encode, return to old mode 2026-04-27 20:31:10 [Info] [2252] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 20:31:10 [Info] [2252] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 20:31:10 [Info] [2252] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 20:31:10 [Info] [2252] log fd cnt is [250], real fd cnt is [264] 2026-04-27 20:31:11 [Info] [2252] log memory size is 20480KB, real memory size is 13116KB 2026-04-27 20:31:24 [Warn] [2252] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-27 20:31:24 [Info] [5004] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap232021777293070 2026-04-27 20:31:36 [Warn] [2252] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-27 20:31:24 [Info] [5004] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-27 20:31:24 [Info] [5004] Resource monitor start 2026-04-27 20:31:24 [Info] [5004] ipc client init success 2026-04-27 20:31:24 [Info] [5004] Ipc init: 0 2026-04-27 20:31:24 [Info] [5004] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-27 20:31:24 [Info] [5004] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-27 20:31:24 [Info] [5004] start ipc thread id[708] 2026-04-27 20:31:24 [Info] [5004] Connect Yundun ipc server return state is 0 2026-04-27 20:31:24 [Info] [5004] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-27 20:31:28 [Info] [5004] Loader thread 2026-04-27 20:31:28 [Info] [5004] PythonEngineImpl Init... 2026-04-27 20:31:28 [Info] [5004] Monitor thread 2026-04-27 20:31:28 [Info] [5004] Report thread 2026-04-27 20:31:28 [Info] [5004] yundun connected 2026-04-27 20:31:28 [Info] [5004] CIpcMsgHandlerMgr::run Enter 2026-04-27 20:31:28 [Info] [5004] CResourceMonitor::run Enter 2026-04-27 20:31:28 [Info] [5004] recvmsg: HELLO 2026-04-27 20:31:28 [Info] [5004] recvmsg: WORK 2026-04-27 20:31:28 [Info] [5004] no use encode, return to old mode 2026-04-27 20:31:29 [Info] [5004] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 20:31:29 [Info] [5004] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-27 20:31:29 [Info] [5004] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 20:31:29 [Info] [5004] log fd cnt is [250], real fd cnt is [264] 2026-04-27 20:31:30 [Info] [5004] log memory size is 20480KB, real memory size is 13148KB 2026-04-27 20:31:44 [Warn] [5004] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-27 20:31:46 [Warn] [2252] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 7 2026-04-27 20:31:46 [Info] [2252] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 20:31:46 [Info] [2252] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-27 20:31:46 [Info] [2252] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-27 20:31:49 [Info] [2252] item: --windows-sysinfoext-check 2026-04-27 20:31:49 [Info] [2252] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-27 20:31:49 [Info] [2252] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-27 20:31:49 [Info] [2252] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 20:31:49 [Info] [2252] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 20:31:49 [Info] [2252] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-27 20:31:49 [Info] [2252] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-27 20:31:50 [Info] [2252] Prepare stage1: --windows-sysinfoext-check 2026-04-27 20:31:50 [Info] [2252] Prepare stage2 2026-04-27 20:31:52 [Info] [2252] log memory size is 30720KB, real memory size is 23000KB 2026-04-27 20:31:54 [Info] [2252] stage3: --windows-sysinfoext-check 2026-04-27 20:31:54 [Info] [2252] Loader after check 2026-04-27 20:31:55 [Warn] [5004] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-27 20:31:55 [Warn] [2252] high cpu, cpu is 14 2026-04-27 20:31:55 [Info] [2252] try get sys version 2026-04-27 20:31:55 [Info] [2252] win sys info:2/10:0:3 2026-04-27 20:31:55 [Info] [2252] suit legal version, enable cpu control 2026-04-27 20:31:55 [Warn] [2252] High CPU Warning: 14 2026-04-27 20:31:55 [Warn] [2252] resource monitor exp type: High CPU Warning, script runing: 0 2026-04-27 20:31:55 [Info] [2252] Enter reuse wait state. 2026-04-27 20:31:57 [Info] [2252] recvmsg: EXIT 2026-04-27 20:31:57 [Info] [2252] Recv Exit Msg, Exit... 2026-04-27 20:32:05 [Warn] [5004] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-27 20:32:05 [Info] [5004] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 20:32:05 [Info] [5004] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-27 20:32:05 [Info] [5004] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-27 20:32:06 [Info] [5004] item: --windows-vul-check 2026-04-27 20:32:06 [Info] [5004] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-27 20:32:06 [Info] [5004] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-27 20:32:06 [Info] [5004] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py 2026-04-27 20:32:06 [Info] [5004] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-27 20:32:06 [Info] [5004] Download redirect files success. 2026-04-27 20:32:06 [Info] [5004] Prepare stage1: --windows-vul-check 2026-04-27 20:32:06 [Info] [5004] Prepare stage2 2026-04-27 20:32:07 [Info] [5004] log memory size is 30720KB, real memory size is 21264KB 2026-04-27 20:32:07 [Info] [5004] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-04-27 20:32:07 [Info] [5004] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-04-27 20:32:07 [Info] [5004] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-27 20:32:07 [Info] [5004] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-27 20:32:07 [Info] [5004] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-04-27 20:32:07 [Info] [5004] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-04-27 20:32:07 [Info] [5004] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0 2026-04-27 20:32:07 [Info] [5004] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0 2026-04-27 20:32:07 [Info] [5004] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat 2026-04-27 20:32:07 [Info] [5004] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat 2026-04-27 20:32:08 [Warn] [5004] high cpu, cpu is 32 2026-04-27 20:32:08 [Info] [5004] try get sys version 2026-04-27 20:32:08 [Info] [5004] win sys info:2/10:0:3 2026-04-27 20:32:08 [Info] [5004] suit legal version, enable cpu control 2026-04-27 20:32:08 [Warn] [5004] High CPU Warning: 32 2026-04-27 20:32:08 [Warn] [5004] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:genericpath.py line: 37 in func: isfile File:windows-vul-check.py line: 413 in func: load_kb_log_status File:windows-vul-check.py line: 994 in func: start 2026-04-27 20:32:08 [Info] [5004] stage3: --windows-vul-check 2026-04-27 20:32:08 [Info] [5004] Loader after check 2026-04-27 20:32:09 [Info] [5004] Enter reuse wait state. 2026-04-27 20:32:12 [Info] [5004] recvmsg: EXIT 2026-04-27 20:32:12 [Info] [5004] Recv Exit Msg, Exit... 2026-05-04 02:05:14 [Info] [2848] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-04 02:05:14 [Info] [2848] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap120611777831514 2026-05-04 02:05:14 [Info] [2848] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-04 02:05:14 [Info] [2848] Resource monitor start 2026-05-04 02:05:14 [Info] [2848] ipc client init success 2026-05-04 02:05:14 [Info] [2848] Ipc init: 0 2026-05-04 02:05:14 [Info] [2848] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-04 02:05:14 [Info] [2848] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-04 02:05:14 [Info] [2848] start ipc thread id[4956] 2026-05-04 02:05:14 [Info] [2848] Connect Yundun ipc server return state is 0 2026-05-04 02:05:14 [Info] [2848] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-04 02:05:14 [Info] [2848] CResourceMonitor::run Enter 2026-05-04 02:05:14 [Info] [2848] CIpcMsgHandlerMgr::run Enter 2026-05-04 02:05:14 [Info] [2848] Report thread 2026-05-04 02:05:14 [Info] [2848] Monitor thread 2026-05-04 02:05:14 [Info] [2848] Loader thread 2026-05-04 02:05:14 [Info] [2848] PythonEngineImpl Init... 2026-05-04 02:05:14 [Info] [2848] yundun connected 2026-05-04 02:05:15 [Info] [2848] recvmsg: HELLO 2026-05-04 02:05:16 [Info] [2848] recvmsg: WORK 2026-05-04 02:05:16 [Info] [2848] no use encode, return to old mode 2026-05-04 02:05:16 [Info] [2848] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 02:05:16 [Info] [2848] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 02:05:16 [Info] [2848] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 02:05:16 [Info] [2848] log fd cnt is [250], real fd cnt is [264] 2026-05-04 02:05:16 [Info] [2848] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 02:05:16 [Info] [2848] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-04 02:05:16 [Info] [2848] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-04 02:05:17 [Info] [2848] log memory size is 20480KB, real memory size is 14808KB 2026-05-04 02:05:18 [Info] [2848] item: --sca 2026-05-04 02:05:18 [Info] [2848] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-05-04 02:05:18 [Info] [2848] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-05-04 02:05:18 [Info] [2848] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-05-04 02:05:18 [Info] [2848] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-05-04 02:05:18 [Info] [2848] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-05-04 02:05:18 [Info] [2848] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-05-04 02:05:19 [Info] [2848] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-05-04 02:05:19 [Info] [2848] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-05-04 02:05:19 [Info] [2848] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-05-04 02:05:19 [Info] [2848] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-05-04 02:05:20 [Info] [2848] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-05-04 02:05:20 [Info] [2848] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-05-04 02:05:20 [Info] [2848] Download redirect files success. 2026-05-04 02:05:20 [Info] [2848] Prepare stage1: --sca 2026-05-04 02:05:20 [Info] [2848] Prepare stage2 2026-05-04 02:05:21 [Info] [2848] log memory size is 30720KB, real memory size is 21540KB 2026-05-04 02:05:25 [Warn] [2848] high cpu, cpu is 12 2026-05-04 02:05:25 [Info] [2848] try get sys version 2026-05-04 02:05:25 [Info] [2848] win sys info:2/10:0:3 2026-05-04 02:05:25 [Info] [2848] suit legal version, enable cpu control 2026-05-04 02:05:25 [Warn] [2848] High CPU Warning: 12 2026-05-04 02:05:25 [Warn] [2848] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:__init__.py line: 2 in func: <module> File:sca_webcontainer_proc.py line: 23 in func: <module> File:sca.py line: 48 in func: <module> 2026-05-04 02:05:26 [Info] [2848] log memory size is 40960KB, real memory size is 32832KB 2026-05-04 02:05:37 [Info] [2848] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-04 02:06:27 [Info] [2848] log fd cnt is [300], real fd cnt is [376] 2026-05-04 02:06:33 [Warn] [2848] high cpu, cpu is 20 2026-05-04 02:06:33 [Warn] [2848] High CPU Warning: 20 2026-05-04 02:06:34 [Warn] [2848] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:sca.py line: 213 in func: init_analyzer File:sca.py line: 390 in func: start 2026-05-04 02:06:36 [Info] [2848] stage3: --sca 2026-05-04 02:06:36 [Info] [2848] Loader after check 2026-05-04 02:06:37 [Info] [2848] Enter reuse wait state. 2026-05-04 02:06:39 [Info] [2848] recvmsg: EXIT 2026-05-04 02:06:39 [Info] [2848] Recv Exit Msg, Exit... 2026-05-04 05:22:17 [Info] [3220] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-04 05:22:17 [Info] [3220] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap179021777843337 2026-05-04 05:22:17 [Info] [3220] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-04 05:22:17 [Info] [3220] Resource monitor start 2026-05-04 05:22:17 [Info] [3220] ipc client init success 2026-05-04 05:22:17 [Info] [3220] Ipc init: 0 2026-05-04 05:22:17 [Info] [3220] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-04 05:22:17 [Info] [3220] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-04 05:22:17 [Info] [3220] start ipc thread id[4292] 2026-05-04 05:22:17 [Info] [3220] Connect Yundun ipc server return state is 0 2026-05-04 05:22:17 [Info] [3220] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-04 05:22:17 [Info] [3220] CResourceMonitor::run Enter 2026-05-04 05:22:17 [Info] [3220] CIpcMsgHandlerMgr::run Enter 2026-05-04 05:22:17 [Info] [3220] Report thread 2026-05-04 05:22:17 [Info] [3220] Monitor thread 2026-05-04 05:22:17 [Info] [3220] Loader thread 2026-05-04 05:22:17 [Info] [3220] PythonEngineImpl Init... 2026-05-04 05:22:17 [Info] [3220] yundun connected 2026-05-04 05:22:17 [Info] [3220] recvmsg: HELLO 2026-05-04 05:22:17 [Info] [3220] recvmsg: WORK 2026-05-04 05:22:17 [Info] [3220] no use encode, return to old mode 2026-05-04 05:22:17 [Info] [3220] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 05:22:17 [Info] [3220] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 05:22:17 [Info] [3220] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 05:22:17 [Info] [3220] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 05:22:18 [Info] [3220] log fd cnt is [250], real fd cnt is [282] 2026-05-04 05:22:18 [Info] [3220] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-04 05:22:18 [Info] [3220] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-04 05:22:19 [Info] [3220] log memory size is 20480KB, real memory size is 14824KB 2026-05-04 05:22:19 [Info] [3220] item: --windows-sysinfoext-check 2026-05-04 05:22:19 [Info] [3220] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-04 05:22:19 [Info] [3220] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-04 05:22:19 [Info] [3220] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 05:22:19 [Info] [3220] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 05:22:19 [Info] [3220] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-04 05:22:19 [Info] [3220] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-04 05:22:19 [Info] [3220] Prepare stage1: --windows-sysinfoext-check 2026-05-04 05:22:19 [Info] [3220] Prepare stage2 2026-05-04 05:22:20 [Warn] [3220] high cpu, cpu is 15 2026-05-04 05:22:20 [Info] [3220] try get sys version 2026-05-04 05:22:20 [Info] [3220] win sys info:2/10:0:3 2026-05-04 05:22:20 [Info] [3220] suit legal version, enable cpu control 2026-05-04 05:22:20 [Warn] [3220] High CPU Warning: 15 2026-05-04 05:22:20 [Warn] [3220] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-05-04 05:22:21 [Info] [3220] stage3: --windows-sysinfoext-check 2026-05-04 05:22:21 [Info] [3220] Loader after check 2026-05-04 05:22:22 [Info] [3220] Enter reuse wait state. 2026-05-04 05:22:23 [Info] [3220] log memory size is 30720KB, real memory size is 23400KB 2026-05-04 05:22:24 [Info] [3220] recvmsg: EXIT 2026-05-04 05:22:24 [Info] [3220] Recv Exit Msg, Exit... 2026-05-04 07:44:13 [Info] [4208] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-04 07:44:13 [Info] [4208] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap129441777851853 2026-05-04 07:44:13 [Info] [4208] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-04 07:44:13 [Info] [4208] Resource monitor start 2026-05-04 07:44:13 [Info] [4208] ipc client init success 2026-05-04 07:44:13 [Info] [4208] Ipc init: 0 2026-05-04 07:44:13 [Info] [4208] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-04 07:44:13 [Info] [4208] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-04 07:44:13 [Info] [4208] start ipc thread id[2844] 2026-05-04 07:44:13 [Info] [4208] Connect Yundun ipc server return state is 0 2026-05-04 07:44:13 [Info] [4208] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-04 07:44:13 [Info] [4208] CResourceMonitor::run Enter 2026-05-04 07:44:13 [Info] [4208] CIpcMsgHandlerMgr::run Enter 2026-05-04 07:44:13 [Info] [4208] Report thread 2026-05-04 07:44:13 [Info] [4208] Monitor thread 2026-05-04 07:44:13 [Info] [4208] Loader thread 2026-05-04 07:44:13 [Info] [4208] PythonEngineImpl Init... 2026-05-04 07:44:13 [Info] [4208] yundun connected 2026-05-04 07:44:14 [Info] [4208] recvmsg: HELLO 2026-05-04 07:44:14 [Info] [4208] recvmsg: WORK 2026-05-04 07:44:14 [Info] [4208] no use encode, return to old mode 2026-05-04 07:44:14 [Info] [4208] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 07:44:14 [Info] [4208] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 07:44:14 [Info] [4208] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 07:44:14 [Info] [4208] log fd cnt is [250], real fd cnt is [282] 2026-05-04 07:44:14 [Info] [4208] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 07:44:14 [Info] [4208] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-04 07:44:14 [Info] [4208] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-04 07:44:15 [Info] [4208] log memory size is 20480KB, real memory size is 14776KB 2026-05-04 07:44:15 [Info] [4208] item: --windows-vul-clean 2026-05-04 07:44:15 [Info] [4208] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-05-04 07:44:15 [Info] [4208] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-05-04 07:44:15 [Info] [4208] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 07:44:15 [Info] [4208] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 07:44:16 [Info] [4208] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-05-04 07:44:16 [Info] [4208] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-05-04 07:44:16 [Info] [4208] Prepare stage1: --windows-vul-clean 2026-05-04 07:44:16 [Info] [4208] Prepare stage2 2026-05-04 07:44:16 [Info] [4208] stage3: --windows-vul-clean 2026-05-04 07:44:16 [Info] [4208] Loader after check 2026-05-04 07:44:17 [Info] [4208] Enter reuse wait state. 2026-05-04 07:44:21 [Info] [4208] recvmsg: EXIT 2026-05-04 07:44:21 [Info] [4208] Recv Exit Msg, Exit... 2026-05-04 08:42:52 [Info] [4296] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-04 08:42:52 [Info] [4296] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap244361777855372 2026-05-04 08:42:52 [Info] [4296] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-04 08:42:53 [Info] [4296] Resource monitor start 2026-05-04 08:42:53 [Info] [4296] ipc client init success 2026-05-04 08:42:53 [Info] [4296] Ipc init: 0 2026-05-04 08:42:53 [Info] [4296] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-04 08:42:53 [Info] [4296] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-04 08:42:53 [Info] [4296] start ipc thread id[2360] 2026-05-04 08:42:53 [Info] [4296] Connect Yundun ipc server return state is 0 2026-05-04 08:42:53 [Info] [4296] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-04 08:42:53 [Info] [4296] CResourceMonitor::run Enter 2026-05-04 08:42:53 [Info] [4296] CIpcMsgHandlerMgr::run Enter 2026-05-04 08:42:53 [Info] [4296] Report thread 2026-05-04 08:42:53 [Info] [4296] Monitor thread 2026-05-04 08:42:53 [Info] [4296] Loader thread 2026-05-04 08:42:53 [Info] [4296] PythonEngineImpl Init... 2026-05-04 08:42:53 [Info] [4296] yundun connected 2026-05-04 08:42:53 [Info] [4296] recvmsg: HELLO 2026-05-04 08:42:53 [Info] [4296] recvmsg: WORK 2026-05-04 08:42:53 [Info] [4296] no use encode, return to old mode 2026-05-04 08:42:53 [Info] [4296] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 08:42:53 [Info] [4296] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 08:42:53 [Info] [4296] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 08:42:53 [Info] [4296] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 08:42:54 [Info] [4296] log fd cnt is [250], real fd cnt is [282] 2026-05-04 08:42:54 [Info] [4296] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-04 08:42:54 [Info] [4296] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-04 08:42:55 [Info] [4296] log memory size is 20480KB, real memory size is 14828KB 2026-05-04 08:42:55 [Info] [4296] item: --windows-process-check 2026-05-04 08:42:55 [Info] [4296] cgroup name aegisRtap0 2026-05-04 08:42:55 [Info] [4296] try get sys version 2026-05-04 08:42:55 [Info] [4296] win sys info:2/10:0:3 2026-05-04 08:42:55 [Info] [4296] suit legal version, enable cpu control 2026-05-04 08:42:55 [Info] [4296] get AssignProcessToJobObject handle [00000478] 2026-05-04 08:42:55 [Info] [4296] Set setJobExtended. 2026-05-04 08:42:55 [Info] [4296] Set cpu [9%] 2026-05-04 08:42:55 [Info] [4296] Set cpu success 2026-05-04 08:42:55 [Info] [4296] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-05-04 08:42:55 [Info] [4296] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-05-04 08:42:55 [Info] [4296] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 08:42:55 [Info] [4296] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 08:42:55 [Info] [4296] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-05-04 08:42:55 [Info] [4296] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-05-04 08:42:55 [Info] [4296] Prepare stage1: --windows-process-check 2026-05-04 08:42:55 [Info] [4296] Prepare stage2 2026-05-04 08:42:59 [Info] [4296] log memory size is 30720KB, real memory size is 20624KB 2026-05-04 08:43:13 [Info] [4296] stage3: --windows-process-check 2026-05-04 08:43:13 [Info] [4296] Loader after check 2026-05-04 08:43:14 [Info] [4296] Enter reuse wait state. 2026-05-04 08:43:16 [Info] [4296] recvmsg: EXIT 2026-05-04 08:43:16 [Info] [4296] Recv Exit Msg, Exit... 2026-05-04 10:24:23 [Info] [1312] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-04 10:24:23 [Info] [1312] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap115581777861463 2026-05-04 10:24:23 [Info] [1312] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-04 10:24:23 [Info] [1312] Resource monitor start 2026-05-04 10:24:23 [Info] [1312] ipc client init success 2026-05-04 10:24:23 [Info] [1312] Ipc init: 0 2026-05-04 10:24:23 [Info] [1312] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-04 10:24:23 [Info] [1312] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-04 10:24:23 [Info] [1312] start ipc thread id[4784] 2026-05-04 10:24:23 [Info] [1312] Connect Yundun ipc server return state is 0 2026-05-04 10:24:23 [Info] [1312] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-04 10:24:23 [Info] [1312] CResourceMonitor::run Enter 2026-05-04 10:24:23 [Info] [1312] CIpcMsgHandlerMgr::run Enter 2026-05-04 10:24:23 [Info] [1312] Report thread 2026-05-04 10:24:23 [Info] [1312] Monitor thread 2026-05-04 10:24:23 [Info] [1312] Loader thread 2026-05-04 10:24:23 [Info] [1312] PythonEngineImpl Init... 2026-05-04 10:24:23 [Info] [1312] yundun connected 2026-05-04 10:24:23 [Info] [1312] recvmsg: HELLO 2026-05-04 10:24:23 [Info] [1312] recvmsg: WORK 2026-05-04 10:24:23 [Info] [1312] no use encode, return to old mode 2026-05-04 10:24:23 [Info] [1312] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 10:24:23 [Info] [1312] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 10:24:23 [Info] [1312] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 10:24:24 [Info] [1312] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 10:24:24 [Info] [1312] log fd cnt is [250], real fd cnt is [286] 2026-05-04 10:24:24 [Info] [1312] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-04 10:24:24 [Info] [1312] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-04 10:24:25 [Info] [1312] log memory size is 20480KB, real memory size is 14840KB 2026-05-04 10:24:25 [Info] [1312] item: --windows-registry-check 2026-05-04 10:24:25 [Info] [1312] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-05-04 10:24:25 [Info] [1312] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-05-04 10:24:25 [Info] [1312] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 10:24:25 [Info] [1312] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 10:24:25 [Info] [1312] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-05-04 10:24:25 [Info] [1312] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-05-04 10:24:26 [Info] [1312] Prepare stage1: --windows-registry-check 2026-05-04 10:24:26 [Info] [1312] Prepare stage2 2026-05-04 10:24:32 [Info] [4868] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-04 10:24:32 [Info] [4868] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap115881777861472 2026-05-04 10:24:32 [Info] [4868] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-04 10:24:32 [Info] [4868] Resource monitor start 2026-05-04 10:24:32 [Info] [4868] ipc client init success 2026-05-04 10:24:32 [Info] [4868] Ipc init: 0 2026-05-04 10:24:32 [Info] [4868] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-04 10:24:32 [Info] [4868] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-04 10:24:32 [Info] [4868] start ipc thread id[2744] 2026-05-04 10:24:32 [Info] [4868] Connect Yundun ipc server return state is 0 2026-05-04 10:24:32 [Info] [4868] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-04 10:24:32 [Info] [4868] CResourceMonitor::run Enter 2026-05-04 10:24:32 [Info] [4868] CIpcMsgHandlerMgr::run Enter 2026-05-04 10:24:32 [Info] [4868] Report thread 2026-05-04 10:24:32 [Info] [4868] Monitor thread 2026-05-04 10:24:32 [Info] [4868] Loader thread 2026-05-04 10:24:32 [Info] [4868] PythonEngineImpl Init... 2026-05-04 10:24:32 [Info] [4868] yundun connected 2026-05-04 10:24:33 [Info] [4868] recvmsg: HELLO 2026-05-04 10:24:33 [Info] [4868] recvmsg: WORK 2026-05-04 10:24:33 [Info] [4868] no use encode, return to old mode 2026-05-04 10:24:33 [Info] [4868] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 10:24:33 [Info] [4868] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 10:24:33 [Info] [4868] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 10:24:33 [Info] [4868] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 10:24:33 [Info] [4868] log fd cnt is [250], real fd cnt is [282] 2026-05-04 10:24:33 [Info] [4868] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-04 10:24:33 [Info] [4868] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-04 10:24:34 [Info] [4868] log memory size is 20480KB, real memory size is 14832KB 2026-05-04 10:24:34 [Info] [4868] item: --windows-schedule-task-check 2026-05-04 10:24:34 [Info] [4868] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-05-04 10:24:34 [Info] [4868] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-05-04 10:24:34 [Info] [4868] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 10:24:34 [Info] [4868] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 10:24:34 [Info] [4868] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-05-04 10:24:34 [Info] [4868] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-05-04 10:24:35 [Info] [4868] Prepare stage1: --windows-schedule-task-check 2026-05-04 10:24:35 [Info] [4868] Prepare stage2 2026-05-04 10:24:35 [Warn] [4868] high cpu, cpu is 15 2026-05-04 10:24:35 [Info] [4868] try get sys version 2026-05-04 10:24:35 [Info] [4868] win sys info:2/10:0:3 2026-05-04 10:24:35 [Info] [4868] suit legal version, enable cpu control 2026-05-04 10:24:35 [Warn] [4868] High CPU Warning: 15 2026-05-04 10:24:35 [Warn] [4868] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:dynamic.py line: 516 in func: __getattr__ File:windows-schedule-task-check.py line: 377 in func: GetScheduleTaskByCom File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks File:windows-schedule-task-check.py line: 425 in func: check File:windows-schedule-task-check.py line: 61 in func: main File:windows-schedule-task-check.py line: 433 in func: start 2026-05-04 10:24:38 [Info] [4868] log memory size is 30720KB, real memory size is 23648KB 2026-05-04 10:24:42 [Info] [1312] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-04 10:24:42 [Info] [4868] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-04 10:24:55 [Info] [1312] stage3: --windows-registry-check 2026-05-04 10:24:55 [Info] [1312] Loader after check 2026-05-04 10:24:56 [Info] [1312] Enter reuse wait state. 2026-05-04 10:25:00 [Info] [1312] recvmsg: EXIT 2026-05-04 10:25:00 [Info] [1312] Recv Exit Msg, Exit... 2026-05-04 10:25:07 [Info] [4868] stage3: --windows-schedule-task-check 2026-05-04 10:25:07 [Info] [4868] Loader after check 2026-05-04 10:25:08 [Info] [4868] Enter reuse wait state. 2026-05-04 10:25:10 [Info] [4868] recvmsg: EXIT 2026-05-04 10:25:10 [Info] [4868] Recv Exit Msg, Exit... 2026-05-04 10:25:30 [Info] [2844] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-04 10:25:30 [Info] [2844] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap117771777861530 2026-05-04 10:25:30 [Info] [2844] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-04 10:25:30 [Info] [2844] Resource monitor start 2026-05-04 10:25:30 [Info] [2844] ipc client init success 2026-05-04 10:25:30 [Info] [2844] Ipc init: 0 2026-05-04 10:25:30 [Info] [2844] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-04 10:25:30 [Info] [2844] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-04 10:25:30 [Info] [2844] start ipc thread id[2880] 2026-05-04 10:25:30 [Info] [2844] Connect Yundun ipc server return state is 0 2026-05-04 10:25:30 [Info] [2844] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-04 10:25:30 [Info] [2844] CResourceMonitor::run Enter 2026-05-04 10:25:30 [Info] [2844] CIpcMsgHandlerMgr::run Enter 2026-05-04 10:25:30 [Info] [2844] Report thread 2026-05-04 10:25:30 [Info] [2844] Monitor thread 2026-05-04 10:25:30 [Info] [2844] Loader thread 2026-05-04 10:25:30 [Info] [2844] PythonEngineImpl Init... 2026-05-04 10:25:30 [Info] [2844] yundun connected 2026-05-04 10:25:31 [Info] [2844] recvmsg: HELLO 2026-05-04 10:25:31 [Info] [2844] recvmsg: WORK 2026-05-04 10:25:31 [Info] [2844] no use encode, return to old mode 2026-05-04 10:25:31 [Info] [2844] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 10:25:31 [Info] [2844] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 10:25:31 [Info] [2844] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 10:25:31 [Info] [2844] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 10:25:31 [Info] [2844] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-04 10:25:31 [Info] [2844] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-04 10:25:31 [Info] [2844] log fd cnt is [250], real fd cnt is [281] 2026-05-04 10:25:32 [Info] [2844] log memory size is 20480KB, real memory size is 14868KB 2026-05-04 10:25:32 [Info] [2844] item: --windows-driver-version-check 2026-05-04 10:25:32 [Info] [2844] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-05-04 10:25:32 [Info] [2844] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-05-04 10:25:32 [Info] [2844] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 10:25:32 [Info] [2844] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 10:25:32 [Info] [2844] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-05-04 10:25:32 [Info] [2844] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-05-04 10:25:33 [Info] [2844] Prepare stage1: --windows-driver-version-check 2026-05-04 10:25:33 [Info] [2844] Prepare stage2 2026-05-04 10:25:33 [Info] [2844] stage3: --windows-driver-version-check 2026-05-04 10:25:33 [Info] [2844] Loader after check 2026-05-04 10:25:34 [Info] [2844] Enter reuse wait state. 2026-05-04 10:25:38 [Info] [2844] recvmsg: EXIT 2026-05-04 10:25:38 [Info] [2844] Recv Exit Msg, Exit... 2026-05-04 10:27:22 [Info] [2920] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-04 10:27:22 [Info] [2920] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap121431777861642 2026-05-04 10:27:22 [Info] [2920] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-04 10:27:22 [Info] [2920] Resource monitor start 2026-05-04 10:27:22 [Info] [2920] ipc client init success 2026-05-04 10:27:22 [Info] [2920] Ipc init: 0 2026-05-04 10:27:22 [Info] [2920] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-04 10:27:22 [Info] [2920] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-04 10:27:22 [Info] [2920] start ipc thread id[3420] 2026-05-04 10:27:22 [Info] [2920] Connect Yundun ipc server return state is 0 2026-05-04 10:27:22 [Info] [2920] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-04 10:27:22 [Info] [2920] CResourceMonitor::run Enter 2026-05-04 10:27:22 [Info] [2920] CIpcMsgHandlerMgr::run Enter 2026-05-04 10:27:22 [Info] [2920] Report thread 2026-05-04 10:27:22 [Info] [2920] Monitor thread 2026-05-04 10:27:22 [Info] [2920] Loader thread 2026-05-04 10:27:22 [Info] [2920] PythonEngineImpl Init... 2026-05-04 10:27:22 [Info] [2920] yundun connected 2026-05-04 10:27:23 [Info] [2920] recvmsg: HELLO 2026-05-04 10:27:23 [Info] [2920] recvmsg: WORK 2026-05-04 10:27:23 [Info] [2920] no use encode, return to old mode 2026-05-04 10:27:23 [Info] [2920] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 10:27:23 [Info] [2920] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 10:27:23 [Info] [2920] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 10:27:23 [Info] [2920] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 10:27:23 [Info] [2920] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-04 10:27:23 [Info] [2920] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-04 10:27:23 [Info] [2920] log fd cnt is [250], real fd cnt is [281] 2026-05-04 10:27:24 [Info] [2920] log memory size is 20480KB, real memory size is 14868KB 2026-05-04 10:27:24 [Info] [2920] item: --tcp-connect-check 2026-05-04 10:27:24 [Info] [2920] cgroup name aegisRtap0 2026-05-04 10:27:24 [Info] [2920] try get sys version 2026-05-04 10:27:24 [Info] [2920] win sys info:2/10:0:3 2026-05-04 10:27:24 [Info] [2920] suit legal version, enable cpu control 2026-05-04 10:27:24 [Info] [2920] get AssignProcessToJobObject handle [00000478] 2026-05-04 10:27:24 [Info] [2920] Set setJobExtended. 2026-05-04 10:27:24 [Info] [2920] Set cpu [9%] 2026-05-04 10:27:24 [Info] [2920] Set cpu success 2026-05-04 10:27:24 [Info] [2920] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-05-04 10:27:24 [Info] [2920] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-05-04 10:27:24 [Info] [2920] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 10:27:24 [Info] [2920] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 10:27:25 [Info] [2920] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-05-04 10:27:25 [Info] [2920] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-05-04 10:27:25 [Info] [2920] Prepare stage1: --tcp-connect-check 2026-05-04 10:27:25 [Info] [2920] Prepare stage2 2026-05-04 10:27:28 [Info] [2920] stage3: --tcp-connect-check 2026-05-04 10:27:28 [Info] [2920] Loader after check 2026-05-04 10:27:29 [Info] [2920] Enter reuse wait state. 2026-05-04 10:27:34 [Info] [2920] recvmsg: EXIT 2026-05-04 10:27:34 [Info] [2920] Recv Exit Msg, Exit... 2026-05-04 10:50:34 [Info] [4820] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-04 10:50:34 [Info] [4820] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap166881777863034 2026-05-04 10:50:34 [Info] [4820] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-04 10:50:34 [Info] [4820] Resource monitor start 2026-05-04 10:50:34 [Info] [4820] ipc client init success 2026-05-04 10:50:34 [Info] [4820] Ipc init: 0 2026-05-04 10:50:34 [Info] [4820] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-04 10:50:34 [Info] [4820] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-04 10:50:34 [Info] [4820] start ipc thread id[1400] 2026-05-04 10:50:34 [Info] [4820] Connect Yundun ipc server return state is 0 2026-05-04 10:50:34 [Info] [4820] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-04 10:50:34 [Info] [4820] CResourceMonitor::run Enter 2026-05-04 10:50:34 [Info] [4820] CIpcMsgHandlerMgr::run Enter 2026-05-04 10:50:34 [Info] [4820] Report thread 2026-05-04 10:50:34 [Info] [4820] Monitor thread 2026-05-04 10:50:34 [Info] [4820] Loader thread 2026-05-04 10:50:34 [Info] [4820] PythonEngineImpl Init... 2026-05-04 10:50:34 [Info] [4820] yundun connected 2026-05-04 10:50:34 [Info] [4820] recvmsg: HELLO 2026-05-04 10:50:35 [Info] [4820] recvmsg: WORK 2026-05-04 10:50:35 [Info] [4820] no use encode, return to old mode 2026-05-04 10:50:35 [Info] [4820] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 10:50:35 [Info] [4820] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 10:50:35 [Info] [4820] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 10:50:35 [Info] [4820] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 10:50:35 [Info] [4820] log fd cnt is [250], real fd cnt is [282] 2026-05-04 10:50:35 [Info] [4820] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-04 10:50:35 [Info] [4820] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-04 10:50:36 [Info] [4820] log memory size is 20480KB, real memory size is 14772KB 2026-05-04 10:50:36 [Info] [4820] item: --windows-sysinfoext-check 2026-05-04 10:50:36 [Info] [4820] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-04 10:50:36 [Info] [4820] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-04 10:50:36 [Info] [4820] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 10:50:36 [Info] [4820] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 10:50:37 [Info] [4820] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-04 10:50:37 [Info] [4820] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-04 10:50:37 [Info] [4820] Prepare stage1: --windows-sysinfoext-check 2026-05-04 10:50:37 [Info] [4820] Prepare stage2 2026-05-04 10:50:37 [Warn] [4820] high cpu, cpu is 13 2026-05-04 10:50:37 [Info] [4820] try get sys version 2026-05-04 10:50:37 [Info] [4820] win sys info:2/10:0:3 2026-05-04 10:50:37 [Info] [4820] suit legal version, enable cpu control 2026-05-04 10:50:37 [Warn] [4820] High CPU Warning: 13 2026-05-04 10:50:37 [Warn] [4820] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:util.py line: 84 in func: next File:wmi.py line: 1009 in func: query File:wmi.py line: 817 in func: query File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-05-04 10:50:39 [Info] [4820] stage3: --windows-sysinfoext-check 2026-05-04 10:50:39 [Info] [4820] Loader after check 2026-05-04 10:50:39 [Warn] [4820] high cpu, cpu is 15 2026-05-04 10:50:39 [Warn] [4820] High CPU Warning: 15 2026-05-04 10:50:40 [Info] [4820] Enter reuse wait state. 2026-05-04 10:50:40 [Info] [4820] log memory size is 30720KB, real memory size is 23384KB 2026-05-04 10:50:42 [Info] [4820] recvmsg: EXIT 2026-05-04 10:50:42 [Info] [4820] Recv Exit Msg, Exit... 2026-05-04 11:08:43 [Info] [4536] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-04 11:08:43 [Info] [4536] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap202411777864122 2026-05-04 11:08:43 [Info] [4536] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-04 11:08:43 [Info] [4536] Resource monitor start 2026-05-04 11:08:43 [Info] [4536] ipc client init success 2026-05-04 11:08:43 [Info] [4536] Ipc init: 0 2026-05-04 11:08:43 [Info] [4536] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-04 11:08:43 [Info] [4536] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-04 11:08:43 [Info] [4536] start ipc thread id[2900] 2026-05-04 11:08:43 [Info] [4536] Connect Yundun ipc server return state is 0 2026-05-04 11:08:43 [Info] [4536] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-04 11:08:43 [Info] [4536] CResourceMonitor::run Enter 2026-05-04 11:08:43 [Info] [4536] CIpcMsgHandlerMgr::run Enter 2026-05-04 11:08:43 [Info] [4536] Report thread 2026-05-04 11:08:43 [Info] [4536] Monitor thread 2026-05-04 11:08:43 [Info] [4536] Loader thread 2026-05-04 11:08:43 [Info] [4536] PythonEngineImpl Init... 2026-05-04 11:08:43 [Info] [4536] yundun connected 2026-05-04 11:08:43 [Info] [4536] recvmsg: HELLO 2026-05-04 11:08:43 [Info] [4536] recvmsg: WORK 2026-05-04 11:08:43 [Info] [4536] no use encode, return to old mode 2026-05-04 11:08:43 [Info] [4536] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 11:08:43 [Info] [4536] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 11:08:43 [Info] [4536] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 11:08:44 [Info] [4536] log fd cnt is [250], real fd cnt is [274] 2026-05-04 11:08:44 [Info] [4536] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 11:08:44 [Info] [4536] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-04 11:08:44 [Info] [4536] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-04 11:08:45 [Info] [4536] log memory size is 20480KB, real memory size is 14800KB 2026-05-04 11:08:45 [Info] [4536] item: --windows-autorun-item-check 2026-05-04 11:08:45 [Info] [4536] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-05-04 11:08:45 [Info] [4536] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-05-04 11:08:45 [Info] [4536] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 11:08:45 [Info] [4536] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 11:08:45 [Info] [4536] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-05-04 11:08:45 [Info] [4536] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-05-04 11:08:45 [Info] [4536] Prepare stage1: --windows-autorun-item-check 2026-05-04 11:08:45 [Info] [4536] Prepare stage2 2026-05-04 11:08:49 [Info] [4536] log memory size is 30720KB, real memory size is 22564KB 2026-05-04 11:08:55 [Info] [4536] stage3: --windows-autorun-item-check 2026-05-04 11:08:55 [Info] [4536] Loader after check 2026-05-04 11:08:56 [Warn] [4536] high cpu, cpu is 12 2026-05-04 11:08:56 [Info] [4536] try get sys version 2026-05-04 11:08:56 [Info] [4536] win sys info:2/10:0:3 2026-05-04 11:08:56 [Info] [4536] suit legal version, enable cpu control 2026-05-04 11:08:56 [Warn] [4536] High CPU Warning: 12 2026-05-04 11:08:56 [Warn] [4536] resource monitor exp type: High CPU Warning, script runing: 0 2026-05-04 11:08:56 [Info] [4536] Enter reuse wait state. 2026-05-04 11:08:58 [Info] [4536] recvmsg: EXIT 2026-05-04 11:08:58 [Info] [4536] Recv Exit Msg, Exit... 2026-05-04 16:17:15 [Info] [2084] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-04 16:17:15 [Info] [2084] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap151581777882634 2026-05-04 16:17:15 [Info] [2084] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-04 16:17:15 [Info] [2084] Resource monitor start 2026-05-04 16:17:15 [Info] [2084] ipc client init success 2026-05-04 16:17:15 [Info] [2084] Ipc init: 0 2026-05-04 16:17:15 [Info] [2084] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-04 16:17:15 [Info] [2084] CResourceMonitor::run Enter 2026-05-04 16:17:15 [Info] [2084] CIpcMsgHandlerMgr::run Enter 2026-05-04 16:17:15 [Info] [2084] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-04 16:17:15 [Info] [2084] start ipc thread id[5052] 2026-05-04 16:17:15 [Info] [2084] Connect Yundun ipc server return state is 0 2026-05-04 16:17:15 [Info] [2084] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-04 16:17:15 [Info] [2084] yundun connected 2026-05-04 16:17:15 [Info] [2084] Report thread 2026-05-04 16:17:15 [Info] [2084] Monitor thread 2026-05-04 16:17:15 [Info] [2084] Loader thread 2026-05-04 16:17:15 [Info] [2084] PythonEngineImpl Init... 2026-05-04 16:17:15 [Info] [2084] recvmsg: HELLO 2026-05-04 16:17:15 [Info] [2084] recvmsg: WORK 2026-05-04 16:17:15 [Info] [2084] no use encode, return to old mode 2026-05-04 16:17:16 [Info] [2084] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 16:17:16 [Info] [2084] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 16:17:16 [Info] [2084] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 16:17:16 [Info] [2084] log fd cnt is [250], real fd cnt is [279] 2026-05-04 16:17:16 [Info] [2084] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 16:17:16 [Info] [2084] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-04 16:17:16 [Info] [2084] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-04 16:17:17 [Info] [2084] log memory size is 20480KB, real memory size is 14904KB 2026-05-04 16:17:17 [Info] [2084] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-04 16:17:17 [Info] [2084] item: --windows-sysinfoext-check 2026-05-04 16:17:17 [Info] [2084] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-04 16:17:17 [Info] [2084] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-04 16:17:17 [Info] [2084] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 16:17:18 [Info] [2084] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 16:17:18 [Info] [2084] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-04 16:17:18 [Info] [2084] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-04 16:17:18 [Info] [2084] Prepare stage1: --windows-sysinfoext-check 2026-05-04 16:17:18 [Info] [2084] Prepare stage2 2026-05-04 16:17:20 [Warn] [2084] high cpu, cpu is 12 2026-05-04 16:17:20 [Info] [2084] try get sys version 2026-05-04 16:17:20 [Info] [2084] win sys info:2/10:0:3 2026-05-04 16:17:20 [Info] [2084] suit legal version, enable cpu control 2026-05-04 16:17:20 [Warn] [2084] High CPU Warning: 12 2026-05-04 16:17:20 [Warn] [2084] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-05-04 16:17:21 [Info] [2084] log memory size is 30720KB, real memory size is 23344KB 2026-05-04 16:17:22 [Info] [2084] stage3: --windows-sysinfoext-check 2026-05-04 16:17:22 [Info] [2084] Loader after check 2026-05-04 16:17:23 [Info] [2084] Enter reuse wait state. 2026-05-04 16:17:26 [Info] [2084] recvmsg: EXIT 2026-05-04 16:17:26 [Info] [2084] Recv Exit Msg, Exit... 2026-05-04 18:02:10 [Info] [4308] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-04 18:02:10 [Info] [4308] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap29501777888930 2026-05-04 18:02:10 [Info] [4308] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-04 18:02:10 [Info] [4308] Resource monitor start 2026-05-04 18:02:10 [Info] [4308] ipc client init success 2026-05-04 18:02:10 [Info] [4308] Ipc init: 0 2026-05-04 18:02:10 [Info] [4308] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-04 18:02:10 [Info] [4308] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-04 18:02:10 [Info] [4308] start ipc thread id[572] 2026-05-04 18:02:10 [Info] [4308] Connect Yundun ipc server return state is 0 2026-05-04 18:02:10 [Info] [4308] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-04 18:02:10 [Info] [4308] CResourceMonitor::run Enter 2026-05-04 18:02:10 [Info] [4308] CIpcMsgHandlerMgr::run Enter 2026-05-04 18:02:10 [Info] [4308] yundun connected 2026-05-04 18:02:10 [Info] [4308] Report thread 2026-05-04 18:02:10 [Info] [4308] Monitor thread 2026-05-04 18:02:10 [Info] [4308] Loader thread 2026-05-04 18:02:10 [Info] [4308] PythonEngineImpl Init... 2026-05-04 18:02:11 [Info] [4308] recvmsg: HELLO 2026-05-04 18:02:11 [Info] [4308] recvmsg: WORK 2026-05-04 18:02:11 [Info] [4308] no use encode, return to old mode 2026-05-04 18:02:11 [Info] [4308] log fd cnt is [250], real fd cnt is [263] 2026-05-04 18:02:11 [Info] [4308] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 18:02:11 [Info] [4308] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 18:02:11 [Info] [4308] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 18:02:12 [Info] [4308] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 18:02:12 [Info] [4308] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-04 18:02:12 [Info] [4308] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-04 18:02:13 [Info] [4308] log memory size is 20480KB, real memory size is 14672KB 2026-05-04 18:02:14 [Info] [4308] item: --secnet_rasp_agent 2026-05-04 18:02:14 [Info] [4308] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-05-04 18:02:15 [Info] [4308] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-05-04 18:02:15 [Info] [4308] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-05-04 18:02:15 [Info] [4308] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-05-04 18:02:15 [Info] [4308] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-05-04 18:02:15 [Info] [4308] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-05-04 18:02:15 [Info] [4308] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-05-04 18:02:15 [Info] [4308] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-05-04 18:02:15 [Info] [4308] Download redirect files success. 2026-05-04 18:02:15 [Info] [4308] Prepare stage1: --secnet_rasp_agent 2026-05-04 18:02:15 [Info] [4308] Prepare stage2 2026-05-04 18:02:17 [Info] [4308] log memory size is 30720KB, real memory size is 21004KB 2026-05-04 18:02:18 [Info] [4308] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-05-04 18:02:18 [Info] [4308] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-05-04 18:02:18 [Info] [4308] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 18:02:18 [Info] [4308] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 18:02:19 [Info] [4308] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-05-04 18:02:19 [Info] [4308] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-05-04 18:02:19 [Info] [4308] stage3: --secnet_rasp_agent 2026-05-04 18:02:19 [Info] [4308] Loader after check 2026-05-04 18:02:20 [Info] [4308] Enter reuse wait state. 2026-05-04 18:02:21 [Info] [4308] recvmsg: EXIT 2026-05-04 18:02:21 [Info] [4308] Recv Exit Msg, Exit... 2026-05-04 21:44:10 [Info] [2072] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-04 21:44:10 [Info] [2072] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap136701777902247 2026-05-04 21:44:10 [Info] [2072] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-04 21:44:10 [Info] [2072] Resource monitor start 2026-05-04 21:44:10 [Info] [2072] ipc client init success 2026-05-04 21:44:10 [Info] [2072] Ipc init: 0 2026-05-04 21:44:10 [Info] [2072] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-04 21:44:10 [Info] [2072] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-04 21:44:10 [Info] [2072] start ipc thread id[2220] 2026-05-04 21:44:10 [Info] [2072] Connect Yundun ipc server return state is 0 2026-05-04 21:44:10 [Info] [2072] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-04 21:44:10 [Info] [2072] CResourceMonitor::run Enter 2026-05-04 21:44:10 [Info] [2072] CIpcMsgHandlerMgr::run Enter 2026-05-04 21:44:10 [Info] [2072] yundun connected 2026-05-04 21:44:10 [Info] [2072] Report thread 2026-05-04 21:44:10 [Info] [2072] Monitor thread 2026-05-04 21:44:10 [Info] [2072] Loader thread 2026-05-04 21:44:10 [Info] [2072] PythonEngineImpl Init... 2026-05-04 21:44:12 [Info] [2072] recvmsg: HELLO 2026-05-04 21:44:12 [Info] [2072] log fd cnt is [250], real fd cnt is [263] 2026-05-04 21:44:12 [Info] [2072] recvmsg: WORK 2026-05-04 21:44:12 [Info] [2072] no use encode, return to old mode 2026-05-04 21:44:12 [Info] [2072] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 21:44:12 [Info] [2072] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-04 21:44:12 [Info] [2072] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 21:44:12 [Info] [2072] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 21:44:12 [Info] [2072] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-04 21:44:12 [Info] [2072] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-04 21:44:13 [Info] [2072] log memory size is 20480KB, real memory size is 14736KB 2026-05-04 21:44:13 [Info] [2072] item: --windows-sysinfoext-check 2026-05-04 21:44:13 [Info] [2072] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-04 21:44:13 [Info] [2072] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-04 21:44:13 [Info] [2072] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-04 21:44:14 [Info] [2072] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-04 21:44:14 [Info] [2072] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-04 21:44:14 [Info] [2072] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-04 21:44:14 [Info] [2072] Prepare stage1: --windows-sysinfoext-check 2026-05-04 21:44:14 [Info] [2072] Prepare stage2 2026-05-04 21:44:16 [Info] [2072] stage3: --windows-sysinfoext-check 2026-05-04 21:44:16 [Info] [2072] Loader after check 2026-05-04 21:44:16 [Warn] [2072] high cpu, cpu is 17 2026-05-04 21:44:16 [Info] [2072] try get sys version 2026-05-04 21:44:16 [Info] [2072] win sys info:2/10:0:3 2026-05-04 21:44:16 [Info] [2072] suit legal version, enable cpu control 2026-05-04 21:44:16 [Warn] [2072] High CPU Warning: 17 2026-05-04 21:44:16 [Warn] [2072] resource monitor exp type: High CPU Warning, script runing: 0 2026-05-04 21:44:17 [Info] [2072] Enter reuse wait state. 2026-05-04 21:44:17 [Info] [2072] log memory size is 30720KB, real memory size is 23400KB 2026-05-04 21:44:18 [Info] [2072] recvmsg: EXIT 2026-05-04 21:44:18 [Info] [2072] Recv Exit Msg, Exit...