2026-03-25 02:29:40 [Info] [3508] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-03-25 02:29:40 [Info] [3508] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap31961774376979 
2026-03-25 02:29:40 [Info] [3508] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-25 02:29:40 [Info] [3508] Resource monitor start
2026-03-25 02:29:40 [Info] [3508] ipc client init success
2026-03-25 02:29:40 [Info] [3508] Ipc init: 0
2026-03-25 02:29:40 [Info] [3508] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-25 02:29:40 [Info] [3508] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-03-25 02:29:40 [Info] [3508] start ipc thread id[1452]
2026-03-25 02:29:40 [Info] [3508] Connect Yundun ipc server return state is 0
2026-03-25 02:29:40 [Info] [3508] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-03-25 02:29:40 [Info] [3508] CResourceMonitor::run Enter
2026-03-25 02:29:40 [Info] [3508] CIpcMsgHandlerMgr::run Enter
2026-03-25 02:29:40 [Info] [3508] Report thread
2026-03-25 02:29:40 [Info] [3508] Monitor thread
2026-03-25 02:29:40 [Info] [3508] Loader thread
2026-03-25 02:29:40 [Info] [3508] PythonEngineImpl Init...
2026-03-25 02:29:45 [Info] [3508] yundun connected
2026-03-25 02:29:46 [Info] [3508] recvmsg: HELLO
2026-03-25 02:29:46 [Info] [3508] recvmsg: WORK
2026-03-25 02:29:46 [Info] [3508] no use encode, return to old mode
2026-03-25 02:29:46 [Info] [3508] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 02:29:46 [Info] [3508] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 02:29:46 [Info] [3508] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 02:29:48 [Info] [3508] log fd cnt is [250], real fd cnt is [264]
2026-03-25 02:29:49 [Info] [3508] log memory size is 20480KB, real memory size is 13152KB
2026-03-25 02:29:53 [Info] [3508] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 02:29:53 [Info] [3508] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-25 02:29:53 [Info] [3508] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-25 02:29:55 [Info] [3508] item: --windows-sysinfoext-check
2026-03-25 02:29:55 [Info] [3508] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-25 02:29:55 [Info] [3508] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-25 02:29:55 [Info] [3508] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 02:29:55 [Info] [3508] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 02:29:55 [Info] [3508] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-25 02:29:55 [Info] [3508] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-25 02:29:55 [Info] [3508] Prepare stage1: --windows-sysinfoext-check
2026-03-25 02:29:55 [Info] [3508] Prepare stage2
2026-03-25 02:29:56 [Warn] [3508] high cpu, cpu is 17
2026-03-25 02:29:56 [Info] [3508] try get sys version
2026-03-25 02:29:56 [Info] [3508] win sys info:2/10:0:3
2026-03-25 02:29:56 [Info] [3508] suit legal version, enable cpu control
2026-03-25 02:29:56 [Warn] [3508] High CPU Warning: 17
2026-03-25 02:29:56 [Warn] [3508] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-03-25 02:29:57 [Info] [3508] stage3: --windows-sysinfoext-check
2026-03-25 02:29:57 [Info] [3508] Loader after check
2026-03-25 02:29:57 [Info] [3508] log memory size is 30720KB, real memory size is 23216KB
2026-03-25 02:29:58 [Info] [3508] Enter reuse wait state.
2026-03-25 02:30:00 [Info] [3508] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-25 02:30:00 [Info] [3508] recvmsg: EXIT
2026-03-25 02:30:00 [Info] [3508] Recv Exit Msg, Exit...
2026-03-25 05:13:33 [Info] [2256] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-03-25 05:13:33 [Info] [2256] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap25411774386813 
2026-03-25 05:13:33 [Info] [2256] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-25 05:13:33 [Info] [2256] Resource monitor start
2026-03-25 05:13:33 [Info] [2256] ipc client init success
2026-03-25 05:13:33 [Info] [2256] Ipc init: 0
2026-03-25 05:13:33 [Info] [2256] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-25 05:13:33 [Info] [2256] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-03-25 05:13:33 [Info] [2256] start ipc thread id[1076]
2026-03-25 05:13:33 [Info] [2256] Connect Yundun ipc server return state is 0
2026-03-25 05:13:33 [Info] [2256] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-03-25 05:13:33 [Info] [2256] CResourceMonitor::run Enter
2026-03-25 05:13:33 [Info] [2256] CIpcMsgHandlerMgr::run Enter
2026-03-25 05:13:33 [Info] [2256] Report thread
2026-03-25 05:13:33 [Info] [2256] Monitor thread
2026-03-25 05:13:33 [Info] [2256] Loader thread
2026-03-25 05:13:33 [Info] [2256] PythonEngineImpl Init...
2026-03-25 05:13:33 [Info] [2256] yundun connected
2026-03-25 05:13:33 [Info] [2256] recvmsg: HELLO
2026-03-25 05:13:33 [Info] [2256] recvmsg: WORK
2026-03-25 05:13:33 [Info] [2256] no use encode, return to old mode
2026-03-25 05:13:33 [Info] [2256] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 05:13:33 [Info] [2256] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 05:13:33 [Info] [2256] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 05:13:34 [Info] [2256] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 05:13:34 [Info] [2256] log fd cnt is [250], real fd cnt is [282]
2026-03-25 05:13:34 [Info] [2256] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-25 05:13:34 [Info] [2256] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-25 05:13:35 [Info] [2256] log memory size is 20480KB, real memory size is 14844KB
2026-03-25 05:13:35 [Info] [2256] item: --sca
2026-03-25 05:13:35 [Info] [2256] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-25 05:13:35 [Info] [2256] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-25 05:13:35 [Info] [2256] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py
2026-03-25 05:13:35 [Info] [2256] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py
2026-03-25 05:13:35 [Info] [2256] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py
2026-03-25 05:13:35 [Info] [2256] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py
2026-03-25 05:13:35 [Info] [2256] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py
2026-03-25 05:13:35 [Info] [2256] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py
2026-03-25 05:13:36 [Info] [2256] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py
2026-03-25 05:13:36 [Info] [2256] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py
2026-03-25 05:13:36 [Info] [2256] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py
2026-03-25 05:13:36 [Info] [2256] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py
2026-03-25 05:13:36 [Info] [2256] Download redirect files success.
2026-03-25 05:13:36 [Info] [2256] Prepare stage1: --sca
2026-03-25 05:13:36 [Info] [2256] Prepare stage2
2026-03-25 05:13:39 [Info] [2256] log memory size is 30720KB, real memory size is 32856KB
2026-03-25 05:13:43 [Info] [2256] log memory size is 40960KB, real memory size is 33132KB
2026-03-25 05:14:10 [Warn] [2256] high cpu, cpu is 23
2026-03-25 05:14:10 [Info] [2256] try get sys version
2026-03-25 05:14:10 [Info] [2256] win sys info:2/10:0:3
2026-03-25 05:14:10 [Info] [2256] suit legal version, enable cpu control
2026-03-25 05:14:10 [Warn] [2256] High CPU Warning: 23
2026-03-25 05:14:11 [Warn] [2256] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:sca.py line: 213 in func: init_analyzer
File:sca.py line: 390 in func: start
2026-03-25 05:14:11 [Info] [2256] stage3: --sca
2026-03-25 05:14:11 [Info] [2256] Loader after check
2026-03-25 05:14:12 [Info] [2256] Enter reuse wait state.
2026-03-25 05:14:17 [Info] [2256] recvmsg: EXIT
2026-03-25 05:14:17 [Info] [2256] Recv Exit Msg, Exit...
2026-03-25 07:53:29 [Info] [2380] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-03-25 07:53:29 [Info] [2380] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap11071774396408 
2026-03-25 07:53:29 [Info] [2380] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-25 07:53:29 [Info] [2380] Resource monitor start
2026-03-25 07:53:29 [Info] [2380] ipc client init success
2026-03-25 07:53:29 [Info] [2380] Ipc init: 0
2026-03-25 07:53:29 [Info] [2380] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-25 07:53:29 [Info] [2380] CResourceMonitor::run Enter
2026-03-25 07:53:29 [Info] [2380] CIpcMsgHandlerMgr::run Enter
2026-03-25 07:53:29 [Info] [2380] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-03-25 07:53:29 [Info] [2380] start ipc thread id[3928]
2026-03-25 07:53:29 [Info] [2380] Connect Yundun ipc server return state is 0
2026-03-25 07:53:29 [Info] [2380] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-03-25 07:53:29 [Info] [2380] yundun connected
2026-03-25 07:53:29 [Info] [2380] Report thread
2026-03-25 07:53:29 [Info] [2380] Monitor thread
2026-03-25 07:53:29 [Info] [2380] Loader thread
2026-03-25 07:53:29 [Info] [2380] PythonEngineImpl Init...
2026-03-25 07:53:29 [Info] [2380] recvmsg: HELLO
2026-03-25 07:53:29 [Info] [2380] recvmsg: WORK
2026-03-25 07:53:29 [Info] [2380] no use encode, return to old mode
2026-03-25 07:53:30 [Info] [2380] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 07:53:30 [Info] [2380] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 07:53:30 [Info] [2380] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 07:53:30 [Info] [2380] log fd cnt is [250], real fd cnt is [274]
2026-03-25 07:53:30 [Info] [2380] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 07:53:30 [Info] [2380] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-25 07:53:30 [Info] [2380] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-25 07:53:31 [Info] [2380] log memory size is 20480KB, real memory size is 14864KB
2026-03-25 07:53:32 [Info] [2380] item: --windows-vul-clean
2026-03-25 07:53:32 [Info] [2380] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-25 07:53:32 [Info] [2380] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-25 07:53:32 [Info] [2380] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 07:53:32 [Info] [2380] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 07:53:32 [Info] [2380] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0
2026-03-25 07:53:32 [Info] [2380] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5
2026-03-25 07:53:32 [Info] [2380] Prepare stage1: --windows-vul-clean
2026-03-25 07:53:32 [Info] [2380] Prepare stage2
2026-03-25 07:53:32 [Info] [2380] stage3: --windows-vul-clean
2026-03-25 07:53:32 [Info] [2380] Loader after check
2026-03-25 07:53:33 [Info] [2380] Enter reuse wait state.
2026-03-25 07:53:36 [Info] [2380] recvmsg: EXIT
2026-03-25 07:53:36 [Info] [2380] Recv Exit Msg, Exit...
2026-03-25 08:00:05 [Info] [780] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-03-25 08:00:05 [Info] [780] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap23611774396792 
2026-03-25 08:00:05 [Info] [780] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-25 08:00:05 [Info] [780] Resource monitor start
2026-03-25 08:00:05 [Info] [780] ipc client init success
2026-03-25 08:00:05 [Info] [780] Ipc init: 0
2026-03-25 08:00:05 [Info] [780] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-25 08:00:05 [Info] [780] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-03-25 08:00:05 [Info] [780] start ipc thread id[568]
2026-03-25 08:00:05 [Info] [780] Connect Yundun ipc server return state is 0
2026-03-25 08:00:05 [Info] [780] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-03-25 08:00:08 [Info] [780] CResourceMonitor::run Enter
2026-03-25 08:00:08 [Info] [780] CIpcMsgHandlerMgr::run Enter
2026-03-25 08:00:08 [Info] [780] yundun connected
2026-03-25 08:00:08 [Info] [780] Report thread
2026-03-25 08:00:08 [Info] [780] Monitor thread
2026-03-25 08:00:08 [Info] [780] Loader thread
2026-03-25 08:00:08 [Info] [780] PythonEngineImpl Init...
2026-03-25 08:00:10 [Info] [780] recvmsg: HELLO
2026-03-25 08:00:10 [Info] [780] log fd cnt is [250], real fd cnt is [263]
2026-03-25 08:00:10 [Info] [780] recvmsg: WORK
2026-03-25 08:00:10 [Info] [780] no use encode, return to old mode
2026-03-25 08:00:10 [Info] [780] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 08:00:10 [Info] [780] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 08:00:10 [Info] [780] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 08:00:10 [Info] [780] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 08:00:11 [Info] [780] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-25 08:00:11 [Info] [780] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-25 08:00:11 [Info] [780] log memory size is 20480KB, real memory size is 14724KB
2026-03-25 08:00:12 [Info] [780] item: --windows-sysinfoext-check
2026-03-25 08:00:12 [Info] [780] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-25 08:00:12 [Info] [780] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-25 08:00:12 [Info] [780] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 08:00:12 [Info] [780] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 08:00:12 [Info] [780] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-25 08:00:12 [Info] [780] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-25 08:00:12 [Info] [780] Prepare stage1: --windows-sysinfoext-check
2026-03-25 08:00:12 [Info] [780] Prepare stage2
2026-03-25 08:00:15 [Info] [780] log memory size is 30720KB, real memory size is 23060KB
2026-03-25 08:00:15 [Info] [780] stage3: --windows-sysinfoext-check
2026-03-25 08:00:15 [Info] [780] Loader after check
2026-03-25 08:00:16 [Warn] [780] high cpu, cpu is 17
2026-03-25 08:00:16 [Info] [780] try get sys version
2026-03-25 08:00:16 [Info] [780] win sys info:2/10:0:3
2026-03-25 08:00:16 [Info] [780] suit legal version, enable cpu control
2026-03-25 08:00:16 [Warn] [780] High CPU Warning: 17
2026-03-25 08:00:16 [Warn] [780] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-25 08:00:16 [Info] [780] Enter reuse wait state.
2026-03-25 08:00:21 [Info] [780] recvmsg: EXIT
2026-03-25 08:00:21 [Info] [780] Recv Exit Msg, Exit...
2026-03-25 08:53:27 [Info] [1928] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-03-25 08:53:27 [Info] [1928] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap128591774400007 
2026-03-25 08:53:27 [Info] [1928] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-25 08:53:27 [Info] [1928] Resource monitor start
2026-03-25 08:53:27 [Info] [1928] ipc client init success
2026-03-25 08:53:27 [Info] [1928] Ipc init: 0
2026-03-25 08:53:27 [Info] [1928] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-25 08:53:27 [Info] [1928] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-03-25 08:53:27 [Info] [1928] start ipc thread id[3828]
2026-03-25 08:53:27 [Info] [1928] Connect Yundun ipc server return state is 0
2026-03-25 08:53:27 [Info] [1928] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-03-25 08:53:27 [Info] [1928] CResourceMonitor::run Enter
2026-03-25 08:53:27 [Info] [1928] CIpcMsgHandlerMgr::run Enter
2026-03-25 08:53:27 [Info] [1928] Report thread
2026-03-25 08:53:27 [Info] [1928] Monitor thread
2026-03-25 08:53:27 [Info] [1928] Loader thread
2026-03-25 08:53:27 [Info] [1928] PythonEngineImpl Init...
2026-03-25 08:53:27 [Info] [1928] yundun connected
2026-03-25 08:53:28 [Info] [1928] recvmsg: HELLO
2026-03-25 08:53:28 [Info] [1928] recvmsg: WORK
2026-03-25 08:53:28 [Info] [1928] no use encode, return to old mode
2026-03-25 08:53:28 [Info] [1928] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 08:53:28 [Info] [1928] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 08:53:28 [Info] [1928] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 08:53:28 [Info] [1928] log fd cnt is [250], real fd cnt is [282]
2026-03-25 08:53:28 [Info] [1928] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 08:53:28 [Info] [1928] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-25 08:53:28 [Info] [1928] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-25 08:53:29 [Info] [1928] log memory size is 20480KB, real memory size is 14716KB
2026-03-25 08:53:29 [Info] [1928] item: --windows-process-check
2026-03-25 08:53:29 [Info] [1928] cgroup name aegisRtap0
2026-03-25 08:53:29 [Info] [1928] try get sys version
2026-03-25 08:53:29 [Info] [1928] win sys info:2/10:0:3
2026-03-25 08:53:29 [Info] [1928] suit legal version, enable cpu control
2026-03-25 08:53:29 [Info] [1928] get AssignProcessToJobObject handle [00000478]
2026-03-25 08:53:29 [Info] [1928] Set setJobExtended.
2026-03-25 08:53:29 [Info] [1928] Set cpu [9%]
2026-03-25 08:53:29 [Info] [1928] Set cpu success
2026-03-25 08:53:29 [Info] [1928] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-25 08:53:29 [Info] [1928] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-25 08:53:29 [Info] [1928] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 08:53:30 [Info] [1928] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 08:53:30 [Info] [1928] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0
2026-03-25 08:53:30 [Info] [1928] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5
2026-03-25 08:53:30 [Info] [1928] Prepare stage1: --windows-process-check
2026-03-25 08:53:30 [Info] [1928] Prepare stage2
2026-03-25 08:53:33 [Info] [1928] log memory size is 30720KB, real memory size is 20568KB
2026-03-25 08:53:48 [Info] [1928] stage3: --windows-process-check
2026-03-25 08:53:48 [Info] [1928] Loader after check
2026-03-25 08:53:49 [Info] [1928] Enter reuse wait state.
2026-03-25 08:53:51 [Info] [1928] recvmsg: EXIT
2026-03-25 08:53:51 [Info] [1928] Recv Exit Msg, Exit...
2026-03-25 10:33:39 [Info] [3496] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-03-25 10:33:39 [Info] [3496] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap324921774406019 
2026-03-25 10:33:39 [Info] [3496] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-25 10:33:39 [Info] [3496] Resource monitor start
2026-03-25 10:33:39 [Info] [3496] ipc client init success
2026-03-25 10:33:39 [Info] [3496] Ipc init: 0
2026-03-25 10:33:39 [Info] [3496] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-25 10:33:39 [Info] [3496] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-03-25 10:33:39 [Info] [3496] CResourceMonitor::run Enter
2026-03-25 10:33:39 [Info] [3496] CIpcMsgHandlerMgr::run Enter
2026-03-25 10:33:39 [Info] [3496] start ipc thread id[4200]
2026-03-25 10:33:39 [Info] [3496] Connect Yundun ipc server return state is 0
2026-03-25 10:33:39 [Info] [3496] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-03-25 10:33:39 [Info] [3496] Report thread
2026-03-25 10:33:39 [Info] [3496] Monitor thread
2026-03-25 10:33:39 [Info] [3496] Loader thread
2026-03-25 10:33:39 [Info] [3496] yundun connected
2026-03-25 10:33:39 [Info] [3496] PythonEngineImpl Init...
2026-03-25 10:33:40 [Info] [3496] recvmsg: HELLO
2026-03-25 10:33:40 [Info] [3496] recvmsg: WORK
2026-03-25 10:33:40 [Info] [3496] no use encode, return to old mode
2026-03-25 10:33:40 [Info] [3496] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 10:33:40 [Info] [3496] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 10:33:40 [Info] [3496] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 10:33:40 [Info] [3496] log fd cnt is [250], real fd cnt is [274]
2026-03-25 10:33:41 [Info] [3496] log memory size is 20480KB, real memory size is 14544KB
2026-03-25 10:33:41 [Info] [3496] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 10:33:41 [Info] [3496] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-25 10:33:41 [Info] [3496] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-25 10:33:43 [Info] [3496] item: --windows-registry-check
2026-03-25 10:33:43 [Info] [3496] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-25 10:33:43 [Info] [3496] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-25 10:33:43 [Info] [3496] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 10:33:43 [Info] [3496] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 10:33:43 [Info] [3496] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0
2026-03-25 10:33:43 [Info] [3496] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5
2026-03-25 10:33:43 [Info] [3496] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-25 10:33:43 [Info] [3496] Prepare stage1: --windows-registry-check
2026-03-25 10:33:43 [Info] [3496] Prepare stage2
2026-03-25 10:34:12 [Info] [3496] stage3: --windows-registry-check
2026-03-25 10:34:12 [Info] [3496] Loader after check
2026-03-25 10:34:13 [Info] [3496] Enter reuse wait state.
2026-03-25 10:34:16 [Info] [3496] recvmsg: HELLO
2026-03-25 10:34:17 [Info] [3496] recvmsg: HELLO
2026-03-25 10:34:17 [Info] [3496] recvmsg: WORK
2026-03-25 10:34:17 [Info] [3496] no use encode, return to old mode
2026-03-25 10:34:17 [Info] [3496] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 10:34:17 [Info] [3496] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 10:34:17 [Info] [3496] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 10:34:17 [Info] [3496] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 10:34:17 [Info] [3496] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-25 10:34:17 [Info] [3496] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-25 10:34:18 [Info] [3496] item: --windows-driver-version-check
2026-03-25 10:34:18 [Info] [3496] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-25 10:34:18 [Info] [3496] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-25 10:34:18 [Info] [3496] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 10:34:19 [Info] [3496] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 10:34:19 [Info] [3496] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0
2026-03-25 10:34:19 [Info] [3496] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5
2026-03-25 10:34:19 [Info] [3496] Prepare stage1: --windows-driver-version-check
2026-03-25 10:34:19 [Info] [3496] Prepare stage2
2026-03-25 10:34:19 [Info] [3496] stage3: --windows-driver-version-check
2026-03-25 10:34:19 [Info] [3496] Loader after check
2026-03-25 10:34:20 [Info] [3496] Enter reuse wait state.
2026-03-25 10:34:24 [Info] [3496] recvmsg: EXIT
2026-03-25 10:34:24 [Info] [3496] Recv Exit Msg, Exit...
2026-03-25 10:45:25 [Info] [984] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-03-25 10:45:25 [Info] [984] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap20301774406725 
2026-03-25 10:45:25 [Info] [984] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-25 10:45:25 [Info] [984] Resource monitor start
2026-03-25 10:45:25 [Info] [984] ipc client init success
2026-03-25 10:45:25 [Info] [984] Ipc init: 0
2026-03-25 10:45:25 [Info] [984] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-25 10:45:25 [Info] [984] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-03-25 10:45:25 [Info] [984] start ipc thread id[4100]
2026-03-25 10:45:25 [Info] [984] Connect Yundun ipc server return state is 0
2026-03-25 10:45:25 [Info] [984] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-03-25 10:45:25 [Info] [984] CResourceMonitor::run Enter
2026-03-25 10:45:25 [Info] [984] CIpcMsgHandlerMgr::run Enter
2026-03-25 10:45:25 [Info] [984] Report thread
2026-03-25 10:45:25 [Info] [984] Monitor thread
2026-03-25 10:45:25 [Info] [984] Loader thread
2026-03-25 10:45:25 [Info] [984] PythonEngineImpl Init...
2026-03-25 10:45:25 [Info] [984] yundun connected
2026-03-25 10:45:26 [Info] [984] recvmsg: HELLO
2026-03-25 10:45:26 [Info] [984] recvmsg: WORK
2026-03-25 10:45:26 [Info] [984] no use encode, return to old mode
2026-03-25 10:45:26 [Info] [984] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 10:45:26 [Info] [984] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 10:45:26 [Info] [984] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 10:45:26 [Info] [984] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 10:45:26 [Info] [984] log fd cnt is [250], real fd cnt is [282]
2026-03-25 10:45:26 [Info] [984] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-25 10:45:26 [Info] [984] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-25 10:45:27 [Info] [984] log memory size is 20480KB, real memory size is 14856KB
2026-03-25 10:45:27 [Info] [984] item: --windows-schedule-task-check
2026-03-25 10:45:27 [Info] [984] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-25 10:45:27 [Info] [984] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-25 10:45:27 [Info] [984] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 10:45:28 [Info] [984] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 10:45:28 [Info] [984] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0
2026-03-25 10:45:28 [Info] [984] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5
2026-03-25 10:45:28 [Info] [984] Prepare stage1: --windows-schedule-task-check
2026-03-25 10:45:28 [Info] [984] Prepare stage2
2026-03-25 10:45:31 [Info] [984] log memory size is 30720KB, real memory size is 23580KB
2026-03-25 10:45:58 [Info] [984] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-25 10:45:59 [Info] [984] stage3: --windows-schedule-task-check
2026-03-25 10:45:59 [Info] [984] Loader after check
2026-03-25 10:46:00 [Info] [984] Enter reuse wait state.
2026-03-25 10:46:05 [Info] [984] recvmsg: EXIT
2026-03-25 10:46:05 [Info] [984] Recv Exit Msg, Exit...
2026-03-25 10:57:58 [Info] [1248] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-03-25 10:57:58 [Info] [1248] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap44891774407478 
2026-03-25 10:57:58 [Info] [1248] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-25 10:57:58 [Info] [1248] Resource monitor start
2026-03-25 10:57:58 [Info] [1248] ipc client init success
2026-03-25 10:57:58 [Info] [1248] Ipc init: 0
2026-03-25 10:57:58 [Info] [1248] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-25 10:57:58 [Info] [1248] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-03-25 10:57:58 [Info] [1248] start ipc thread id[3644]
2026-03-25 10:57:58 [Info] [1248] Connect Yundun ipc server return state is 0
2026-03-25 10:57:58 [Info] [1248] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-03-25 10:57:58 [Info] [1248] CResourceMonitor::run Enter
2026-03-25 10:57:58 [Info] [1248] CIpcMsgHandlerMgr::run Enter
2026-03-25 10:57:58 [Info] [1248] Report thread
2026-03-25 10:57:58 [Info] [1248] Monitor thread
2026-03-25 10:57:58 [Info] [1248] Loader thread
2026-03-25 10:57:58 [Info] [1248] PythonEngineImpl Init...
2026-03-25 10:57:58 [Info] [1248] yundun connected
2026-03-25 10:57:59 [Info] [1248] recvmsg: HELLO
2026-03-25 10:57:59 [Info] [1248] recvmsg: WORK
2026-03-25 10:57:59 [Info] [1248] no use encode, return to old mode
2026-03-25 10:57:59 [Info] [1248] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 10:57:59 [Info] [1248] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 10:57:59 [Info] [1248] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 10:57:59 [Info] [1248] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 10:57:59 [Info] [1248] log fd cnt is [250], real fd cnt is [282]
2026-03-25 10:57:59 [Info] [1248] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-25 10:57:59 [Info] [1248] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-25 10:58:00 [Info] [1248] log memory size is 20480KB, real memory size is 14840KB
2026-03-25 10:58:00 [Info] [1248] item: --tcp-connect-check
2026-03-25 10:58:00 [Info] [1248] cgroup name aegisRtap0
2026-03-25 10:58:00 [Info] [1248] try get sys version
2026-03-25 10:58:00 [Info] [1248] win sys info:2/10:0:3
2026-03-25 10:58:00 [Info] [1248] suit legal version, enable cpu control
2026-03-25 10:58:00 [Info] [1248] get AssignProcessToJobObject handle [00000478]
2026-03-25 10:58:00 [Info] [1248] Set setJobExtended.
2026-03-25 10:58:00 [Info] [1248] Set cpu [9%]
2026-03-25 10:58:00 [Info] [1248] Set cpu success
2026-03-25 10:58:00 [Info] [1248] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-25 10:58:00 [Info] [1248] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-25 10:58:00 [Info] [1248] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 10:58:00 [Info] [1248] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 10:58:01 [Info] [1248] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0
2026-03-25 10:58:01 [Info] [1248] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5
2026-03-25 10:58:01 [Info] [1248] Prepare stage1: --tcp-connect-check
2026-03-25 10:58:01 [Info] [1248] Prepare stage2
2026-03-25 10:58:04 [Info] [1248] stage3: --tcp-connect-check
2026-03-25 10:58:04 [Info] [1248] Loader after check
2026-03-25 10:58:05 [Info] [1248] Enter reuse wait state.
2026-03-25 10:58:10 [Info] [1248] recvmsg: EXIT
2026-03-25 10:58:10 [Info] [1248] Recv Exit Msg, Exit...
2026-03-25 11:12:28 [Info] [3076] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-03-25 11:12:28 [Info] [3076] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap73301774408348 
2026-03-25 11:12:28 [Info] [3076] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-25 11:12:28 [Info] [3076] Resource monitor start
2026-03-25 11:12:28 [Info] [3076] ipc client init success
2026-03-25 11:12:28 [Info] [3076] Ipc init: 0
2026-03-25 11:12:28 [Info] [3076] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-25 11:12:28 [Info] [3076] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-03-25 11:12:28 [Info] [3076] start ipc thread id[2200]
2026-03-25 11:12:28 [Info] [3076] Connect Yundun ipc server return state is 0
2026-03-25 11:12:28 [Info] [3076] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-03-25 11:12:28 [Info] [3076] CResourceMonitor::run Enter
2026-03-25 11:12:28 [Info] [3076] CIpcMsgHandlerMgr::run Enter
2026-03-25 11:12:28 [Info] [3076] Report thread
2026-03-25 11:12:28 [Info] [3076] Monitor thread
2026-03-25 11:12:28 [Info] [3076] Loader thread
2026-03-25 11:12:28 [Info] [3076] PythonEngineImpl Init...
2026-03-25 11:12:28 [Info] [3076] yundun connected
2026-03-25 11:12:28 [Info] [3076] recvmsg: HELLO
2026-03-25 11:12:28 [Info] [3076] recvmsg: WORK
2026-03-25 11:12:28 [Info] [3076] no use encode, return to old mode
2026-03-25 11:12:29 [Info] [3076] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 11:12:29 [Info] [3076] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 11:12:29 [Info] [3076] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 11:12:29 [Info] [3076] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 11:12:29 [Info] [3076] log fd cnt is [250], real fd cnt is [286]
2026-03-25 11:12:29 [Info] [3076] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-25 11:12:29 [Info] [3076] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-25 11:12:30 [Info] [3076] log memory size is 20480KB, real memory size is 14804KB
2026-03-25 11:12:30 [Info] [3076] item: --windows-autorun-item-check
2026-03-25 11:12:30 [Info] [3076] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-25 11:12:30 [Info] [3076] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-25 11:12:30 [Info] [3076] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 11:12:30 [Info] [3076] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 11:12:30 [Info] [3076] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0
2026-03-25 11:12:30 [Info] [3076] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5
2026-03-25 11:12:31 [Info] [3076] Prepare stage1: --windows-autorun-item-check
2026-03-25 11:12:31 [Info] [3076] Prepare stage2
2026-03-25 11:12:34 [Info] [3076] log memory size is 30720KB, real memory size is 22564KB
2026-03-25 11:12:36 [Info] [3076] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-25 11:12:41 [Info] [3076] stage3: --windows-autorun-item-check
2026-03-25 11:12:41 [Info] [3076] Loader after check
2026-03-25 11:12:42 [Info] [3076] Enter reuse wait state.
2026-03-25 11:12:43 [Info] [3076] recvmsg: EXIT
2026-03-25 11:12:43 [Info] [3076] Recv Exit Msg, Exit...
2026-03-25 13:29:19 [Info] [4176] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-03-25 13:29:19 [Info] [4176] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap12971774416535 
2026-03-25 13:29:19 [Info] [4176] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-25 13:29:19 [Info] [4176] Resource monitor start
2026-03-25 13:29:19 [Info] [4176] ipc client init success
2026-03-25 13:29:19 [Info] [4176] Ipc init: 0
2026-03-25 13:29:19 [Info] [4176] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-25 13:29:19 [Info] [4176] CResourceMonitor::run Enter
2026-03-25 13:29:19 [Info] [4176] CIpcMsgHandlerMgr::run Enter
2026-03-25 13:29:19 [Info] [4176] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-03-25 13:29:19 [Info] [4176] start ipc thread id[732]
2026-03-25 13:29:19 [Info] [4176] Connect Yundun ipc server return state is 0
2026-03-25 13:29:19 [Info] [4176] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-03-25 13:29:19 [Info] [4176] yundun connected
2026-03-25 13:29:19 [Info] [4176] Report thread
2026-03-25 13:29:19 [Info] [4176] Monitor thread
2026-03-25 13:29:19 [Info] [4176] Loader thread
2026-03-25 13:29:19 [Info] [4176] PythonEngineImpl Init...
2026-03-25 13:29:20 [Info] [4176] recvmsg: HELLO
2026-03-25 13:29:20 [Info] [4176] recvmsg: WORK
2026-03-25 13:29:20 [Info] [4176] no use encode, return to old mode
2026-03-25 13:29:20 [Info] [4176] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 13:29:20 [Info] [4176] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 13:29:20 [Info] [4176] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 13:29:20 [Info] [4176] log fd cnt is [250], real fd cnt is [273]
2026-03-25 13:29:20 [Info] [4176] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 13:29:20 [Info] [4176] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-25 13:29:20 [Info] [4176] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-25 13:29:21 [Info] [4176] log memory size is 20480KB, real memory size is 14872KB
2026-03-25 13:29:22 [Info] [4176] item: --windows-sysinfoext-check
2026-03-25 13:29:22 [Info] [4176] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-25 13:29:22 [Info] [4176] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-25 13:29:22 [Info] [4176] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 13:29:22 [Info] [4176] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 13:29:22 [Info] [4176] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-25 13:29:22 [Info] [4176] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-25 13:29:22 [Info] [4176] Prepare stage1: --windows-sysinfoext-check
2026-03-25 13:29:22 [Info] [4176] Prepare stage2
2026-03-25 13:29:24 [Warn] [4176] high cpu, cpu is 12
2026-03-25 13:29:24 [Info] [4176] try get sys version
2026-03-25 13:29:24 [Info] [4176] win sys info:2/10:0:3
2026-03-25 13:29:24 [Info] [4176] suit legal version, enable cpu control
2026-03-25 13:29:24 [Warn] [4176] High CPU Warning: 12
2026-03-25 13:29:25 [Warn] [4176] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-03-25 13:29:26 [Info] [4176] log memory size is 30720KB, real memory size is 23108KB
2026-03-25 13:29:26 [Info] [4176] stage3: --windows-sysinfoext-check
2026-03-25 13:29:26 [Info] [4176] Loader after check
2026-03-25 13:29:27 [Warn] [4176] high cpu, cpu is 13
2026-03-25 13:29:27 [Warn] [4176] High CPU Warning: 13
2026-03-25 13:29:27 [Info] [4176] Enter reuse wait state.
2026-03-25 13:29:31 [Info] [4176] recvmsg: EXIT
2026-03-25 13:29:31 [Info] [4176] Recv Exit Msg, Exit...
2026-03-25 18:57:16 [Info] [3376] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-03-25 18:57:16 [Info] [3376] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap211774436213 
2026-03-25 18:57:16 [Info] [3376] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-25 18:57:16 [Info] [3376] Resource monitor start
2026-03-25 18:57:16 [Info] [3376] ipc client init success
2026-03-25 18:57:16 [Info] [3376] Ipc init: 0
2026-03-25 18:57:16 [Info] [3376] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-25 18:57:16 [Info] [3376] CResourceMonitor::run Enter
2026-03-25 18:57:16 [Info] [3376] CIpcMsgHandlerMgr::run Enter
2026-03-25 18:57:16 [Info] [3376] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-03-25 18:57:16 [Info] [3376] start ipc thread id[4432]
2026-03-25 18:57:16 [Info] [3376] Connect Yundun ipc server return state is 0
2026-03-25 18:57:16 [Info] [3376] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-03-25 18:57:16 [Info] [3376] yundun connected
2026-03-25 18:57:16 [Info] [3376] Report thread
2026-03-25 18:57:16 [Info] [3376] Monitor thread
2026-03-25 18:57:16 [Info] [3376] Loader thread
2026-03-25 18:57:16 [Info] [3376] recvmsg: HELLO
2026-03-25 18:57:16 [Info] [3376] recvmsg: WORK
2026-03-25 18:57:16 [Info] [3376] no use encode, return to old mode
2026-03-25 18:57:16 [Info] [3376] PythonEngineImpl Init...
2026-03-25 18:57:17 [Info] [3376] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 18:57:17 [Info] [3376] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 18:57:17 [Info] [3376] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 18:57:17 [Info] [3376] log fd cnt is [250], real fd cnt is [274]
2026-03-25 18:57:17 [Info] [3376] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 18:57:17 [Info] [3376] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-25 18:57:17 [Info] [3376] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-25 18:57:18 [Info] [3376] log memory size is 20480KB, real memory size is 14844KB
2026-03-25 18:57:18 [Info] [3376] item: --windows-sysinfoext-check
2026-03-25 18:57:18 [Info] [3376] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-25 18:57:18 [Info] [3376] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-25 18:57:18 [Info] [3376] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 18:57:18 [Info] [3376] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 18:57:19 [Info] [3376] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-25 18:57:19 [Info] [3376] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-25 18:57:19 [Info] [3376] Prepare stage1: --windows-sysinfoext-check
2026-03-25 18:57:19 [Info] [3376] Prepare stage2
2026-03-25 18:57:22 [Info] [3376] log memory size is 30720KB, real memory size is 23112KB
2026-03-25 18:57:23 [Info] [3376] stage3: --windows-sysinfoext-check
2026-03-25 18:57:23 [Info] [3376] Loader after check
2026-03-25 18:57:23 [Warn] [3376] high cpu, cpu is 18
2026-03-25 18:57:23 [Info] [3376] try get sys version
2026-03-25 18:57:23 [Info] [3376] win sys info:2/10:0:3
2026-03-25 18:57:23 [Info] [3376] suit legal version, enable cpu control
2026-03-25 18:57:23 [Warn] [3376] High CPU Warning: 18
2026-03-25 18:57:23 [Warn] [3376] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-25 18:57:24 [Info] [3376] Enter reuse wait state.
2026-03-25 18:57:27 [Info] [3376] recvmsg: EXIT
2026-03-25 18:57:27 [Info] [3376] Recv Exit Msg, Exit...
2026-03-25 19:05:15 [Info] [4572] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-03-25 19:05:15 [Info] [4572] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap16601774436715 
2026-03-25 19:05:15 [Info] [4572] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-25 19:05:15 [Info] [4572] Resource monitor start
2026-03-25 19:05:15 [Info] [4572] ipc client init success
2026-03-25 19:05:15 [Info] [4572] Ipc init: 0
2026-03-25 19:05:15 [Info] [4572] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-25 19:05:15 [Info] [4572] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-03-25 19:05:15 [Info] [4572] start ipc thread id[4972]
2026-03-25 19:05:15 [Info] [4572] Connect Yundun ipc server return state is 0
2026-03-25 19:05:15 [Info] [4572] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-03-25 19:05:15 [Info] [4572] CResourceMonitor::run Enter
2026-03-25 19:05:15 [Info] [4572] CIpcMsgHandlerMgr::run Enter
2026-03-25 19:05:15 [Info] [4572] yundun connected
2026-03-25 19:05:15 [Info] [4572] Report thread
2026-03-25 19:05:15 [Info] [4572] Monitor thread
2026-03-25 19:05:15 [Info] [4572] Loader thread
2026-03-25 19:05:15 [Info] [4572] PythonEngineImpl Init...
2026-03-25 19:05:15 [Info] [4572] recvmsg: HELLO
2026-03-25 19:05:15 [Info] [4572] recvmsg: WORK
2026-03-25 19:05:15 [Info] [4572] no use encode, return to old mode
2026-03-25 19:05:16 [Info] [4572] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 19:05:16 [Info] [4572] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-25 19:05:16 [Info] [4572] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 19:05:16 [Info] [4572] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 19:05:16 [Info] [4572] log fd cnt is [250], real fd cnt is [282]
2026-03-25 19:05:16 [Info] [4572] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-25 19:05:16 [Info] [4572] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-25 19:05:17 [Info] [4572] log memory size is 20480KB, real memory size is 14820KB
2026-03-25 19:05:17 [Info] [4572] item: --secnet_rasp_agent
2026-03-25 19:05:17 [Info] [4572] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-25 19:05:17 [Info] [4572] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-25 19:05:17 [Info] [4572] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-03-25 19:05:17 [Info] [4572] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-03-25 19:05:17 [Info] [4572] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-03-25 19:05:17 [Info] [4572] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-03-25 19:05:17 [Info] [4572] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-03-25 19:05:17 [Info] [4572] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-03-25 19:05:17 [Info] [4572] Download redirect files success.
2026-03-25 19:05:17 [Info] [4572] Prepare stage1: --secnet_rasp_agent
2026-03-25 19:05:17 [Info] [4572] Prepare stage2
2026-03-25 19:05:19 [Info] [4572] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-25 19:05:19 [Info] [4572] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-25 19:05:19 [Info] [4572] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-25 19:05:19 [Info] [4572] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-25 19:05:19 [Info] [4572] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-03-25 19:05:19 [Info] [4572] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-25 19:05:19 [Info] [4572] stage3: --secnet_rasp_agent
2026-03-25 19:05:19 [Info] [4572] Loader after check
2026-03-25 19:05:20 [Info] [4572] Enter reuse wait state.
2026-03-25 19:05:21 [Info] [4572] log memory size is 30720KB, real memory size is 21332KB
2026-03-25 19:05:22 [Info] [4572] recvmsg: EXIT
2026-03-25 19:05:22 [Info] [4572] Recv Exit Msg, Exit...
2026-04-01 02:48:25 [Info] [4688] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-01 02:48:25 [Info] [4688] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap158121774982904 
2026-04-01 02:48:25 [Info] [4688] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-01 02:48:25 [Info] [4688] Resource monitor start
2026-04-01 02:48:25 [Info] [4688] ipc client init success
2026-04-01 02:48:25 [Info] [4688] Ipc init: 0
2026-04-01 02:48:25 [Info] [4688] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-01 02:48:25 [Info] [4688] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-01 02:48:25 [Info] [4688] start ipc thread id[2768]
2026-04-01 02:48:25 [Info] [4688] Connect Yundun ipc server return state is 0
2026-04-01 02:48:25 [Info] [4688] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-01 02:48:25 [Info] [4688] CResourceMonitor::run Enter
2026-04-01 02:48:25 [Info] [4688] CIpcMsgHandlerMgr::run Enter
2026-04-01 02:48:25 [Info] [4688] Report thread
2026-04-01 02:48:25 [Info] [4688] Monitor thread
2026-04-01 02:48:25 [Info] [4688] Loader thread
2026-04-01 02:48:25 [Info] [4688] PythonEngineImpl Init...
2026-04-01 02:48:25 [Info] [4688] yundun connected
2026-04-01 02:48:25 [Info] [4688] recvmsg: HELLO
2026-04-01 02:48:25 [Info] [4688] recvmsg: WORK
2026-04-01 02:48:25 [Info] [4688] no use encode, return to old mode
2026-04-01 02:48:25 [Info] [4688] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 02:48:25 [Info] [4688] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 02:48:25 [Info] [4688] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 02:48:26 [Info] [4688] log fd cnt is [250], real fd cnt is [282]
2026-04-01 02:48:26 [Info] [4688] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 02:48:26 [Info] [4688] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-01 02:48:26 [Info] [4688] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-01 02:48:27 [Info] [4688] log memory size is 20480KB, real memory size is 14764KB
2026-04-01 02:48:27 [Info] [4688] item: --sca
2026-04-01 02:48:27 [Info] [4688] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-04-01 02:48:27 [Info] [4688] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-04-01 02:48:27 [Info] [4688] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py
2026-04-01 02:48:27 [Info] [4688] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py
2026-04-01 02:48:27 [Info] [4688] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py
2026-04-01 02:48:27 [Info] [4688] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py
2026-04-01 02:48:27 [Info] [4688] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py
2026-04-01 02:48:27 [Info] [4688] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py
2026-04-01 02:48:28 [Info] [4688] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py
2026-04-01 02:48:28 [Info] [4688] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py
2026-04-01 02:48:28 [Info] [4688] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py
2026-04-01 02:48:28 [Info] [4688] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py
2026-04-01 02:48:28 [Info] [4688] Download redirect files success.
2026-04-01 02:48:28 [Info] [4688] Prepare stage1: --sca
2026-04-01 02:48:28 [Info] [4688] Prepare stage2
2026-04-01 02:48:29 [Info] [4688] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-01 02:48:30 [Warn] [4688] high cpu, cpu is 26
2026-04-01 02:48:30 [Info] [4688] try get sys version
2026-04-01 02:48:30 [Info] [4688] win sys info:2/10:0:3
2026-04-01 02:48:30 [Info] [4688] suit legal version, enable cpu control
2026-04-01 02:48:30 [Warn] [4688] High CPU Warning: 26
2026-04-01 02:48:30 [Warn] [4688] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:sca.py line: 199 in func: init_analyzer
File:sca.py line: 390 in func: start
2026-04-01 02:48:31 [Info] [4688] log memory size is 30720KB, real memory size is 32712KB
2026-04-01 02:48:35 [Info] [4688] log memory size is 40960KB, real memory size is 33148KB
2026-04-01 02:49:02 [Warn] [4688] high cpu, cpu is 23
2026-04-01 02:49:02 [Warn] [4688] High CPU Warning: 23
2026-04-01 02:49:02 [Warn] [4688] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:sca.py line: 188 in func: init_analyzer
File:sca.py line: 390 in func: start
2026-04-01 02:49:04 [Info] [4688] stage3: --sca
2026-04-01 02:49:04 [Info] [4688] Loader after check
2026-04-01 02:49:05 [Info] [4688] Enter reuse wait state.
2026-04-01 02:49:08 [Info] [4688] recvmsg: EXIT
2026-04-01 02:49:08 [Info] [4688] Recv Exit Msg, Exit...
2026-04-01 04:01:30 [Info] [88] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-01 04:01:30 [Info] [88] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap300661774987269 
2026-04-01 04:01:30 [Info] [88] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-01 04:01:30 [Info] [88] Resource monitor start
2026-04-01 04:01:30 [Info] [88] ipc client init success
2026-04-01 04:01:30 [Info] [88] Ipc init: 0
2026-04-01 04:01:30 [Info] [88] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-01 04:01:30 [Info] [88] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-01 04:01:30 [Info] [88] start ipc thread id[4688]
2026-04-01 04:01:30 [Info] [88] Connect Yundun ipc server return state is 0
2026-04-01 04:01:30 [Info] [88] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-01 04:01:33 [Info] [88] CResourceMonitor::run Enter
2026-04-01 04:01:33 [Info] [88] CIpcMsgHandlerMgr::run Enter
2026-04-01 04:01:33 [Info] [88] yundun connected
2026-04-01 04:01:33 [Info] [88] Report thread
2026-04-01 04:01:33 [Info] [88] Monitor thread
2026-04-01 04:01:33 [Info] [88] Loader thread
2026-04-01 04:01:33 [Info] [88] PythonEngineImpl Init...
2026-04-01 04:01:34 [Info] [88] recvmsg: HELLO
2026-04-01 04:01:34 [Info] [88] recvmsg: WORK
2026-04-01 04:01:34 [Info] [88] no use encode, return to old mode
2026-04-01 04:01:34 [Info] [88] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 04:01:34 [Info] [88] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 04:01:34 [Info] [88] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 04:01:34 [Info] [88] log fd cnt is [250], real fd cnt is [264]
2026-04-01 04:01:35 [Info] [88] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 04:01:35 [Info] [88] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-01 04:01:35 [Info] [88] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-01 04:01:36 [Info] [88] log memory size is 20480KB, real memory size is 14640KB
2026-04-01 04:01:37 [Info] [88] item: --windows-sysinfoext-check
2026-04-01 04:01:37 [Info] [88] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-01 04:01:37 [Info] [88] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-01 04:01:37 [Info] [88] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 04:01:37 [Info] [88] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 04:01:37 [Info] [88] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-01 04:01:37 [Info] [88] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-01 04:01:37 [Info] [88] Prepare stage1: --windows-sysinfoext-check
2026-04-01 04:01:37 [Info] [88] Prepare stage2
2026-04-01 04:01:39 [Info] [88] stage3: --windows-sysinfoext-check
2026-04-01 04:01:39 [Info] [88] Loader after check
2026-04-01 04:01:40 [Info] [88] log memory size is 30720KB, real memory size is 23168KB
2026-04-01 04:01:40 [Info] [88] Enter reuse wait state.
2026-04-01 04:01:42 [Info] [88] recvmsg: EXIT
2026-04-01 04:01:42 [Info] [88] Recv Exit Msg, Exit...
2026-04-01 07:54:58 [Info] [4516] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-01 07:54:58 [Info] [4516] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap103431775001298 
2026-04-01 07:54:58 [Info] [4516] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-01 07:54:58 [Info] [4516] Resource monitor start
2026-04-01 07:54:58 [Info] [4516] ipc client init success
2026-04-01 07:54:58 [Info] [4516] Ipc init: 0
2026-04-01 07:54:58 [Info] [4516] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-01 07:54:58 [Info] [4516] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-01 07:54:58 [Info] [4516] start ipc thread id[4592]
2026-04-01 07:54:58 [Info] [4516] Connect Yundun ipc server return state is 0
2026-04-01 07:54:58 [Info] [4516] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-01 07:54:58 [Info] [4516] CResourceMonitor::run Enter
2026-04-01 07:54:58 [Info] [4516] CIpcMsgHandlerMgr::run Enter
2026-04-01 07:54:58 [Info] [4516] Report thread
2026-04-01 07:54:58 [Info] [4516] Monitor thread
2026-04-01 07:54:58 [Info] [4516] Loader thread
2026-04-01 07:54:58 [Info] [4516] PythonEngineImpl Init...
2026-04-01 07:54:58 [Info] [4516] yundun connected
2026-04-01 07:54:58 [Info] [4516] recvmsg: HELLO
2026-04-01 07:54:58 [Info] [4516] recvmsg: WORK
2026-04-01 07:54:58 [Info] [4516] no use encode, return to old mode
2026-04-01 07:54:58 [Info] [4516] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 07:54:58 [Info] [4516] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 07:54:58 [Info] [4516] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 07:54:59 [Info] [4516] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 07:54:59 [Info] [4516] log fd cnt is [250], real fd cnt is [282]
2026-04-01 07:54:59 [Info] [4516] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-01 07:54:59 [Info] [4516] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-01 07:55:00 [Info] [4516] log memory size is 20480KB, real memory size is 14840KB
2026-04-01 07:55:00 [Info] [4516] item: --windows-vul-clean
2026-04-01 07:55:00 [Info] [4516] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-04-01 07:55:00 [Info] [4516] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-04-01 07:55:00 [Info] [4516] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 07:55:00 [Info] [4516] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 07:55:00 [Info] [4516] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0
2026-04-01 07:55:00 [Info] [4516] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5
2026-04-01 07:55:00 [Info] [4516] Prepare stage1: --windows-vul-clean
2026-04-01 07:55:00 [Info] [4516] Prepare stage2
2026-04-01 07:55:00 [Info] [4516] stage3: --windows-vul-clean
2026-04-01 07:55:00 [Info] [4516] Loader after check
2026-04-01 07:55:01 [Info] [4516] Enter reuse wait state.
2026-04-01 07:55:05 [Info] [4516] recvmsg: EXIT
2026-04-01 07:55:05 [Info] [4516] Recv Exit Msg, Exit...
2026-04-01 09:04:38 [Info] [2256] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-01 09:04:38 [Info] [2256] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap239931775005478 
2026-04-01 09:04:38 [Info] [2256] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-01 09:04:38 [Info] [2256] Resource monitor start
2026-04-01 09:04:38 [Info] [2256] ipc client init success
2026-04-01 09:04:38 [Info] [2256] Ipc init: 0
2026-04-01 09:04:38 [Info] [2256] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-01 09:04:38 [Info] [2256] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-01 09:04:38 [Info] [2256] start ipc thread id[3804]
2026-04-01 09:04:38 [Info] [2256] Connect Yundun ipc server return state is 0
2026-04-01 09:04:38 [Info] [2256] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-01 09:04:38 [Info] [2256] CResourceMonitor::run Enter
2026-04-01 09:04:38 [Info] [2256] CIpcMsgHandlerMgr::run Enter
2026-04-01 09:04:38 [Info] [2256] Report thread
2026-04-01 09:04:38 [Info] [2256] Monitor thread
2026-04-01 09:04:38 [Info] [2256] Loader thread
2026-04-01 09:04:38 [Info] [2256] PythonEngineImpl Init...
2026-04-01 09:04:38 [Info] [2256] yundun connected
2026-04-01 09:04:38 [Info] [2256] recvmsg: HELLO
2026-04-01 09:04:38 [Info] [2256] recvmsg: WORK
2026-04-01 09:04:38 [Info] [2256] no use encode, return to old mode
2026-04-01 09:04:39 [Info] [2256] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 09:04:39 [Info] [2256] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 09:04:39 [Info] [2256] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 09:04:39 [Info] [2256] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 09:04:39 [Warn] [2256] high cpu, cpu is 12
2026-04-01 09:04:39 [Info] [2256] try get sys version
2026-04-01 09:04:39 [Info] [2256] win sys info:2/10:0:3
2026-04-01 09:04:39 [Info] [2256] suit legal version, enable cpu control
2026-04-01 09:04:39 [Warn] [2256] High CPU Warning: 12
2026-04-01 09:04:39 [Warn] [2256] resource monitor exp type: High CPU Warning, script runing: 0
2026-04-01 09:04:39 [Info] [2256] log fd cnt is [250], real fd cnt is [282]
2026-04-01 09:04:39 [Info] [2256] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-01 09:04:39 [Info] [2256] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-01 09:04:40 [Info] [2256] log memory size is 20480KB, real memory size is 14852KB
2026-04-01 09:04:40 [Info] [2256] item: --windows-process-check
2026-04-01 09:04:40 [Info] [2256] cgroup name aegisRtap0
2026-04-01 09:04:40 [Info] [2256] get AssignProcessToJobObject handle [00000478]
2026-04-01 09:04:40 [Info] [2256] Set setJobExtended.
2026-04-01 09:04:40 [Info] [2256] Set cpu [9%]
2026-04-01 09:04:40 [Info] [2256] Set cpu success
2026-04-01 09:04:40 [Info] [2256] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-04-01 09:04:40 [Info] [2256] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-04-01 09:04:40 [Info] [2256] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 09:04:40 [Info] [2256] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 09:04:40 [Info] [2256] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0
2026-04-01 09:04:40 [Info] [2256] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5
2026-04-01 09:04:41 [Info] [2256] Prepare stage1: --windows-process-check
2026-04-01 09:04:41 [Info] [2256] Prepare stage2
2026-04-01 09:04:44 [Info] [2256] log memory size is 30720KB, real memory size is 20612KB
2026-04-01 09:05:00 [Info] [2256] stage3: --windows-process-check
2026-04-01 09:05:00 [Info] [2256] Loader after check
2026-04-01 09:05:01 [Info] [2256] Enter reuse wait state.
2026-04-01 09:05:01 [Info] [2256] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-01 09:05:06 [Info] [2256] recvmsg: EXIT
2026-04-01 09:05:06 [Info] [2256] Recv Exit Msg, Exit...
2026-04-01 09:28:55 [Info] [4760] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-01 09:28:55 [Info] [4760] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap287151775006924 
2026-04-01 09:28:55 [Info] [4760] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-01 09:28:55 [Info] [4760] Resource monitor start
2026-04-01 09:28:55 [Info] [4760] ipc client init success
2026-04-01 09:28:55 [Info] [4760] Ipc init: 0
2026-04-01 09:28:55 [Info] [4760] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-01 09:28:55 [Info] [4760] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-01 09:28:55 [Info] [4760] start ipc thread id[4780]
2026-04-01 09:28:55 [Info] [4760] Connect Yundun ipc server return state is 0
2026-04-01 09:28:55 [Info] [4760] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-01 09:29:02 [Info] [4760] Report thread
2026-04-01 09:29:02 [Info] [4760] yundun connected
2026-04-01 09:29:02 [Info] [4760] CIpcMsgHandlerMgr::run Enter
2026-04-01 09:29:02 [Info] [4760] CResourceMonitor::run Enter
2026-04-01 09:29:02 [Info] [4760] recvmsg: HELLO
2026-04-01 09:29:02 [Info] [4760] recvmsg: WORK
2026-04-01 09:29:02 [Info] [4760] no use encode, return to old mode
2026-04-01 09:29:03 [Info] [4760] log fd cnt is [250], real fd cnt is [248]
2026-04-01 09:29:03 [Info] [4760] Loader thread
2026-04-01 09:29:03 [Info] [4760] PythonEngineImpl Init...
2026-04-01 09:29:03 [Info] [4760] Monitor thread
2026-04-01 09:29:03 [Info] [4760] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 09:29:03 [Info] [4760] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 09:29:03 [Info] [4760] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 09:29:04 [Info] [4760] log memory size is 20480KB, real memory size is 13112KB
2026-04-01 09:29:11 [Info] [4760] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 09:29:11 [Info] [4760] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-01 09:29:11 [Info] [4760] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-01 09:29:13 [Info] [4760] item: --windows-sysinfoext-check
2026-04-01 09:29:13 [Info] [4760] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-01 09:29:13 [Info] [4760] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-01 09:29:13 [Info] [4760] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 09:29:13 [Info] [4760] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 09:29:13 [Info] [4760] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-01 09:29:13 [Info] [4760] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-01 09:29:13 [Info] [4760] Prepare stage1: --windows-sysinfoext-check
2026-04-01 09:29:13 [Info] [4760] Prepare stage2
2026-04-01 09:29:13 [Warn] [4760] high cpu, cpu is 15
2026-04-01 09:29:13 [Info] [4760] try get sys version
2026-04-01 09:29:13 [Info] [4760] win sys info:2/10:0:3
2026-04-01 09:29:13 [Info] [4760] suit legal version, enable cpu control
2026-04-01 09:29:13 [Warn] [4760] High CPU Warning: 15
2026-04-01 09:29:13 [Warn] [4760] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:<string> line: 12 in func: __init__
File:wmi.py line: 1145 in func: __getattr__
File:wmi.py line: 783 in func: __init__
File:wmi.py line: 1156 in func: _cached_classes
File:wmi.py line: 1145 in func: __getattr__
File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion
File:windows-sysinfoext-check.py line: 168 in func: check
File:windows-sysinfoext-check.py line: 143 in func: main
File:windows-sysinfoext-check.py line: 200 in func: start
2026-04-01 09:29:15 [Info] [4760] stage3: --windows-sysinfoext-check
2026-04-01 09:29:15 [Info] [4760] Loader after check
2026-04-01 09:29:15 [Warn] [4760] high cpu, cpu is 13
2026-04-01 09:29:15 [Warn] [4760] High CPU Warning: 13
2026-04-01 09:29:16 [Info] [4760] Enter reuse wait state.
2026-04-01 09:29:16 [Info] [4760] log memory size is 30720KB, real memory size is 23404KB
2026-04-01 09:29:21 [Info] [4760] recvmsg: EXIT
2026-04-01 09:29:21 [Info] [4760] Recv Exit Msg, Exit...
2026-04-01 10:33:41 [Info] [2964] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-01 10:33:41 [Info] [2964] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap86731775010821 
2026-04-01 10:33:41 [Info] [2964] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-01 10:33:41 [Info] [2964] Resource monitor start
2026-04-01 10:33:41 [Info] [2964] ipc client init success
2026-04-01 10:33:41 [Info] [2964] Ipc init: 0
2026-04-01 10:33:41 [Info] [2964] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-01 10:33:41 [Info] [2964] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-01 10:33:41 [Info] [2964] start ipc thread id[4592]
2026-04-01 10:33:41 [Info] [2964] Connect Yundun ipc server return state is 0
2026-04-01 10:33:41 [Info] [2964] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-01 10:33:41 [Info] [2964] CResourceMonitor::run Enter
2026-04-01 10:33:41 [Info] [2964] CIpcMsgHandlerMgr::run Enter
2026-04-01 10:33:41 [Info] [2964] Report thread
2026-04-01 10:33:41 [Info] [2964] Monitor thread
2026-04-01 10:33:41 [Info] [2964] Loader thread
2026-04-01 10:33:41 [Info] [2964] PythonEngineImpl Init...
2026-04-01 10:33:41 [Info] [2964] yundun connected
2026-04-01 10:33:41 [Info] [2964] recvmsg: HELLO
2026-04-01 10:33:41 [Info] [2964] recvmsg: WORK
2026-04-01 10:33:41 [Info] [2964] no use encode, return to old mode
2026-04-01 10:33:41 [Info] [2964] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 10:33:41 [Info] [2964] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 10:33:41 [Info] [2964] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 10:33:42 [Info] [2964] log fd cnt is [250], real fd cnt is [274]
2026-04-01 10:33:42 [Info] [2964] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-01 10:33:43 [Info] [2964] log memory size is 20480KB, real memory size is 14500KB
2026-04-01 10:33:43 [Info] [2964] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 10:33:43 [Info] [2964] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-01 10:33:43 [Info] [2964] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-01 10:33:45 [Info] [2964] item: --windows-registry-check
2026-04-01 10:33:45 [Info] [2964] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-04-01 10:33:45 [Info] [2964] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-04-01 10:33:45 [Info] [2964] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 10:33:45 [Info] [2964] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 10:33:45 [Info] [2964] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0
2026-04-01 10:33:45 [Info] [2964] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5
2026-04-01 10:33:45 [Info] [2964] Prepare stage1: --windows-registry-check
2026-04-01 10:33:45 [Info] [2964] Prepare stage2
2026-04-01 10:34:14 [Info] [2964] stage3: --windows-registry-check
2026-04-01 10:34:14 [Info] [2964] Loader after check
2026-04-01 10:34:15 [Info] [2964] Enter reuse wait state.
2026-04-01 10:34:17 [Info] [2964] recvmsg: EXIT
2026-04-01 10:34:17 [Info] [2964] Recv Exit Msg, Exit...
2026-04-01 10:44:34 [Info] [2616] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-01 10:44:34 [Info] [2616] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap108051775011474 
2026-04-01 10:44:34 [Info] [2616] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-01 10:44:34 [Info] [2616] Resource monitor start
2026-04-01 10:44:34 [Info] [2616] ipc client init success
2026-04-01 10:44:34 [Info] [2616] Ipc init: 0
2026-04-01 10:44:34 [Info] [2616] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-01 10:44:34 [Info] [2616] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-01 10:44:34 [Info] [2616] start ipc thread id[160]
2026-04-01 10:44:34 [Info] [2616] Connect Yundun ipc server return state is 0
2026-04-01 10:44:34 [Info] [2616] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-01 10:44:34 [Info] [2616] CResourceMonitor::run Enter
2026-04-01 10:44:34 [Info] [2616] CIpcMsgHandlerMgr::run Enter
2026-04-01 10:44:34 [Info] [2616] Report thread
2026-04-01 10:44:34 [Info] [2616] Monitor thread
2026-04-01 10:44:34 [Info] [2616] Loader thread
2026-04-01 10:44:34 [Info] [2616] PythonEngineImpl Init...
2026-04-01 10:44:34 [Info] [2616] yundun connected
2026-04-01 10:44:35 [Info] [2616] recvmsg: HELLO
2026-04-01 10:44:35 [Info] [2616] recvmsg: WORK
2026-04-01 10:44:35 [Info] [2616] no use encode, return to old mode
2026-04-01 10:44:35 [Info] [2616] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 10:44:35 [Info] [2616] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 10:44:35 [Info] [2616] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 10:44:35 [Info] [2616] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 10:44:35 [Info] [2616] log fd cnt is [250], real fd cnt is [282]
2026-04-01 10:44:35 [Info] [2616] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-01 10:44:35 [Info] [2616] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-01 10:44:36 [Info] [2616] log memory size is 20480KB, real memory size is 14772KB
2026-04-01 10:44:37 [Info] [2616] item: --windows-schedule-task-check
2026-04-01 10:44:37 [Info] [2616] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-04-01 10:44:37 [Info] [2616] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-04-01 10:44:37 [Info] [2616] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 10:44:37 [Info] [2616] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 10:44:37 [Info] [2616] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0
2026-04-01 10:44:37 [Info] [2616] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5
2026-04-01 10:44:37 [Info] [2616] Prepare stage1: --windows-schedule-task-check
2026-04-01 10:44:37 [Info] [2616] Prepare stage2
2026-04-01 10:44:40 [Info] [2616] log memory size is 30720KB, real memory size is 23644KB
2026-04-01 10:45:04 [Info] [2616] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-01 10:45:07 [Info] [2616] stage3: --windows-schedule-task-check
2026-04-01 10:45:07 [Info] [2616] Loader after check
2026-04-01 10:45:08 [Info] [2616] Enter reuse wait state.
2026-04-01 10:45:10 [Info] [2616] recvmsg: EXIT
2026-04-01 10:45:10 [Info] [2616] Recv Exit Msg, Exit...
2026-04-01 10:48:15 [Info] [2440] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-01 10:48:15 [Info] [2440] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap115271775011695 
2026-04-01 10:48:15 [Info] [2440] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-01 10:48:15 [Info] [2440] Resource monitor start
2026-04-01 10:48:15 [Info] [2440] ipc client init success
2026-04-01 10:48:15 [Info] [2440] Ipc init: 0
2026-04-01 10:48:15 [Info] [2440] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-01 10:48:15 [Info] [2440] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-01 10:48:15 [Info] [2440] start ipc thread id[2020]
2026-04-01 10:48:15 [Info] [2440] Connect Yundun ipc server return state is 0
2026-04-01 10:48:15 [Info] [2440] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-01 10:48:15 [Info] [2440] CResourceMonitor::run Enter
2026-04-01 10:48:15 [Info] [2440] CIpcMsgHandlerMgr::run Enter
2026-04-01 10:48:15 [Info] [2440] yundun connected
2026-04-01 10:48:15 [Info] [2440] Report thread
2026-04-01 10:48:15 [Info] [2440] Monitor thread
2026-04-01 10:48:15 [Info] [2440] Loader thread
2026-04-01 10:48:15 [Info] [2440] PythonEngineImpl Init...
2026-04-01 10:48:16 [Info] [2440] recvmsg: HELLO
2026-04-01 10:48:16 [Info] [2440] recvmsg: WORK
2026-04-01 10:48:16 [Info] [2440] no use encode, return to old mode
2026-04-01 10:48:16 [Info] [2440] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 10:48:16 [Info] [2440] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 10:48:16 [Info] [2440] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 10:48:16 [Info] [2440] log fd cnt is [250], real fd cnt is [282]
2026-04-01 10:48:16 [Info] [2440] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 10:48:17 [Info] [2440] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-01 10:48:17 [Info] [2440] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-01 10:48:17 [Info] [2440] log memory size is 20480KB, real memory size is 14732KB
2026-04-01 10:48:18 [Info] [2440] item: --windows-driver-version-check
2026-04-01 10:48:18 [Info] [2440] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-04-01 10:48:18 [Info] [2440] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-04-01 10:48:18 [Info] [2440] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 10:48:18 [Info] [2440] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 10:48:18 [Info] [2440] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0
2026-04-01 10:48:18 [Info] [2440] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5
2026-04-01 10:48:18 [Info] [2440] Prepare stage1: --windows-driver-version-check
2026-04-01 10:48:18 [Info] [2440] Prepare stage2
2026-04-01 10:48:18 [Info] [2440] stage3: --windows-driver-version-check
2026-04-01 10:48:18 [Info] [2440] Loader after check
2026-04-01 10:48:19 [Info] [2440] Enter reuse wait state.
2026-04-01 10:48:22 [Info] [2440] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-01 10:48:23 [Info] [2440] recvmsg: EXIT
2026-04-01 10:48:23 [Info] [2440] Recv Exit Msg, Exit...
2026-04-01 10:57:22 [Info] [4496] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-01 10:57:22 [Info] [4496] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap133131775012242 
2026-04-01 10:57:22 [Info] [4496] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-01 10:57:22 [Info] [4496] Resource monitor start
2026-04-01 10:57:22 [Info] [4496] ipc client init success
2026-04-01 10:57:22 [Info] [4496] Ipc init: 0
2026-04-01 10:57:22 [Info] [4496] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-01 10:57:22 [Info] [4496] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-01 10:57:22 [Info] [4496] start ipc thread id[276]
2026-04-01 10:57:22 [Info] [4496] Connect Yundun ipc server return state is 0
2026-04-01 10:57:22 [Info] [4496] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-01 10:57:22 [Info] [4496] CResourceMonitor::run Enter
2026-04-01 10:57:22 [Info] [4496] CIpcMsgHandlerMgr::run Enter
2026-04-01 10:57:22 [Info] [4496] Report thread
2026-04-01 10:57:22 [Info] [4496] Monitor thread
2026-04-01 10:57:22 [Info] [4496] Loader thread
2026-04-01 10:57:22 [Info] [4496] PythonEngineImpl Init...
2026-04-01 10:57:22 [Info] [4496] yundun connected
2026-04-01 10:57:23 [Info] [4496] recvmsg: HELLO
2026-04-01 10:57:23 [Info] [4496] recvmsg: WORK
2026-04-01 10:57:23 [Info] [4496] no use encode, return to old mode
2026-04-01 10:57:23 [Info] [4496] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 10:57:23 [Info] [4496] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 10:57:23 [Info] [4496] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 10:57:23 [Info] [4496] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 10:57:23 [Info] [4496] log fd cnt is [250], real fd cnt is [286]
2026-04-01 10:57:24 [Info] [4496] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-01 10:57:24 [Info] [4496] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-01 10:57:24 [Info] [4496] log memory size is 20480KB, real memory size is 14824KB
2026-04-01 10:57:25 [Info] [4496] item: --tcp-connect-check
2026-04-01 10:57:25 [Info] [4496] cgroup name aegisRtap0
2026-04-01 10:57:25 [Info] [4496] try get sys version
2026-04-01 10:57:25 [Info] [4496] win sys info:2/10:0:3
2026-04-01 10:57:25 [Info] [4496] suit legal version, enable cpu control
2026-04-01 10:57:25 [Info] [4496] get AssignProcessToJobObject handle [00000478]
2026-04-01 10:57:25 [Info] [4496] Set setJobExtended.
2026-04-01 10:57:25 [Info] [4496] Set cpu [9%]
2026-04-01 10:57:25 [Info] [4496] Set cpu success
2026-04-01 10:57:25 [Info] [4496] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-04-01 10:57:25 [Info] [4496] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-04-01 10:57:25 [Info] [4496] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 10:57:25 [Info] [4496] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 10:57:25 [Info] [4496] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0
2026-04-01 10:57:25 [Info] [4496] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5
2026-04-01 10:57:25 [Info] [4496] Prepare stage1: --tcp-connect-check
2026-04-01 10:57:25 [Info] [4496] Prepare stage2
2026-04-01 10:57:26 [Warn] [4496] high cpu, cpu is 11
2026-04-01 10:57:26 [Warn] [4496] High CPU Warning: 11
2026-04-01 10:57:26 [Warn] [4496] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:__init__.py line: 950 in func: _open
File:__init__.py line: 920 in func: __init__
File:__init__.py line: 1554 in func: basicConfig
File:tcp-connect-check.py line: 812 in func: set_log_path
File:tcp-connect-check.py line: 816 in func: start
2026-04-01 10:57:28 [Info] [4496] stage3: --tcp-connect-check
2026-04-01 10:57:28 [Info] [4496] Loader after check
2026-04-01 10:57:29 [Info] [4496] Enter reuse wait state.
2026-04-01 10:57:34 [Info] [4496] recvmsg: EXIT
2026-04-01 10:57:34 [Info] [4496] Recv Exit Msg, Exit...
2026-04-01 11:11:36 [Info] [2092] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-01 11:11:36 [Info] [2092] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap161021775013096 
2026-04-01 11:11:36 [Info] [2092] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-01 11:11:36 [Info] [2092] Resource monitor start
2026-04-01 11:11:36 [Info] [2092] ipc client init success
2026-04-01 11:11:36 [Info] [2092] Ipc init: 0
2026-04-01 11:11:36 [Info] [2092] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-01 11:11:36 [Info] [2092] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-01 11:11:36 [Info] [2092] start ipc thread id[3700]
2026-04-01 11:11:36 [Info] [2092] Connect Yundun ipc server return state is 0
2026-04-01 11:11:36 [Info] [2092] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-01 11:11:36 [Info] [2092] CResourceMonitor::run Enter
2026-04-01 11:11:36 [Info] [2092] CIpcMsgHandlerMgr::run Enter
2026-04-01 11:11:36 [Info] [2092] Report thread
2026-04-01 11:11:36 [Info] [2092] Monitor thread
2026-04-01 11:11:36 [Info] [2092] Loader thread
2026-04-01 11:11:36 [Info] [2092] PythonEngineImpl Init...
2026-04-01 11:11:36 [Info] [2092] yundun connected
2026-04-01 11:11:36 [Info] [2092] recvmsg: HELLO
2026-04-01 11:11:37 [Info] [2092] recvmsg: WORK
2026-04-01 11:11:37 [Info] [2092] no use encode, return to old mode
2026-04-01 11:11:37 [Info] [2092] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 11:11:37 [Info] [2092] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 11:11:37 [Info] [2092] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 11:11:37 [Info] [2092] log fd cnt is [250], real fd cnt is [282]
2026-04-01 11:11:37 [Info] [2092] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 11:11:37 [Info] [2092] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-01 11:11:37 [Info] [2092] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-01 11:11:38 [Info] [2092] log memory size is 20480KB, real memory size is 14760KB
2026-04-01 11:11:38 [Info] [2092] item: --windows-autorun-item-check
2026-04-01 11:11:38 [Info] [2092] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-04-01 11:11:38 [Info] [2092] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-04-01 11:11:38 [Info] [2092] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 11:11:38 [Info] [2092] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 11:11:39 [Info] [2092] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0
2026-04-01 11:11:39 [Info] [2092] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5
2026-04-01 11:11:39 [Info] [2092] Prepare stage1: --windows-autorun-item-check
2026-04-01 11:11:39 [Info] [2092] Prepare stage2
2026-04-01 11:11:39 [Warn] [2092] high cpu, cpu is 13
2026-04-01 11:11:39 [Info] [2092] try get sys version
2026-04-01 11:11:39 [Info] [2092] win sys info:2/10:0:3
2026-04-01 11:11:39 [Info] [2092] suit legal version, enable cpu control
2026-04-01 11:11:39 [Warn] [2092] High CPU Warning: 13
2026-04-01 11:11:39 [Warn] [2092] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:__init__.py line: 950 in func: _open
File:__init__.py line: 920 in func: __init__
File:__init__.py line: 1554 in func: basicConfig
File:windows-autorun-item-check.py line: 529 in func: set_log_path
File:windows-autorun-item-check.py line: 533 in func: start
2026-04-01 11:11:42 [Info] [2092] log memory size is 30720KB, real memory size is 22612KB
2026-04-01 11:11:49 [Info] [2092] stage3: --windows-autorun-item-check
2026-04-01 11:11:49 [Info] [2092] Loader after check
2026-04-01 11:11:50 [Info] [2092] Enter reuse wait state.
2026-04-01 11:11:52 [Info] [2092] recvmsg: EXIT
2026-04-01 11:11:52 [Info] [2092] Recv Exit Msg, Exit...
2026-04-01 14:54:13 [Info] [4556] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-01 14:54:13 [Info] [4556] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap268971775026436 
2026-04-01 14:54:13 [Info] [4556] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-01 14:54:13 [Info] [4556] Resource monitor start
2026-04-01 14:54:13 [Info] [4556] ipc client init success
2026-04-01 14:54:13 [Info] [4556] Ipc init: 0
2026-04-01 14:54:13 [Info] [4556] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-01 14:54:13 [Info] [4556] CResourceMonitor::run Enter
2026-04-01 14:54:13 [Info] [4556] CIpcMsgHandlerMgr::run Enter
2026-04-01 14:54:13 [Info] [4556] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-01 14:54:13 [Info] [4556] start ipc thread id[2560]
2026-04-01 14:54:13 [Info] [4556] Connect Yundun ipc server return state is 0
2026-04-01 14:54:13 [Info] [4556] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-01 14:54:13 [Info] [4556] yundun connected
2026-04-01 14:54:13 [Info] [4556] Report thread
2026-04-01 14:54:13 [Info] [4556] Monitor thread
2026-04-01 14:54:13 [Info] [4556] Loader thread
2026-04-01 14:54:13 [Info] [4556] PythonEngineImpl Init...
2026-04-01 14:54:14 [Info] [4556] recvmsg: HELLO
2026-04-01 14:54:14 [Info] [4556] recvmsg: WORK
2026-04-01 14:54:14 [Info] [4556] no use encode, return to old mode
2026-04-01 14:54:14 [Info] [4556] log fd cnt is [250], real fd cnt is [263]
2026-04-01 14:54:14 [Info] [4556] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 14:54:14 [Info] [4556] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 14:54:14 [Info] [4556] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 14:54:14 [Info] [4556] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 14:54:15 [Info] [4556] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-01 14:54:15 [Info] [4556] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-01 14:54:15 [Info] [4556] log memory size is 20480KB, real memory size is 14832KB
2026-04-01 14:54:16 [Info] [4556] item: --windows-sysinfoext-check
2026-04-01 14:54:16 [Info] [4556] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-01 14:54:16 [Info] [4556] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-01 14:54:16 [Info] [4556] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 14:54:16 [Info] [4556] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 14:54:16 [Info] [4556] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-01 14:54:16 [Info] [4556] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-01 14:54:16 [Info] [4556] Prepare stage1: --windows-sysinfoext-check
2026-04-01 14:54:16 [Info] [4556] Prepare stage2
2026-04-01 14:54:19 [Info] [4556] log memory size is 30720KB, real memory size is 23172KB
2026-04-01 14:54:20 [Info] [4556] stage3: --windows-sysinfoext-check
2026-04-01 14:54:20 [Info] [4556] Loader after check
2026-04-01 14:54:20 [Warn] [4556] high cpu, cpu is 12
2026-04-01 14:54:20 [Info] [4556] try get sys version
2026-04-01 14:54:20 [Info] [4556] win sys info:2/10:0:3
2026-04-01 14:54:20 [Info] [4556] suit legal version, enable cpu control
2026-04-01 14:54:20 [Warn] [4556] High CPU Warning: 12
2026-04-01 14:54:20 [Warn] [4556] resource monitor exp type: High CPU Warning, script runing: 0
2026-04-01 14:54:21 [Info] [4556] Enter reuse wait state.
2026-04-01 14:54:24 [Info] [4556] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-01 14:54:25 [Info] [4556] recvmsg: EXIT
2026-04-01 14:54:25 [Info] [4556] Recv Exit Msg, Exit...
2026-04-01 20:21:52 [Info] [2348] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-01 20:21:52 [Info] [2348] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap255751775046100 
2026-04-01 20:21:52 [Info] [2348] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-01 20:21:57 [Info] [2348] Resource monitor start
2026-04-01 20:21:57 [Info] [2348] ipc client init success
2026-04-01 20:21:57 [Info] [2348] Ipc init: 0
2026-04-01 20:21:57 [Info] [2348] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-01 20:21:57 [Info] [2348] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-01 20:21:57 [Info] [2348] start ipc thread id[4528]
2026-04-01 20:21:57 [Info] [2348] Connect Yundun ipc server return state is 0
2026-04-01 20:21:57 [Info] [2348] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-01 20:22:03 [Info] [2348] Loader thread
2026-04-01 20:22:03 [Info] [2348] PythonEngineImpl Init...
2026-04-01 20:22:03 [Info] [2348] Monitor thread
2026-04-01 20:22:03 [Info] [2348] Report thread
2026-04-01 20:22:03 [Info] [2348] yundun connected
2026-04-01 20:22:03 [Info] [2348] CIpcMsgHandlerMgr::run Enter
2026-04-01 20:22:03 [Info] [2348] CResourceMonitor::run Enter
2026-04-01 20:22:03 [Info] [2348] recvmsg: HELLO
2026-04-01 20:22:03 [Info] [2348] recvmsg: WORK
2026-04-01 20:22:03 [Info] [2348] no use encode, return to old mode
2026-04-01 20:22:03 [Info] [2348] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 20:22:03 [Info] [2348] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 20:22:03 [Info] [2348] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 20:22:04 [Info] [2348] log fd cnt is [250], real fd cnt is [264]
2026-04-01 20:22:05 [Info] [2348] log memory size is 20480KB, real memory size is 13172KB
2026-04-01 20:22:11 [Info] [2348] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 20:22:11 [Info] [2348] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-01 20:22:11 [Info] [2348] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-01 20:22:08 [Info] [1484] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-01 20:22:08 [Info] [1484] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap256501775046123 
2026-04-01 20:22:08 [Info] [1484] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-01 20:22:08 [Info] [1484] Resource monitor start
2026-04-01 20:22:08 [Info] [1484] ipc client init success
2026-04-01 20:22:08 [Info] [1484] Ipc init: 0
2026-04-01 20:22:08 [Info] [1484] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-01 20:22:08 [Info] [1484] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-01 20:22:08 [Info] [1484] start ipc thread id[5052]
2026-04-01 20:22:08 [Info] [1484] Connect Yundun ipc server return state is 0
2026-04-01 20:22:08 [Info] [1484] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-01 20:22:08 [Info] [1484] CResourceMonitor::run Enter
2026-04-01 20:22:08 [Info] [1484] CIpcMsgHandlerMgr::run Enter
2026-04-01 20:22:08 [Info] [1484] yundun connected
2026-04-01 20:22:08 [Info] [1484] Report thread
2026-04-01 20:22:08 [Info] [1484] Monitor thread
2026-04-01 20:22:08 [Info] [1484] Loader thread
2026-04-01 20:22:08 [Info] [1484] PythonEngineImpl Init...
2026-04-01 20:22:09 [Info] [1484] recvmsg: HELLO
2026-04-01 20:22:09 [Info] [1484] recvmsg: WORK
2026-04-01 20:22:09 [Info] [1484] no use encode, return to old mode
2026-04-01 20:22:10 [Info] [1484] log fd cnt is [250], real fd cnt is [263]
2026-04-01 20:22:10 [Info] [1484] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 20:22:10 [Info] [1484] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 20:22:10 [Info] [1484] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 20:22:11 [Info] [1484] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 20:22:11 [Info] [1484] log memory size is 20480KB, real memory size is 14536KB
2026-04-01 20:22:11 [Info] [1484] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-01 20:22:11 [Info] [1484] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-01 20:22:14 [Info] [1484] item: --windows-vul-check
2026-04-01 20:22:14 [Info] [2348] item: --windows-sysinfoext-check
2026-04-01 20:22:14 [Info] [2348] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-01 20:22:14 [Info] [2348] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-01 20:22:14 [Info] [2348] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 20:22:14 [Info] [2348] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 20:22:14 [Info] [2348] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-01 20:22:14 [Info] [2348] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-01 20:22:15 [Info] [2348] Prepare stage1: --windows-sysinfoext-check
2026-04-01 20:22:15 [Info] [2348] Prepare stage2
2026-04-01 20:22:14 [Info] [1484] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-04-01 20:22:14 [Info] [1484] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-04-01 20:22:15 [Info] [1484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py
2026-04-01 20:22:15 [Info] [1484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-04-01 20:22:15 [Info] [1484] Download redirect files success.
2026-04-01 20:22:15 [Info] [1484] Prepare stage1: --windows-vul-check
2026-04-01 20:22:15 [Info] [1484] Prepare stage2
2026-04-01 20:22:16 [Info] [1484] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat
2026-04-01 20:22:16 [Info] [1484] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat
2026-04-01 20:22:16 [Info] [1484] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 20:22:16 [Info] [1484] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 20:22:17 [Info] [2348] log memory size is 30720KB, real memory size is 23076KB
2026-04-01 20:22:17 [Info] [1484] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5
2026-04-01 20:22:17 [Info] [1484] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5
2026-04-01 20:22:18 [Info] [1484] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0
2026-04-01 20:22:18 [Info] [1484] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0
2026-04-01 20:22:18 [Info] [1484] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat
2026-04-01 20:22:18 [Info] [1484] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat
2026-04-01 20:22:18 [Info] [1484] stage3: --windows-vul-check
2026-04-01 20:22:18 [Info] [1484] Loader after check
2026-04-01 20:22:20 [Info] [1484] Enter reuse wait state.
2026-04-01 20:22:20 [Info] [1484] log memory size is 30720KB, real memory size is 23392KB
2026-04-01 20:22:20 [Info] [2348] stage3: --windows-sysinfoext-check
2026-04-01 20:22:20 [Info] [2348] Loader after check
2026-04-01 20:22:21 [Info] [2348] Enter reuse wait state.
2026-04-01 20:22:23 [Info] [2348] recvmsg: EXIT
2026-04-01 20:22:23 [Info] [2348] Recv Exit Msg, Exit...
2026-04-01 20:22:26 [Info] [1484] recvmsg: EXIT
2026-04-01 20:22:26 [Info] [1484] Recv Exit Msg, Exit...
2026-04-01 22:42:38 [Info] [4152] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-01 22:42:38 [Info] [4152] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap204281775054558 
2026-04-01 22:42:38 [Info] [4152] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-01 22:42:38 [Info] [4152] Resource monitor start
2026-04-01 22:42:38 [Info] [4152] ipc client init success
2026-04-01 22:42:38 [Info] [4152] Ipc init: 0
2026-04-01 22:42:38 [Info] [4152] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-01 22:42:38 [Info] [4152] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-01 22:42:38 [Info] [4152] start ipc thread id[4100]
2026-04-01 22:42:38 [Info] [4152] Connect Yundun ipc server return state is 0
2026-04-01 22:42:38 [Info] [4152] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-01 22:42:38 [Info] [4152] CResourceMonitor::run Enter
2026-04-01 22:42:38 [Info] [4152] CIpcMsgHandlerMgr::run Enter
2026-04-01 22:42:38 [Info] [4152] Report thread
2026-04-01 22:42:38 [Info] [4152] Monitor thread
2026-04-01 22:42:38 [Info] [4152] Loader thread
2026-04-01 22:42:38 [Info] [4152] PythonEngineImpl Init...
2026-04-01 22:42:38 [Info] [4152] yundun connected
2026-04-01 22:42:39 [Info] [4152] recvmsg: HELLO
2026-04-01 22:42:39 [Info] [4152] recvmsg: WORK
2026-04-01 22:42:39 [Info] [4152] no use encode, return to old mode
2026-04-01 22:42:39 [Info] [4152] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 22:42:39 [Info] [4152] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-01 22:42:39 [Info] [4152] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 22:42:39 [Info] [4152] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 22:42:39 [Info] [4152] log fd cnt is [250], real fd cnt is [282]
2026-04-01 22:42:39 [Info] [4152] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-01 22:42:39 [Info] [4152] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-01 22:42:40 [Info] [4152] log memory size is 20480KB, real memory size is 14768KB
2026-04-01 22:42:40 [Info] [4152] item: --secnet_rasp_agent
2026-04-01 22:42:40 [Info] [4152] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-04-01 22:42:41 [Info] [4152] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-04-01 22:42:41 [Info] [4152] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-04-01 22:42:41 [Info] [4152] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-04-01 22:42:41 [Info] [4152] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-04-01 22:42:41 [Info] [4152] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-04-01 22:42:41 [Info] [4152] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-04-01 22:42:41 [Info] [4152] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-04-01 22:42:41 [Info] [4152] Download redirect files success.
2026-04-01 22:42:41 [Info] [4152] Prepare stage1: --secnet_rasp_agent
2026-04-01 22:42:41 [Info] [4152] Prepare stage2
2026-04-01 22:42:41 [Warn] [4152] high cpu, cpu is 15
2026-04-01 22:42:41 [Info] [4152] try get sys version
2026-04-01 22:42:41 [Info] [4152] win sys info:2/10:0:3
2026-04-01 22:42:41 [Info] [4152] suit legal version, enable cpu control
2026-04-01 22:42:41 [Warn] [4152] High CPU Warning: 15
2026-04-01 22:42:41 [Warn] [4152] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:subprocess.py line: 125 in func: _eintr_retry_call
File:subprocess.py line: 475 in func: communicate
File:subprocess.py line: 217 in func: check_output
File:secnet_rasp_agent_lib.py line: 55 in func: read_host_uuid
File:secnet_rasp_agent.py line: 218 in func: main
File:secnet_rasp_agent.py line: 240 in func: start
2026-04-01 22:42:41 [Info] [4152] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-04-01 22:42:41 [Info] [4152] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-04-01 22:42:41 [Info] [4152] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-01 22:42:42 [Info] [4152] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-01 22:42:42 [Info] [4152] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-04-01 22:42:42 [Info] [4152] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-04-01 22:42:42 [Info] [4152] stage3: --secnet_rasp_agent
2026-04-01 22:42:42 [Info] [4152] Loader after check
2026-04-01 22:42:43 [Info] [4152] Enter reuse wait state.
2026-04-01 22:42:45 [Info] [4152] log memory size is 30720KB, real memory size is 21432KB
2026-04-01 22:42:46 [Info] [4152] recvmsg: EXIT
2026-04-01 22:42:46 [Info] [4152] Recv Exit Msg, Exit...
2026-04-08 00:06:31 [Info] [2128] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-08 00:06:31 [Info] [2128] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap257351775577970 
2026-04-08 00:06:31 [Info] [2128] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-08 00:06:31 [Info] [2128] Resource monitor start
2026-04-08 00:06:31 [Info] [2128] ipc client init success
2026-04-08 00:06:31 [Info] [2128] Ipc init: 0
2026-04-08 00:06:31 [Info] [2128] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-08 00:06:31 [Info] [2128] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-08 00:06:31 [Info] [2128] start ipc thread id[2388]
2026-04-08 00:06:31 [Info] [2128] Connect Yundun ipc server return state is 0
2026-04-08 00:06:31 [Info] [2128] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-08 00:06:31 [Info] [2128] CResourceMonitor::run Enter
2026-04-08 00:06:31 [Info] [2128] CIpcMsgHandlerMgr::run Enter
2026-04-08 00:06:31 [Info] [2128] Report thread
2026-04-08 00:06:31 [Info] [2128] Monitor thread
2026-04-08 00:06:31 [Info] [2128] Loader thread
2026-04-08 00:06:31 [Info] [2128] PythonEngineImpl Init...
2026-04-08 00:06:38 [Info] [2128] yundun connected
2026-04-08 00:06:38 [Info] [2128] recvmsg: HELLO
2026-04-08 00:06:38 [Info] [2128] recvmsg: WORK
2026-04-08 00:06:38 [Info] [2128] no use encode, return to old mode
2026-04-08 00:06:38 [Info] [2128] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 00:06:38 [Info] [2128] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 00:06:38 [Info] [2128] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 00:06:40 [Info] [2128] log fd cnt is [250], real fd cnt is [264]
2026-04-08 00:06:41 [Info] [2128] log memory size is 20480KB, real memory size is 13136KB
2026-04-08 00:06:55 [Warn] [2128] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-08 00:07:06 [Warn] [2128] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-08 00:07:06 [Info] [2128] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 00:07:06 [Info] [2128] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-08 00:07:06 [Info] [2128] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-08 00:07:07 [Info] [2128] item: --windows-sysinfoext-check
2026-04-08 00:07:07 [Info] [2128] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-08 00:07:07 [Info] [2128] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-08 00:07:07 [Info] [2128] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 00:07:07 [Info] [2128] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 00:07:07 [Info] [2128] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-08 00:07:07 [Info] [2128] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-08 00:07:07 [Info] [2128] Prepare stage1: --windows-sysinfoext-check
2026-04-08 00:07:07 [Info] [2128] Prepare stage2
2026-04-08 00:07:08 [Warn] [2128] high cpu, cpu is 16
2026-04-08 00:07:08 [Info] [2128] try get sys version
2026-04-08 00:07:08 [Info] [2128] win sys info:2/10:0:3
2026-04-08 00:07:08 [Info] [2128] suit legal version, enable cpu control
2026-04-08 00:07:08 [Warn] [2128] High CPU Warning: 16
2026-04-08 00:07:09 [Warn] [2128] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-04-08 00:07:09 [Info] [2128] stage3: --windows-sysinfoext-check
2026-04-08 00:07:09 [Info] [2128] Loader after check
2026-04-08 00:07:10 [Info] [2128] log memory size is 30720KB, real memory size is 23220KB
2026-04-08 00:07:10 [Info] [2128] Enter reuse wait state.
2026-04-08 00:07:11 [Info] [2128] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-08 00:07:13 [Info] [2128] recvmsg: EXIT
2026-04-08 00:07:13 [Info] [2128] Recv Exit Msg, Exit...
2026-04-08 04:49:27 [Info] [1484] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-08 04:49:27 [Info] [1484] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap156971775594965 
2026-04-08 04:49:27 [Info] [1484] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-08 04:49:27 [Info] [1484] Resource monitor start
2026-04-08 04:49:27 [Info] [1484] ipc client init success
2026-04-08 04:49:27 [Info] [1484] Ipc init: 0
2026-04-08 04:49:27 [Info] [1484] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-08 04:49:27 [Info] [1484] CResourceMonitor::run Enter
2026-04-08 04:49:27 [Info] [1484] CIpcMsgHandlerMgr::run Enter
2026-04-08 04:49:27 [Info] [1484] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-08 04:49:27 [Info] [1484] start ipc thread id[4300]
2026-04-08 04:49:27 [Info] [1484] Connect Yundun ipc server return state is 0
2026-04-08 04:49:27 [Info] [1484] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-08 04:49:27 [Info] [1484] yundun connected
2026-04-08 04:49:27 [Info] [1484] Report thread
2026-04-08 04:49:27 [Info] [1484] Monitor thread
2026-04-08 04:49:27 [Info] [1484] Loader thread
2026-04-08 04:49:27 [Info] [1484] PythonEngineImpl Init...
2026-04-08 04:49:27 [Info] [1484] recvmsg: HELLO
2026-04-08 04:49:27 [Info] [1484] recvmsg: WORK
2026-04-08 04:49:27 [Info] [1484] no use encode, return to old mode
2026-04-08 04:49:27 [Info] [1484] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 04:49:27 [Info] [1484] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 04:49:27 [Info] [1484] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 04:49:28 [Info] [1484] log fd cnt is [250], real fd cnt is [274]
2026-04-08 04:49:29 [Info] [1484] log memory size is 20480KB, real memory size is 13752KB
2026-04-08 04:49:29 [Info] [1484] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 04:49:29 [Info] [1484] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-08 04:49:29 [Info] [1484] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-08 04:49:30 [Info] [1484] item: --sca
2026-04-08 04:49:30 [Info] [1484] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-04-08 04:49:30 [Info] [1484] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-04-08 04:49:30 [Info] [1484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py
2026-04-08 04:49:30 [Info] [1484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py
2026-04-08 04:49:30 [Info] [1484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py
2026-04-08 04:49:30 [Info] [1484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py
2026-04-08 04:49:31 [Info] [1484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py
2026-04-08 04:49:31 [Info] [1484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py
2026-04-08 04:49:31 [Info] [1484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py
2026-04-08 04:49:31 [Info] [1484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py
2026-04-08 04:49:31 [Info] [1484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py
2026-04-08 04:49:31 [Info] [1484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py
2026-04-08 04:49:31 [Info] [1484] Download redirect files success.
2026-04-08 04:49:31 [Info] [1484] Prepare stage1: --sca
2026-04-08 04:49:31 [Info] [1484] Prepare stage2
2026-04-08 04:49:32 [Warn] [1484] high cpu, cpu is 14
2026-04-08 04:49:32 [Info] [1484] try get sys version
2026-04-08 04:49:32 [Info] [1484] win sys info:2/10:0:3
2026-04-08 04:49:32 [Info] [1484] suit legal version, enable cpu control
2026-04-08 04:49:32 [Warn] [1484] High CPU Warning: 14
2026-04-08 04:49:32 [Warn] [1484] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:hashlib.py line: 134 in func: <module>
File:random.py line: 49 in func: <module>
File:sca_utils.py line: 18 in func: <module>
File:sca.py line: 44 in func: <module>
2026-04-08 04:49:33 [Info] [1484] log memory size is 30720KB, real memory size is 29732KB
2026-04-08 04:49:34 [Warn] [1484] high cpu, cpu is 18
2026-04-08 04:49:34 [Warn] [1484] High CPU Warning: 18
2026-04-08 04:49:37 [Info] [1484] log memory size is 40960KB, real memory size is 33204KB
2026-04-08 04:50:05 [Info] [1484] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-08 04:50:06 [Warn] [1484] high cpu, cpu is 30
2026-04-08 04:50:06 [Warn] [1484] High CPU Warning: 30
2026-04-08 04:50:06 [Warn] [1484] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-04-08 04:50:07 [Info] [1484] stage3: --sca
2026-04-08 04:50:07 [Info] [1484] Loader after check
2026-04-08 04:50:08 [Info] [1484] Enter reuse wait state.
2026-04-08 04:50:10 [Info] [1484] recvmsg: EXIT
2026-04-08 04:50:10 [Info] [1484] Recv Exit Msg, Exit...
2026-04-08 05:33:39 [Info] [4604] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-08 05:33:39 [Info] [4604] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap243221775597606 
2026-04-08 05:33:39 [Info] [4604] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-08 05:33:39 [Info] [4604] Resource monitor start
2026-04-08 05:33:39 [Info] [4604] ipc client init success
2026-04-08 05:33:39 [Info] [4604] Ipc init: 0
2026-04-08 05:33:39 [Info] [4604] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-08 05:33:39 [Info] [4604] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-08 05:33:39 [Info] [4604] start ipc thread id[1892]
2026-04-08 05:33:39 [Info] [4604] Connect Yundun ipc server return state is 0
2026-04-08 05:33:39 [Info] [4604] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-08 05:33:39 [Info] [4604] CResourceMonitor::run Enter
2026-04-08 05:33:39 [Info] [4604] CIpcMsgHandlerMgr::run Enter
2026-04-08 05:33:39 [Info] [4604] yundun connected
2026-04-08 05:33:39 [Info] [4604] Report thread
2026-04-08 05:33:39 [Info] [4604] Monitor thread
2026-04-08 05:33:39 [Info] [4604] Loader thread
2026-04-08 05:33:39 [Info] [4604] PythonEngineImpl Init...
2026-04-08 05:33:45 [Info] [4604] log fd cnt is [250], real fd cnt is [258]
2026-04-08 05:33:45 [Info] [4604] recvmsg: HELLO
2026-04-08 05:33:45 [Info] [4604] recvmsg: WORK
2026-04-08 05:33:45 [Info] [4604] no use encode, return to old mode
2026-04-08 05:33:45 [Info] [4604] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 05:33:45 [Info] [4604] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 05:33:45 [Info] [4604] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 05:33:46 [Info] [4604] log memory size is 20480KB, real memory size is 13148KB
2026-04-08 05:33:55 [Info] [4604] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 05:33:55 [Info] [4604] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-08 05:33:55 [Info] [4604] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-08 05:33:57 [Info] [4604] item: --windows-sysinfoext-check
2026-04-08 05:33:57 [Info] [4604] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-08 05:33:57 [Info] [4604] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-08 05:33:57 [Info] [4604] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 05:33:57 [Info] [4604] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 05:33:57 [Info] [4604] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-08 05:33:57 [Info] [4604] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-08 05:33:57 [Info] [4604] Prepare stage1: --windows-sysinfoext-check
2026-04-08 05:33:57 [Info] [4604] Prepare stage2
2026-04-08 05:33:58 [Info] [4604] log memory size is 30720KB, real memory size is 23092KB
2026-04-08 05:34:00 [Info] [4604] stage3: --windows-sysinfoext-check
2026-04-08 05:34:00 [Info] [4604] Loader after check
2026-04-08 05:34:01 [Info] [4604] Enter reuse wait state.
2026-04-08 05:34:04 [Info] [4604] recvmsg: EXIT
2026-04-08 05:34:04 [Info] [4604] Recv Exit Msg, Exit...
2026-04-08 07:53:18 [Info] [5004] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-08 07:53:18 [Info] [5004] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap189591775605998 
2026-04-08 07:53:18 [Info] [5004] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-08 07:53:18 [Info] [5004] Resource monitor start
2026-04-08 07:53:18 [Info] [5004] ipc client init success
2026-04-08 07:53:18 [Info] [5004] Ipc init: 0
2026-04-08 07:53:18 [Info] [5004] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-08 07:53:18 [Info] [5004] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-08 07:53:18 [Info] [5004] start ipc thread id[5040]
2026-04-08 07:53:18 [Info] [5004] Connect Yundun ipc server return state is 0
2026-04-08 07:53:18 [Info] [5004] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-08 07:53:18 [Info] [5004] CResourceMonitor::run Enter
2026-04-08 07:53:18 [Info] [5004] CIpcMsgHandlerMgr::run Enter
2026-04-08 07:53:18 [Info] [5004] Report thread
2026-04-08 07:53:18 [Info] [5004] Monitor thread
2026-04-08 07:53:18 [Info] [5004] Loader thread
2026-04-08 07:53:18 [Info] [5004] PythonEngineImpl Init...
2026-04-08 07:53:18 [Info] [5004] yundun connected
2026-04-08 07:53:18 [Info] [5004] recvmsg: HELLO
2026-04-08 07:53:18 [Info] [5004] recvmsg: WORK
2026-04-08 07:53:18 [Info] [5004] no use encode, return to old mode
2026-04-08 07:53:19 [Info] [5004] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 07:53:19 [Info] [5004] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 07:53:19 [Info] [5004] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 07:53:19 [Info] [5004] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 07:53:19 [Info] [5004] log fd cnt is [250], real fd cnt is [282]
2026-04-08 07:53:19 [Info] [5004] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-08 07:53:19 [Info] [5004] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-08 07:53:20 [Info] [5004] log memory size is 20480KB, real memory size is 14860KB
2026-04-08 07:53:20 [Info] [5004] item: --windows-vul-clean
2026-04-08 07:53:20 [Info] [5004] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-04-08 07:53:20 [Info] [5004] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-04-08 07:53:20 [Info] [5004] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 07:53:20 [Info] [5004] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 07:53:20 [Info] [5004] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0
2026-04-08 07:53:20 [Info] [5004] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5
2026-04-08 07:53:21 [Info] [5004] Prepare stage1: --windows-vul-clean
2026-04-08 07:53:21 [Info] [5004] Prepare stage2
2026-04-08 07:53:21 [Info] [5004] stage3: --windows-vul-clean
2026-04-08 07:53:21 [Info] [5004] Loader after check
2026-04-08 07:53:22 [Info] [5004] Enter reuse wait state.
2026-04-08 07:53:25 [Info] [5004] recvmsg: EXIT
2026-04-08 07:53:25 [Info] [5004] Recv Exit Msg, Exit...
2026-04-08 08:51:45 [Info] [728] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-08 08:51:45 [Info] [728] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap304111775609505 
2026-04-08 08:51:45 [Info] [728] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-08 08:51:45 [Info] [728] Resource monitor start
2026-04-08 08:51:45 [Info] [728] ipc client init success
2026-04-08 08:51:45 [Info] [728] Ipc init: 0
2026-04-08 08:51:45 [Info] [728] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-08 08:51:45 [Info] [728] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-08 08:51:45 [Info] [728] start ipc thread id[4540]
2026-04-08 08:51:45 [Info] [728] Connect Yundun ipc server return state is 0
2026-04-08 08:51:45 [Info] [728] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-08 08:51:45 [Info] [728] CResourceMonitor::run Enter
2026-04-08 08:51:45 [Info] [728] CIpcMsgHandlerMgr::run Enter
2026-04-08 08:51:45 [Info] [728] Report thread
2026-04-08 08:51:45 [Info] [728] Monitor thread
2026-04-08 08:51:45 [Info] [728] Loader thread
2026-04-08 08:51:45 [Info] [728] PythonEngineImpl Init...
2026-04-08 08:51:45 [Info] [728] yundun connected
2026-04-08 08:51:46 [Info] [728] recvmsg: HELLO
2026-04-08 08:51:46 [Info] [728] recvmsg: WORK
2026-04-08 08:51:46 [Info] [728] no use encode, return to old mode
2026-04-08 08:51:46 [Info] [728] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 08:51:46 [Info] [728] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 08:51:46 [Info] [728] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 08:51:46 [Info] [728] log fd cnt is [250], real fd cnt is [274]
2026-04-08 08:51:47 [Info] [728] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 08:51:48 [Info] [728] log memory size is 20480KB, real memory size is 14544KB
2026-04-08 08:51:48 [Info] [728] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-08 08:51:48 [Info] [728] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-08 08:51:49 [Info] [728] item: --windows-process-check
2026-04-08 08:51:49 [Info] [728] cgroup name aegisRtap0
2026-04-08 08:51:49 [Info] [728] try get sys version
2026-04-08 08:51:49 [Info] [728] win sys info:2/10:0:3
2026-04-08 08:51:49 [Info] [728] suit legal version, enable cpu control
2026-04-08 08:51:49 [Info] [728] get AssignProcessToJobObject handle [00000478]
2026-04-08 08:51:49 [Info] [728] Set setJobExtended.
2026-04-08 08:51:49 [Info] [728] Set cpu [9%]
2026-04-08 08:51:49 [Info] [728] Set cpu success
2026-04-08 08:51:49 [Info] [728] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-04-08 08:51:49 [Info] [728] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-04-08 08:51:49 [Info] [728] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 08:51:49 [Info] [728] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 08:51:49 [Info] [728] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0
2026-04-08 08:51:49 [Info] [728] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5
2026-04-08 08:51:50 [Info] [728] Prepare stage1: --windows-process-check
2026-04-08 08:51:50 [Info] [728] Prepare stage2
2026-04-08 08:51:52 [Info] [728] log memory size is 30720KB, real memory size is 20616KB
2026-04-08 08:52:09 [Info] [728] stage3: --windows-process-check
2026-04-08 08:52:09 [Info] [728] Loader after check
2026-04-08 08:52:10 [Info] [728] Enter reuse wait state.
2026-04-08 08:52:13 [Info] [728] recvmsg: EXIT
2026-04-08 08:52:13 [Info] [728] Recv Exit Msg, Exit...
2026-04-08 10:33:08 [Info] [2760] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-08 10:33:08 [Info] [2760] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap175071775615588 
2026-04-08 10:33:08 [Info] [2760] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-08 10:33:08 [Info] [2760] Resource monitor start
2026-04-08 10:33:08 [Info] [2760] ipc client init success
2026-04-08 10:33:08 [Info] [2760] Ipc init: 0
2026-04-08 10:33:08 [Info] [2760] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-08 10:33:08 [Info] [2760] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-08 10:33:08 [Info] [2760] start ipc thread id[2388]
2026-04-08 10:33:08 [Info] [2760] Connect Yundun ipc server return state is 0
2026-04-08 10:33:08 [Info] [2760] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-08 10:33:08 [Info] [2760] CResourceMonitor::run Enter
2026-04-08 10:33:08 [Info] [2760] CIpcMsgHandlerMgr::run Enter
2026-04-08 10:33:08 [Info] [2760] Report thread
2026-04-08 10:33:08 [Info] [2760] Monitor thread
2026-04-08 10:33:08 [Info] [2760] Loader thread
2026-04-08 10:33:08 [Info] [2760] PythonEngineImpl Init...
2026-04-08 10:33:08 [Info] [2760] yundun connected
2026-04-08 10:33:09 [Info] [2760] recvmsg: HELLO
2026-04-08 10:33:09 [Info] [2760] recvmsg: WORK
2026-04-08 10:33:09 [Info] [2760] no use encode, return to old mode
2026-04-08 10:33:09 [Info] [2760] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 10:33:09 [Info] [2760] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 10:33:09 [Info] [2760] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 10:33:09 [Info] [2760] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 10:33:09 [Info] [2760] log fd cnt is [250], real fd cnt is [282]
2026-04-08 10:33:09 [Info] [2760] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-08 10:33:09 [Info] [2760] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-08 10:33:10 [Info] [2760] log memory size is 20480KB, real memory size is 14828KB
2026-04-08 10:33:10 [Info] [2760] item: --windows-registry-check
2026-04-08 10:33:10 [Info] [2760] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-04-08 10:33:10 [Info] [2760] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-04-08 10:33:10 [Info] [2760] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 10:33:11 [Info] [2760] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 10:33:11 [Info] [2760] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0
2026-04-08 10:33:11 [Info] [2760] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5
2026-04-08 10:33:11 [Info] [2760] Prepare stage1: --windows-registry-check
2026-04-08 10:33:11 [Info] [2760] Prepare stage2
2026-04-08 10:33:17 [Info] [4080] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-08 10:33:17 [Info] [4080] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap175371775615597 
2026-04-08 10:33:17 [Info] [4080] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-08 10:33:17 [Info] [4080] Resource monitor start
2026-04-08 10:33:17 [Info] [4080] ipc client init success
2026-04-08 10:33:17 [Info] [4080] Ipc init: 0
2026-04-08 10:33:17 [Info] [4080] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-08 10:33:17 [Info] [4080] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-08 10:33:17 [Info] [4080] start ipc thread id[4460]
2026-04-08 10:33:17 [Info] [4080] Connect Yundun ipc server return state is 0
2026-04-08 10:33:17 [Info] [4080] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-08 10:33:17 [Info] [4080] CResourceMonitor::run Enter
2026-04-08 10:33:17 [Info] [4080] CIpcMsgHandlerMgr::run Enter
2026-04-08 10:33:17 [Info] [4080] Report thread
2026-04-08 10:33:17 [Info] [4080] Monitor thread
2026-04-08 10:33:17 [Info] [4080] Loader thread
2026-04-08 10:33:17 [Info] [4080] PythonEngineImpl Init...
2026-04-08 10:33:18 [Info] [4080] yundun connected
2026-04-08 10:33:18 [Info] [4080] recvmsg: HELLO
2026-04-08 10:33:18 [Info] [4080] recvmsg: WORK
2026-04-08 10:33:18 [Info] [4080] no use encode, return to old mode
2026-04-08 10:33:18 [Info] [4080] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 10:33:18 [Info] [4080] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 10:33:18 [Info] [4080] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 10:33:18 [Info] [4080] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 10:33:18 [Info] [4080] log fd cnt is [250], real fd cnt is [282]
2026-04-08 10:33:18 [Info] [4080] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-08 10:33:18 [Info] [4080] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-08 10:33:19 [Info] [4080] log memory size is 20480KB, real memory size is 14860KB
2026-04-08 10:33:20 [Info] [4080] item: --windows-schedule-task-check
2026-04-08 10:33:20 [Info] [4080] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-04-08 10:33:20 [Info] [4080] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-04-08 10:33:20 [Info] [4080] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 10:33:20 [Info] [4080] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 10:33:20 [Info] [4080] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0
2026-04-08 10:33:20 [Info] [4080] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5
2026-04-08 10:33:20 [Info] [4080] Prepare stage1: --windows-schedule-task-check
2026-04-08 10:33:20 [Info] [4080] Prepare stage2
2026-04-08 10:33:20 [Warn] [4080] high cpu, cpu is 18
2026-04-08 10:33:20 [Info] [4080] try get sys version
2026-04-08 10:33:20 [Info] [4080] win sys info:2/10:0:3
2026-04-08 10:33:20 [Info] [4080] suit legal version, enable cpu control
2026-04-08 10:33:20 [Warn] [4080] High CPU Warning: 18
2026-04-08 10:33:20 [Warn] [4080] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:<COMObject <unknown>> line: 2 in func: GetFolders
File:windows-schedule-task-check.py line: 346 in func: _walk_tasks_internal
File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal
File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal
File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal
File:windows-schedule-task-check.py line: 372 in func: GetScheduleTaskByCom
File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks
File:windows-schedule-task-check.py line: 425 in func: check
File:windows-schedule-task-check.py line: 61 in func: main
File:windows-schedule-task-check.py line: 433 in func: start
2026-04-08 10:33:23 [Info] [4080] log memory size is 30720KB, real memory size is 23620KB
2026-04-08 10:33:32 [Info] [2760] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-08 10:33:32 [Info] [4080] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-08 10:33:35 [Info] [4512] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-08 10:33:35 [Info] [4512] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap175961775615615 
2026-04-08 10:33:35 [Info] [4512] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-08 10:33:35 [Info] [4512] Resource monitor start
2026-04-08 10:33:35 [Info] [4512] ipc client init success
2026-04-08 10:33:35 [Info] [4512] Ipc init: 0
2026-04-08 10:33:35 [Info] [4512] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-08 10:33:35 [Info] [4512] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-08 10:33:35 [Info] [4512] start ipc thread id[2568]
2026-04-08 10:33:35 [Info] [4512] Connect Yundun ipc server return state is 0
2026-04-08 10:33:35 [Info] [4512] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-08 10:33:35 [Info] [4512] CResourceMonitor::run Enter
2026-04-08 10:33:35 [Info] [4512] CIpcMsgHandlerMgr::run Enter
2026-04-08 10:33:35 [Info] [4512] Report thread
2026-04-08 10:33:35 [Info] [4512] Monitor thread
2026-04-08 10:33:35 [Info] [4512] Loader thread
2026-04-08 10:33:35 [Info] [4512] PythonEngineImpl Init...
2026-04-08 10:33:35 [Info] [4512] yundun connected
2026-04-08 10:33:35 [Info] [4512] recvmsg: HELLO
2026-04-08 10:33:35 [Info] [4512] recvmsg: WORK
2026-04-08 10:33:35 [Info] [4512] no use encode, return to old mode
2026-04-08 10:33:35 [Info] [4512] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 10:33:35 [Info] [4512] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 10:33:35 [Info] [4512] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 10:33:36 [Info] [4512] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 10:33:36 [Info] [4512] log fd cnt is [250], real fd cnt is [282]
2026-04-08 10:33:36 [Info] [4512] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-08 10:33:36 [Info] [4512] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-08 10:33:37 [Info] [4512] log memory size is 20480KB, real memory size is 14812KB
2026-04-08 10:33:37 [Info] [4512] item: --windows-driver-version-check
2026-04-08 10:33:37 [Info] [4512] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-04-08 10:33:37 [Info] [4512] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-04-08 10:33:37 [Info] [4512] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 10:33:37 [Info] [4512] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 10:33:37 [Info] [4512] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0
2026-04-08 10:33:37 [Info] [4512] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5
2026-04-08 10:33:38 [Info] [4512] Prepare stage1: --windows-driver-version-check
2026-04-08 10:33:38 [Info] [4512] Prepare stage2
2026-04-08 10:33:38 [Info] [4512] stage3: --windows-driver-version-check
2026-04-08 10:33:38 [Info] [4512] Loader after check
2026-04-08 10:33:39 [Info] [4512] Enter reuse wait state.
2026-04-08 10:33:40 [Info] [2760] stage3: --windows-registry-check
2026-04-08 10:33:40 [Info] [2760] Loader after check
2026-04-08 10:33:41 [Info] [2760] Enter reuse wait state.
2026-04-08 10:33:42 [Info] [4512] recvmsg: EXIT
2026-04-08 10:33:42 [Info] [4512] Recv Exit Msg, Exit...
2026-04-08 10:33:48 [Info] [2760] recvmsg: EXIT
2026-04-08 10:33:48 [Info] [2760] Recv Exit Msg, Exit...
2026-04-08 10:33:54 [Info] [4080] stage3: --windows-schedule-task-check
2026-04-08 10:33:54 [Info] [4080] Loader after check
2026-04-08 10:33:56 [Info] [4080] Enter reuse wait state.
2026-04-08 10:33:59 [Info] [4080] recvmsg: EXIT
2026-04-08 10:33:59 [Info] [4080] Recv Exit Msg, Exit...
2026-04-08 11:02:18 [Info] [1760] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-08 11:02:18 [Info] [1760] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap231761775617324 
2026-04-08 11:02:18 [Info] [1760] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-08 11:02:18 [Info] [1760] Resource monitor start
2026-04-08 11:02:18 [Info] [1760] ipc client init success
2026-04-08 11:02:18 [Info] [1760] Ipc init: 0
2026-04-08 11:02:18 [Info] [1760] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-08 11:02:18 [Info] [1760] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-08 11:02:18 [Info] [1760] start ipc thread id[3820]
2026-04-08 11:02:18 [Info] [1760] Connect Yundun ipc server return state is 0
2026-04-08 11:02:18 [Info] [1760] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-08 11:02:18 [Info] [1760] CResourceMonitor::run Enter
2026-04-08 11:02:18 [Info] [1760] CIpcMsgHandlerMgr::run Enter
2026-04-08 11:02:18 [Info] [1760] Report thread
2026-04-08 11:02:18 [Info] [1760] Monitor thread
2026-04-08 11:02:18 [Info] [1760] Loader thread
2026-04-08 11:02:18 [Info] [1760] PythonEngineImpl Init...
2026-04-08 11:02:23 [Info] [1760] yundun connected
2026-04-08 11:02:23 [Info] [1760] recvmsg: HELLO
2026-04-08 11:02:23 [Info] [1760] recvmsg: WORK
2026-04-08 11:02:23 [Info] [1760] no use encode, return to old mode
2026-04-08 11:02:23 [Info] [1760] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 11:02:23 [Info] [1760] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 11:02:23 [Info] [1760] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 11:02:27 [Info] [1760] log fd cnt is [250], real fd cnt is [261]
2026-04-08 11:02:28 [Info] [1760] log memory size is 20480KB, real memory size is 13152KB
2026-04-08 11:02:33 [Warn] [1760] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-08 11:02:39 [Info] [1760] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-08 11:02:43 [Warn] [1760] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-08 11:02:43 [Info] [1760] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 11:02:44 [Info] [1760] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-08 11:02:44 [Info] [1760] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-08 11:02:45 [Info] [1760] item: --windows-sysinfoext-check
2026-04-08 11:02:45 [Info] [1760] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-08 11:02:45 [Info] [1760] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-08 11:02:45 [Info] [1760] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 11:02:45 [Info] [1760] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 11:02:45 [Info] [1760] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-08 11:02:45 [Info] [1760] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-08 11:02:45 [Info] [1760] Prepare stage1: --windows-sysinfoext-check
2026-04-08 11:02:45 [Info] [1760] Prepare stage2
2026-04-08 11:02:45 [Warn] [1760] high cpu, cpu is 15
2026-04-08 11:02:45 [Info] [1760] try get sys version
2026-04-08 11:02:45 [Info] [1760] win sys info:2/10:0:3
2026-04-08 11:02:45 [Info] [1760] suit legal version, enable cpu control
2026-04-08 11:02:45 [Warn] [1760] High CPU Warning: 15
2026-04-08 11:02:45 [Warn] [1760] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:__init__.py line: 28 in func: __WrapDispatch
File:__init__.py line: 96 in func: Dispatch
File:__init__.py line: 483 in func: _get_good_single_object_
File:__init__.py line: 494 in func: _get_good_object_
File:util.py line: 84 in func: next
File:wmi.py line: 494 in func: __init__
File:wmi.py line: 781 in func: __init__
File:wmi.py line: 1156 in func: _cached_classes
File:wmi.py line: 1145 in func: __getattr__
File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion
File:windows-sysinfoext-check.py line: 168 in func: check
File:windows-sysinfoext-check.py line: 143 in func: main
File:windows-sysinfoext-check.py line: 200 in func: start
2026-04-08 11:02:47 [Info] [1760] stage3: --windows-sysinfoext-check
2026-04-08 11:02:47 [Info] [1760] Loader after check
2026-04-08 11:02:48 [Info] [1760] Enter reuse wait state.
2026-04-08 11:02:48 [Info] [1760] log memory size is 30720KB, real memory size is 23380KB
2026-04-08 11:02:51 [Info] [1760] recvmsg: EXIT
2026-04-08 11:02:51 [Info] [1760] Recv Exit Msg, Exit...
2026-04-08 11:11:38 [Info] [4936] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-08 11:11:38 [Info] [4936] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap250511775617898 
2026-04-08 11:11:38 [Info] [4936] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-08 11:11:38 [Info] [4936] Resource monitor start
2026-04-08 11:11:38 [Info] [4936] ipc client init success
2026-04-08 11:11:38 [Info] [4936] Ipc init: 0
2026-04-08 11:11:38 [Info] [4936] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-08 11:11:38 [Info] [4936] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-08 11:11:38 [Info] [4936] start ipc thread id[4560]
2026-04-08 11:11:38 [Info] [4936] Connect Yundun ipc server return state is 0
2026-04-08 11:11:38 [Info] [4936] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-08 11:11:38 [Info] [4936] CResourceMonitor::run Enter
2026-04-08 11:11:38 [Info] [4936] CIpcMsgHandlerMgr::run Enter
2026-04-08 11:11:38 [Info] [4936] Report thread
2026-04-08 11:11:38 [Info] [4936] Monitor thread
2026-04-08 11:11:38 [Info] [4936] Loader thread
2026-04-08 11:11:38 [Info] [4936] PythonEngineImpl Init...
2026-04-08 11:11:38 [Info] [4936] yundun connected
2026-04-08 11:11:39 [Info] [4936] recvmsg: HELLO
2026-04-08 11:11:39 [Info] [4936] recvmsg: WORK
2026-04-08 11:11:39 [Info] [4936] no use encode, return to old mode
2026-04-08 11:11:39 [Info] [4936] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 11:11:39 [Info] [4936] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 11:11:39 [Info] [4936] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 11:11:39 [Info] [4936] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 11:11:39 [Info] [4936] log fd cnt is [250], real fd cnt is [286]
2026-04-08 11:11:39 [Info] [4936] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-08 11:11:39 [Info] [4936] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-08 11:11:40 [Info] [4936] log memory size is 20480KB, real memory size is 14744KB
2026-04-08 11:11:41 [Info] [4936] item: --windows-autorun-item-check
2026-04-08 11:11:41 [Info] [4936] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-04-08 11:11:41 [Info] [4936] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-04-08 11:11:41 [Info] [4936] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 11:11:41 [Info] [4936] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 11:11:41 [Info] [4936] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0
2026-04-08 11:11:41 [Info] [4936] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5
2026-04-08 11:11:42 [Info] [4936] Prepare stage1: --windows-autorun-item-check
2026-04-08 11:11:42 [Info] [4936] Prepare stage2
2026-04-08 11:11:44 [Info] [4936] log memory size is 30720KB, real memory size is 22600KB
2026-04-08 11:11:46 [Info] [4936] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-08 11:11:53 [Info] [4936] stage3: --windows-autorun-item-check
2026-04-08 11:11:53 [Info] [4936] Loader after check
2026-04-08 11:11:54 [Info] [4936] Enter reuse wait state.
2026-04-08 11:11:58 [Info] [4936] recvmsg: EXIT
2026-04-08 11:11:58 [Info] [4936] Recv Exit Msg, Exit...
2026-04-08 11:38:25 [Info] [3824] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-08 11:38:25 [Info] [3824] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap302991775619505 
2026-04-08 11:38:25 [Info] [3824] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-08 11:38:25 [Info] [3824] Resource monitor start
2026-04-08 11:38:25 [Info] [3824] ipc client init success
2026-04-08 11:38:25 [Info] [3824] Ipc init: 0
2026-04-08 11:38:25 [Info] [3824] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-08 11:38:25 [Info] [3824] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-08 11:38:25 [Info] [3824] start ipc thread id[256]
2026-04-08 11:38:25 [Info] [3824] Connect Yundun ipc server return state is 0
2026-04-08 11:38:25 [Info] [3824] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-08 11:38:25 [Info] [3824] CResourceMonitor::run Enter
2026-04-08 11:38:25 [Info] [3824] CIpcMsgHandlerMgr::run Enter
2026-04-08 11:38:25 [Info] [3824] Report thread
2026-04-08 11:38:25 [Info] [3824] Monitor thread
2026-04-08 11:38:25 [Info] [3824] Loader thread
2026-04-08 11:38:25 [Info] [3824] PythonEngineImpl Init...
2026-04-08 11:38:25 [Info] [3824] yundun connected
2026-04-08 11:38:26 [Info] [3824] recvmsg: HELLO
2026-04-08 11:38:26 [Info] [3824] recvmsg: WORK
2026-04-08 11:38:26 [Info] [3824] no use encode, return to old mode
2026-04-08 11:38:26 [Info] [3824] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 11:38:26 [Info] [3824] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 11:38:26 [Info] [3824] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 11:38:26 [Info] [3824] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 11:38:26 [Info] [3824] log fd cnt is [250], real fd cnt is [286]
2026-04-08 11:38:27 [Info] [3824] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-08 11:38:27 [Info] [3824] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-08 11:38:27 [Info] [3824] log memory size is 20480KB, real memory size is 14824KB
2026-04-08 11:38:28 [Info] [3824] item: --tcp-connect-check
2026-04-08 11:38:28 [Info] [3824] cgroup name aegisRtap0
2026-04-08 11:38:28 [Info] [3824] try get sys version
2026-04-08 11:38:28 [Info] [3824] win sys info:2/10:0:3
2026-04-08 11:38:28 [Info] [3824] suit legal version, enable cpu control
2026-04-08 11:38:28 [Info] [3824] get AssignProcessToJobObject handle [00000478]
2026-04-08 11:38:28 [Info] [3824] Set setJobExtended.
2026-04-08 11:38:28 [Info] [3824] Set cpu [9%]
2026-04-08 11:38:28 [Info] [3824] Set cpu success
2026-04-08 11:38:28 [Info] [3824] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-04-08 11:38:28 [Info] [3824] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-04-08 11:38:28 [Info] [3824] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 11:38:28 [Info] [3824] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 11:38:28 [Info] [3824] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0
2026-04-08 11:38:28 [Info] [3824] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5
2026-04-08 11:38:28 [Info] [3824] Prepare stage1: --tcp-connect-check
2026-04-08 11:38:28 [Info] [3824] Prepare stage2
2026-04-08 11:38:32 [Info] [3824] stage3: --tcp-connect-check
2026-04-08 11:38:32 [Info] [3824] Loader after check
2026-04-08 11:38:33 [Info] [3824] Enter reuse wait state.
2026-04-08 11:38:37 [Info] [3824] recvmsg: EXIT
2026-04-08 11:38:37 [Info] [3824] Recv Exit Msg, Exit...
2026-04-08 16:30:54 [Info] [2760] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-08 16:30:54 [Info] [2760] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap220511775637048 
2026-04-08 16:30:54 [Info] [2760] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-08 16:30:59 [Info] [2760] Resource monitor start
2026-04-08 16:30:59 [Info] [2760] ipc client init success
2026-04-08 16:30:59 [Info] [2760] Ipc init: 0
2026-04-08 16:30:59 [Info] [2760] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-08 16:30:59 [Info] [2760] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-08 16:30:59 [Info] [2760] start ipc thread id[1996]
2026-04-08 16:30:59 [Info] [2760] Connect Yundun ipc server return state is 0
2026-04-08 16:31:04 [Info] [2760] CResourceMonitor::run Enter
2026-04-08 16:31:04 [Info] [2760] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-08 16:31:05 [Info] [2760] log fd cnt is [250], real fd cnt is [242]
2026-04-08 16:31:06 [Info] [2760] Monitor thread
2026-04-08 16:31:06 [Info] [2760] Report thread
2026-04-08 16:31:06 [Info] [2760] yundun connected
2026-04-08 16:31:06 [Info] [2760] CIpcMsgHandlerMgr::run Enter
2026-04-08 16:31:06 [Info] [2760] recvmsg: HELLO
2026-04-08 16:31:06 [Info] [2760] recvmsg: WORK
2026-04-08 16:31:06 [Info] [2760] no use encode, return to old mode
2026-04-08 16:31:06 [Info] [2760] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-08 16:31:09 [Info] [2760] Loader thread
2026-04-08 16:31:09 [Info] [2760] PythonEngineImpl Init...
2026-04-08 16:31:09 [Info] [2760] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 16:31:09 [Info] [2760] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 16:31:09 [Info] [2760] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 16:31:10 [Info] [2760] log memory size is 20480KB, real memory size is 13148KB
2026-04-08 16:31:15 [Info] [2760] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 16:31:16 [Info] [2760] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-08 16:31:16 [Info] [2760] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-08 16:31:18 [Info] [2760] item: --windows-sysinfoext-check
2026-04-08 16:31:18 [Info] [2760] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-08 16:31:18 [Info] [2760] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-08 16:31:18 [Info] [2760] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 16:31:18 [Info] [2760] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 16:31:18 [Info] [2760] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-08 16:31:18 [Info] [2760] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-08 16:31:18 [Info] [2760] Prepare stage1: --windows-sysinfoext-check
2026-04-08 16:31:18 [Info] [2760] Prepare stage2
2026-04-08 16:31:19 [Warn] [2760] high cpu, cpu is 14
2026-04-08 16:31:19 [Info] [2760] try get sys version
2026-04-08 16:31:19 [Info] [2760] win sys info:2/10:0:3
2026-04-08 16:31:19 [Info] [2760] suit legal version, enable cpu control
2026-04-08 16:31:19 [Warn] [2760] High CPU Warning: 14
2026-04-08 16:31:19 [Warn] [2760] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:util.py line: 84 in func: next
File:wmi.py line: 1009 in func: query
File:wmi.py line: 817 in func: query
File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion
File:windows-sysinfoext-check.py line: 168 in func: check
File:windows-sysinfoext-check.py line: 143 in func: main
File:windows-sysinfoext-check.py line: 200 in func: start
2026-04-08 16:31:21 [Info] [2760] stage3: --windows-sysinfoext-check
2026-04-08 16:31:21 [Info] [2760] Loader after check
2026-04-08 16:31:22 [Info] [2760] log memory size is 30720KB, real memory size is 23172KB
2026-04-08 16:31:22 [Info] [2760] Enter reuse wait state.
2026-04-08 16:31:24 [Info] [2760] recvmsg: EXIT
2026-04-08 16:31:24 [Info] [2760] Recv Exit Msg, Exit...
2026-04-08 21:18:07 [Info] [4540] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-08 21:18:07 [Info] [4540] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap128101775654287 
2026-04-08 21:18:07 [Info] [4540] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-08 21:18:07 [Info] [4540] Resource monitor start
2026-04-08 21:18:07 [Info] [4540] ipc client init success
2026-04-08 21:18:07 [Info] [4540] Ipc init: 0
2026-04-08 21:18:07 [Info] [4540] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-08 21:18:07 [Info] [4540] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-08 21:18:07 [Info] [4540] start ipc thread id[4120]
2026-04-08 21:18:07 [Info] [4540] Connect Yundun ipc server return state is 0
2026-04-08 21:18:07 [Info] [4540] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-08 21:18:07 [Info] [4540] CResourceMonitor::run Enter
2026-04-08 21:18:07 [Info] [4540] CIpcMsgHandlerMgr::run Enter
2026-04-08 21:18:07 [Info] [4540] Report thread
2026-04-08 21:18:07 [Info] [4540] Monitor thread
2026-04-08 21:18:07 [Info] [4540] Loader thread
2026-04-08 21:18:07 [Info] [4540] PythonEngineImpl Init...
2026-04-08 21:18:07 [Info] [4540] yundun connected
2026-04-08 21:18:07 [Info] [4540] recvmsg: HELLO
2026-04-08 21:18:07 [Info] [4540] recvmsg: WORK
2026-04-08 21:18:07 [Info] [4540] no use encode, return to old mode
2026-04-08 21:18:07 [Info] [4540] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 21:18:07 [Info] [4540] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 21:18:07 [Info] [4540] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 21:18:08 [Info] [4540] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 21:18:08 [Info] [4540] log fd cnt is [250], real fd cnt is [282]
2026-04-08 21:18:08 [Info] [4540] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-08 21:18:08 [Info] [4540] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-08 21:18:09 [Info] [4540] log memory size is 20480KB, real memory size is 14840KB
2026-04-08 21:18:09 [Info] [4540] item: --secnet_rasp_agent
2026-04-08 21:18:09 [Info] [4540] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-04-08 21:18:09 [Info] [4540] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-04-08 21:18:09 [Info] [4540] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-04-08 21:18:09 [Info] [4540] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-04-08 21:18:09 [Info] [4540] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-04-08 21:18:09 [Info] [4540] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-04-08 21:18:09 [Info] [4540] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-04-08 21:18:09 [Info] [4540] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-04-08 21:18:09 [Info] [4540] Download redirect files success.
2026-04-08 21:18:09 [Info] [4540] Prepare stage1: --secnet_rasp_agent
2026-04-08 21:18:09 [Info] [4540] Prepare stage2
2026-04-08 21:18:11 [Info] [4540] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-04-08 21:18:11 [Info] [4540] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-04-08 21:18:11 [Info] [4540] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 21:18:11 [Info] [4540] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 21:18:11 [Info] [4540] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-04-08 21:18:11 [Info] [4540] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-04-08 21:18:11 [Info] [4540] stage3: --secnet_rasp_agent
2026-04-08 21:18:11 [Info] [4540] Loader after check
2026-04-08 21:18:12 [Info] [4540] Enter reuse wait state.
2026-04-08 21:18:13 [Info] [4540] log memory size is 30720KB, real memory size is 21344KB
2026-04-08 21:18:14 [Info] [4540] recvmsg: EXIT
2026-04-08 21:18:14 [Info] [4540] Recv Exit Msg, Exit...
2026-04-08 21:59:36 [Info] [3328] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-08 21:59:36 [Info] [3328] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap209381775656776 
2026-04-08 21:59:36 [Info] [3328] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-08 21:59:41 [Info] [3328] Resource monitor start
2026-04-08 21:59:41 [Info] [3328] ipc client init success
2026-04-08 21:59:41 [Info] [3328] Ipc init: 0
2026-04-08 21:59:41 [Info] [3328] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-08 21:59:41 [Info] [3328] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-08 21:59:47 [Info] [3328] CResourceMonitor::run Enter
2026-04-08 21:59:47 [Info] [3328] start ipc thread id[4424]
2026-04-08 21:59:47 [Info] [3328] Connect Yundun ipc server return state is 0
2026-04-08 21:59:47 [Info] [3328] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-08 21:59:48 [Info] [3328] log fd cnt is [250], real fd cnt is [242]
2026-04-08 21:59:48 [Info] [3328] CIpcMsgHandlerMgr::run Enter
2026-04-08 21:59:52 [Info] [3328] Loader thread
2026-04-08 21:59:52 [Info] [3328] PythonEngineImpl Init...
2026-04-08 21:59:52 [Info] [3328] Monitor thread
2026-04-08 21:59:52 [Info] [3328] Report thread
2026-04-08 21:59:52 [Info] [3328] yundun connected
2026-04-08 21:59:52 [Info] [3328] recvmsg: HELLO
2026-04-08 21:59:52 [Info] [3328] recvmsg: WORK
2026-04-08 21:59:52 [Info] [3328] no use encode, return to old mode
2026-04-08 21:59:52 [Info] [3328] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 21:59:52 [Info] [3328] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-08 21:59:52 [Info] [3328] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 21:59:53 [Info] [3328] log memory size is 20480KB, real memory size is 13148KB
2026-04-08 22:00:13 [Warn] [3328] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-08 22:00:23 [Warn] [3328] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-08 22:00:33 [Warn] [3328] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-08 22:00:33 [Info] [3328] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 22:00:33 [Info] [3328] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-08 22:00:33 [Info] [3328] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-08 22:00:35 [Info] [3328] item: --windows-sysinfoext-check
2026-04-08 22:00:35 [Info] [3328] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-08 22:00:35 [Info] [3328] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-08 22:00:35 [Info] [3328] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-08 22:00:35 [Info] [3328] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-08 22:00:35 [Info] [3328] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-08 22:00:35 [Info] [3328] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-08 22:00:35 [Info] [3328] Prepare stage1: --windows-sysinfoext-check
2026-04-08 22:00:35 [Info] [3328] Prepare stage2
2026-04-08 22:00:37 [Info] [3328] stage3: --windows-sysinfoext-check
2026-04-08 22:00:37 [Info] [3328] Loader after check
2026-04-08 22:00:37 [Info] [3328] log memory size is 30720KB, real memory size is 23264KB
2026-04-08 22:00:38 [Info] [3328] Enter reuse wait state.
2026-04-08 22:00:41 [Info] [3328] recvmsg: EXIT
2026-04-08 22:00:41 [Info] [3328] Recv Exit Msg, Exit...
2026-04-15 01:44:00 [Info] [168] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-15 01:44:00 [Info] [168] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap210781776188640 
2026-04-15 01:44:00 [Info] [168] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-15 01:44:00 [Info] [168] Resource monitor start
2026-04-15 01:44:00 [Info] [168] ipc client init success
2026-04-15 01:44:00 [Info] [168] Ipc init: 0
2026-04-15 01:44:00 [Info] [168] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-15 01:44:00 [Info] [168] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-15 01:44:00 [Info] [168] start ipc thread id[1404]
2026-04-15 01:44:00 [Info] [168] Connect Yundun ipc server return state is 0
2026-04-15 01:44:00 [Info] [168] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-15 01:44:00 [Info] [168] CResourceMonitor::run Enter
2026-04-15 01:44:00 [Info] [168] CIpcMsgHandlerMgr::run Enter
2026-04-15 01:44:00 [Info] [168] Report thread
2026-04-15 01:44:00 [Info] [168] Monitor thread
2026-04-15 01:44:00 [Info] [168] Loader thread
2026-04-15 01:44:00 [Info] [168] PythonEngineImpl Init...
2026-04-15 01:44:00 [Info] [168] yundun connected
2026-04-15 01:44:00 [Info] [168] recvmsg: HELLO
2026-04-15 01:44:00 [Info] [168] recvmsg: WORK
2026-04-15 01:44:00 [Info] [168] no use encode, return to old mode
2026-04-15 01:44:00 [Info] [168] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 01:44:00 [Info] [168] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 01:44:00 [Info] [168] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 01:44:01 [Info] [168] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 01:44:01 [Info] [168] log fd cnt is [250], real fd cnt is [286]
2026-04-15 01:44:01 [Info] [168] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-15 01:44:01 [Info] [168] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-15 01:44:02 [Info] [168] log memory size is 20480KB, real memory size is 14836KB
2026-04-15 01:44:02 [Info] [168] item: --sca
2026-04-15 01:44:02 [Info] [168] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-04-15 01:44:02 [Info] [168] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-04-15 01:44:02 [Info] [168] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py
2026-04-15 01:44:02 [Info] [168] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py
2026-04-15 01:44:02 [Info] [168] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py
2026-04-15 01:44:02 [Info] [168] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py
2026-04-15 01:44:02 [Info] [168] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py
2026-04-15 01:44:02 [Info] [168] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py
2026-04-15 01:44:02 [Info] [168] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py
2026-04-15 01:44:03 [Info] [168] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py
2026-04-15 01:44:03 [Info] [168] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py
2026-04-15 01:44:03 [Info] [168] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py
2026-04-15 01:44:03 [Info] [168] Download redirect files success.
2026-04-15 01:44:03 [Info] [168] Prepare stage1: --sca
2026-04-15 01:44:03 [Info] [168] Prepare stage2
2026-04-15 01:44:05 [Warn] [168] high cpu, cpu is 20
2026-04-15 01:44:05 [Info] [168] try get sys version
2026-04-15 01:44:05 [Info] [168] win sys info:2/10:0:3
2026-04-15 01:44:05 [Info] [168] suit legal version, enable cpu control
2026-04-15 01:44:05 [Warn] [168] High CPU Warning: 20
2026-04-15 01:44:05 [Warn] [168] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-04-15 01:44:06 [Info] [168] log memory size is 30720KB, real memory size is 32664KB
2026-04-15 01:44:10 [Info] [168] log memory size is 40960KB, real memory size is 33216KB
2026-04-15 01:44:22 [Info] [168] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-15 01:44:46 [Warn] [168] high cpu, cpu is 27
2026-04-15 01:44:46 [Warn] [168] High CPU Warning: 27
2026-04-15 01:44:46 [Warn] [168] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:sca.py line: 188 in func: init_analyzer
File:sca.py line: 390 in func: start
2026-04-15 01:44:48 [Info] [168] stage3: --sca
2026-04-15 01:44:48 [Info] [168] Loader after check
2026-04-15 01:44:49 [Info] [168] Enter reuse wait state.
2026-04-15 01:44:52 [Info] [168] recvmsg: EXIT
2026-04-15 01:44:52 [Info] [168] Recv Exit Msg, Exit...
2026-04-15 01:59:49 [Info] [3344] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-15 01:59:49 [Info] [3344] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap240691776189556 
2026-04-15 01:59:49 [Info] [3344] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-15 01:59:49 [Info] [3344] Resource monitor start
2026-04-15 01:59:49 [Info] [3344] ipc client init success
2026-04-15 01:59:49 [Info] [3344] Ipc init: 0
2026-04-15 01:59:49 [Info] [3344] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-15 01:59:49 [Info] [3344] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-15 01:59:49 [Info] [3344] start ipc thread id[3800]
2026-04-15 01:59:49 [Info] [3344] Connect Yundun ipc server return state is 0
2026-04-15 01:59:49 [Info] [3344] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-15 01:59:55 [Info] [3344] Loader thread
2026-04-15 01:59:55 [Info] [3344] PythonEngineImpl Init...
2026-04-15 01:59:55 [Info] [3344] Monitor thread
2026-04-15 01:59:55 [Info] [3344] Report thread
2026-04-15 01:59:55 [Info] [3344] yundun connected
2026-04-15 01:59:55 [Info] [3344] CIpcMsgHandlerMgr::run Enter
2026-04-15 01:59:55 [Info] [3344] CResourceMonitor::run Enter
2026-04-15 01:59:55 [Info] [3344] recvmsg: HELLO
2026-04-15 01:59:55 [Info] [3344] recvmsg: WORK
2026-04-15 01:59:55 [Info] [3344] no use encode, return to old mode
2026-04-15 01:59:55 [Info] [3344] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 01:59:55 [Info] [3344] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 01:59:55 [Info] [3344] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 01:59:56 [Info] [3344] log fd cnt is [250], real fd cnt is [264]
2026-04-15 01:59:57 [Info] [3344] log memory size is 20480KB, real memory size is 13164KB
2026-04-15 02:00:13 [Warn] [3344] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-15 02:00:21 [Info] [3344] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-15 02:00:23 [Warn] [3344] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-15 02:00:33 [Warn] [3344] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-15 02:00:33 [Info] [3344] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 02:00:33 [Info] [3344] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-15 02:00:33 [Info] [3344] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-15 02:00:35 [Info] [3344] item: --windows-sysinfoext-check
2026-04-15 02:00:35 [Info] [3344] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-15 02:00:35 [Info] [3344] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-15 02:00:35 [Info] [3344] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 02:00:35 [Info] [3344] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 02:00:35 [Info] [3344] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-15 02:00:35 [Info] [3344] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-15 02:00:35 [Info] [3344] Prepare stage1: --windows-sysinfoext-check
2026-04-15 02:00:35 [Info] [3344] Prepare stage2
2026-04-15 02:00:37 [Info] [3344] stage3: --windows-sysinfoext-check
2026-04-15 02:00:37 [Info] [3344] Loader after check
2026-04-15 02:00:38 [Info] [3344] log memory size is 30720KB, real memory size is 23220KB
2026-04-15 02:00:38 [Info] [3344] Enter reuse wait state.
2026-04-15 02:00:40 [Info] [3344] recvmsg: EXIT
2026-04-15 02:00:40 [Info] [3344] Recv Exit Msg, Exit...
2026-04-15 07:27:05 [Info] [4688] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-15 07:27:05 [Info] [4688] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap226201776209181 
2026-04-15 07:27:05 [Info] [4688] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-15 07:27:05 [Info] [4688] Resource monitor start
2026-04-15 07:27:05 [Info] [4688] ipc client init success
2026-04-15 07:27:05 [Info] [4688] Ipc init: 0
2026-04-15 07:27:05 [Info] [4688] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-15 07:27:06 [Info] [4688] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-15 07:27:06 [Info] [4688] CResourceMonitor::run Enter
2026-04-15 07:27:06 [Info] [4688] CIpcMsgHandlerMgr::run Enter
2026-04-15 07:27:06 [Info] [4688] start ipc thread id[4756]
2026-04-15 07:27:06 [Info] [4688] Connect Yundun ipc server return state is 0
2026-04-15 07:27:06 [Info] [4688] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-15 07:27:06 [Info] [4688] yundun connected
2026-04-15 07:27:06 [Info] [4688] Report thread
2026-04-15 07:27:06 [Info] [4688] Monitor thread
2026-04-15 07:27:06 [Info] [4688] Loader thread
2026-04-15 07:27:06 [Info] [4688] PythonEngineImpl Init...
2026-04-15 07:27:06 [Info] [4688] recvmsg: HELLO
2026-04-15 07:27:06 [Info] [4688] recvmsg: WORK
2026-04-15 07:27:06 [Info] [4688] no use encode, return to old mode
2026-04-15 07:27:06 [Info] [4688] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 07:27:06 [Info] [4688] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 07:27:06 [Info] [4688] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 07:27:07 [Info] [4688] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 07:27:07 [Info] [4688] log fd cnt is [250], real fd cnt is [282]
2026-04-15 07:27:07 [Info] [4688] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-15 07:27:07 [Info] [4688] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-15 07:27:08 [Info] [4688] log memory size is 20480KB, real memory size is 14888KB
2026-04-15 07:27:08 [Info] [4688] item: --windows-sysinfoext-check
2026-04-15 07:27:08 [Info] [4688] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-15 07:27:08 [Info] [4688] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-15 07:27:08 [Info] [4688] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 07:27:08 [Info] [4688] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 07:27:08 [Info] [4688] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-15 07:27:08 [Info] [4688] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-15 07:27:09 [Info] [4688] Prepare stage1: --windows-sysinfoext-check
2026-04-15 07:27:09 [Info] [4688] Prepare stage2
2026-04-15 07:27:11 [Warn] [4688] high cpu, cpu is 21
2026-04-15 07:27:11 [Info] [4688] try get sys version
2026-04-15 07:27:11 [Info] [4688] win sys info:2/10:0:3
2026-04-15 07:27:11 [Info] [4688] suit legal version, enable cpu control
2026-04-15 07:27:11 [Warn] [4688] High CPU Warning: 21
2026-04-15 07:27:11 [Warn] [4688] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:<string> line: 12 in func: __init__
File:wmi.py line: 1145 in func: __getattr__
File:wmi.py line: 783 in func: __init__
File:wmi.py line: 1156 in func: _cached_classes
File:wmi.py line: 1145 in func: __getattr__
File:windows-sysinfoext-check.py line: 50 in func: GetSysCpuInfo
File:windows-sysinfoext-check.py line: 174 in func: check
File:windows-sysinfoext-check.py line: 143 in func: main
File:windows-sysinfoext-check.py line: 200 in func: start
2026-04-15 07:27:12 [Info] [4688] log memory size is 30720KB, real memory size is 23144KB
2026-04-15 07:27:13 [Info] [4688] stage3: --windows-sysinfoext-check
2026-04-15 07:27:13 [Info] [4688] Loader after check
2026-04-15 07:27:14 [Info] [4688] Enter reuse wait state.
2026-04-15 07:27:17 [Info] [4688] recvmsg: EXIT
2026-04-15 07:27:17 [Info] [4688] Recv Exit Msg, Exit...
2026-04-15 07:43:50 [Info] [4268] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-15 07:43:50 [Info] [4268] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap260461776210230 
2026-04-15 07:43:50 [Info] [4268] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-15 07:43:50 [Info] [4268] Resource monitor start
2026-04-15 07:43:50 [Info] [4268] ipc client init success
2026-04-15 07:43:50 [Info] [4268] Ipc init: 0
2026-04-15 07:43:50 [Info] [4268] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-15 07:43:50 [Info] [4268] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-15 07:43:50 [Info] [4268] start ipc thread id[4300]
2026-04-15 07:43:50 [Info] [4268] Connect Yundun ipc server return state is 0
2026-04-15 07:43:50 [Info] [4268] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-15 07:43:50 [Info] [4268] CResourceMonitor::run Enter
2026-04-15 07:43:50 [Info] [4268] CIpcMsgHandlerMgr::run Enter
2026-04-15 07:43:50 [Info] [4268] Report thread
2026-04-15 07:43:50 [Info] [4268] Monitor thread
2026-04-15 07:43:50 [Info] [4268] Loader thread
2026-04-15 07:43:50 [Info] [4268] PythonEngineImpl Init...
2026-04-15 07:43:50 [Info] [4268] yundun connected
2026-04-15 07:43:51 [Info] [4268] recvmsg: HELLO
2026-04-15 07:43:51 [Info] [4268] recvmsg: WORK
2026-04-15 07:43:51 [Info] [4268] no use encode, return to old mode
2026-04-15 07:43:51 [Info] [4268] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 07:43:51 [Info] [4268] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 07:43:51 [Info] [4268] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 07:43:51 [Info] [4268] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 07:43:51 [Info] [4268] log fd cnt is [250], real fd cnt is [282]
2026-04-15 07:43:51 [Info] [4268] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-15 07:43:51 [Info] [4268] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-15 07:43:52 [Info] [4268] log memory size is 20480KB, real memory size is 14800KB
2026-04-15 07:43:52 [Info] [4268] item: --windows-vul-clean
2026-04-15 07:43:52 [Info] [4268] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-04-15 07:43:52 [Info] [4268] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-04-15 07:43:52 [Info] [4268] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 07:43:52 [Info] [4268] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 07:43:52 [Info] [4268] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0
2026-04-15 07:43:52 [Info] [4268] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5
2026-04-15 07:43:53 [Info] [4268] Prepare stage1: --windows-vul-clean
2026-04-15 07:43:53 [Info] [4268] Prepare stage2
2026-04-15 07:43:53 [Info] [4268] stage3: --windows-vul-clean
2026-04-15 07:43:53 [Info] [4268] Loader after check
2026-04-15 07:43:54 [Info] [4268] Enter reuse wait state.
2026-04-15 07:43:58 [Info] [4268] recvmsg: EXIT
2026-04-15 07:43:58 [Info] [4268] Recv Exit Msg, Exit...
2026-04-15 08:43:46 [Info] [92] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-15 08:43:46 [Info] [92] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap50211776213826 
2026-04-15 08:43:46 [Info] [92] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-15 08:43:46 [Info] [92] Resource monitor start
2026-04-15 08:43:46 [Info] [92] ipc client init success
2026-04-15 08:43:46 [Info] [92] Ipc init: 0
2026-04-15 08:43:46 [Info] [92] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-15 08:43:46 [Info] [92] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-15 08:43:46 [Info] [92] start ipc thread id[636]
2026-04-15 08:43:46 [Info] [92] Connect Yundun ipc server return state is 0
2026-04-15 08:43:46 [Info] [92] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-15 08:43:46 [Info] [92] CResourceMonitor::run Enter
2026-04-15 08:43:46 [Info] [92] CIpcMsgHandlerMgr::run Enter
2026-04-15 08:43:46 [Info] [92] Report thread
2026-04-15 08:43:46 [Info] [92] Monitor thread
2026-04-15 08:43:46 [Info] [92] Loader thread
2026-04-15 08:43:46 [Info] [92] PythonEngineImpl Init...
2026-04-15 08:43:46 [Info] [92] yundun connected
2026-04-15 08:43:47 [Info] [92] recvmsg: HELLO
2026-04-15 08:43:47 [Info] [92] recvmsg: WORK
2026-04-15 08:43:47 [Info] [92] no use encode, return to old mode
2026-04-15 08:43:47 [Info] [92] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 08:43:47 [Info] [92] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 08:43:47 [Info] [92] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 08:43:47 [Info] [92] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 08:43:47 [Info] [92] log fd cnt is [250], real fd cnt is [282]
2026-04-15 08:43:47 [Info] [92] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-15 08:43:47 [Info] [92] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-15 08:43:48 [Info] [92] log memory size is 20480KB, real memory size is 14804KB
2026-04-15 08:43:48 [Info] [92] item: --windows-process-check
2026-04-15 08:43:48 [Info] [92] cgroup name aegisRtap0
2026-04-15 08:43:48 [Info] [92] try get sys version
2026-04-15 08:43:48 [Info] [92] win sys info:2/10:0:3
2026-04-15 08:43:48 [Info] [92] suit legal version, enable cpu control
2026-04-15 08:43:48 [Info] [92] get AssignProcessToJobObject handle [00000478]
2026-04-15 08:43:48 [Info] [92] Set setJobExtended.
2026-04-15 08:43:48 [Info] [92] Set cpu [9%]
2026-04-15 08:43:48 [Info] [92] Set cpu success
2026-04-15 08:43:48 [Info] [92] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-04-15 08:43:48 [Info] [92] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-04-15 08:43:48 [Info] [92] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 08:43:48 [Info] [92] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 08:43:49 [Info] [92] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0
2026-04-15 08:43:49 [Info] [92] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5
2026-04-15 08:43:49 [Info] [92] Prepare stage1: --windows-process-check
2026-04-15 08:43:49 [Info] [92] Prepare stage2
2026-04-15 08:43:52 [Info] [92] log memory size is 30720KB, real memory size is 20608KB
2026-04-15 08:43:56 [Info] [92] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-15 08:44:07 [Info] [92] stage3: --windows-process-check
2026-04-15 08:44:07 [Info] [92] Loader after check
2026-04-15 08:44:08 [Info] [92] Enter reuse wait state.
2026-04-15 08:44:10 [Info] [92] recvmsg: EXIT
2026-04-15 08:44:10 [Info] [92] Recv Exit Msg, Exit...
2026-04-15 10:24:31 [Info] [4956] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-15 10:24:31 [Info] [4956] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap247611776219871 
2026-04-15 10:24:31 [Info] [4956] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-15 10:24:31 [Info] [4956] Resource monitor start
2026-04-15 10:24:31 [Info] [4956] ipc client init success
2026-04-15 10:24:31 [Info] [4956] Ipc init: 0
2026-04-15 10:24:31 [Info] [4956] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-15 10:24:31 [Info] [4956] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-15 10:24:31 [Info] [4956] start ipc thread id[4976]
2026-04-15 10:24:31 [Info] [4956] Connect Yundun ipc server return state is 0
2026-04-15 10:24:31 [Info] [4956] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-15 10:24:31 [Info] [4956] CResourceMonitor::run Enter
2026-04-15 10:24:31 [Info] [4956] CIpcMsgHandlerMgr::run Enter
2026-04-15 10:24:31 [Info] [4956] Report thread
2026-04-15 10:24:31 [Info] [4956] Monitor thread
2026-04-15 10:24:31 [Info] [4956] Loader thread
2026-04-15 10:24:31 [Info] [4956] PythonEngineImpl Init...
2026-04-15 10:24:31 [Info] [4956] yundun connected
2026-04-15 10:24:31 [Info] [4956] recvmsg: HELLO
2026-04-15 10:24:31 [Info] [4956] recvmsg: WORK
2026-04-15 10:24:31 [Info] [4956] no use encode, return to old mode
2026-04-15 10:24:32 [Info] [4956] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 10:24:32 [Info] [4956] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 10:24:32 [Info] [4956] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 10:24:32 [Info] [4956] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 10:24:32 [Warn] [4956] high cpu, cpu is 12
2026-04-15 10:24:32 [Info] [4956] try get sys version
2026-04-15 10:24:32 [Info] [4956] win sys info:2/10:0:3
2026-04-15 10:24:32 [Info] [4956] suit legal version, enable cpu control
2026-04-15 10:24:32 [Warn] [4956] High CPU Warning: 12
2026-04-15 10:24:32 [Warn] [4956] resource monitor exp type: High CPU Warning, script runing: 0
2026-04-15 10:24:32 [Info] [4956] log fd cnt is [250], real fd cnt is [286]
2026-04-15 10:24:32 [Info] [4956] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-15 10:24:32 [Info] [4956] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-15 10:24:33 [Info] [4956] log memory size is 20480KB, real memory size is 14780KB
2026-04-15 10:24:33 [Info] [4956] item: --windows-schedule-task-check
2026-04-15 10:24:33 [Info] [4956] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-04-15 10:24:33 [Info] [4956] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-04-15 10:24:33 [Info] [4956] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 10:24:33 [Info] [4956] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 10:24:33 [Info] [4956] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0
2026-04-15 10:24:33 [Info] [4956] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5
2026-04-15 10:24:34 [Info] [4956] Prepare stage1: --windows-schedule-task-check
2026-04-15 10:24:34 [Info] [4956] Prepare stage2
2026-04-15 10:24:34 [Warn] [4956] high cpu, cpu is 13
2026-04-15 10:24:34 [Warn] [4956] High CPU Warning: 13
2026-04-15 10:24:37 [Info] [4956] log memory size is 30720KB, real memory size is 23668KB
2026-04-15 10:24:48 [Info] [4956] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-15 10:25:04 [Info] [4956] stage3: --windows-schedule-task-check
2026-04-15 10:25:04 [Info] [4956] Loader after check
2026-04-15 10:25:05 [Info] [4956] Enter reuse wait state.
2026-04-15 10:25:11 [Info] [4956] recvmsg: EXIT
2026-04-15 10:25:11 [Info] [4956] Recv Exit Msg, Exit...
2026-04-15 10:25:18 [Info] [4216] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-15 10:25:18 [Info] [4216] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap249151776219918 
2026-04-15 10:25:18 [Info] [4216] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-15 10:25:18 [Info] [4216] Resource monitor start
2026-04-15 10:25:18 [Info] [4216] ipc client init success
2026-04-15 10:25:18 [Info] [4216] Ipc init: 0
2026-04-15 10:25:18 [Info] [4216] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-15 10:25:18 [Info] [4216] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-15 10:25:18 [Info] [4216] start ipc thread id[708]
2026-04-15 10:25:18 [Info] [4216] Connect Yundun ipc server return state is 0
2026-04-15 10:25:18 [Info] [4216] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-15 10:25:18 [Info] [4216] CResourceMonitor::run Enter
2026-04-15 10:25:18 [Info] [4216] CIpcMsgHandlerMgr::run Enter
2026-04-15 10:25:18 [Info] [4216] Report thread
2026-04-15 10:25:18 [Info] [4216] Monitor thread
2026-04-15 10:25:18 [Info] [4216] Loader thread
2026-04-15 10:25:18 [Info] [4216] PythonEngineImpl Init...
2026-04-15 10:25:18 [Info] [4216] yundun connected
2026-04-15 10:25:19 [Info] [4216] recvmsg: HELLO
2026-04-15 10:25:19 [Info] [4216] recvmsg: WORK
2026-04-15 10:25:19 [Info] [4216] no use encode, return to old mode
2026-04-15 10:25:19 [Info] [4216] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 10:25:19 [Info] [4216] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 10:25:19 [Info] [4216] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 10:25:19 [Info] [4216] log fd cnt is [250], real fd cnt is [282]
2026-04-15 10:25:19 [Info] [4216] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 10:25:20 [Info] [4216] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-15 10:25:20 [Info] [4216] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-15 10:25:20 [Info] [4216] log memory size is 20480KB, real memory size is 14760KB
2026-04-15 10:25:21 [Info] [4216] item: --windows-driver-version-check
2026-04-15 10:25:21 [Info] [4216] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-04-15 10:25:21 [Info] [4216] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-04-15 10:25:21 [Info] [4216] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 10:25:21 [Info] [4216] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 10:25:21 [Info] [4216] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0
2026-04-15 10:25:21 [Info] [4216] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5
2026-04-15 10:25:21 [Info] [4216] Prepare stage1: --windows-driver-version-check
2026-04-15 10:25:21 [Info] [4216] Prepare stage2
2026-04-15 10:25:21 [Info] [4216] stage3: --windows-driver-version-check
2026-04-15 10:25:21 [Info] [4216] Loader after check
2026-04-15 10:25:22 [Info] [4216] Enter reuse wait state.
2026-04-15 10:25:26 [Info] [4216] recvmsg: EXIT
2026-04-15 10:25:26 [Info] [4216] Recv Exit Msg, Exit...
2026-04-15 10:30:56 [Info] [4332] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-15 10:30:56 [Info] [4332] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap260191776220256 
2026-04-15 10:30:56 [Info] [4332] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-15 10:30:56 [Info] [4332] Resource monitor start
2026-04-15 10:30:56 [Info] [4332] ipc client init success
2026-04-15 10:30:56 [Info] [4332] Ipc init: 0
2026-04-15 10:30:56 [Info] [4332] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-15 10:30:56 [Info] [4332] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-15 10:30:56 [Info] [4332] start ipc thread id[1020]
2026-04-15 10:30:56 [Info] [4332] Connect Yundun ipc server return state is 0
2026-04-15 10:30:56 [Info] [4332] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-15 10:30:56 [Info] [4332] CResourceMonitor::run Enter
2026-04-15 10:30:56 [Info] [4332] CIpcMsgHandlerMgr::run Enter
2026-04-15 10:30:56 [Info] [4332] yundun connected
2026-04-15 10:30:56 [Info] [4332] Report thread
2026-04-15 10:30:56 [Info] [4332] Monitor thread
2026-04-15 10:30:56 [Info] [4332] Loader thread
2026-04-15 10:30:56 [Info] [4332] PythonEngineImpl Init...
2026-04-15 10:30:57 [Info] [4332] recvmsg: HELLO
2026-04-15 10:30:57 [Info] [4332] recvmsg: WORK
2026-04-15 10:30:57 [Info] [4332] no use encode, return to old mode
2026-04-15 10:30:57 [Info] [4332] log fd cnt is [250], real fd cnt is [263]
2026-04-15 10:30:58 [Info] [4332] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 10:30:58 [Info] [4332] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 10:30:58 [Info] [4332] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 10:30:59 [Info] [4332] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 10:30:59 [Info] [4332] log memory size is 20480KB, real memory size is 14528KB
2026-04-15 10:30:59 [Info] [4332] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-15 10:30:59 [Info] [4332] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-15 10:31:02 [Info] [4332] item: --windows-registry-check
2026-04-15 10:31:02 [Info] [4332] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-04-15 10:31:02 [Info] [4332] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-04-15 10:31:02 [Info] [4332] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 10:31:02 [Info] [4332] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 10:31:02 [Info] [4332] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0
2026-04-15 10:31:02 [Info] [4332] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5
2026-04-15 10:31:03 [Info] [4332] Prepare stage1: --windows-registry-check
2026-04-15 10:31:03 [Info] [4332] Prepare stage2
2026-04-15 10:31:27 [Info] [4332] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-15 10:31:33 [Info] [4332] stage3: --windows-registry-check
2026-04-15 10:31:33 [Info] [4332] Loader after check
2026-04-15 10:31:34 [Info] [4332] Enter reuse wait state.
2026-04-15 10:31:36 [Info] [4332] recvmsg: EXIT
2026-04-15 10:31:36 [Info] [4332] Recv Exit Msg, Exit...
2026-04-15 10:50:24 [Info] [412] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-15 10:50:24 [Info] [412] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap298301776221423 
2026-04-15 10:50:24 [Info] [412] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-15 10:50:24 [Info] [412] Resource monitor start
2026-04-15 10:50:24 [Info] [412] ipc client init success
2026-04-15 10:50:24 [Info] [412] Ipc init: 0
2026-04-15 10:50:24 [Info] [412] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-15 10:50:24 [Info] [412] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-15 10:50:24 [Info] [412] start ipc thread id[4156]
2026-04-15 10:50:24 [Info] [412] Connect Yundun ipc server return state is 0
2026-04-15 10:50:24 [Info] [412] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-15 10:50:24 [Info] [412] CResourceMonitor::run Enter
2026-04-15 10:50:24 [Info] [412] CIpcMsgHandlerMgr::run Enter
2026-04-15 10:50:24 [Info] [412] Report thread
2026-04-15 10:50:24 [Info] [412] Monitor thread
2026-04-15 10:50:24 [Info] [412] Loader thread
2026-04-15 10:50:24 [Info] [412] PythonEngineImpl Init...
2026-04-15 10:50:24 [Info] [412] yundun connected
2026-04-15 10:50:24 [Info] [412] recvmsg: HELLO
2026-04-15 10:50:24 [Info] [412] recvmsg: WORK
2026-04-15 10:50:24 [Info] [412] no use encode, return to old mode
2026-04-15 10:50:24 [Info] [412] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 10:50:24 [Info] [412] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 10:50:24 [Info] [412] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 10:50:24 [Info] [412] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 10:50:25 [Info] [412] log fd cnt is [250], real fd cnt is [282]
2026-04-15 10:50:25 [Info] [412] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-15 10:50:25 [Info] [412] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-15 10:50:26 [Info] [412] log memory size is 20480KB, real memory size is 14828KB
2026-04-15 10:50:26 [Info] [412] item: --tcp-connect-check
2026-04-15 10:50:26 [Info] [412] cgroup name aegisRtap0
2026-04-15 10:50:26 [Info] [412] try get sys version
2026-04-15 10:50:26 [Info] [412] win sys info:2/10:0:3
2026-04-15 10:50:26 [Info] [412] suit legal version, enable cpu control
2026-04-15 10:50:26 [Info] [412] get AssignProcessToJobObject handle [00000478]
2026-04-15 10:50:26 [Info] [412] Set setJobExtended.
2026-04-15 10:50:26 [Info] [412] Set cpu [9%]
2026-04-15 10:50:26 [Info] [412] Set cpu success
2026-04-15 10:50:26 [Info] [412] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-04-15 10:50:26 [Info] [412] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-04-15 10:50:26 [Info] [412] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 10:50:26 [Info] [412] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 10:50:26 [Info] [412] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0
2026-04-15 10:50:26 [Info] [412] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5
2026-04-15 10:50:26 [Info] [412] Prepare stage1: --tcp-connect-check
2026-04-15 10:50:26 [Info] [412] Prepare stage2
2026-04-15 10:50:29 [Info] [412] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-15 10:50:29 [Info] [412] stage3: --tcp-connect-check
2026-04-15 10:50:29 [Info] [412] Loader after check
2026-04-15 10:50:30 [Info] [412] Enter reuse wait state.
2026-04-15 10:50:35 [Info] [412] recvmsg: EXIT
2026-04-15 10:50:35 [Info] [412] Recv Exit Msg, Exit...
2026-04-15 11:08:52 [Info] [4840] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-15 11:08:52 [Info] [4840] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap6831776222532 
2026-04-15 11:08:52 [Info] [4840] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-15 11:08:52 [Info] [4840] Resource monitor start
2026-04-15 11:08:52 [Info] [4840] ipc client init success
2026-04-15 11:08:52 [Info] [4840] Ipc init: 0
2026-04-15 11:08:52 [Info] [4840] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-15 11:08:52 [Info] [4840] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-15 11:08:52 [Info] [4840] start ipc thread id[868]
2026-04-15 11:08:52 [Info] [4840] Connect Yundun ipc server return state is 0
2026-04-15 11:08:52 [Info] [4840] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-15 11:08:52 [Info] [4840] CResourceMonitor::run Enter
2026-04-15 11:08:52 [Info] [4840] CIpcMsgHandlerMgr::run Enter
2026-04-15 11:08:52 [Info] [4840] Report thread
2026-04-15 11:08:52 [Info] [4840] Monitor thread
2026-04-15 11:08:52 [Info] [4840] Loader thread
2026-04-15 11:08:52 [Info] [4840] PythonEngineImpl Init...
2026-04-15 11:08:52 [Info] [4840] yundun connected
2026-04-15 11:08:53 [Info] [4840] recvmsg: HELLO
2026-04-15 11:08:53 [Info] [4840] recvmsg: WORK
2026-04-15 11:08:53 [Info] [4840] no use encode, return to old mode
2026-04-15 11:08:53 [Info] [4840] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 11:08:53 [Info] [4840] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 11:08:53 [Info] [4840] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 11:08:53 [Info] [4840] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 11:08:53 [Info] [4840] log fd cnt is [250], real fd cnt is [282]
2026-04-15 11:08:53 [Info] [4840] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-15 11:08:53 [Info] [4840] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-15 11:08:54 [Info] [4840] log memory size is 20480KB, real memory size is 14824KB
2026-04-15 11:08:54 [Info] [4840] item: --windows-autorun-item-check
2026-04-15 11:08:54 [Info] [4840] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-04-15 11:08:54 [Info] [4840] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-04-15 11:08:54 [Info] [4840] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 11:08:55 [Info] [4840] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 11:08:55 [Info] [4840] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0
2026-04-15 11:08:55 [Info] [4840] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5
2026-04-15 11:08:55 [Info] [4840] Prepare stage1: --windows-autorun-item-check
2026-04-15 11:08:55 [Info] [4840] Prepare stage2
2026-04-15 11:08:55 [Warn] [4840] high cpu, cpu is 15
2026-04-15 11:08:55 [Info] [4840] try get sys version
2026-04-15 11:08:55 [Info] [4840] win sys info:2/10:0:3
2026-04-15 11:08:55 [Info] [4840] suit legal version, enable cpu control
2026-04-15 11:08:55 [Warn] [4840] High CPU Warning: 15
2026-04-15 11:08:55 [Warn] [4840] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:__init__.py line: 7 in func: <module>
File:windows-autorun-item-check.py line: 143 in func: <module>
2026-04-15 11:08:58 [Info] [4840] log memory size is 30720KB, real memory size is 22632KB
2026-04-15 11:09:05 [Info] [4840] stage3: --windows-autorun-item-check
2026-04-15 11:09:05 [Info] [4840] Loader after check
2026-04-15 11:09:06 [Info] [4840] Enter reuse wait state.
2026-04-15 11:09:08 [Info] [4840] recvmsg: EXIT
2026-04-15 11:09:08 [Info] [4840] Recv Exit Msg, Exit...
2026-04-15 12:54:51 [Info] [5060] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-15 12:54:51 [Info] [5060] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap213931776228874 
2026-04-15 12:54:51 [Info] [5060] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-15 12:54:51 [Info] [5060] Resource monitor start
2026-04-15 12:54:51 [Info] [5060] ipc client init success
2026-04-15 12:54:51 [Info] [5060] Ipc init: 0
2026-04-15 12:54:51 [Info] [5060] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-15 12:54:51 [Info] [5060] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-15 12:54:51 [Info] [5060] start ipc thread id[3208]
2026-04-15 12:54:51 [Info] [5060] Connect Yundun ipc server return state is 0
2026-04-15 12:54:51 [Info] [5060] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-15 12:54:51 [Info] [5060] CResourceMonitor::run Enter
2026-04-15 12:54:51 [Info] [5060] CIpcMsgHandlerMgr::run Enter
2026-04-15 12:54:51 [Info] [5060] Report thread
2026-04-15 12:54:51 [Info] [5060] Monitor thread
2026-04-15 12:54:51 [Info] [5060] Loader thread
2026-04-15 12:54:51 [Info] [5060] PythonEngineImpl Init...
2026-04-15 12:54:57 [Info] [5060] yundun connected
2026-04-15 12:54:57 [Info] [5060] recvmsg: HELLO
2026-04-15 12:54:57 [Info] [5060] recvmsg: WORK
2026-04-15 12:54:57 [Info] [5060] no use encode, return to old mode
2026-04-15 12:54:57 [Info] [5060] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 12:54:57 [Info] [5060] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 12:54:57 [Info] [5060] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 12:54:58 [Info] [5060] log fd cnt is [250], real fd cnt is [264]
2026-04-15 12:54:59 [Info] [5060] log memory size is 20480KB, real memory size is 13152KB
2026-04-15 12:55:12 [Warn] [5060] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-15 12:55:22 [Warn] [5060] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-15 12:55:32 [Warn] [5060] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-15 12:55:32 [Info] [5060] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 12:55:32 [Info] [5060] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-15 12:55:32 [Info] [5060] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-15 12:55:34 [Info] [5060] item: --windows-sysinfoext-check
2026-04-15 12:55:34 [Info] [5060] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-15 12:55:34 [Info] [5060] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-15 12:55:34 [Info] [5060] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 12:55:34 [Info] [5060] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 12:55:34 [Info] [5060] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-15 12:55:34 [Info] [5060] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-15 12:55:34 [Info] [5060] Prepare stage1: --windows-sysinfoext-check
2026-04-15 12:55:34 [Info] [5060] Prepare stage2
2026-04-15 12:55:35 [Info] [5060] log memory size is 30720KB, real memory size is 23120KB
2026-04-15 12:55:36 [Info] [5060] stage3: --windows-sysinfoext-check
2026-04-15 12:55:36 [Info] [5060] Loader after check
2026-04-15 12:55:36 [Warn] [5060] high cpu, cpu is 13
2026-04-15 12:55:36 [Info] [5060] try get sys version
2026-04-15 12:55:36 [Info] [5060] win sys info:2/10:0:3
2026-04-15 12:55:36 [Info] [5060] suit legal version, enable cpu control
2026-04-15 12:55:36 [Warn] [5060] High CPU Warning: 13
2026-04-15 12:55:36 [Warn] [5060] resource monitor exp type: High CPU Warning, script runing: 0
2026-04-15 12:55:37 [Info] [5060] Enter reuse wait state.
2026-04-15 12:55:41 [Info] [5060] recvmsg: EXIT
2026-04-15 12:55:41 [Info] [5060] Recv Exit Msg, Exit...
2026-04-15 18:09:38 [Info] [4552] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-15 18:09:38 [Info] [4552] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap175871776247777 
2026-04-15 18:09:38 [Info] [4552] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-15 18:09:38 [Info] [4552] Resource monitor start
2026-04-15 18:09:38 [Info] [4552] ipc client init success
2026-04-15 18:09:38 [Info] [4552] Ipc init: 0
2026-04-15 18:09:38 [Info] [4552] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-15 18:09:38 [Info] [4552] CResourceMonitor::run Enter
2026-04-15 18:09:38 [Info] [4552] CIpcMsgHandlerMgr::run Enter
2026-04-15 18:09:38 [Info] [4552] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-15 18:09:38 [Info] [4552] start ipc thread id[2344]
2026-04-15 18:09:38 [Info] [4552] Connect Yundun ipc server return state is 0
2026-04-15 18:09:38 [Info] [4552] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-15 18:09:38 [Info] [4552] yundun connected
2026-04-15 18:09:38 [Info] [4552] Report thread
2026-04-15 18:09:38 [Info] [4552] Monitor thread
2026-04-15 18:09:38 [Info] [4552] Loader thread
2026-04-15 18:09:38 [Info] [4552] PythonEngineImpl Init...
2026-04-15 18:09:39 [Info] [4552] recvmsg: HELLO
2026-04-15 18:09:39 [Info] [4552] recvmsg: WORK
2026-04-15 18:09:39 [Info] [4552] no use encode, return to old mode
2026-04-15 18:09:39 [Info] [4552] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 18:09:39 [Info] [4552] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 18:09:39 [Info] [4552] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 18:09:39 [Info] [4552] log fd cnt is [250], real fd cnt is [274]
2026-04-15 18:09:40 [Info] [4552] log memory size is 20480KB, real memory size is 13644KB
2026-04-15 18:09:41 [Info] [4552] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 18:09:41 [Info] [4552] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-15 18:09:41 [Info] [4552] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-15 18:09:42 [Info] [4552] item: --secnet_rasp_agent
2026-04-15 18:09:42 [Info] [4552] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-04-15 18:09:42 [Info] [4552] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-04-15 18:09:42 [Info] [4552] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-04-15 18:09:42 [Info] [4552] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-04-15 18:09:42 [Info] [4552] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-04-15 18:09:42 [Info] [4552] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-04-15 18:09:42 [Info] [4552] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-04-15 18:09:42 [Info] [4552] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-04-15 18:09:42 [Info] [4552] Download redirect files success.
2026-04-15 18:09:42 [Info] [4552] Prepare stage1: --secnet_rasp_agent
2026-04-15 18:09:42 [Info] [4552] Prepare stage2
2026-04-15 18:09:44 [Info] [4552] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-04-15 18:09:44 [Info] [4552] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-04-15 18:09:44 [Info] [4552] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 18:09:44 [Info] [4552] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 18:09:44 [Info] [4552] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-04-15 18:09:44 [Info] [4552] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-04-15 18:09:44 [Info] [4552] stage3: --secnet_rasp_agent
2026-04-15 18:09:44 [Info] [4552] Loader after check
2026-04-15 18:09:44 [Info] [4552] log memory size is 30720KB, real memory size is 21456KB
2026-04-15 18:09:45 [Info] [4552] Enter reuse wait state.
2026-04-15 18:09:50 [Info] [4552] recvmsg: EXIT
2026-04-15 18:09:50 [Info] [4552] Recv Exit Msg, Exit...
2026-04-15 18:21:39 [Info] [2424] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-15 18:21:39 [Info] [2424] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap198731776248477 
2026-04-15 18:21:39 [Info] [2424] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-15 18:21:39 [Info] [2424] Resource monitor start
2026-04-15 18:21:39 [Info] [2424] ipc client init success
2026-04-15 18:21:39 [Info] [2424] Ipc init: 0
2026-04-15 18:21:39 [Info] [2424] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-15 18:21:39 [Info] [2424] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-15 18:21:43 [Info] [2424] CIpcMsgHandlerMgr::run Enter
2026-04-15 18:21:43 [Info] [2424] CResourceMonitor::run Enter
2026-04-15 18:21:43 [Info] [2424] start ipc thread id[4300]
2026-04-15 18:21:43 [Info] [2424] Connect Yundun ipc server return state is 0
2026-04-15 18:21:43 [Info] [2424] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-15 18:21:44 [Info] [2424] log fd cnt is [250], real fd cnt is [242]
2026-04-15 18:21:48 [Info] [2424] Loader thread
2026-04-15 18:21:48 [Info] [2424] PythonEngineImpl Init...
2026-04-15 18:21:48 [Info] [2424] Monitor thread
2026-04-15 18:21:48 [Info] [2424] Report thread
2026-04-15 18:21:48 [Info] [2424] yundun connected
2026-04-15 18:21:48 [Info] [2424] recvmsg: HELLO
2026-04-15 18:21:48 [Info] [2424] recvmsg: WORK
2026-04-15 18:21:48 [Info] [2424] no use encode, return to old mode
2026-04-15 18:21:48 [Info] [2424] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 18:21:48 [Info] [2424] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 18:21:48 [Info] [2424] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 18:21:49 [Info] [2424] log memory size is 20480KB, real memory size is 13144KB
2026-04-15 18:21:57 [Info] [2424] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 18:21:57 [Info] [2424] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-15 18:21:57 [Info] [2424] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-15 18:21:59 [Info] [2424] item: --windows-sysinfoext-check
2026-04-15 18:21:59 [Info] [2424] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-15 18:21:59 [Info] [2424] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-15 18:21:59 [Info] [2424] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 18:21:59 [Info] [2424] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 18:21:59 [Info] [2424] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-15 18:21:59 [Info] [2424] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-15 18:22:00 [Info] [2424] Prepare stage1: --windows-sysinfoext-check
2026-04-15 18:22:00 [Info] [2424] Prepare stage2
2026-04-15 18:22:00 [Warn] [2424] high cpu, cpu is 20
2026-04-15 18:22:00 [Info] [2424] try get sys version
2026-04-15 18:22:00 [Info] [2424] win sys info:2/10:0:3
2026-04-15 18:22:00 [Info] [2424] suit legal version, enable cpu control
2026-04-15 18:22:00 [Warn] [2424] High CPU Warning: 20
2026-04-15 18:22:00 [Warn] [2424] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:util.py line: 84 in func: next
File:wmi.py line: 1009 in func: query
File:wmi.py line: 817 in func: query
File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion
File:windows-sysinfoext-check.py line: 168 in func: check
File:windows-sysinfoext-check.py line: 143 in func: main
File:windows-sysinfoext-check.py line: 200 in func: start
2026-04-15 18:22:01 [Info] [2424] log memory size is 30720KB, real memory size is 23136KB
2026-04-15 18:22:03 [Info] [2424] stage3: --windows-sysinfoext-check
2026-04-15 18:22:03 [Info] [2424] Loader after check
2026-04-15 18:22:04 [Info] [2424] Enter reuse wait state.
2026-04-15 18:22:06 [Info] [2424] recvmsg: EXIT
2026-04-15 18:22:06 [Info] [2424] Recv Exit Msg, Exit...
2026-04-15 20:45:53 [Info] [4264] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-15 20:45:53 [Info] [4264] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap154371776257153 
2026-04-15 20:45:53 [Info] [4264] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-15 20:45:53 [Info] [4264] Resource monitor start
2026-04-15 20:45:53 [Info] [4264] ipc client init success
2026-04-15 20:45:53 [Info] [4264] Ipc init: 0
2026-04-15 20:45:53 [Info] [4264] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-15 20:45:53 [Info] [4264] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-15 20:45:53 [Info] [4264] start ipc thread id[2028]
2026-04-15 20:45:53 [Info] [4264] Connect Yundun ipc server return state is 0
2026-04-15 20:45:53 [Info] [4264] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-15 20:45:53 [Info] [4264] CResourceMonitor::run Enter
2026-04-15 20:45:53 [Info] [4264] CIpcMsgHandlerMgr::run Enter
2026-04-15 20:45:53 [Info] [4264] yundun connected
2026-04-15 20:45:53 [Info] [4264] Report thread
2026-04-15 20:45:53 [Info] [4264] Monitor thread
2026-04-15 20:45:53 [Info] [4264] Loader thread
2026-04-15 20:45:53 [Info] [4264] PythonEngineImpl Init...
2026-04-15 20:45:53 [Info] [4264] recvmsg: HELLO
2026-04-15 20:45:54 [Info] [4264] recvmsg: WORK
2026-04-15 20:45:54 [Info] [4264] no use encode, return to old mode
2026-04-15 20:45:54 [Info] [4264] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 20:45:54 [Info] [4264] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 20:45:54 [Info] [4264] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 20:45:54 [Info] [4264] log fd cnt is [250], real fd cnt is [277]
2026-04-15 20:45:55 [Info] [4264] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 20:45:55 [Info] [4264] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-15 20:45:55 [Info] [4264] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-15 20:45:55 [Info] [4264] log memory size is 20480KB, real memory size is 14808KB
2026-04-15 20:45:56 [Info] [4264] item: --windows-vul-check
2026-04-15 20:45:56 [Info] [4264] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-04-15 20:45:56 [Info] [4264] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-04-15 20:45:56 [Info] [4264] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py
2026-04-15 20:45:56 [Info] [4264] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-04-15 20:45:56 [Info] [4264] Download redirect files success.
2026-04-15 20:45:56 [Info] [4264] Prepare stage1: --windows-vul-check
2026-04-15 20:45:56 [Info] [4264] Prepare stage2
2026-04-15 20:45:57 [Info] [4264] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat
2026-04-15 20:45:57 [Info] [4264] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat
2026-04-15 20:45:57 [Info] [4264] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 20:45:57 [Info] [4264] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 20:45:57 [Info] [4264] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5
2026-04-15 20:45:57 [Info] [4264] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5
2026-04-15 20:45:57 [Info] [4264] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0
2026-04-15 20:45:57 [Info] [4264] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0
2026-04-15 20:45:57 [Info] [4264] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat
2026-04-15 20:45:57 [Info] [4264] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat
2026-04-15 20:45:58 [Info] [4264] stage3: --windows-vul-check
2026-04-15 20:45:58 [Info] [4264] Loader after check
2026-04-15 20:45:59 [Info] [4264] Enter reuse wait state.
2026-04-15 20:46:00 [Info] [4264] log memory size is 30720KB, real memory size is 23476KB
2026-04-15 20:46:00 [Info] [4264] recvmsg: EXIT
2026-04-15 20:46:00 [Info] [4264] Recv Exit Msg, Exit...
2026-04-15 23:47:36 [Info] [4140] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-15 23:47:36 [Info] [4140] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap182151776268038 
2026-04-15 23:47:36 [Info] [4140] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-15 23:47:36 [Info] [4140] Resource monitor start
2026-04-15 23:47:36 [Info] [4140] ipc client init success
2026-04-15 23:47:36 [Info] [4140] Ipc init: 0
2026-04-15 23:47:36 [Info] [4140] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-15 23:47:36 [Info] [4140] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-15 23:47:36 [Info] [4140] start ipc thread id[3492]
2026-04-15 23:47:36 [Info] [4140] Connect Yundun ipc server return state is 0
2026-04-15 23:47:36 [Info] [4140] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-15 23:47:36 [Info] [4140] CResourceMonitor::run Enter
2026-04-15 23:47:36 [Info] [4140] CIpcMsgHandlerMgr::run Enter
2026-04-15 23:47:36 [Info] [4140] Report thread
2026-04-15 23:47:36 [Info] [4140] Monitor thread
2026-04-15 23:47:36 [Info] [4140] Loader thread
2026-04-15 23:47:36 [Info] [4140] PythonEngineImpl Init...
2026-04-15 23:47:36 [Info] [4140] yundun connected
2026-04-15 23:47:42 [Info] [4140] recvmsg: HELLO
2026-04-15 23:47:42 [Info] [4140] recvmsg: WORK
2026-04-15 23:47:42 [Info] [4140] no use encode, return to old mode
2026-04-15 23:47:42 [Info] [4140] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 23:47:42 [Info] [4140] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-15 23:47:42 [Info] [4140] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 23:47:43 [Info] [4140] log fd cnt is [250], real fd cnt is [264]
2026-04-15 23:47:44 [Info] [4140] log memory size is 20480KB, real memory size is 13144KB
2026-04-15 23:47:58 [Warn] [4140] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-15 23:48:08 [Warn] [4140] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-15 23:48:08 [Info] [4140] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 23:48:08 [Info] [4140] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-15 23:48:08 [Info] [4140] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-15 23:48:09 [Info] [4140] item: --windows-sysinfoext-check
2026-04-15 23:48:09 [Info] [4140] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-15 23:48:09 [Info] [4140] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-15 23:48:09 [Info] [4140] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-15 23:48:09 [Info] [4140] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-15 23:48:10 [Info] [4140] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-15 23:48:10 [Info] [4140] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-15 23:48:10 [Info] [4140] Prepare stage1: --windows-sysinfoext-check
2026-04-15 23:48:10 [Info] [4140] Prepare stage2
2026-04-15 23:48:11 [Warn] [4140] high cpu, cpu is 12
2026-04-15 23:48:11 [Info] [4140] try get sys version
2026-04-15 23:48:11 [Info] [4140] win sys info:2/10:0:3
2026-04-15 23:48:11 [Info] [4140] suit legal version, enable cpu control
2026-04-15 23:48:11 [Warn] [4140] High CPU Warning: 12
2026-04-15 23:48:11 [Warn] [4140] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:__init__.py line: 87 in func: Moniker
File:__init__.py line: 72 in func: GetObject
File:wmi.py line: 1276 in func: connect
File:windows-sysinfoext-check.py line: 50 in func: GetSysCpuInfo
File:windows-sysinfoext-check.py line: 174 in func: check
File:windows-sysinfoext-check.py line: 143 in func: main
File:windows-sysinfoext-check.py line: 200 in func: start
2026-04-15 23:48:12 [Info] [4140] log memory size is 30720KB, real memory size is 23152KB
2026-04-15 23:48:12 [Info] [4140] stage3: --windows-sysinfoext-check
2026-04-15 23:48:12 [Info] [4140] Loader after check
2026-04-15 23:48:13 [Warn] [4140] high cpu, cpu is 13
2026-04-15 23:48:13 [Warn] [4140] High CPU Warning: 13
2026-04-15 23:48:13 [Info] [4140] Enter reuse wait state.
2026-04-15 23:48:18 [Info] [4140] recvmsg: EXIT
2026-04-15 23:48:18 [Info] [4140] Recv Exit Msg, Exit...
2026-04-22 01:42:23 [Info] [2620] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-22 01:42:23 [Info] [2620] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap297041776793343 
2026-04-22 01:42:23 [Info] [2620] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-22 01:42:23 [Info] [2620] Resource monitor start
2026-04-22 01:42:23 [Info] [2620] ipc client init success
2026-04-22 01:42:23 [Info] [2620] Ipc init: 0
2026-04-22 01:42:23 [Info] [2620] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-22 01:42:23 [Info] [2620] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-22 01:42:23 [Info] [2620] start ipc thread id[1952]
2026-04-22 01:42:23 [Info] [2620] Connect Yundun ipc server return state is 0
2026-04-22 01:42:23 [Info] [2620] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-22 01:42:23 [Info] [2620] CResourceMonitor::run Enter
2026-04-22 01:42:23 [Info] [2620] CIpcMsgHandlerMgr::run Enter
2026-04-22 01:42:23 [Info] [2620] Report thread
2026-04-22 01:42:23 [Info] [2620] Monitor thread
2026-04-22 01:42:23 [Info] [2620] Loader thread
2026-04-22 01:42:23 [Info] [2620] PythonEngineImpl Init...
2026-04-22 01:42:23 [Info] [2620] yundun connected
2026-04-22 01:42:23 [Info] [2620] recvmsg: HELLO
2026-04-22 01:42:23 [Info] [2620] recvmsg: WORK
2026-04-22 01:42:23 [Info] [2620] no use encode, return to old mode
2026-04-22 01:42:24 [Info] [2620] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 01:42:24 [Info] [2620] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 01:42:24 [Info] [2620] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 01:42:24 [Info] [2620] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 01:42:24 [Info] [2620] log fd cnt is [250], real fd cnt is [282]
2026-04-22 01:42:24 [Info] [2620] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-22 01:42:24 [Info] [2620] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-22 01:42:25 [Info] [2620] log memory size is 20480KB, real memory size is 14836KB
2026-04-22 01:42:25 [Info] [2620] item: --sca
2026-04-22 01:42:25 [Info] [2620] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-04-22 01:42:25 [Info] [2620] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-04-22 01:42:25 [Info] [2620] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py
2026-04-22 01:42:25 [Info] [2620] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py
2026-04-22 01:42:26 [Info] [2620] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py
2026-04-22 01:42:26 [Info] [2620] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py
2026-04-22 01:42:26 [Info] [2620] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py
2026-04-22 01:42:26 [Info] [2620] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py
2026-04-22 01:42:26 [Info] [2620] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py
2026-04-22 01:42:26 [Info] [2620] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py
2026-04-22 01:42:26 [Info] [2620] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py
2026-04-22 01:42:26 [Info] [2620] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py
2026-04-22 01:42:26 [Info] [2620] Download redirect files success.
2026-04-22 01:42:26 [Info] [2620] Prepare stage1: --sca
2026-04-22 01:42:26 [Info] [2620] Prepare stage2
2026-04-22 01:42:28 [Warn] [2620] high cpu, cpu is 24
2026-04-22 01:42:28 [Info] [2620] try get sys version
2026-04-22 01:42:28 [Info] [2620] win sys info:2/10:0:3
2026-04-22 01:42:28 [Info] [2620] suit legal version, enable cpu control
2026-04-22 01:42:28 [Warn] [2620] High CPU Warning: 24
2026-04-22 01:42:28 [Warn] [2620] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-04-22 01:42:29 [Info] [2620] log memory size is 30720KB, real memory size is 32960KB
2026-04-22 01:42:34 [Info] [2620] log memory size is 40960KB, real memory size is 33240KB
2026-04-22 01:43:02 [Info] [2620] stage3: --sca
2026-04-22 01:43:02 [Info] [2620] Loader after check
2026-04-22 01:43:03 [Info] [2620] Enter reuse wait state.
2026-04-22 01:43:07 [Info] [2620] recvmsg: EXIT
2026-04-22 01:43:07 [Info] [2620] Recv Exit Msg, Exit...
2026-04-22 03:40:08 [Info] [4928] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-22 03:40:08 [Info] [4928] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap200041776800407 
2026-04-22 03:40:08 [Info] [4928] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-22 03:40:08 [Info] [4928] Resource monitor start
2026-04-22 03:40:08 [Info] [4928] ipc client init success
2026-04-22 03:40:08 [Info] [4928] Ipc init: 0
2026-04-22 03:40:08 [Info] [4928] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-22 03:40:08 [Info] [4928] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-22 03:40:08 [Info] [4928] start ipc thread id[4956]
2026-04-22 03:40:08 [Info] [4928] Connect Yundun ipc server return state is 0
2026-04-22 03:40:08 [Info] [4928] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-22 03:40:08 [Info] [4928] CResourceMonitor::run Enter
2026-04-22 03:40:08 [Info] [4928] CIpcMsgHandlerMgr::run Enter
2026-04-22 03:40:08 [Info] [4928] Report thread
2026-04-22 03:40:08 [Info] [4928] Monitor thread
2026-04-22 03:40:08 [Info] [4928] Loader thread
2026-04-22 03:40:08 [Info] [4928] PythonEngineImpl Init...
2026-04-22 03:40:14 [Info] [4928] yundun connected
2026-04-22 03:40:17 [Info] [4928] recvmsg: HELLO
2026-04-22 03:40:17 [Info] [4928] recvmsg: WORK
2026-04-22 03:40:17 [Info] [4928] no use encode, return to old mode
2026-04-22 03:40:17 [Info] [4928] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 03:40:17 [Info] [4928] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 03:40:17 [Info] [4928] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 03:40:22 [Info] [4928] log fd cnt is [250], real fd cnt is [264]
2026-04-22 03:40:23 [Info] [4928] log memory size is 20480KB, real memory size is 13144KB
2026-04-22 03:40:45 [Info] [4928] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-22 03:40:47 [Warn] [4928] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-22 03:40:57 [Warn] [4928] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-22 03:41:07 [Warn] [4928] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-22 03:41:07 [Info] [4928] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 03:41:08 [Info] [4928] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-22 03:41:08 [Info] [4928] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-22 03:41:09 [Info] [4928] item: --windows-sysinfoext-check
2026-04-22 03:41:09 [Info] [4928] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-22 03:41:09 [Info] [4928] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-22 03:41:09 [Info] [4928] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 03:41:09 [Info] [4928] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 03:41:09 [Info] [4928] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-22 03:41:09 [Info] [4928] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-22 03:41:09 [Info] [4928] Prepare stage1: --windows-sysinfoext-check
2026-04-22 03:41:09 [Info] [4928] Prepare stage2
2026-04-22 03:41:12 [Info] [4928] log memory size is 30720KB, real memory size is 23172KB
2026-04-22 03:41:13 [Info] [4928] stage3: --windows-sysinfoext-check
2026-04-22 03:41:13 [Info] [4928] Loader after check
2026-04-22 03:41:14 [Info] [4928] Enter reuse wait state.
2026-04-22 03:41:19 [Info] [4928] recvmsg: EXIT
2026-04-22 03:41:19 [Info] [4928] Recv Exit Msg, Exit...
2026-04-22 07:43:52 [Info] [976] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-22 07:43:52 [Info] [976] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap22271776815032 
2026-04-22 07:43:52 [Info] [976] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-22 07:43:52 [Info] [976] Resource monitor start
2026-04-22 07:43:52 [Info] [976] ipc client init success
2026-04-22 07:43:52 [Info] [976] Ipc init: 0
2026-04-22 07:43:52 [Info] [976] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-22 07:43:52 [Info] [976] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-22 07:43:52 [Info] [976] start ipc thread id[5056]
2026-04-22 07:43:52 [Info] [976] Connect Yundun ipc server return state is 0
2026-04-22 07:43:52 [Info] [976] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-22 07:43:52 [Info] [976] CResourceMonitor::run Enter
2026-04-22 07:43:52 [Info] [976] CIpcMsgHandlerMgr::run Enter
2026-04-22 07:43:52 [Info] [976] yundun connected
2026-04-22 07:43:52 [Info] [976] Report thread
2026-04-22 07:43:52 [Info] [976] Monitor thread
2026-04-22 07:43:52 [Info] [976] Loader thread
2026-04-22 07:43:52 [Info] [976] PythonEngineImpl Init...
2026-04-22 07:43:52 [Info] [976] recvmsg: HELLO
2026-04-22 07:43:52 [Info] [976] recvmsg: WORK
2026-04-22 07:43:52 [Info] [976] no use encode, return to old mode
2026-04-22 07:43:52 [Info] [976] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 07:43:52 [Info] [976] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 07:43:52 [Info] [976] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 07:43:53 [Info] [976] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 07:43:53 [Info] [976] log fd cnt is [250], real fd cnt is [282]
2026-04-22 07:43:53 [Info] [976] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-22 07:43:53 [Info] [976] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-22 07:43:54 [Info] [976] log memory size is 20480KB, real memory size is 14868KB
2026-04-22 07:43:54 [Info] [976] item: --windows-vul-clean
2026-04-22 07:43:54 [Info] [976] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-04-22 07:43:54 [Info] [976] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-04-22 07:43:54 [Info] [976] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 07:43:54 [Info] [976] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 07:43:54 [Info] [976] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0
2026-04-22 07:43:54 [Info] [976] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5
2026-04-22 07:43:54 [Info] [976] Prepare stage1: --windows-vul-clean
2026-04-22 07:43:54 [Info] [976] Prepare stage2
2026-04-22 07:43:54 [Info] [976] stage3: --windows-vul-clean
2026-04-22 07:43:54 [Info] [976] Loader after check
2026-04-22 07:43:56 [Info] [976] Enter reuse wait state.
2026-04-22 07:43:59 [Info] [976] recvmsg: EXIT
2026-04-22 07:43:59 [Info] [976] Recv Exit Msg, Exit...
2026-04-22 08:49:15 [Info] [3352] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-22 08:49:15 [Info] [3352] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap150381776818955 
2026-04-22 08:49:15 [Info] [3352] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-22 08:49:15 [Info] [3352] Resource monitor start
2026-04-22 08:49:15 [Info] [3352] ipc client init success
2026-04-22 08:49:15 [Info] [3352] Ipc init: 0
2026-04-22 08:49:15 [Info] [3352] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-22 08:49:15 [Info] [3352] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-22 08:49:15 [Info] [3352] start ipc thread id[4852]
2026-04-22 08:49:15 [Info] [3352] Connect Yundun ipc server return state is 0
2026-04-22 08:49:15 [Info] [3352] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-22 08:49:15 [Info] [3352] CResourceMonitor::run Enter
2026-04-22 08:49:15 [Info] [3352] CIpcMsgHandlerMgr::run Enter
2026-04-22 08:49:15 [Info] [3352] Report thread
2026-04-22 08:49:15 [Info] [3352] Monitor thread
2026-04-22 08:49:15 [Info] [3352] Loader thread
2026-04-22 08:49:15 [Info] [3352] PythonEngineImpl Init...
2026-04-22 08:49:15 [Info] [3352] yundun connected
2026-04-22 08:49:16 [Info] [3352] recvmsg: HELLO
2026-04-22 08:49:16 [Info] [3352] recvmsg: WORK
2026-04-22 08:49:16 [Info] [3352] no use encode, return to old mode
2026-04-22 08:49:16 [Info] [3352] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 08:49:16 [Info] [3352] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 08:49:16 [Info] [3352] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 08:49:16 [Info] [3352] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 08:49:16 [Info] [3352] log fd cnt is [250], real fd cnt is [282]
2026-04-22 08:49:17 [Info] [3352] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-22 08:49:17 [Info] [3352] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-22 08:49:17 [Info] [3352] log memory size is 20480KB, real memory size is 14836KB
2026-04-22 08:49:18 [Info] [3352] item: --windows-process-check
2026-04-22 08:49:18 [Info] [3352] cgroup name aegisRtap0
2026-04-22 08:49:18 [Info] [3352] try get sys version
2026-04-22 08:49:18 [Info] [3352] win sys info:2/10:0:3
2026-04-22 08:49:18 [Info] [3352] suit legal version, enable cpu control
2026-04-22 08:49:18 [Info] [3352] get AssignProcessToJobObject handle [00000478]
2026-04-22 08:49:18 [Info] [3352] Set setJobExtended.
2026-04-22 08:49:18 [Info] [3352] Set cpu [9%]
2026-04-22 08:49:18 [Info] [3352] Set cpu success
2026-04-22 08:49:18 [Info] [3352] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-04-22 08:49:18 [Info] [3352] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-04-22 08:49:18 [Info] [3352] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 08:49:18 [Info] [3352] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 08:49:18 [Info] [3352] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0
2026-04-22 08:49:18 [Info] [3352] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5
2026-04-22 08:49:18 [Info] [3352] Prepare stage1: --windows-process-check
2026-04-22 08:49:18 [Info] [3352] Prepare stage2
2026-04-22 08:49:22 [Info] [3352] log memory size is 30720KB, real memory size is 20604KB
2026-04-22 08:49:36 [Info] [3352] stage3: --windows-process-check
2026-04-22 08:49:36 [Info] [3352] Loader after check
2026-04-22 08:49:37 [Info] [3352] Enter reuse wait state.
2026-04-22 08:49:39 [Info] [3352] recvmsg: EXIT
2026-04-22 08:49:39 [Info] [3352] Recv Exit Msg, Exit...
2026-04-22 09:08:01 [Info] [4172] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-22 09:08:01 [Info] [4172] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap186921776820074 
2026-04-22 09:08:01 [Info] [4172] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-22 09:08:01 [Info] [4172] Resource monitor start
2026-04-22 09:08:01 [Info] [4172] ipc client init success
2026-04-22 09:08:01 [Info] [4172] Ipc init: 0
2026-04-22 09:08:01 [Info] [4172] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-22 09:08:01 [Info] [4172] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-22 09:08:01 [Info] [4172] start ipc thread id[3496]
2026-04-22 09:08:01 [Info] [4172] Connect Yundun ipc server return state is 0
2026-04-22 09:08:01 [Info] [4172] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-22 09:08:07 [Info] [4172] CResourceMonitor::run Enter
2026-04-22 09:08:08 [Info] [4172] log fd cnt is [250], real fd cnt is [242]
2026-04-22 09:08:10 [Info] [4172] Loader thread
2026-04-22 09:08:10 [Info] [4172] PythonEngineImpl Init...
2026-04-22 09:08:10 [Info] [4172] Monitor thread
2026-04-22 09:08:10 [Info] [4172] Report thread
2026-04-22 09:08:10 [Info] [4172] yundun connected
2026-04-22 09:08:10 [Info] [4172] CIpcMsgHandlerMgr::run Enter
2026-04-22 09:08:10 [Info] [4172] recvmsg: HELLO
2026-04-22 09:08:10 [Info] [4172] recvmsg: WORK
2026-04-22 09:08:10 [Info] [4172] no use encode, return to old mode
2026-04-22 09:08:10 [Info] [4172] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 09:08:10 [Info] [4172] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 09:08:10 [Info] [4172] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 09:08:13 [Info] [4172] log memory size is 20480KB, real memory size is 13148KB
2026-04-22 09:08:16 [Info] [4172] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-22 09:08:21 [Warn] [4172] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-22 09:08:31 [Warn] [4172] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-22 09:08:32 [Info] [4172] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 09:08:32 [Info] [4172] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-22 09:08:32 [Info] [4172] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-22 09:08:34 [Info] [4172] item: --windows-sysinfoext-check
2026-04-22 09:08:34 [Info] [4172] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-22 09:08:34 [Info] [4172] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-22 09:08:34 [Info] [4172] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 09:08:34 [Info] [4172] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 09:08:35 [Info] [4172] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-22 09:08:35 [Info] [4172] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-22 09:08:35 [Info] [4172] Prepare stage1: --windows-sysinfoext-check
2026-04-22 09:08:35 [Info] [4172] Prepare stage2
2026-04-22 09:08:36 [Info] [4172] stage3: --windows-sysinfoext-check
2026-04-22 09:08:36 [Info] [4172] Loader after check
2026-04-22 09:08:37 [Warn] [4172] high cpu, cpu is 12
2026-04-22 09:08:37 [Info] [4172] try get sys version
2026-04-22 09:08:37 [Info] [4172] win sys info:2/10:0:3
2026-04-22 09:08:37 [Info] [4172] suit legal version, enable cpu control
2026-04-22 09:08:37 [Warn] [4172] High CPU Warning: 12
2026-04-22 09:08:37 [Warn] [4172] resource monitor exp type: High CPU Warning, script runing: 0
2026-04-22 09:08:37 [Info] [4172] Enter reuse wait state.
2026-04-22 09:08:38 [Info] [4172] log memory size is 30720KB, real memory size is 23352KB
2026-04-22 09:08:39 [Info] [4172] recvmsg: EXIT
2026-04-22 09:08:39 [Info] [4172] Recv Exit Msg, Exit...
2026-04-22 10:24:25 [Info] [756] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-22 10:24:25 [Info] [756] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap9161776824665 
2026-04-22 10:24:25 [Info] [756] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-22 10:24:25 [Info] [756] Resource monitor start
2026-04-22 10:24:25 [Info] [756] ipc client init success
2026-04-22 10:24:25 [Info] [756] Ipc init: 0
2026-04-22 10:24:25 [Info] [756] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-22 10:24:25 [Info] [756] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-22 10:24:25 [Info] [756] start ipc thread id[2360]
2026-04-22 10:24:25 [Info] [756] Connect Yundun ipc server return state is 0
2026-04-22 10:24:25 [Info] [756] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-22 10:24:25 [Info] [756] CResourceMonitor::run Enter
2026-04-22 10:24:25 [Info] [756] CIpcMsgHandlerMgr::run Enter
2026-04-22 10:24:25 [Info] [756] yundun connected
2026-04-22 10:24:25 [Info] [756] Report thread
2026-04-22 10:24:25 [Info] [756] Monitor thread
2026-04-22 10:24:25 [Info] [756] Loader thread
2026-04-22 10:24:25 [Info] [756] PythonEngineImpl Init...
2026-04-22 10:24:26 [Info] [756] recvmsg: HELLO
2026-04-22 10:24:27 [Info] [756] log fd cnt is [250], real fd cnt is [263]
2026-04-22 10:24:27 [Info] [756] recvmsg: WORK
2026-04-22 10:24:27 [Info] [756] no use encode, return to old mode
2026-04-22 10:24:28 [Info] [756] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 10:24:28 [Info] [756] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 10:24:28 [Info] [756] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 10:24:28 [Info] [756] log memory size is 20480KB, real memory size is 13612KB
2026-04-22 10:24:29 [Info] [756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 10:24:29 [Info] [756] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-22 10:24:29 [Info] [756] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-22 10:24:33 [Info] [756] item: --windows-registry-check
2026-04-22 10:24:33 [Info] [756] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-04-22 10:24:33 [Info] [756] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-04-22 10:24:33 [Info] [756] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 10:24:34 [Info] [756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 10:24:34 [Info] [756] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0
2026-04-22 10:24:34 [Info] [756] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5
2026-04-22 10:24:35 [Info] [756] Prepare stage1: --windows-registry-check
2026-04-22 10:24:35 [Info] [756] Prepare stage2
2026-04-22 10:24:56 [Info] [756] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-22 10:24:58 [Info] [3096] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-22 10:24:58 [Info] [3096] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap10241776824698 
2026-04-22 10:24:58 [Info] [3096] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-22 10:24:58 [Info] [3096] Resource monitor start
2026-04-22 10:24:58 [Info] [3096] ipc client init success
2026-04-22 10:24:58 [Info] [3096] Ipc init: 0
2026-04-22 10:24:58 [Info] [3096] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-22 10:24:58 [Info] [3096] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-22 10:24:58 [Info] [3096] start ipc thread id[844]
2026-04-22 10:24:58 [Info] [3096] Connect Yundun ipc server return state is 0
2026-04-22 10:24:58 [Info] [3096] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-22 10:24:59 [Info] [3096] CResourceMonitor::run Enter
2026-04-22 10:24:59 [Info] [3096] CIpcMsgHandlerMgr::run Enter
2026-04-22 10:24:59 [Info] [3096] yundun connected
2026-04-22 10:24:59 [Info] [3096] Report thread
2026-04-22 10:24:59 [Info] [3096] Monitor thread
2026-04-22 10:24:59 [Info] [3096] Loader thread
2026-04-22 10:24:59 [Info] [3096] PythonEngineImpl Init...
2026-04-22 10:24:59 [Info] [3096] recvmsg: HELLO
2026-04-22 10:25:00 [Info] [3096] recvmsg: WORK
2026-04-22 10:25:00 [Info] [3096] no use encode, return to old mode
2026-04-22 10:25:00 [Info] [3096] log fd cnt is [250], real fd cnt is [263]
2026-04-22 10:25:00 [Info] [3096] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 10:25:00 [Info] [3096] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 10:25:00 [Info] [3096] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 10:25:01 [Info] [3096] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 10:25:01 [Info] [3096] log memory size is 20480KB, real memory size is 14532KB
2026-04-22 10:25:01 [Info] [3096] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-22 10:25:01 [Info] [3096] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-22 10:25:04 [Info] [3096] item: --windows-schedule-task-check
2026-04-22 10:25:04 [Info] [3096] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-04-22 10:25:04 [Info] [3096] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-04-22 10:25:04 [Info] [3096] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 10:25:04 [Info] [3096] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 10:25:04 [Info] [3096] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0
2026-04-22 10:25:04 [Info] [3096] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5
2026-04-22 10:25:05 [Info] [3096] Prepare stage1: --windows-schedule-task-check
2026-04-22 10:25:05 [Info] [3096] Prepare stage2
2026-04-22 10:25:05 [Info] [3096] log memory size is 30720KB, real memory size is 21572KB
2026-04-22 10:25:06 [Warn] [3096] high cpu, cpu is 11
2026-04-22 10:25:06 [Info] [3096] try get sys version
2026-04-22 10:25:06 [Info] [3096] win sys info:2/10:0:3
2026-04-22 10:25:06 [Info] [3096] suit legal version, enable cpu control
2026-04-22 10:25:06 [Warn] [3096] High CPU Warning: 11
2026-04-22 10:25:07 [Warn] [3096] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:<COMObject <unknown>> line: 2 in func: GetFolders
File:windows-schedule-task-check.py line: 346 in func: _walk_tasks_internal
File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal
File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal
File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal
File:windows-schedule-task-check.py line: 372 in func: GetScheduleTaskByCom
File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks
File:windows-schedule-task-check.py line: 425 in func: check
File:windows-schedule-task-check.py line: 61 in func: main
File:windows-schedule-task-check.py line: 433 in func: start
2026-04-22 10:25:08 [Info] [756] stage3: --windows-registry-check
2026-04-22 10:25:08 [Info] [756] Loader after check
2026-04-22 10:25:10 [Info] [756] Enter reuse wait state.
2026-04-22 10:25:14 [Info] [756] recvmsg: EXIT
2026-04-22 10:25:14 [Info] [756] Recv Exit Msg, Exit...
2026-04-22 10:25:22 [Info] [4152] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-22 10:25:22 [Info] [4152] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap10991776824721 
2026-04-22 10:25:22 [Info] [4152] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-22 10:25:22 [Info] [4152] Resource monitor start
2026-04-22 10:25:22 [Info] [4152] ipc client init success
2026-04-22 10:25:22 [Info] [4152] Ipc init: 0
2026-04-22 10:25:22 [Info] [4152] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-22 10:25:22 [Info] [4152] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-22 10:25:22 [Info] [4152] start ipc thread id[2244]
2026-04-22 10:25:22 [Info] [4152] Connect Yundun ipc server return state is 0
2026-04-22 10:25:22 [Info] [4152] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-22 10:25:22 [Info] [4152] CResourceMonitor::run Enter
2026-04-22 10:25:22 [Info] [4152] CIpcMsgHandlerMgr::run Enter
2026-04-22 10:25:22 [Info] [4152] yundun connected
2026-04-22 10:25:22 [Info] [4152] Report thread
2026-04-22 10:25:22 [Info] [4152] Monitor thread
2026-04-22 10:25:22 [Info] [4152] Loader thread
2026-04-22 10:25:22 [Info] [4152] PythonEngineImpl Init...
2026-04-22 10:25:23 [Info] [4152] recvmsg: HELLO
2026-04-22 10:25:23 [Info] [4152] log fd cnt is [250], real fd cnt is [263]
2026-04-22 10:25:23 [Info] [4152] recvmsg: WORK
2026-04-22 10:25:23 [Info] [4152] no use encode, return to old mode
2026-04-22 10:25:23 [Info] [4152] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 10:25:23 [Info] [4152] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 10:25:23 [Info] [4152] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 10:25:24 [Info] [4152] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 10:25:24 [Info] [4152] log memory size is 20480KB, real memory size is 14564KB
2026-04-22 10:25:24 [Info] [4152] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-22 10:25:24 [Info] [4152] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-22 10:25:27 [Info] [4152] item: --windows-driver-version-check
2026-04-22 10:25:27 [Info] [4152] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-04-22 10:25:27 [Info] [4152] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-04-22 10:25:27 [Info] [4152] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 10:25:27 [Info] [4152] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 10:25:27 [Info] [4152] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0
2026-04-22 10:25:27 [Info] [4152] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5
2026-04-22 10:25:28 [Info] [4152] Prepare stage1: --windows-driver-version-check
2026-04-22 10:25:28 [Info] [4152] Prepare stage2
2026-04-22 10:25:28 [Info] [4152] stage3: --windows-driver-version-check
2026-04-22 10:25:28 [Info] [4152] Loader after check
2026-04-22 10:25:29 [Info] [4152] Enter reuse wait state.
2026-04-22 10:25:33 [Info] [4152] recvmsg: EXIT
2026-04-22 10:25:33 [Info] [4152] Recv Exit Msg, Exit...
2026-04-22 10:25:56 [Info] [3096] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-22 10:26:07 [Info] [3096] log fd cnt is [300], real fd cnt is [363]
2026-04-22 10:26:23 [Info] [3096] stage3: --windows-schedule-task-check
2026-04-22 10:26:23 [Info] [3096] Loader after check
2026-04-22 10:26:24 [Info] [3096] Enter reuse wait state.
2026-04-22 10:26:28 [Info] [3096] recvmsg: EXIT
2026-04-22 10:26:28 [Info] [3096] Recv Exit Msg, Exit...
2026-04-22 10:27:36 [Info] [4968] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-22 10:27:36 [Info] [4968] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap15401776824856 
2026-04-22 10:27:36 [Info] [4968] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-22 10:27:36 [Info] [4968] Resource monitor start
2026-04-22 10:27:36 [Info] [4968] ipc client init success
2026-04-22 10:27:36 [Info] [4968] Ipc init: 0
2026-04-22 10:27:36 [Info] [4968] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-22 10:27:36 [Info] [4968] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-22 10:27:36 [Info] [4968] start ipc thread id[3700]
2026-04-22 10:27:36 [Info] [4968] Connect Yundun ipc server return state is 0
2026-04-22 10:27:36 [Info] [4968] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-22 10:27:36 [Info] [4968] CResourceMonitor::run Enter
2026-04-22 10:27:36 [Info] [4968] CIpcMsgHandlerMgr::run Enter
2026-04-22 10:27:36 [Info] [4968] yundun connected
2026-04-22 10:27:36 [Info] [4968] Report thread
2026-04-22 10:27:36 [Info] [4968] Monitor thread
2026-04-22 10:27:36 [Info] [4968] Loader thread
2026-04-22 10:27:36 [Info] [4968] PythonEngineImpl Init...
2026-04-22 10:27:37 [Info] [4968] recvmsg: HELLO
2026-04-22 10:27:38 [Info] [4968] recvmsg: WORK
2026-04-22 10:27:38 [Info] [4968] no use encode, return to old mode
2026-04-22 10:27:38 [Info] [4968] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 10:27:38 [Info] [4968] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 10:27:38 [Info] [4968] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 10:27:38 [Info] [4968] log fd cnt is [250], real fd cnt is [264]
2026-04-22 10:27:38 [Info] [4968] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 10:27:39 [Info] [4968] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-22 10:27:39 [Info] [4968] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-22 10:27:39 [Info] [4968] log memory size is 20480KB, real memory size is 14716KB
2026-04-22 10:27:40 [Info] [4968] item: --tcp-connect-check
2026-04-22 10:27:40 [Info] [4968] cgroup name aegisRtap0
2026-04-22 10:27:40 [Info] [4968] try get sys version
2026-04-22 10:27:40 [Info] [4968] win sys info:2/10:0:3
2026-04-22 10:27:40 [Info] [4968] suit legal version, enable cpu control
2026-04-22 10:27:40 [Info] [4968] get AssignProcessToJobObject handle [00000478]
2026-04-22 10:27:40 [Info] [4968] Set setJobExtended.
2026-04-22 10:27:40 [Info] [4968] Set cpu [9%]
2026-04-22 10:27:40 [Info] [4968] Set cpu success
2026-04-22 10:27:40 [Info] [4968] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-04-22 10:27:40 [Info] [4968] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-04-22 10:27:40 [Info] [4968] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 10:27:40 [Info] [4968] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 10:27:40 [Info] [4968] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0
2026-04-22 10:27:40 [Info] [4968] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5
2026-04-22 10:27:40 [Info] [4968] Prepare stage1: --tcp-connect-check
2026-04-22 10:27:40 [Info] [4968] Prepare stage2
2026-04-22 10:27:43 [Info] [4968] stage3: --tcp-connect-check
2026-04-22 10:27:43 [Info] [4968] Loader after check
2026-04-22 10:27:44 [Info] [4968] Enter reuse wait state.
2026-04-22 10:27:47 [Info] [4968] recvmsg: EXIT
2026-04-22 10:27:47 [Info] [4968] Recv Exit Msg, Exit...
2026-04-22 11:10:54 [Info] [804] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-22 11:10:54 [Info] [804] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap100241776827454 
2026-04-22 11:10:54 [Info] [804] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-22 11:10:54 [Info] [804] Resource monitor start
2026-04-22 11:10:54 [Info] [804] ipc client init success
2026-04-22 11:10:54 [Info] [804] Ipc init: 0
2026-04-22 11:10:54 [Info] [804] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-22 11:10:54 [Info] [804] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-22 11:10:54 [Info] [804] start ipc thread id[1400]
2026-04-22 11:10:54 [Info] [804] Connect Yundun ipc server return state is 0
2026-04-22 11:10:54 [Info] [804] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-22 11:10:54 [Info] [804] CResourceMonitor::run Enter
2026-04-22 11:10:54 [Info] [804] CIpcMsgHandlerMgr::run Enter
2026-04-22 11:10:54 [Info] [804] Report thread
2026-04-22 11:10:54 [Info] [804] Monitor thread
2026-04-22 11:10:54 [Info] [804] Loader thread
2026-04-22 11:10:54 [Info] [804] PythonEngineImpl Init...
2026-04-22 11:10:54 [Info] [804] yundun connected
2026-04-22 11:10:54 [Info] [804] recvmsg: HELLO
2026-04-22 11:10:55 [Info] [804] recvmsg: WORK
2026-04-22 11:10:55 [Info] [804] no use encode, return to old mode
2026-04-22 11:10:55 [Info] [804] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 11:10:55 [Info] [804] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 11:10:55 [Info] [804] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 11:10:55 [Info] [804] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 11:10:55 [Info] [804] log fd cnt is [250], real fd cnt is [282]
2026-04-22 11:10:55 [Info] [804] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-22 11:10:55 [Info] [804] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-22 11:10:56 [Info] [804] log memory size is 20480KB, real memory size is 14828KB
2026-04-22 11:10:56 [Info] [804] item: --windows-autorun-item-check
2026-04-22 11:10:56 [Info] [804] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-04-22 11:10:56 [Info] [804] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-04-22 11:10:56 [Info] [804] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 11:10:56 [Info] [804] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 11:10:56 [Info] [804] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0
2026-04-22 11:10:56 [Info] [804] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5
2026-04-22 11:10:57 [Info] [804] Prepare stage1: --windows-autorun-item-check
2026-04-22 11:10:57 [Info] [804] Prepare stage2
2026-04-22 11:10:57 [Warn] [804] high cpu, cpu is 16
2026-04-22 11:10:57 [Info] [804] try get sys version
2026-04-22 11:10:57 [Info] [804] win sys info:2/10:0:3
2026-04-22 11:10:57 [Info] [804] suit legal version, enable cpu control
2026-04-22 11:10:57 [Warn] [804] High CPU Warning: 16
2026-04-22 11:10:57 [Warn] [804] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:windows-autorun-item-check.py line: 220 in func: EnumRegKeyValue
File:windows-autorun-item-check.py line: 257 in func: GetAutoRunByReg
File:windows-autorun-item-check.py line: 500 in func: check
File:windows-autorun-item-check.py line: 80 in func: main
File:windows-autorun-item-check.py line: 534 in func: start
2026-04-22 11:11:00 [Info] [804] log memory size is 30720KB, real memory size is 22596KB
2026-04-22 11:11:07 [Info] [804] stage3: --windows-autorun-item-check
2026-04-22 11:11:07 [Info] [804] Loader after check
2026-04-22 11:11:08 [Info] [804] Enter reuse wait state.
2026-04-22 11:11:10 [Info] [804] recvmsg: EXIT
2026-04-22 11:11:10 [Info] [804] Recv Exit Msg, Exit...
2026-04-22 14:36:07 [Info] [3984] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-22 14:36:07 [Info] [3984] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap174131776839751 
2026-04-22 14:36:07 [Info] [3984] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-22 14:36:07 [Info] [3984] Resource monitor start
2026-04-22 14:36:07 [Info] [3984] ipc client init success
2026-04-22 14:36:07 [Info] [3984] Ipc init: 0
2026-04-22 14:36:07 [Info] [3984] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-22 14:36:07 [Info] [3984] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-22 14:36:07 [Info] [3984] start ipc thread id[1952]
2026-04-22 14:36:07 [Info] [3984] Connect Yundun ipc server return state is 0
2026-04-22 14:36:07 [Info] [3984] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-22 14:36:07 [Info] [3984] CResourceMonitor::run Enter
2026-04-22 14:36:07 [Info] [3984] CIpcMsgHandlerMgr::run Enter
2026-04-22 14:36:07 [Info] [3984] Report thread
2026-04-22 14:36:07 [Info] [3984] Monitor thread
2026-04-22 14:36:07 [Info] [3984] Loader thread
2026-04-22 14:36:07 [Info] [3984] PythonEngineImpl Init...
2026-04-22 14:36:13 [Info] [3984] yundun connected
2026-04-22 14:36:13 [Info] [3984] recvmsg: HELLO
2026-04-22 14:36:13 [Info] [3984] recvmsg: WORK
2026-04-22 14:36:13 [Info] [3984] no use encode, return to old mode
2026-04-22 14:36:13 [Info] [3984] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 14:36:13 [Info] [3984] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 14:36:13 [Info] [3984] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 14:36:16 [Info] [3984] log fd cnt is [250], real fd cnt is [264]
2026-04-22 14:36:17 [Info] [3984] log memory size is 20480KB, real memory size is 13152KB
2026-04-22 14:36:28 [Warn] [3984] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-22 14:36:38 [Warn] [3984] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-22 14:36:39 [Info] [3984] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 14:36:39 [Info] [3984] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-22 14:36:39 [Info] [3984] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-22 14:36:40 [Info] [3984] item: --windows-sysinfoext-check
2026-04-22 14:36:40 [Info] [3984] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-22 14:36:40 [Info] [3984] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-22 14:36:40 [Info] [3984] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 14:36:40 [Info] [3984] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 14:36:40 [Info] [3984] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-22 14:36:40 [Info] [3984] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-22 14:36:40 [Info] [3984] Prepare stage1: --windows-sysinfoext-check
2026-04-22 14:36:40 [Info] [3984] Prepare stage2
2026-04-22 14:36:41 [Info] [3984] log memory size is 30720KB, real memory size is 23164KB
2026-04-22 14:36:42 [Info] [3984] stage3: --windows-sysinfoext-check
2026-04-22 14:36:42 [Info] [3984] Loader after check
2026-04-22 14:36:42 [Warn] [3984] high cpu, cpu is 14
2026-04-22 14:36:42 [Info] [3984] try get sys version
2026-04-22 14:36:42 [Info] [3984] win sys info:2/10:0:3
2026-04-22 14:36:42 [Info] [3984] suit legal version, enable cpu control
2026-04-22 14:36:42 [Warn] [3984] High CPU Warning: 14
2026-04-22 14:36:42 [Warn] [3984] resource monitor exp type: High CPU Warning, script runing: 0
2026-04-22 14:36:43 [Info] [3984] Enter reuse wait state.
2026-04-22 14:36:45 [Info] [3984] recvmsg: EXIT
2026-04-22 14:36:45 [Info] [3984] Recv Exit Msg, Exit...
2026-04-22 18:26:21 [Info] [756] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-22 18:26:21 [Info] [756] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap298081776853581 
2026-04-22 18:26:21 [Info] [756] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-22 18:26:21 [Info] [756] Resource monitor start
2026-04-22 18:26:21 [Info] [756] ipc client init success
2026-04-22 18:26:21 [Info] [756] Ipc init: 0
2026-04-22 18:26:21 [Info] [756] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-22 18:26:21 [Info] [756] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-22 18:26:21 [Info] [756] start ipc thread id[2532]
2026-04-22 18:26:21 [Info] [756] Connect Yundun ipc server return state is 0
2026-04-22 18:26:21 [Info] [756] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-22 18:26:21 [Info] [756] CResourceMonitor::run Enter
2026-04-22 18:26:21 [Info] [756] CIpcMsgHandlerMgr::run Enter
2026-04-22 18:26:21 [Info] [756] Report thread
2026-04-22 18:26:21 [Info] [756] Monitor thread
2026-04-22 18:26:21 [Info] [756] Loader thread
2026-04-22 18:26:21 [Info] [756] PythonEngineImpl Init...
2026-04-22 18:26:21 [Info] [756] yundun connected
2026-04-22 18:26:22 [Info] [756] recvmsg: HELLO
2026-04-22 18:26:22 [Info] [756] recvmsg: WORK
2026-04-22 18:26:22 [Info] [756] no use encode, return to old mode
2026-04-22 18:26:22 [Info] [756] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 18:26:22 [Info] [756] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 18:26:22 [Info] [756] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 18:26:22 [Info] [756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 18:26:23 [Info] [756] log fd cnt is [250], real fd cnt is [282]
2026-04-22 18:26:24 [Info] [756] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-22 18:26:24 [Info] [756] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-22 18:26:24 [Info] [756] log memory size is 20480KB, real memory size is 14828KB
2026-04-22 18:26:25 [Info] [756] item: --secnet_rasp_agent
2026-04-22 18:26:25 [Info] [756] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-04-22 18:26:25 [Info] [756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-04-22 18:26:25 [Info] [756] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-04-22 18:26:25 [Info] [756] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-04-22 18:26:25 [Info] [756] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-04-22 18:26:25 [Info] [756] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-04-22 18:26:25 [Info] [756] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-04-22 18:26:25 [Info] [756] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-04-22 18:26:25 [Info] [756] Download redirect files success.
2026-04-22 18:26:25 [Info] [756] Prepare stage1: --secnet_rasp_agent
2026-04-22 18:26:25 [Info] [756] Prepare stage2
2026-04-22 18:26:26 [Warn] [756] high cpu, cpu is 14
2026-04-22 18:26:26 [Info] [756] try get sys version
2026-04-22 18:26:26 [Info] [756] win sys info:2/10:0:3
2026-04-22 18:26:26 [Info] [756] suit legal version, enable cpu control
2026-04-22 18:26:26 [Warn] [756] High CPU Warning: 14
2026-04-22 18:26:27 [Warn] [756] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-04-22 18:26:27 [Info] [756] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-04-22 18:26:27 [Info] [756] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-04-22 18:26:27 [Info] [756] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 18:26:27 [Info] [756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 18:26:27 [Info] [756] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-04-22 18:26:27 [Info] [756] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-04-22 18:26:27 [Info] [756] stage3: --secnet_rasp_agent
2026-04-22 18:26:27 [Info] [756] Loader after check
2026-04-22 18:26:28 [Info] [756] Enter reuse wait state.
2026-04-22 18:26:30 [Info] [756] log memory size is 30720KB, real memory size is 21412KB
2026-04-22 18:26:33 [Info] [756] recvmsg: EXIT
2026-04-22 18:26:33 [Info] [756] Recv Exit Msg, Exit...
2026-04-22 20:01:48 [Info] [4552] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-22 20:01:48 [Info] [4552] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap156701776859286 
2026-04-22 20:01:48 [Info] [4552] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-22 20:01:48 [Info] [4552] Resource monitor start
2026-04-22 20:01:48 [Info] [4552] ipc client init success
2026-04-22 20:01:48 [Info] [4552] Ipc init: 0
2026-04-22 20:01:48 [Info] [4552] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-22 20:01:48 [Info] [4552] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-22 20:01:48 [Info] [4552] start ipc thread id[1676]
2026-04-22 20:01:48 [Info] [4552] Connect Yundun ipc server return state is 0
2026-04-22 20:01:48 [Info] [4552] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-22 20:01:52 [Info] [4552] CIpcMsgHandlerMgr::run Enter
2026-04-22 20:01:52 [Info] [4552] CResourceMonitor::run Enter
2026-04-22 20:01:53 [Info] [4552] log fd cnt is [250], real fd cnt is [242]
2026-04-22 20:01:53 [Info] [4552] Loader thread
2026-04-22 20:01:53 [Info] [4552] PythonEngineImpl Init...
2026-04-22 20:01:54 [Info] [4552] Monitor thread
2026-04-22 20:01:54 [Info] [4552] Report thread
2026-04-22 20:01:54 [Info] [4552] yundun connected
2026-04-22 20:01:54 [Info] [4552] recvmsg: HELLO
2026-04-22 20:01:54 [Info] [4552] recvmsg: WORK
2026-04-22 20:01:54 [Info] [4552] no use encode, return to old mode
2026-04-22 20:01:54 [Info] [4552] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 20:01:54 [Info] [4552] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-22 20:01:54 [Info] [4552] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 20:01:54 [Info] [4552] log memory size is 20480KB, real memory size is 13140KB
2026-04-22 20:02:17 [Warn] [4552] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-22 20:02:27 [Warn] [4552] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-22 20:02:37 [Warn] [4552] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-04-22 20:02:37 [Info] [4552] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 20:02:37 [Info] [4552] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-22 20:02:37 [Info] [4552] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-22 20:02:39 [Info] [4552] item: --windows-sysinfoext-check
2026-04-22 20:02:39 [Info] [4552] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-22 20:02:39 [Info] [4552] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-22 20:02:39 [Info] [4552] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-22 20:02:39 [Info] [4552] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-22 20:02:39 [Info] [4552] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-22 20:02:39 [Info] [4552] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-22 20:02:39 [Info] [4552] Prepare stage1: --windows-sysinfoext-check
2026-04-22 20:02:39 [Info] [4552] Prepare stage2
2026-04-22 20:02:40 [Warn] [4552] high cpu, cpu is 15
2026-04-22 20:02:40 [Info] [4552] try get sys version
2026-04-22 20:02:40 [Info] [4552] win sys info:2/10:0:3
2026-04-22 20:02:40 [Info] [4552] suit legal version, enable cpu control
2026-04-22 20:02:40 [Warn] [4552] High CPU Warning: 15
2026-04-22 20:02:40 [Warn] [4552] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:util.py line: 84 in func: next
File:wmi.py line: 1009 in func: query
File:wmi.py line: 817 in func: query
File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion
File:windows-sysinfoext-check.py line: 168 in func: check
File:windows-sysinfoext-check.py line: 143 in func: main
File:windows-sysinfoext-check.py line: 200 in func: start
2026-04-22 20:02:43 [Info] [4552] log memory size is 30720KB, real memory size is 23176KB
2026-04-22 20:02:45 [Info] [4552] stage3: --windows-sysinfoext-check
2026-04-22 20:02:45 [Info] [4552] Loader after check
2026-04-22 20:02:46 [Warn] [4552] high cpu, cpu is 12
2026-04-22 20:02:46 [Warn] [4552] High CPU Warning: 12
2026-04-22 20:02:46 [Warn] [4552] resource monitor exp type: High CPU Warning, script runing: 0
2026-04-22 20:02:46 [Info] [4552] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-22 20:02:46 [Info] [4552] Enter reuse wait state.
2026-04-22 20:02:50 [Info] [4552] recvmsg: EXIT
2026-04-22 20:02:50 [Info] [4552] Recv Exit Msg, Exit...
2026-04-29 01:46:47 [Info] [2680] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-29 01:46:47 [Info] [2680] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap67401777398407 
2026-04-29 01:46:47 [Info] [2680] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-29 01:46:47 [Info] [2680] Resource monitor start
2026-04-29 01:46:47 [Info] [2680] ipc client init success
2026-04-29 01:46:47 [Info] [2680] Ipc init: 0
2026-04-29 01:46:47 [Info] [2680] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-29 01:46:47 [Info] [2680] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-29 01:46:47 [Info] [2680] start ipc thread id[1128]
2026-04-29 01:46:47 [Info] [2680] Connect Yundun ipc server return state is 0
2026-04-29 01:46:47 [Info] [2680] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-29 01:46:47 [Info] [2680] CResourceMonitor::run Enter
2026-04-29 01:46:47 [Info] [2680] CIpcMsgHandlerMgr::run Enter
2026-04-29 01:46:47 [Info] [2680] Report thread
2026-04-29 01:46:47 [Info] [2680] Monitor thread
2026-04-29 01:46:47 [Info] [2680] Loader thread
2026-04-29 01:46:47 [Info] [2680] PythonEngineImpl Init...
2026-04-29 01:46:47 [Info] [2680] yundun connected
2026-04-29 01:46:48 [Info] [2680] recvmsg: HELLO
2026-04-29 01:46:48 [Info] [2680] recvmsg: WORK
2026-04-29 01:46:48 [Info] [2680] no use encode, return to old mode
2026-04-29 01:46:48 [Info] [2680] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 01:46:48 [Info] [2680] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 01:46:48 [Info] [2680] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 01:46:48 [Info] [2680] log fd cnt is [250], real fd cnt is [274]
2026-04-29 01:46:49 [Info] [2680] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 01:46:49 [Info] [2680] log memory size is 20480KB, real memory size is 14660KB
2026-04-29 01:46:49 [Info] [2680] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-29 01:46:49 [Info] [2680] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-29 01:46:50 [Info] [2680] item: --sca
2026-04-29 01:46:50 [Info] [2680] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-04-29 01:46:51 [Info] [2680] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-04-29 01:46:51 [Info] [2680] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py
2026-04-29 01:46:51 [Info] [2680] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py
2026-04-29 01:46:51 [Info] [2680] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py
2026-04-29 01:46:51 [Info] [2680] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py
2026-04-29 01:46:51 [Info] [2680] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py
2026-04-29 01:46:51 [Info] [2680] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py
2026-04-29 01:46:51 [Info] [2680] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py
2026-04-29 01:46:51 [Info] [2680] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py
2026-04-29 01:46:51 [Info] [2680] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py
2026-04-29 01:46:51 [Info] [2680] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py
2026-04-29 01:46:51 [Info] [2680] Download redirect files success.
2026-04-29 01:46:51 [Info] [2680] Prepare stage1: --sca
2026-04-29 01:46:51 [Info] [2680] Prepare stage2
2026-04-29 01:46:52 [Warn] [2680] high cpu, cpu is 14
2026-04-29 01:46:52 [Info] [2680] try get sys version
2026-04-29 01:46:52 [Info] [2680] win sys info:2/10:0:3
2026-04-29 01:46:52 [Info] [2680] suit legal version, enable cpu control
2026-04-29 01:46:52 [Warn] [2680] High CPU Warning: 14
2026-04-29 01:46:52 [Warn] [2680] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:hashlib.py line: 134 in func: <module>
File:random.py line: 49 in func: <module>
File:sca_utils.py line: 18 in func: <module>
File:sca.py line: 44 in func: <module>
2026-04-29 01:46:53 [Info] [2680] log memory size is 30720KB, real memory size is 32796KB
2026-04-29 01:46:59 [Info] [2680] log memory size is 40960KB, real memory size is 33128KB
2026-04-29 01:47:33 [Info] [2680] stage3: --sca
2026-04-29 01:47:33 [Info] [2680] Loader after check
2026-04-29 01:47:34 [Info] [2680] Enter reuse wait state.
2026-04-29 01:47:39 [Info] [2680] recvmsg: EXIT
2026-04-29 01:47:39 [Info] [2680] Recv Exit Msg, Exit...
2026-04-29 05:16:33 [Info] [4276] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-29 05:16:33 [Info] [4276] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap150731777410993 
2026-04-29 05:16:33 [Info] [4276] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-29 05:16:33 [Info] [4276] Resource monitor start
2026-04-29 05:16:33 [Info] [4276] ipc client init success
2026-04-29 05:16:33 [Info] [4276] Ipc init: 0
2026-04-29 05:16:33 [Info] [4276] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-29 05:16:33 [Info] [4276] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-29 05:16:33 [Info] [4276] start ipc thread id[3236]
2026-04-29 05:16:33 [Info] [4276] Connect Yundun ipc server return state is 0
2026-04-29 05:16:33 [Info] [4276] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-29 05:16:33 [Info] [4276] CResourceMonitor::run Enter
2026-04-29 05:16:33 [Info] [4276] CIpcMsgHandlerMgr::run Enter
2026-04-29 05:16:33 [Info] [4276] Report thread
2026-04-29 05:16:33 [Info] [4276] Monitor thread
2026-04-29 05:16:33 [Info] [4276] Loader thread
2026-04-29 05:16:33 [Info] [4276] PythonEngineImpl Init...
2026-04-29 05:16:33 [Info] [4276] yundun connected
2026-04-29 05:16:34 [Info] [4276] recvmsg: HELLO
2026-04-29 05:16:34 [Info] [4276] recvmsg: WORK
2026-04-29 05:16:34 [Info] [4276] no use encode, return to old mode
2026-04-29 05:16:34 [Info] [4276] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 05:16:34 [Info] [4276] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 05:16:34 [Info] [4276] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 05:16:34 [Info] [4276] log fd cnt is [250], real fd cnt is [274]
2026-04-29 05:16:35 [Info] [4276] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 05:16:35 [Info] [4276] log memory size is 20480KB, real memory size is 14620KB
2026-04-29 05:16:35 [Info] [4276] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-29 05:16:35 [Info] [4276] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-29 05:16:36 [Info] [4276] item: --windows-sysinfoext-check
2026-04-29 05:16:36 [Info] [4276] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-29 05:16:36 [Info] [4276] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-29 05:16:36 [Info] [4276] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 05:16:37 [Info] [4276] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 05:16:37 [Info] [4276] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-29 05:16:37 [Info] [4276] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-29 05:16:37 [Info] [4276] Prepare stage1: --windows-sysinfoext-check
2026-04-29 05:16:37 [Info] [4276] Prepare stage2
2026-04-29 05:16:39 [Info] [4276] stage3: --windows-sysinfoext-check
2026-04-29 05:16:39 [Info] [4276] Loader after check
2026-04-29 05:16:40 [Info] [4276] log memory size is 30720KB, real memory size is 23176KB
2026-04-29 05:16:40 [Info] [4276] Enter reuse wait state.
2026-04-29 05:16:41 [Info] [4276] recvmsg: EXIT
2026-04-29 05:16:41 [Info] [4276] Recv Exit Msg, Exit...
2026-04-29 07:45:05 [Info] [5040] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-29 07:45:05 [Info] [5040] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap114081777419905 
2026-04-29 07:45:05 [Info] [5040] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-29 07:45:05 [Info] [5040] Resource monitor start
2026-04-29 07:45:05 [Info] [5040] ipc client init success
2026-04-29 07:45:05 [Info] [5040] Ipc init: 0
2026-04-29 07:45:05 [Info] [5040] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-29 07:45:05 [Info] [5040] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-29 07:45:05 [Info] [5040] start ipc thread id[4844]
2026-04-29 07:45:05 [Info] [5040] Connect Yundun ipc server return state is 0
2026-04-29 07:45:05 [Info] [5040] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-29 07:45:05 [Info] [5040] CResourceMonitor::run Enter
2026-04-29 07:45:05 [Info] [5040] CIpcMsgHandlerMgr::run Enter
2026-04-29 07:45:05 [Info] [5040] Report thread
2026-04-29 07:45:05 [Info] [5040] Monitor thread
2026-04-29 07:45:05 [Info] [5040] Loader thread
2026-04-29 07:45:05 [Info] [5040] PythonEngineImpl Init...
2026-04-29 07:45:05 [Info] [5040] yundun connected
2026-04-29 07:45:05 [Info] [5040] recvmsg: HELLO
2026-04-29 07:45:06 [Info] [5040] recvmsg: WORK
2026-04-29 07:45:06 [Info] [5040] no use encode, return to old mode
2026-04-29 07:45:06 [Info] [5040] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 07:45:06 [Info] [5040] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 07:45:06 [Info] [5040] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 07:45:06 [Info] [5040] log fd cnt is [250], real fd cnt is [282]
2026-04-29 07:45:06 [Info] [5040] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 07:45:06 [Info] [5040] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-29 07:45:06 [Info] [5040] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-29 07:45:07 [Info] [5040] log memory size is 20480KB, real memory size is 14740KB
2026-04-29 07:45:07 [Info] [5040] item: --windows-vul-clean
2026-04-29 07:45:07 [Info] [5040] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-04-29 07:45:07 [Info] [5040] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-04-29 07:45:07 [Info] [5040] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 07:45:07 [Info] [5040] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 07:45:08 [Info] [5040] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0
2026-04-29 07:45:08 [Info] [5040] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5
2026-04-29 07:45:08 [Info] [5040] Prepare stage1: --windows-vul-clean
2026-04-29 07:45:08 [Info] [5040] Prepare stage2
2026-04-29 07:45:08 [Info] [5040] stage3: --windows-vul-clean
2026-04-29 07:45:08 [Info] [5040] Loader after check
2026-04-29 07:45:09 [Info] [5040] Enter reuse wait state.
2026-04-29 07:45:13 [Info] [5040] recvmsg: EXIT
2026-04-29 07:45:13 [Info] [5040] Recv Exit Msg, Exit...
2026-04-29 08:43:37 [Info] [792] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-29 08:43:37 [Info] [792] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap228761777423417 
2026-04-29 08:43:37 [Info] [792] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-29 08:43:37 [Info] [792] Resource monitor start
2026-04-29 08:43:37 [Info] [792] ipc client init success
2026-04-29 08:43:37 [Info] [792] Ipc init: 0
2026-04-29 08:43:37 [Info] [792] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-29 08:43:37 [Info] [792] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-29 08:43:37 [Info] [792] start ipc thread id[3316]
2026-04-29 08:43:37 [Info] [792] Connect Yundun ipc server return state is 0
2026-04-29 08:43:37 [Info] [792] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-29 08:43:37 [Info] [792] CResourceMonitor::run Enter
2026-04-29 08:43:37 [Info] [792] CIpcMsgHandlerMgr::run Enter
2026-04-29 08:43:37 [Info] [792] Report thread
2026-04-29 08:43:37 [Info] [792] Monitor thread
2026-04-29 08:43:37 [Info] [792] Loader thread
2026-04-29 08:43:37 [Info] [792] PythonEngineImpl Init...
2026-04-29 08:43:37 [Info] [792] yundun connected
2026-04-29 08:43:37 [Info] [792] recvmsg: HELLO
2026-04-29 08:43:37 [Info] [792] recvmsg: WORK
2026-04-29 08:43:37 [Info] [792] no use encode, return to old mode
2026-04-29 08:43:37 [Info] [792] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 08:43:37 [Info] [792] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 08:43:37 [Info] [792] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 08:43:38 [Info] [792] log fd cnt is [250], real fd cnt is [282]
2026-04-29 08:43:38 [Info] [792] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 08:43:38 [Info] [792] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-29 08:43:38 [Info] [792] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-29 08:43:39 [Info] [792] log memory size is 20480KB, real memory size is 14788KB
2026-04-29 08:43:39 [Info] [792] item: --windows-process-check
2026-04-29 08:43:39 [Info] [792] cgroup name aegisRtap0
2026-04-29 08:43:39 [Info] [792] try get sys version
2026-04-29 08:43:39 [Info] [792] win sys info:2/10:0:3
2026-04-29 08:43:39 [Info] [792] suit legal version, enable cpu control
2026-04-29 08:43:39 [Info] [792] get AssignProcessToJobObject handle [00000478]
2026-04-29 08:43:39 [Info] [792] Set setJobExtended.
2026-04-29 08:43:39 [Info] [792] Set cpu [9%]
2026-04-29 08:43:39 [Info] [792] Set cpu success
2026-04-29 08:43:39 [Info] [792] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-04-29 08:43:39 [Info] [792] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-04-29 08:43:39 [Info] [792] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 08:43:40 [Info] [792] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 08:43:40 [Info] [792] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0
2026-04-29 08:43:40 [Info] [792] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5
2026-04-29 08:43:40 [Info] [792] Prepare stage1: --windows-process-check
2026-04-29 08:43:40 [Info] [792] Prepare stage2
2026-04-29 08:43:43 [Info] [792] log memory size is 30720KB, real memory size is 20580KB
2026-04-29 08:43:58 [Info] [792] stage3: --windows-process-check
2026-04-29 08:43:58 [Info] [792] Loader after check
2026-04-29 08:43:59 [Info] [792] Enter reuse wait state.
2026-04-29 08:44:00 [Info] [792] recvmsg: EXIT
2026-04-29 08:44:00 [Info] [792] Recv Exit Msg, Exit...
2026-04-29 10:25:25 [Info] [3208] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-29 10:25:25 [Info] [3208] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap100541777429525 
2026-04-29 10:25:25 [Info] [3208] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-29 10:25:25 [Info] [3208] Resource monitor start
2026-04-29 10:25:25 [Info] [3208] ipc client init success
2026-04-29 10:25:25 [Info] [3208] Ipc init: 0
2026-04-29 10:25:25 [Info] [3208] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-29 10:25:25 [Info] [3208] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-29 10:25:25 [Info] [3208] start ipc thread id[2344]
2026-04-29 10:25:25 [Info] [3208] Connect Yundun ipc server return state is 0
2026-04-29 10:25:25 [Info] [3208] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-29 10:25:25 [Info] [3208] CResourceMonitor::run Enter
2026-04-29 10:25:25 [Info] [3208] CIpcMsgHandlerMgr::run Enter
2026-04-29 10:25:25 [Info] [3208] Report thread
2026-04-29 10:25:25 [Info] [3208] Monitor thread
2026-04-29 10:25:25 [Info] [3208] Loader thread
2026-04-29 10:25:25 [Info] [3208] PythonEngineImpl Init...
2026-04-29 10:25:25 [Info] [3208] yundun connected
2026-04-29 10:25:26 [Info] [3208] recvmsg: HELLO
2026-04-29 10:25:26 [Info] [3208] recvmsg: WORK
2026-04-29 10:25:26 [Info] [3208] no use encode, return to old mode
2026-04-29 10:25:26 [Info] [3208] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 10:25:26 [Info] [3208] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 10:25:26 [Info] [3208] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 10:25:26 [Info] [3208] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 10:25:26 [Info] [3208] log fd cnt is [250], real fd cnt is [286]
2026-04-29 10:25:26 [Info] [3208] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-29 10:25:26 [Info] [3208] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-29 10:25:27 [Info] [3208] log memory size is 20480KB, real memory size is 14804KB
2026-04-29 10:25:28 [Info] [3208] item: --windows-registry-check
2026-04-29 10:25:28 [Info] [3208] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-04-29 10:25:28 [Info] [3208] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-04-29 10:25:28 [Info] [3208] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 10:25:28 [Info] [3208] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 10:25:28 [Info] [3208] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0
2026-04-29 10:25:28 [Info] [3208] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5
2026-04-29 10:25:28 [Info] [3208] Prepare stage1: --windows-registry-check
2026-04-29 10:25:28 [Info] [3208] Prepare stage2
2026-04-29 10:25:57 [Info] [3208] stage3: --windows-registry-check
2026-04-29 10:25:57 [Info] [3208] Loader after check
2026-04-29 10:25:58 [Info] [3208] Enter reuse wait state.
2026-04-29 10:26:01 [Info] [3208] recvmsg: EXIT
2026-04-29 10:26:01 [Info] [3208] Recv Exit Msg, Exit...
2026-04-29 10:26:33 [Info] [1424] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-29 10:26:33 [Info] [1424] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap102761777429593 
2026-04-29 10:26:33 [Info] [1424] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-29 10:26:33 [Info] [1424] Resource monitor start
2026-04-29 10:26:33 [Info] [1424] ipc client init success
2026-04-29 10:26:33 [Info] [1424] Ipc init: 0
2026-04-29 10:26:33 [Info] [1424] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-29 10:26:33 [Info] [1424] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-29 10:26:33 [Info] [1424] start ipc thread id[2876]
2026-04-29 10:26:33 [Info] [1424] Connect Yundun ipc server return state is 0
2026-04-29 10:26:33 [Info] [1424] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-29 10:26:33 [Info] [1424] CResourceMonitor::run Enter
2026-04-29 10:26:33 [Info] [1424] CIpcMsgHandlerMgr::run Enter
2026-04-29 10:26:33 [Info] [1424] Report thread
2026-04-29 10:26:33 [Info] [1424] Monitor thread
2026-04-29 10:26:33 [Info] [1424] Loader thread
2026-04-29 10:26:33 [Info] [1424] PythonEngineImpl Init...
2026-04-29 10:26:33 [Info] [1424] yundun connected
2026-04-29 10:26:33 [Info] [1424] recvmsg: HELLO
2026-04-29 10:26:33 [Info] [1424] recvmsg: WORK
2026-04-29 10:26:33 [Info] [1424] no use encode, return to old mode
2026-04-29 10:26:33 [Info] [1424] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 10:26:33 [Info] [1424] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 10:26:33 [Info] [1424] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 10:26:34 [Info] [1424] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 10:26:34 [Info] [1424] log fd cnt is [250], real fd cnt is [282]
2026-04-29 10:26:34 [Info] [1424] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-29 10:26:34 [Info] [1424] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-29 10:26:35 [Info] [1424] log memory size is 20480KB, real memory size is 14820KB
2026-04-29 10:26:35 [Info] [1424] item: --windows-driver-version-check
2026-04-29 10:26:35 [Info] [1424] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-04-29 10:26:35 [Info] [1424] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-04-29 10:26:35 [Info] [1424] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 10:26:35 [Info] [1424] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 10:26:35 [Info] [1424] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0
2026-04-29 10:26:35 [Info] [1424] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5
2026-04-29 10:26:35 [Info] [1424] Prepare stage1: --windows-driver-version-check
2026-04-29 10:26:35 [Info] [1424] Prepare stage2
2026-04-29 10:26:36 [Info] [1424] stage3: --windows-driver-version-check
2026-04-29 10:26:36 [Info] [1424] Loader after check
2026-04-29 10:26:37 [Info] [1424] Enter reuse wait state.
2026-04-29 10:26:40 [Info] [1424] recvmsg: EXIT
2026-04-29 10:26:40 [Info] [1424] Recv Exit Msg, Exit...
2026-04-29 10:31:14 [Info] [5016] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-29 10:31:14 [Info] [5016] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap111941777429874 
2026-04-29 10:31:14 [Info] [5016] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-29 10:31:14 [Info] [5016] Resource monitor start
2026-04-29 10:31:14 [Info] [5016] ipc client init success
2026-04-29 10:31:14 [Info] [5016] Ipc init: 0
2026-04-29 10:31:14 [Info] [5016] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-29 10:31:14 [Info] [5016] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-29 10:31:14 [Info] [5016] start ipc thread id[4564]
2026-04-29 10:31:14 [Info] [5016] Connect Yundun ipc server return state is 0
2026-04-29 10:31:14 [Info] [5016] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-29 10:31:14 [Info] [5016] CResourceMonitor::run Enter
2026-04-29 10:31:14 [Info] [5016] CIpcMsgHandlerMgr::run Enter
2026-04-29 10:31:14 [Info] [5016] Report thread
2026-04-29 10:31:14 [Info] [5016] Monitor thread
2026-04-29 10:31:14 [Info] [5016] Loader thread
2026-04-29 10:31:14 [Info] [5016] PythonEngineImpl Init...
2026-04-29 10:31:14 [Info] [5016] yundun connected
2026-04-29 10:31:14 [Info] [5016] recvmsg: HELLO
2026-04-29 10:31:14 [Info] [5016] recvmsg: WORK
2026-04-29 10:31:14 [Info] [5016] no use encode, return to old mode
2026-04-29 10:31:14 [Info] [5016] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 10:31:14 [Info] [5016] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 10:31:14 [Info] [5016] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 10:31:15 [Info] [5016] log fd cnt is [250], real fd cnt is [282]
2026-04-29 10:31:15 [Info] [5016] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 10:31:15 [Info] [5016] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-29 10:31:15 [Info] [5016] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-29 10:31:16 [Info] [5016] log memory size is 20480KB, real memory size is 14744KB
2026-04-29 10:31:16 [Info] [5016] item: --tcp-connect-check
2026-04-29 10:31:16 [Info] [5016] cgroup name aegisRtap0
2026-04-29 10:31:16 [Info] [5016] try get sys version
2026-04-29 10:31:16 [Info] [5016] win sys info:2/10:0:3
2026-04-29 10:31:16 [Info] [5016] suit legal version, enable cpu control
2026-04-29 10:31:16 [Info] [5016] get AssignProcessToJobObject handle [00000478]
2026-04-29 10:31:16 [Info] [5016] Set setJobExtended.
2026-04-29 10:31:16 [Info] [5016] Set cpu [9%]
2026-04-29 10:31:16 [Info] [5016] Set cpu success
2026-04-29 10:31:16 [Info] [5016] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-04-29 10:31:16 [Info] [5016] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-04-29 10:31:16 [Info] [5016] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 10:31:16 [Info] [5016] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 10:31:16 [Info] [5016] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0
2026-04-29 10:31:16 [Info] [5016] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5
2026-04-29 10:31:16 [Info] [5016] Prepare stage1: --tcp-connect-check
2026-04-29 10:31:16 [Info] [5016] Prepare stage2
2026-04-29 10:31:19 [Info] [5016] stage3: --tcp-connect-check
2026-04-29 10:31:19 [Info] [5016] Loader after check
2026-04-29 10:31:20 [Info] [5016] Enter reuse wait state.
2026-04-29 10:31:25 [Info] [5016] recvmsg: EXIT
2026-04-29 10:31:25 [Info] [5016] Recv Exit Msg, Exit...
2026-04-29 10:32:13 [Info] [2808] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-29 10:32:13 [Info] [2808] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap113871777429933 
2026-04-29 10:32:13 [Info] [2808] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-29 10:32:13 [Info] [2808] Resource monitor start
2026-04-29 10:32:13 [Info] [2808] ipc client init success
2026-04-29 10:32:13 [Info] [2808] Ipc init: 0
2026-04-29 10:32:13 [Info] [2808] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-29 10:32:13 [Info] [2808] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-29 10:32:13 [Info] [2808] start ipc thread id[2640]
2026-04-29 10:32:13 [Info] [2808] Connect Yundun ipc server return state is 0
2026-04-29 10:32:13 [Info] [2808] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-29 10:32:13 [Info] [2808] CResourceMonitor::run Enter
2026-04-29 10:32:13 [Info] [2808] CIpcMsgHandlerMgr::run Enter
2026-04-29 10:32:13 [Info] [2808] Report thread
2026-04-29 10:32:13 [Info] [2808] Monitor thread
2026-04-29 10:32:13 [Info] [2808] Loader thread
2026-04-29 10:32:13 [Info] [2808] PythonEngineImpl Init...
2026-04-29 10:32:13 [Info] [2808] yundun connected
2026-04-29 10:32:14 [Info] [2808] recvmsg: HELLO
2026-04-29 10:32:14 [Info] [2808] recvmsg: WORK
2026-04-29 10:32:14 [Info] [2808] no use encode, return to old mode
2026-04-29 10:32:14 [Info] [2808] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 10:32:14 [Info] [2808] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 10:32:14 [Info] [2808] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 10:32:14 [Info] [2808] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 10:32:14 [Info] [2808] log fd cnt is [250], real fd cnt is [282]
2026-04-29 10:32:14 [Info] [2808] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-29 10:32:14 [Info] [2808] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-29 10:32:15 [Info] [2808] log memory size is 20480KB, real memory size is 14784KB
2026-04-29 10:32:16 [Info] [2808] item: --windows-schedule-task-check
2026-04-29 10:32:16 [Info] [2808] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-04-29 10:32:16 [Info] [2808] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-04-29 10:32:16 [Info] [2808] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 10:32:16 [Info] [2808] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 10:32:16 [Info] [2808] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0
2026-04-29 10:32:16 [Info] [2808] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5
2026-04-29 10:32:16 [Info] [2808] Prepare stage1: --windows-schedule-task-check
2026-04-29 10:32:16 [Info] [2808] Prepare stage2
2026-04-29 10:32:19 [Info] [2808] log memory size is 30720KB, real memory size is 23612KB
2026-04-29 10:32:40 [Info] [2808] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-29 10:32:46 [Info] [2808] stage3: --windows-schedule-task-check
2026-04-29 10:32:46 [Info] [2808] Loader after check
2026-04-29 10:32:47 [Info] [2808] Enter reuse wait state.
2026-04-29 10:32:49 [Info] [2808] recvmsg: EXIT
2026-04-29 10:32:49 [Info] [2808] Recv Exit Msg, Exit...
2026-04-29 10:42:21 [Info] [2656] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-29 10:42:21 [Info] [2656] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap133691777430540 
2026-04-29 10:42:21 [Info] [2656] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-29 10:42:21 [Info] [2656] Resource monitor start
2026-04-29 10:42:21 [Info] [2656] ipc client init success
2026-04-29 10:42:21 [Info] [2656] Ipc init: 0
2026-04-29 10:42:21 [Info] [2656] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-29 10:42:21 [Info] [2656] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-29 10:42:21 [Info] [2656] start ipc thread id[2384]
2026-04-29 10:42:21 [Info] [2656] Connect Yundun ipc server return state is 0
2026-04-29 10:42:21 [Info] [2656] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-29 10:42:21 [Info] [2656] CResourceMonitor::run Enter
2026-04-29 10:42:21 [Info] [2656] CIpcMsgHandlerMgr::run Enter
2026-04-29 10:42:21 [Info] [2656] Report thread
2026-04-29 10:42:21 [Info] [2656] Monitor thread
2026-04-29 10:42:21 [Info] [2656] Loader thread
2026-04-29 10:42:21 [Info] [2656] PythonEngineImpl Init...
2026-04-29 10:42:22 [Info] [2656] yundun connected
2026-04-29 10:42:24 [Info] [2656] log fd cnt is [250], real fd cnt is [261]
2026-04-29 10:42:24 [Info] [2656] recvmsg: HELLO
2026-04-29 10:42:24 [Info] [2656] recvmsg: WORK
2026-04-29 10:42:24 [Info] [2656] no use encode, return to old mode
2026-04-29 10:42:24 [Info] [2656] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 10:42:24 [Info] [2656] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 10:42:24 [Info] [2656] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 10:42:24 [Info] [2656] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 10:42:24 [Info] [2656] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-29 10:42:24 [Info] [2656] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-29 10:42:25 [Info] [2656] log memory size is 20480KB, real memory size is 14784KB
2026-04-29 10:42:25 [Info] [2656] item: --windows-sysinfoext-check
2026-04-29 10:42:25 [Info] [2656] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-29 10:42:25 [Info] [2656] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-29 10:42:25 [Info] [2656] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 10:42:25 [Info] [2656] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 10:42:26 [Info] [2656] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-29 10:42:26 [Info] [2656] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-29 10:42:26 [Info] [2656] Prepare stage1: --windows-sysinfoext-check
2026-04-29 10:42:26 [Info] [2656] Prepare stage2
2026-04-29 10:42:28 [Warn] [2656] high cpu, cpu is 18
2026-04-29 10:42:28 [Info] [2656] try get sys version
2026-04-29 10:42:28 [Info] [2656] win sys info:2/10:0:3
2026-04-29 10:42:28 [Info] [2656] suit legal version, enable cpu control
2026-04-29 10:42:28 [Warn] [2656] High CPU Warning: 18
2026-04-29 10:42:28 [Warn] [2656] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:<string> line: 12 in func: __init__
File:wmi.py line: 1145 in func: __getattr__
File:wmi.py line: 783 in func: __init__
File:wmi.py line: 1156 in func: _cached_classes
File:wmi.py line: 1145 in func: __getattr__
File:windows-sysinfoext-check.py line: 227 in func: getSerialNumber
File:windows-sysinfoext-check.py line: 178 in func: check
File:windows-sysinfoext-check.py line: 143 in func: main
File:windows-sysinfoext-check.py line: 200 in func: start
2026-04-29 10:42:28 [Info] [2656] stage3: --windows-sysinfoext-check
2026-04-29 10:42:28 [Info] [2656] Loader after check
2026-04-29 10:42:29 [Info] [2656] log memory size is 30720KB, real memory size is 23216KB
2026-04-29 10:42:29 [Info] [2656] Enter reuse wait state.
2026-04-29 10:42:33 [Info] [2656] recvmsg: EXIT
2026-04-29 10:42:33 [Info] [2656] Recv Exit Msg, Exit...
2026-04-29 11:11:54 [Info] [3208] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-29 11:11:54 [Info] [3208] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap191621777432314 
2026-04-29 11:11:54 [Info] [3208] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-29 11:11:54 [Info] [3208] Resource monitor start
2026-04-29 11:11:54 [Info] [3208] ipc client init success
2026-04-29 11:11:54 [Info] [3208] Ipc init: 0
2026-04-29 11:11:54 [Info] [3208] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-29 11:11:54 [Info] [3208] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-29 11:11:54 [Info] [3208] start ipc thread id[2020]
2026-04-29 11:11:54 [Info] [3208] Connect Yundun ipc server return state is 0
2026-04-29 11:11:54 [Info] [3208] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-29 11:11:54 [Info] [3208] CResourceMonitor::run Enter
2026-04-29 11:11:54 [Info] [3208] CIpcMsgHandlerMgr::run Enter
2026-04-29 11:11:54 [Info] [3208] Report thread
2026-04-29 11:11:54 [Info] [3208] Monitor thread
2026-04-29 11:11:54 [Info] [3208] Loader thread
2026-04-29 11:11:54 [Info] [3208] PythonEngineImpl Init...
2026-04-29 11:11:54 [Info] [3208] yundun connected
2026-04-29 11:11:54 [Info] [3208] recvmsg: HELLO
2026-04-29 11:11:54 [Info] [3208] recvmsg: WORK
2026-04-29 11:11:54 [Info] [3208] no use encode, return to old mode
2026-04-29 11:11:55 [Info] [3208] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 11:11:55 [Info] [3208] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 11:11:55 [Info] [3208] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 11:11:55 [Info] [3208] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 11:11:55 [Info] [3208] log fd cnt is [250], real fd cnt is [282]
2026-04-29 11:11:55 [Info] [3208] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-29 11:11:55 [Info] [3208] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-29 11:11:56 [Info] [3208] log memory size is 20480KB, real memory size is 14816KB
2026-04-29 11:11:56 [Info] [3208] item: --windows-autorun-item-check
2026-04-29 11:11:56 [Info] [3208] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-04-29 11:11:56 [Info] [3208] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-04-29 11:11:56 [Info] [3208] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 11:11:56 [Info] [3208] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 11:11:56 [Info] [3208] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0
2026-04-29 11:11:56 [Info] [3208] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5
2026-04-29 11:11:57 [Info] [3208] Prepare stage1: --windows-autorun-item-check
2026-04-29 11:11:57 [Info] [3208] Prepare stage2
2026-04-29 11:11:57 [Warn] [3208] high cpu, cpu is 13
2026-04-29 11:11:57 [Info] [3208] try get sys version
2026-04-29 11:11:57 [Info] [3208] win sys info:2/10:0:3
2026-04-29 11:11:57 [Info] [3208] suit legal version, enable cpu control
2026-04-29 11:11:57 [Warn] [3208] High CPU Warning: 13
2026-04-29 11:11:57 [Warn] [3208] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:__init__.py line: 950 in func: _open
File:__init__.py line: 920 in func: __init__
File:__init__.py line: 1554 in func: basicConfig
File:windows-autorun-item-check.py line: 529 in func: set_log_path
File:windows-autorun-item-check.py line: 533 in func: start
2026-04-29 11:12:00 [Info] [3208] log memory size is 30720KB, real memory size is 22612KB
2026-04-29 11:12:07 [Info] [3208] stage3: --windows-autorun-item-check
2026-04-29 11:12:07 [Info] [3208] Loader after check
2026-04-29 11:12:07 [Warn] [3208] high cpu, cpu is 12
2026-04-29 11:12:07 [Warn] [3208] High CPU Warning: 12
2026-04-29 11:12:07 [Warn] [3208] resource monitor exp type: High CPU Warning, script runing: 0
2026-04-29 11:12:08 [Info] [3208] Enter reuse wait state.
2026-04-29 11:12:09 [Info] [3208] recvmsg: EXIT
2026-04-29 11:12:09 [Info] [3208] Recv Exit Msg, Exit...
2026-04-29 16:09:10 [Info] [612] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-29 16:09:10 [Info] [612] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap118551777450145 
2026-04-29 16:09:10 [Info] [612] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-29 16:09:10 [Info] [612] Resource monitor start
2026-04-29 16:09:10 [Info] [612] ipc client init success
2026-04-29 16:09:10 [Info] [612] Ipc init: 0
2026-04-29 16:09:10 [Info] [612] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-29 16:09:10 [Info] [612] CResourceMonitor::run Enter
2026-04-29 16:09:10 [Info] [612] CIpcMsgHandlerMgr::run Enter
2026-04-29 16:09:10 [Info] [612] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-29 16:09:10 [Info] [612] start ipc thread id[464]
2026-04-29 16:09:10 [Info] [612] Connect Yundun ipc server return state is 0
2026-04-29 16:09:10 [Info] [612] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-29 16:09:10 [Info] [612] yundun connected
2026-04-29 16:09:10 [Info] [612] Report thread
2026-04-29 16:09:10 [Info] [612] Monitor thread
2026-04-29 16:09:10 [Info] [612] Loader thread
2026-04-29 16:09:10 [Info] [612] PythonEngineImpl Init...
2026-04-29 16:09:10 [Info] [612] recvmsg: HELLO
2026-04-29 16:09:10 [Info] [612] recvmsg: WORK
2026-04-29 16:09:10 [Info] [612] no use encode, return to old mode
2026-04-29 16:09:11 [Info] [612] log fd cnt is [250], real fd cnt is [263]
2026-04-29 16:09:11 [Info] [612] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 16:09:11 [Info] [612] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 16:09:11 [Info] [612] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 16:09:11 [Info] [612] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 16:09:12 [Info] [612] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-29 16:09:12 [Info] [612] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-29 16:09:12 [Info] [612] log memory size is 20480KB, real memory size is 14780KB
2026-04-29 16:09:13 [Info] [612] item: --windows-sysinfoext-check
2026-04-29 16:09:13 [Info] [612] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-29 16:09:13 [Info] [612] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-29 16:09:13 [Info] [612] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 16:09:13 [Info] [612] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 16:09:13 [Info] [612] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-29 16:09:13 [Info] [612] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-29 16:09:13 [Info] [612] Prepare stage1: --windows-sysinfoext-check
2026-04-29 16:09:13 [Info] [612] Prepare stage2
2026-04-29 16:09:15 [Warn] [612] high cpu, cpu is 18
2026-04-29 16:09:15 [Info] [612] try get sys version
2026-04-29 16:09:15 [Info] [612] win sys info:2/10:0:3
2026-04-29 16:09:15 [Info] [612] suit legal version, enable cpu control
2026-04-29 16:09:15 [Warn] [612] High CPU Warning: 18
2026-04-29 16:09:15 [Warn] [612] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-04-29 16:09:16 [Info] [612] log memory size is 30720KB, real memory size is 23120KB
2026-04-29 16:09:17 [Info] [612] stage3: --windows-sysinfoext-check
2026-04-29 16:09:17 [Info] [612] Loader after check
2026-04-29 16:09:17 [Warn] [612] high cpu, cpu is 16
2026-04-29 16:09:17 [Warn] [612] High CPU Warning: 16
2026-04-29 16:09:18 [Info] [612] Enter reuse wait state.
2026-04-29 16:09:21 [Info] [612] recvmsg: EXIT
2026-04-29 16:09:21 [Info] [612] Recv Exit Msg, Exit...
2026-04-29 18:07:59 [Info] [3896] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-29 18:07:59 [Info] [3896] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap23831777457279 
2026-04-29 18:07:59 [Info] [3896] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-29 18:07:59 [Info] [3896] Resource monitor start
2026-04-29 18:07:59 [Info] [3896] ipc client init success
2026-04-29 18:07:59 [Info] [3896] Ipc init: 0
2026-04-29 18:07:59 [Info] [3896] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-29 18:07:59 [Info] [3896] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-29 18:07:59 [Info] [3896] start ipc thread id[2876]
2026-04-29 18:07:59 [Info] [3896] Connect Yundun ipc server return state is 0
2026-04-29 18:07:59 [Info] [3896] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-29 18:07:59 [Info] [3896] CResourceMonitor::run Enter
2026-04-29 18:07:59 [Info] [3896] CIpcMsgHandlerMgr::run Enter
2026-04-29 18:07:59 [Info] [3896] Report thread
2026-04-29 18:07:59 [Info] [3896] Monitor thread
2026-04-29 18:07:59 [Info] [3896] Loader thread
2026-04-29 18:07:59 [Info] [3896] PythonEngineImpl Init...
2026-04-29 18:07:59 [Info] [3896] yundun connected
2026-04-29 18:08:00 [Info] [3896] recvmsg: HELLO
2026-04-29 18:08:00 [Info] [3896] recvmsg: WORK
2026-04-29 18:08:00 [Info] [3896] no use encode, return to old mode
2026-04-29 18:08:00 [Info] [3896] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 18:08:00 [Info] [3896] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 18:08:00 [Info] [3896] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 18:08:00 [Info] [3896] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 18:08:00 [Info] [3896] log fd cnt is [250], real fd cnt is [282]
2026-04-29 18:08:00 [Info] [3896] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-29 18:08:00 [Info] [3896] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-29 18:08:01 [Info] [3896] log memory size is 20480KB, real memory size is 14824KB
2026-04-29 18:08:01 [Info] [3896] item: --secnet_rasp_agent
2026-04-29 18:08:01 [Info] [3896] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-04-29 18:08:01 [Info] [3896] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-04-29 18:08:02 [Info] [3896] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-04-29 18:08:02 [Info] [3896] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-04-29 18:08:02 [Info] [3896] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-04-29 18:08:02 [Info] [3896] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-04-29 18:08:02 [Info] [3896] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-04-29 18:08:02 [Info] [3896] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-04-29 18:08:02 [Info] [3896] Download redirect files success.
2026-04-29 18:08:02 [Info] [3896] Prepare stage1: --secnet_rasp_agent
2026-04-29 18:08:02 [Info] [3896] Prepare stage2
2026-04-29 18:08:03 [Info] [3896] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-04-29 18:08:03 [Info] [3896] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-04-29 18:08:03 [Info] [3896] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 18:08:03 [Info] [3896] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 18:08:04 [Info] [3896] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-04-29 18:08:04 [Info] [3896] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-04-29 18:08:04 [Info] [3896] stage3: --secnet_rasp_agent
2026-04-29 18:08:04 [Info] [3896] Loader after check
2026-04-29 18:08:04 [Info] [3896] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-04-29 18:08:05 [Info] [3896] Enter reuse wait state.
2026-04-29 18:08:05 [Info] [3896] log memory size is 30720KB, real memory size is 21268KB
2026-04-29 18:08:07 [Info] [3896] recvmsg: EXIT
2026-04-29 18:08:07 [Info] [3896] Recv Exit Msg, Exit...
2026-04-29 21:36:13 [Info] [488] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-29 21:36:13 [Info] [488] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap104151777469773 
2026-04-29 21:36:13 [Info] [488] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-29 21:36:13 [Info] [488] Resource monitor start
2026-04-29 21:36:13 [Info] [488] ipc client init success
2026-04-29 21:36:13 [Info] [488] Ipc init: 0
2026-04-29 21:36:13 [Info] [488] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-29 21:36:13 [Info] [488] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-29 21:36:13 [Info] [488] start ipc thread id[3888]
2026-04-29 21:36:13 [Info] [488] Connect Yundun ipc server return state is 0
2026-04-29 21:36:13 [Info] [488] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-29 21:36:13 [Info] [488] CResourceMonitor::run Enter
2026-04-29 21:36:13 [Info] [488] CIpcMsgHandlerMgr::run Enter
2026-04-29 21:36:13 [Info] [488] Report thread
2026-04-29 21:36:13 [Info] [488] Monitor thread
2026-04-29 21:36:13 [Info] [488] Loader thread
2026-04-29 21:36:13 [Info] [488] PythonEngineImpl Init...
2026-04-29 21:36:13 [Info] [488] yundun connected
2026-04-29 21:36:14 [Info] [488] recvmsg: HELLO
2026-04-29 21:36:14 [Info] [488] recvmsg: WORK
2026-04-29 21:36:14 [Info] [488] no use encode, return to old mode
2026-04-29 21:36:14 [Info] [488] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 21:36:14 [Info] [488] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 21:36:14 [Info] [488] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 21:36:14 [Info] [488] log fd cnt is [250], real fd cnt is [274]
2026-04-29 21:36:15 [Info] [488] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 21:36:15 [Info] [488] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-29 21:36:15 [Info] [488] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-29 21:36:15 [Info] [488] log memory size is 20480KB, real memory size is 14804KB
2026-04-29 21:36:16 [Info] [488] item: --windows-sysinfoext-check
2026-04-29 21:36:16 [Info] [488] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-29 21:36:16 [Info] [488] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-29 21:36:16 [Info] [488] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 21:36:16 [Info] [488] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 21:36:16 [Info] [488] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-04-29 21:36:16 [Info] [488] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-04-29 21:36:16 [Info] [488] Prepare stage1: --windows-sysinfoext-check
2026-04-29 21:36:16 [Info] [488] Prepare stage2
2026-04-29 21:36:18 [Info] [2356] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-04-29 21:36:18 [Info] [2356] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap104321777469778 
2026-04-29 21:36:18 [Info] [2356] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-04-29 21:36:18 [Info] [2356] Resource monitor start
2026-04-29 21:36:18 [Info] [2356] ipc client init success
2026-04-29 21:36:18 [Info] [2356] Ipc init: 0
2026-04-29 21:36:18 [Info] [2356] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-04-29 21:36:18 [Info] [2356] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-04-29 21:36:18 [Info] [2356] start ipc thread id[1680]
2026-04-29 21:36:18 [Info] [2356] Connect Yundun ipc server return state is 0
2026-04-29 21:36:18 [Info] [2356] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-04-29 21:36:19 [Info] [2356] CResourceMonitor::run Enter
2026-04-29 21:36:19 [Info] [2356] CIpcMsgHandlerMgr::run Enter
2026-04-29 21:36:19 [Info] [2356] yundun connected
2026-04-29 21:36:19 [Info] [2356] Report thread
2026-04-29 21:36:19 [Info] [2356] Monitor thread
2026-04-29 21:36:19 [Info] [2356] Loader thread
2026-04-29 21:36:19 [Info] [2356] PythonEngineImpl Init...
2026-04-29 21:36:19 [Info] [2356] recvmsg: HELLO
2026-04-29 21:36:19 [Info] [2356] recvmsg: WORK
2026-04-29 21:36:19 [Info] [2356] no use encode, return to old mode
2026-04-29 21:36:20 [Info] [2356] log fd cnt is [250], real fd cnt is [263]
2026-04-29 21:36:20 [Info] [2356] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 21:36:20 [Info] [2356] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-04-29 21:36:20 [Info] [2356] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 21:36:20 [Info] [2356] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 21:36:20 [Info] [488] log memory size is 30720KB, real memory size is 23120KB
2026-04-29 21:36:20 [Info] [2356] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-04-29 21:36:20 [Info] [2356] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-04-29 21:36:21 [Info] [2356] log memory size is 20480KB, real memory size is 14748KB
2026-04-29 21:36:21 [Info] [488] stage3: --windows-sysinfoext-check
2026-04-29 21:36:21 [Info] [488] Loader after check
2026-04-29 21:36:22 [Info] [488] Enter reuse wait state.
2026-04-29 21:36:23 [Info] [2356] item: --windows-vul-check
2026-04-29 21:36:23 [Info] [2356] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-04-29 21:36:23 [Info] [2356] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-04-29 21:36:23 [Info] [2356] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py
2026-04-29 21:36:23 [Info] [2356] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-04-29 21:36:23 [Info] [2356] Download redirect files success.
2026-04-29 21:36:23 [Info] [2356] Prepare stage1: --windows-vul-check
2026-04-29 21:36:23 [Info] [2356] Prepare stage2
2026-04-29 21:36:23 [Info] [2356] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat
2026-04-29 21:36:23 [Info] [2356] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat
2026-04-29 21:36:23 [Info] [2356] start post buffer update.aegis.aliyun.com/file_policy/file
2026-04-29 21:36:23 [Info] [2356] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-04-29 21:36:24 [Info] [2356] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5
2026-04-29 21:36:24 [Info] [2356] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5
2026-04-29 21:36:24 [Info] [2356] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0
2026-04-29 21:36:24 [Info] [2356] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0
2026-04-29 21:36:24 [Info] [2356] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat
2026-04-29 21:36:24 [Info] [2356] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_90\rule\vuldata_v2.dat
2026-04-29 21:36:24 [Warn] [2356] high cpu, cpu is 27
2026-04-29 21:36:24 [Info] [2356] try get sys version
2026-04-29 21:36:24 [Info] [2356] win sys info:2/10:0:3
2026-04-29 21:36:24 [Info] [2356] suit legal version, enable cpu control
2026-04-29 21:36:24 [Warn] [2356] High CPU Warning: 27
2026-04-29 21:36:24 [Warn] [2356] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:genericpath.py line: 37 in func: isfile
File:windows-vul-check.py line: 413 in func: load_kb_log_status
File:windows-vul-check.py line: 994 in func: start
2026-04-29 21:36:24 [Info] [2356] stage3: --windows-vul-check
2026-04-29 21:36:24 [Info] [2356] Loader after check
2026-04-29 21:36:25 [Info] [2356] log memory size is 30720KB, real memory size is 23452KB
2026-04-29 21:36:25 [Info] [2356] Enter reuse wait state.
2026-04-29 21:36:26 [Info] [488] recvmsg: EXIT
2026-04-29 21:36:26 [Info] [488] Recv Exit Msg, Exit...
2026-04-29 21:36:32 [Info] [2356] recvmsg: EXIT
2026-04-29 21:36:32 [Info] [2356] Recv Exit Msg, Exit...
2026-05-06 00:57:33 [Info] [2020] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-05-06 00:57:33 [Info] [2020] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap60331778000252 
2026-05-06 00:57:33 [Info] [2020] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-05-06 00:57:33 [Info] [2020] Resource monitor start
2026-05-06 00:57:33 [Info] [2020] ipc client init success
2026-05-06 00:57:33 [Info] [2020] Ipc init: 0
2026-05-06 00:57:33 [Info] [2020] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-05-06 00:57:33 [Info] [2020] CResourceMonitor::run Enter
2026-05-06 00:57:33 [Info] [2020] CIpcMsgHandlerMgr::run Enter
2026-05-06 00:57:33 [Info] [2020] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-05-06 00:57:33 [Info] [2020] start ipc thread id[2856]
2026-05-06 00:57:33 [Info] [2020] Connect Yundun ipc server return state is 0
2026-05-06 00:57:33 [Info] [2020] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-05-06 00:57:33 [Info] [2020] yundun connected
2026-05-06 00:57:33 [Info] [2020] Report thread
2026-05-06 00:57:33 [Info] [2020] Monitor thread
2026-05-06 00:57:33 [Info] [2020] Loader thread
2026-05-06 00:57:33 [Info] [2020] PythonEngineImpl Init...
2026-05-06 00:57:33 [Info] [2020] recvmsg: HELLO
2026-05-06 00:57:33 [Info] [2020] recvmsg: WORK
2026-05-06 00:57:33 [Info] [2020] no use encode, return to old mode
2026-05-06 00:57:34 [Info] [2020] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 00:57:34 [Info] [2020] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 00:57:34 [Info] [2020] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 00:57:34 [Info] [2020] log fd cnt is [250], real fd cnt is [282]
2026-05-06 00:57:34 [Info] [2020] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 00:57:34 [Info] [2020] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-05-06 00:57:34 [Info] [2020] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-05-06 00:57:35 [Info] [2020] log memory size is 20480KB, real memory size is 14804KB
2026-05-06 00:57:35 [Info] [2020] item: --windows-sysinfoext-check
2026-05-06 00:57:35 [Info] [2020] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-05-06 00:57:35 [Info] [2020] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-05-06 00:57:35 [Info] [2020] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 00:57:35 [Info] [2020] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 00:57:36 [Info] [2020] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-05-06 00:57:36 [Info] [2020] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-05-06 00:57:36 [Info] [2020] Prepare stage1: --windows-sysinfoext-check
2026-05-06 00:57:36 [Info] [2020] Prepare stage2
2026-05-06 00:57:39 [Info] [2020] log memory size is 30720KB, real memory size is 23136KB
2026-05-06 00:57:39 [Info] [2020] stage3: --windows-sysinfoext-check
2026-05-06 00:57:39 [Info] [2020] Loader after check
2026-05-06 00:57:40 [Warn] [2020] high cpu, cpu is 15
2026-05-06 00:57:40 [Info] [2020] try get sys version
2026-05-06 00:57:40 [Info] [2020] win sys info:2/10:0:3
2026-05-06 00:57:40 [Info] [2020] suit legal version, enable cpu control
2026-05-06 00:57:40 [Warn] [2020] High CPU Warning: 15
2026-05-06 00:57:40 [Warn] [2020] resource monitor exp type: High CPU Warning, script runing: 0
2026-05-06 00:57:40 [Info] [2020] Enter reuse wait state.
2026-05-06 00:57:45 [Info] [2020] recvmsg: EXIT
2026-05-06 00:57:45 [Info] [2020] Recv Exit Msg, Exit...
2026-05-06 01:43:47 [Info] [2472] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-05-06 01:43:47 [Info] [2472] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap150911778003026 
2026-05-06 01:43:47 [Info] [2472] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-05-06 01:43:47 [Info] [2472] Resource monitor start
2026-05-06 01:43:47 [Info] [2472] ipc client init success
2026-05-06 01:43:47 [Info] [2472] Ipc init: 0
2026-05-06 01:43:47 [Info] [2472] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-05-06 01:43:47 [Info] [2472] CResourceMonitor::run Enter
2026-05-06 01:43:47 [Info] [2472] CIpcMsgHandlerMgr::run Enter
2026-05-06 01:43:47 [Info] [2472] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-05-06 01:43:47 [Info] [2472] start ipc thread id[744]
2026-05-06 01:43:47 [Info] [2472] Connect Yundun ipc server return state is 0
2026-05-06 01:43:48 [Info] [2472] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-05-06 01:43:48 [Info] [2472] yundun connected
2026-05-06 01:43:48 [Info] [2472] Report thread
2026-05-06 01:43:48 [Info] [2472] Monitor thread
2026-05-06 01:43:48 [Info] [2472] Loader thread
2026-05-06 01:43:48 [Info] [2472] PythonEngineImpl Init...
2026-05-06 01:43:48 [Info] [2472] recvmsg: HELLO
2026-05-06 01:43:48 [Info] [2472] recvmsg: WORK
2026-05-06 01:43:48 [Info] [2472] no use encode, return to old mode
2026-05-06 01:43:48 [Info] [2472] log fd cnt is [250], real fd cnt is [262]
2026-05-06 01:43:48 [Info] [2472] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 01:43:48 [Info] [2472] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 01:43:48 [Info] [2472] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 01:43:49 [Info] [2472] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 01:43:49 [Info] [2472] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-05-06 01:43:49 [Info] [2472] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-05-06 01:43:49 [Info] [2472] log memory size is 20480KB, real memory size is 14764KB
2026-05-06 01:43:50 [Info] [2472] item: --sca
2026-05-06 01:43:50 [Info] [2472] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-05-06 01:43:50 [Info] [2472] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-05-06 01:43:50 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py
2026-05-06 01:43:50 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py
2026-05-06 01:43:50 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py
2026-05-06 01:43:50 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py
2026-05-06 01:43:51 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py
2026-05-06 01:43:51 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py
2026-05-06 01:43:51 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py
2026-05-06 01:43:51 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py
2026-05-06 01:43:51 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py
2026-05-06 01:43:51 [Info] [2472] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py
2026-05-06 01:43:51 [Info] [2472] Download redirect files success.
2026-05-06 01:43:51 [Info] [2472] Prepare stage1: --sca
2026-05-06 01:43:51 [Info] [2472] Prepare stage2
2026-05-06 01:43:52 [Warn] [2472] high cpu, cpu is 14
2026-05-06 01:43:52 [Info] [2472] try get sys version
2026-05-06 01:43:52 [Info] [2472] win sys info:2/10:0:3
2026-05-06 01:43:52 [Info] [2472] suit legal version, enable cpu control
2026-05-06 01:43:52 [Warn] [2472] High CPU Warning: 14
2026-05-06 01:43:52 [Warn] [2472] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:hashlib.py line: 134 in func: <module>
File:random.py line: 49 in func: <module>
File:sca_utils.py line: 18 in func: <module>
File:sca.py line: 44 in func: <module>
2026-05-06 01:43:53 [Info] [2472] log memory size is 30720KB, real memory size is 28260KB
2026-05-06 01:43:54 [Warn] [2472] high cpu, cpu is 29
2026-05-06 01:43:54 [Warn] [2472] High CPU Warning: 29
2026-05-06 01:43:57 [Info] [2472] log memory size is 40960KB, real memory size is 33308KB
2026-05-06 01:44:28 [Warn] [2472] high cpu, cpu is 19
2026-05-06 01:44:28 [Warn] [2472] High CPU Warning: 19
2026-05-06 01:44:28 [Warn] [2472] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:sca_webcontainer_proc.py line: 426 in func: _analyze_web_container
File:sca_utils.py line: 3384 in func: __init__
File:sca_common_proc.py line: 38 in func: __init__
File:sca_webcontainer_proc.py line: 40 in func: __init__
File:sca.py line: 187 in func: init_analyzer
File:sca.py line: 390 in func: start
2026-05-06 01:44:30 [Info] [2472] stage3: --sca
2026-05-06 01:44:30 [Info] [2472] Loader after check
2026-05-06 01:44:31 [Info] [2472] Enter reuse wait state.
2026-05-06 01:44:35 [Info] [2472] recvmsg: EXIT
2026-05-06 01:44:35 [Info] [2472] Recv Exit Msg, Exit...
2026-05-06 06:22:59 [Info] [3508] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-05-06 06:22:59 [Info] [3508] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap42601778019778 
2026-05-06 06:22:59 [Info] [3508] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-05-06 06:23:00 [Info] [3508] Resource monitor start
2026-05-06 06:23:00 [Info] [3508] ipc client init success
2026-05-06 06:23:00 [Info] [3508] Ipc init: 0
2026-05-06 06:23:00 [Info] [3508] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-05-06 06:23:00 [Info] [3508] CResourceMonitor::run Enter
2026-05-06 06:23:00 [Info] [3508] CIpcMsgHandlerMgr::run Enter
2026-05-06 06:23:00 [Info] [3508] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-05-06 06:23:00 [Info] [3508] start ipc thread id[2380]
2026-05-06 06:23:00 [Info] [3508] Connect Yundun ipc server return state is 0
2026-05-06 06:23:00 [Info] [3508] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-05-06 06:23:00 [Info] [3508] yundun connected
2026-05-06 06:23:00 [Info] [3508] Report thread
2026-05-06 06:23:00 [Info] [3508] Monitor thread
2026-05-06 06:23:00 [Info] [3508] Loader thread
2026-05-06 06:23:00 [Info] [3508] PythonEngineImpl Init...
2026-05-06 06:23:00 [Info] [3508] recvmsg: HELLO
2026-05-06 06:23:00 [Info] [3508] recvmsg: WORK
2026-05-06 06:23:00 [Info] [3508] no use encode, return to old mode
2026-05-06 06:23:00 [Info] [3508] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 06:23:00 [Info] [3508] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 06:23:00 [Info] [3508] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 06:23:01 [Info] [3508] log fd cnt is [250], real fd cnt is [282]
2026-05-06 06:23:01 [Info] [3508] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 06:23:01 [Info] [3508] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-05-06 06:23:01 [Info] [3508] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-05-06 06:23:02 [Info] [3508] log memory size is 20480KB, real memory size is 14844KB
2026-05-06 06:23:02 [Info] [3508] item: --windows-sysinfoext-check
2026-05-06 06:23:02 [Info] [3508] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-05-06 06:23:02 [Info] [3508] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-05-06 06:23:02 [Info] [3508] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 06:23:02 [Info] [3508] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 06:23:02 [Info] [3508] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-05-06 06:23:02 [Info] [3508] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-05-06 06:23:02 [Info] [3508] Prepare stage1: --windows-sysinfoext-check
2026-05-06 06:23:02 [Info] [3508] Prepare stage2
2026-05-06 06:23:06 [Info] [3508] log memory size is 30720KB, real memory size is 23124KB
2026-05-06 06:23:06 [Info] [3508] stage3: --windows-sysinfoext-check
2026-05-06 06:23:06 [Info] [3508] Loader after check
2026-05-06 06:23:07 [Info] [3508] Enter reuse wait state.
2026-05-06 06:23:10 [Info] [3508] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-05-06 06:23:11 [Info] [3508] recvmsg: EXIT
2026-05-06 06:23:11 [Info] [3508] Recv Exit Msg, Exit...
2026-05-06 07:44:03 [Info] [2336] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-05-06 07:44:03 [Info] [2336] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap201441778024642 
2026-05-06 07:44:03 [Info] [2336] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-05-06 07:44:03 [Info] [2336] Resource monitor start
2026-05-06 07:44:03 [Info] [2336] ipc client init success
2026-05-06 07:44:03 [Info] [2336] Ipc init: 0
2026-05-06 07:44:03 [Info] [2336] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-05-06 07:44:03 [Info] [2336] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-05-06 07:44:03 [Info] [2336] CResourceMonitor::run Enter
2026-05-06 07:44:03 [Info] [2336] CIpcMsgHandlerMgr::run Enter
2026-05-06 07:44:03 [Info] [2336] start ipc thread id[4524]
2026-05-06 07:44:03 [Info] [2336] Connect Yundun ipc server return state is 0
2026-05-06 07:44:03 [Info] [2336] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-05-06 07:44:03 [Info] [2336] Report thread
2026-05-06 07:44:03 [Info] [2336] Monitor thread
2026-05-06 07:44:03 [Info] [2336] Loader thread
2026-05-06 07:44:03 [Info] [2336] PythonEngineImpl Init...
2026-05-06 07:44:04 [Info] [2336] yundun connected
2026-05-06 07:44:04 [Info] [2336] recvmsg: HELLO
2026-05-06 07:44:04 [Info] [2336] recvmsg: WORK
2026-05-06 07:44:04 [Info] [2336] no use encode, return to old mode
2026-05-06 07:44:04 [Info] [2336] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 07:44:04 [Info] [2336] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 07:44:04 [Info] [2336] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 07:44:04 [Info] [2336] log fd cnt is [250], real fd cnt is [282]
2026-05-06 07:44:04 [Info] [2336] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 07:44:05 [Info] [2336] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-05-06 07:44:05 [Info] [2336] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-05-06 07:44:05 [Info] [2336] log memory size is 20480KB, real memory size is 14780KB
2026-05-06 07:44:06 [Info] [2336] item: --windows-vul-clean
2026-05-06 07:44:06 [Info] [2336] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-05-06 07:44:06 [Info] [2336] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-05-06 07:44:06 [Info] [2336] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 07:44:06 [Info] [2336] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 07:44:06 [Info] [2336] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0
2026-05-06 07:44:06 [Info] [2336] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5
2026-05-06 07:44:06 [Info] [2336] Prepare stage1: --windows-vul-clean
2026-05-06 07:44:06 [Info] [2336] Prepare stage2
2026-05-06 07:44:06 [Info] [2336] stage3: --windows-vul-clean
2026-05-06 07:44:06 [Info] [2336] Loader after check
2026-05-06 07:44:07 [Info] [2336] Enter reuse wait state.
2026-05-06 07:44:11 [Info] [2336] recvmsg: EXIT
2026-05-06 07:44:11 [Info] [2336] Recv Exit Msg, Exit...
2026-05-06 08:42:32 [Info] [5068] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-05-06 08:42:32 [Info] [5068] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap316031778028151 
2026-05-06 08:42:32 [Info] [5068] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-05-06 08:42:32 [Info] [5068] Resource monitor start
2026-05-06 08:42:32 [Info] [5068] ipc client init success
2026-05-06 08:42:32 [Info] [5068] Ipc init: 0
2026-05-06 08:42:32 [Info] [5068] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-05-06 08:42:32 [Info] [5068] CResourceMonitor::run Enter
2026-05-06 08:42:32 [Info] [5068] CIpcMsgHandlerMgr::run Enter
2026-05-06 08:42:32 [Info] [5068] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-05-06 08:42:32 [Info] [5068] start ipc thread id[4992]
2026-05-06 08:42:32 [Info] [5068] Connect Yundun ipc server return state is 0
2026-05-06 08:42:33 [Info] [5068] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-05-06 08:42:33 [Info] [5068] yundun connected
2026-05-06 08:42:33 [Info] [5068] Report thread
2026-05-06 08:42:33 [Info] [5068] Monitor thread
2026-05-06 08:42:33 [Info] [5068] Loader thread
2026-05-06 08:42:33 [Info] [5068] PythonEngineImpl Init...
2026-05-06 08:42:33 [Info] [5068] recvmsg: HELLO
2026-05-06 08:42:33 [Info] [5068] recvmsg: WORK
2026-05-06 08:42:33 [Info] [5068] no use encode, return to old mode
2026-05-06 08:42:33 [Info] [5068] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 08:42:33 [Info] [5068] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 08:42:33 [Info] [5068] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 08:42:33 [Info] [5068] log fd cnt is [250], real fd cnt is [274]
2026-05-06 08:42:34 [Info] [5068] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 08:42:34 [Info] [5068] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-05-06 08:42:34 [Info] [5068] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-05-06 08:42:34 [Info] [5068] log memory size is 20480KB, real memory size is 14828KB
2026-05-06 08:42:35 [Info] [5068] item: --windows-process-check
2026-05-06 08:42:35 [Info] [5068] cgroup name aegisRtap0
2026-05-06 08:42:35 [Info] [5068] try get sys version
2026-05-06 08:42:35 [Info] [5068] win sys info:2/10:0:3
2026-05-06 08:42:35 [Info] [5068] suit legal version, enable cpu control
2026-05-06 08:42:35 [Info] [5068] get AssignProcessToJobObject handle [00000478]
2026-05-06 08:42:35 [Info] [5068] Set setJobExtended.
2026-05-06 08:42:35 [Info] [5068] Set cpu [9%]
2026-05-06 08:42:35 [Info] [5068] Set cpu success
2026-05-06 08:42:35 [Info] [5068] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-05-06 08:42:35 [Info] [5068] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-05-06 08:42:35 [Info] [5068] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 08:42:35 [Info] [5068] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 08:42:35 [Info] [5068] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0
2026-05-06 08:42:35 [Info] [5068] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5
2026-05-06 08:42:35 [Info] [5068] Prepare stage1: --windows-process-check
2026-05-06 08:42:35 [Info] [5068] Prepare stage2
2026-05-06 08:42:38 [Info] [5068] log memory size is 30720KB, real memory size is 20696KB
2026-05-06 08:42:54 [Info] [5068] stage3: --windows-process-check
2026-05-06 08:42:54 [Info] [5068] Loader after check
2026-05-06 08:42:55 [Info] [5068] Enter reuse wait state.
2026-05-06 08:43:00 [Info] [5068] recvmsg: EXIT
2026-05-06 08:43:00 [Info] [5068] Recv Exit Msg, Exit...
2026-05-06 10:24:33 [Info] [3640] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-05-06 10:24:33 [Info] [3640] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap188201778034271 
2026-05-06 10:24:33 [Info] [3640] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-05-06 10:24:33 [Info] [3640] Resource monitor start
2026-05-06 10:24:33 [Info] [3640] ipc client init success
2026-05-06 10:24:33 [Info] [3640] Ipc init: 0
2026-05-06 10:24:33 [Info] [3640] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-05-06 10:24:33 [Info] [3640] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-05-06 10:24:33 [Info] [3640] start ipc thread id[3400]
2026-05-06 10:24:33 [Info] [3640] Connect Yundun ipc server return state is 0
2026-05-06 10:24:33 [Info] [3640] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-05-06 10:24:33 [Info] [3640] CIpcMsgHandlerMgr::run Enter
2026-05-06 10:24:33 [Info] [3640] CResourceMonitor::run Enter
2026-05-06 10:24:33 [Info] [3640] yundun connected
2026-05-06 10:24:33 [Info] [3640] Report thread
2026-05-06 10:24:33 [Info] [3640] Monitor thread
2026-05-06 10:24:33 [Info] [3640] Loader thread
2026-05-06 10:24:33 [Info] [3640] PythonEngineImpl Init...
2026-05-06 10:24:34 [Info] [3640] recvmsg: HELLO
2026-05-06 10:24:34 [Info] [3640] recvmsg: WORK
2026-05-06 10:24:34 [Info] [3640] no use encode, return to old mode
2026-05-06 10:24:34 [Info] [3640] log fd cnt is [250], real fd cnt is [262]
2026-05-06 10:24:35 [Info] [3640] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 10:24:35 [Info] [3640] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 10:24:35 [Info] [3640] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 10:24:36 [Info] [3640] log memory size is 20480KB, real memory size is 13368KB
2026-05-06 10:24:37 [Info] [3640] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 10:24:38 [Info] [3640] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-05-06 10:24:38 [Info] [3640] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-05-06 10:24:38 [Info] [4500] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-05-06 10:24:38 [Info] [4500] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap188431778034278 
2026-05-06 10:24:38 [Info] [4500] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-05-06 10:24:38 [Info] [4500] Resource monitor start
2026-05-06 10:24:38 [Info] [4500] ipc client init success
2026-05-06 10:24:38 [Info] [4500] Ipc init: 0
2026-05-06 10:24:38 [Info] [4500] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-05-06 10:24:38 [Info] [4500] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-05-06 10:24:38 [Info] [4500] start ipc thread id[4596]
2026-05-06 10:24:38 [Info] [4500] Connect Yundun ipc server return state is 0
2026-05-06 10:24:38 [Info] [4500] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-05-06 10:24:39 [Info] [4500] CResourceMonitor::run Enter
2026-05-06 10:24:39 [Info] [4500] CIpcMsgHandlerMgr::run Enter
2026-05-06 10:24:39 [Info] [4500] yundun connected
2026-05-06 10:24:39 [Info] [4500] Report thread
2026-05-06 10:24:39 [Info] [4500] Monitor thread
2026-05-06 10:24:39 [Info] [4500] Loader thread
2026-05-06 10:24:39 [Info] [4500] PythonEngineImpl Init...
2026-05-06 10:24:40 [Info] [4500] recvmsg: HELLO
2026-05-06 10:24:40 [Info] [4500] log fd cnt is [250], real fd cnt is [263]
2026-05-06 10:24:40 [Info] [4500] recvmsg: WORK
2026-05-06 10:24:40 [Info] [4500] no use encode, return to old mode
2026-05-06 10:24:40 [Info] [4500] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 10:24:40 [Info] [4500] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 10:24:40 [Info] [4500] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 10:24:41 [Info] [4500] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 10:24:41 [Info] [4500] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-05-06 10:24:41 [Info] [4500] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-05-06 10:24:41 [Info] [3640] item: --windows-schedule-task-check
2026-05-06 10:24:41 [Info] [3640] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-05-06 10:24:41 [Info] [3640] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-05-06 10:24:41 [Info] [3640] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 10:24:42 [Info] [3640] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 10:24:41 [Info] [4500] log memory size is 20480KB, real memory size is 14628KB
2026-05-06 10:24:42 [Info] [3640] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0
2026-05-06 10:24:42 [Info] [3640] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5
2026-05-06 10:24:42 [Info] [3640] Prepare stage1: --windows-schedule-task-check
2026-05-06 10:24:42 [Info] [3640] Prepare stage2
2026-05-06 10:24:44 [Info] [4500] item: --windows-registry-check
2026-05-06 10:24:44 [Info] [4500] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-05-06 10:24:44 [Info] [4500] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-05-06 10:24:44 [Info] [4500] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 10:24:44 [Info] [4500] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 10:24:44 [Info] [4500] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0
2026-05-06 10:24:44 [Info] [4500] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5
2026-05-06 10:24:45 [Info] [4500] Prepare stage1: --windows-registry-check
2026-05-06 10:24:45 [Info] [4500] Prepare stage2
2026-05-06 10:24:46 [Info] [3640] log memory size is 30720KB, real memory size is 23460KB
2026-05-06 10:24:53 [Info] [3640] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-05-06 10:24:53 [Info] [4500] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-05-06 10:25:25 [Info] [4500] stage3: --windows-registry-check
2026-05-06 10:25:25 [Info] [4500] Loader after check
2026-05-06 10:25:26 [Info] [4500] Enter reuse wait state.
2026-05-06 10:25:30 [Info] [4500] recvmsg: EXIT
2026-05-06 10:25:30 [Info] [4500] Recv Exit Msg, Exit...
2026-05-06 10:25:35 [Info] [3640] stage3: --windows-schedule-task-check
2026-05-06 10:25:35 [Info] [3640] Loader after check
2026-05-06 10:25:36 [Info] [3640] Enter reuse wait state.
2026-05-06 10:25:38 [Info] [1056] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-05-06 10:25:38 [Info] [1056] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap190361778034337 
2026-05-06 10:25:38 [Info] [1056] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-05-06 10:25:38 [Info] [1056] Resource monitor start
2026-05-06 10:25:38 [Info] [1056] ipc client init success
2026-05-06 10:25:38 [Info] [1056] Ipc init: 0
2026-05-06 10:25:38 [Info] [1056] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-05-06 10:25:38 [Info] [1056] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-05-06 10:25:38 [Info] [1056] start ipc thread id[2944]
2026-05-06 10:25:38 [Info] [1056] Connect Yundun ipc server return state is 0
2026-05-06 10:25:38 [Info] [1056] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-05-06 10:25:38 [Info] [1056] CResourceMonitor::run Enter
2026-05-06 10:25:38 [Info] [1056] CIpcMsgHandlerMgr::run Enter
2026-05-06 10:25:38 [Info] [1056] yundun connected
2026-05-06 10:25:38 [Info] [1056] Report thread
2026-05-06 10:25:38 [Info] [1056] Monitor thread
2026-05-06 10:25:38 [Info] [1056] Loader thread
2026-05-06 10:25:38 [Info] [1056] PythonEngineImpl Init...
2026-05-06 10:25:39 [Info] [1056] recvmsg: HELLO
2026-05-06 10:25:39 [Info] [1056] log fd cnt is [250], real fd cnt is [263]
2026-05-06 10:25:39 [Info] [1056] recvmsg: WORK
2026-05-06 10:25:39 [Info] [1056] no use encode, return to old mode
2026-05-06 10:25:39 [Info] [1056] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 10:25:39 [Info] [1056] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 10:25:39 [Info] [1056] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 10:25:40 [Info] [1056] log memory size is 20480KB, real memory size is 14504KB
2026-05-06 10:25:40 [Info] [1056] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 10:25:40 [Info] [1056] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-05-06 10:25:40 [Info] [1056] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-05-06 10:25:41 [Info] [3640] recvmsg: EXIT
2026-05-06 10:25:41 [Info] [3640] Recv Exit Msg, Exit...
2026-05-06 10:25:42 [Info] [1056] item: --windows-driver-version-check
2026-05-06 10:25:42 [Info] [1056] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-05-06 10:25:42 [Info] [1056] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-05-06 10:25:42 [Info] [1056] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 10:25:42 [Info] [1056] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 10:25:42 [Info] [1056] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0
2026-05-06 10:25:42 [Info] [1056] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5
2026-05-06 10:25:42 [Info] [1056] Prepare stage1: --windows-driver-version-check
2026-05-06 10:25:42 [Info] [1056] Prepare stage2
2026-05-06 10:25:42 [Info] [1056] stage3: --windows-driver-version-check
2026-05-06 10:25:42 [Info] [1056] Loader after check
2026-05-06 10:25:44 [Info] [1056] Enter reuse wait state.
2026-05-06 10:25:47 [Info] [1056] recvmsg: EXIT
2026-05-06 10:25:47 [Info] [1056] Recv Exit Msg, Exit...
2026-05-06 10:30:02 [Info] [2336] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-05-06 10:30:02 [Info] [2336] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap199011778034602 
2026-05-06 10:30:02 [Info] [2336] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-05-06 10:30:02 [Info] [2336] Resource monitor start
2026-05-06 10:30:02 [Info] [2336] ipc client init success
2026-05-06 10:30:02 [Info] [2336] Ipc init: 0
2026-05-06 10:30:02 [Info] [2336] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-05-06 10:30:02 [Info] [2336] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-05-06 10:30:02 [Info] [2336] start ipc thread id[3492]
2026-05-06 10:30:02 [Info] [2336] Connect Yundun ipc server return state is 0
2026-05-06 10:30:02 [Info] [2336] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-05-06 10:30:02 [Info] [2336] CResourceMonitor::run Enter
2026-05-06 10:30:02 [Info] [2336] CIpcMsgHandlerMgr::run Enter
2026-05-06 10:30:02 [Info] [2336] Report thread
2026-05-06 10:30:02 [Info] [2336] Monitor thread
2026-05-06 10:30:02 [Info] [2336] Loader thread
2026-05-06 10:30:02 [Info] [2336] PythonEngineImpl Init...
2026-05-06 10:30:02 [Info] [2336] yundun connected
2026-05-06 10:30:03 [Info] [2336] recvmsg: HELLO
2026-05-06 10:30:03 [Info] [2336] recvmsg: WORK
2026-05-06 10:30:03 [Info] [2336] no use encode, return to old mode
2026-05-06 10:30:03 [Info] [2336] log fd cnt is [250], real fd cnt is [263]
2026-05-06 10:30:04 [Info] [2336] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 10:30:04 [Info] [2336] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 10:30:04 [Info] [2336] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 10:30:05 [Info] [2336] log memory size is 20480KB, real memory size is 13504KB
2026-05-06 10:30:05 [Info] [2336] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 10:30:05 [Info] [2336] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-05-06 10:30:05 [Info] [2336] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-05-06 10:30:07 [Info] [2336] item: --tcp-connect-check
2026-05-06 10:30:07 [Info] [2336] cgroup name aegisRtap0
2026-05-06 10:30:07 [Info] [2336] try get sys version
2026-05-06 10:30:07 [Info] [2336] win sys info:2/10:0:3
2026-05-06 10:30:07 [Info] [2336] suit legal version, enable cpu control
2026-05-06 10:30:07 [Info] [2336] get AssignProcessToJobObject handle [00000478]
2026-05-06 10:30:07 [Info] [2336] Set setJobExtended.
2026-05-06 10:30:07 [Info] [2336] Set cpu [9%]
2026-05-06 10:30:07 [Info] [2336] Set cpu success
2026-05-06 10:30:07 [Info] [2336] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-05-06 10:30:07 [Info] [2336] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-05-06 10:30:07 [Info] [2336] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 10:30:07 [Info] [2336] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 10:30:07 [Info] [2336] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0
2026-05-06 10:30:07 [Info] [2336] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5
2026-05-06 10:30:07 [Info] [2336] Prepare stage1: --tcp-connect-check
2026-05-06 10:30:07 [Info] [2336] Prepare stage2
2026-05-06 10:30:10 [Info] [2336] stage3: --tcp-connect-check
2026-05-06 10:30:10 [Info] [2336] Loader after check
2026-05-06 10:30:11 [Info] [2336] Enter reuse wait state.
2026-05-06 10:30:14 [Info] [2336] recvmsg: EXIT
2026-05-06 10:30:14 [Info] [2336] Recv Exit Msg, Exit...
2026-05-06 11:11:08 [Info] [3700] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-05-06 11:11:08 [Info] [3700] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap279381778037063 
2026-05-06 11:11:08 [Info] [3700] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-05-06 11:11:08 [Info] [3700] Resource monitor start
2026-05-06 11:11:08 [Info] [3700] ipc client init success
2026-05-06 11:11:08 [Info] [3700] Ipc init: 0
2026-05-06 11:11:08 [Info] [3700] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-05-06 11:11:08 [Info] [3700] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-05-06 11:11:08 [Info] [3700] CResourceMonitor::run Enter
2026-05-06 11:11:08 [Info] [3700] CIpcMsgHandlerMgr::run Enter
2026-05-06 11:11:08 [Info] [3700] start ipc thread id[1772]
2026-05-06 11:11:08 [Info] [3700] Connect Yundun ipc server return state is 0
2026-05-06 11:11:08 [Info] [3700] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-05-06 11:11:08 [Info] [3700] yundun connected
2026-05-06 11:11:08 [Info] [3700] Report thread
2026-05-06 11:11:08 [Info] [3700] Monitor thread
2026-05-06 11:11:08 [Info] [3700] Loader thread
2026-05-06 11:11:08 [Info] [3700] PythonEngineImpl Init...
2026-05-06 11:11:09 [Info] [3700] recvmsg: HELLO
2026-05-06 11:11:09 [Info] [3700] recvmsg: WORK
2026-05-06 11:11:09 [Info] [3700] no use encode, return to old mode
2026-05-06 11:11:09 [Info] [3700] log fd cnt is [250], real fd cnt is [262]
2026-05-06 11:11:10 [Info] [3700] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 11:11:10 [Info] [3700] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 11:11:10 [Info] [3700] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 11:11:10 [Info] [3700] log memory size is 20480KB, real memory size is 14340KB
2026-05-06 11:11:11 [Info] [3700] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 11:11:11 [Info] [3700] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-05-06 11:11:11 [Info] [3700] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-05-06 11:11:15 [Info] [3700] item: --windows-autorun-item-check
2026-05-06 11:11:15 [Info] [3700] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-05-06 11:11:15 [Info] [3700] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-05-06 11:11:15 [Info] [3700] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 11:11:15 [Info] [3700] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 11:11:16 [Info] [3700] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0
2026-05-06 11:11:16 [Info] [3700] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5
2026-05-06 11:11:16 [Info] [3700] Prepare stage1: --windows-autorun-item-check
2026-05-06 11:11:16 [Info] [3700] Prepare stage2
2026-05-06 11:11:19 [Warn] [3700] high cpu, cpu is 11
2026-05-06 11:11:19 [Info] [3700] try get sys version
2026-05-06 11:11:19 [Info] [3700] win sys info:2/10:0:3
2026-05-06 11:11:19 [Info] [3700] suit legal version, enable cpu control
2026-05-06 11:11:19 [Warn] [3700] High CPU Warning: 11
2026-05-06 11:11:19 [Warn] [3700] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:windows-autorun-item-check.py line: 220 in func: EnumRegKeyValue
File:windows-autorun-item-check.py line: 258 in func: GetAutoRunByReg
File:windows-autorun-item-check.py line: 500 in func: check
File:windows-autorun-item-check.py line: 80 in func: main
File:windows-autorun-item-check.py line: 534 in func: start
2026-05-06 11:11:21 [Info] [3700] log memory size is 30720KB, real memory size is 22632KB
2026-05-06 11:11:24 [Info] [3700] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-05-06 11:11:31 [Info] [3700] stage3: --windows-autorun-item-check
2026-05-06 11:11:31 [Info] [3700] Loader after check
2026-05-06 11:11:32 [Info] [3700] Enter reuse wait state.
2026-05-06 11:11:36 [Info] [3700] recvmsg: EXIT
2026-05-06 11:11:36 [Info] [3700] Recv Exit Msg, Exit...
2026-05-06 11:51:36 [Info] [4692] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-05-06 11:51:36 [Info] [4692] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap31121778039495 
2026-05-06 11:51:36 [Info] [4692] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-05-06 11:51:36 [Info] [4692] Resource monitor start
2026-05-06 11:51:36 [Info] [4692] ipc client init success
2026-05-06 11:51:36 [Info] [4692] Ipc init: 0
2026-05-06 11:51:36 [Info] [4692] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-05-06 11:51:36 [Info] [4692] CResourceMonitor::run Enter
2026-05-06 11:51:36 [Info] [4692] CIpcMsgHandlerMgr::run Enter
2026-05-06 11:51:36 [Info] [4692] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-05-06 11:51:36 [Info] [4692] start ipc thread id[2876]
2026-05-06 11:51:36 [Info] [4692] Connect Yundun ipc server return state is 0
2026-05-06 11:51:37 [Info] [4692] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-05-06 11:51:37 [Info] [4692] yundun connected
2026-05-06 11:51:37 [Info] [4692] Report thread
2026-05-06 11:51:37 [Info] [4692] Monitor thread
2026-05-06 11:51:37 [Info] [4692] Loader thread
2026-05-06 11:51:37 [Info] [4692] PythonEngineImpl Init...
2026-05-06 11:51:37 [Info] [4692] recvmsg: HELLO
2026-05-06 11:51:37 [Info] [4692] recvmsg: WORK
2026-05-06 11:51:37 [Info] [4692] no use encode, return to old mode
2026-05-06 11:51:37 [Info] [4692] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 11:51:37 [Info] [4692] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 11:51:37 [Info] [4692] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 11:51:37 [Warn] [4692] high cpu, cpu is 13
2026-05-06 11:51:37 [Info] [4692] try get sys version
2026-05-06 11:51:37 [Info] [4692] win sys info:2/10:0:3
2026-05-06 11:51:37 [Info] [4692] suit legal version, enable cpu control
2026-05-06 11:51:37 [Warn] [4692] High CPU Warning: 13
2026-05-06 11:51:37 [Warn] [4692] resource monitor exp type: High CPU Warning, script runing: 0
2026-05-06 11:51:37 [Info] [4692] log fd cnt is [250], real fd cnt is [282]
2026-05-06 11:51:37 [Info] [4692] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 11:51:38 [Info] [4692] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-05-06 11:51:38 [Info] [4692] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-05-06 11:51:38 [Info] [4692] log memory size is 20480KB, real memory size is 14828KB
2026-05-06 11:51:39 [Info] [4692] item: --windows-sysinfoext-check
2026-05-06 11:51:39 [Info] [4692] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-05-06 11:51:39 [Info] [4692] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-05-06 11:51:39 [Info] [4692] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 11:51:39 [Info] [4692] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 11:51:39 [Info] [4692] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-05-06 11:51:39 [Info] [4692] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-05-06 11:51:39 [Info] [4692] Prepare stage1: --windows-sysinfoext-check
2026-05-06 11:51:39 [Info] [4692] Prepare stage2
2026-05-06 11:51:42 [Info] [4692] log memory size is 30720KB, real memory size is 23188KB
2026-05-06 11:51:43 [Info] [4692] stage3: --windows-sysinfoext-check
2026-05-06 11:51:43 [Info] [4692] Loader after check
2026-05-06 11:51:44 [Info] [4692] Enter reuse wait state.
2026-05-06 11:51:48 [Info] [4692] recvmsg: EXIT
2026-05-06 11:51:48 [Info] [4692] Recv Exit Msg, Exit...
2026-05-06 17:21:16 [Info] [2020] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-05-06 17:21:16 [Info] [2020] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap21531778059270 
2026-05-06 17:21:16 [Info] [2020] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-05-06 17:21:16 [Info] [2020] Resource monitor start
2026-05-06 17:21:16 [Info] [2020] ipc client init success
2026-05-06 17:21:16 [Info] [2020] Ipc init: 0
2026-05-06 17:21:16 [Info] [2020] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-05-06 17:21:17 [Info] [2020] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-05-06 17:21:17 [Info] [2020] CResourceMonitor::run Enter
2026-05-06 17:21:17 [Info] [2020] CIpcMsgHandlerMgr::run Enter
2026-05-06 17:21:17 [Info] [2020] start ipc thread id[848]
2026-05-06 17:21:17 [Info] [2020] Connect Yundun ipc server return state is 0
2026-05-06 17:21:17 [Info] [2020] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-05-06 17:21:17 [Info] [2020] yundun connected
2026-05-06 17:21:17 [Info] [2020] Report thread
2026-05-06 17:21:17 [Info] [2020] Monitor thread
2026-05-06 17:21:17 [Info] [2020] Loader thread
2026-05-06 17:21:17 [Info] [2020] PythonEngineImpl Init...
2026-05-06 17:21:17 [Info] [2020] recvmsg: HELLO
2026-05-06 17:21:17 [Info] [2020] recvmsg: WORK
2026-05-06 17:21:17 [Info] [2020] no use encode, return to old mode
2026-05-06 17:21:18 [Info] [2020] log fd cnt is [250], real fd cnt is [263]
2026-05-06 17:21:19 [Info] [2020] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 17:21:19 [Info] [2020] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 17:21:19 [Info] [2020] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 17:21:19 [Info] [2020] log memory size is 20480KB, real memory size is 13112KB
2026-05-06 17:21:23 [Info] [2020] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 17:21:23 [Info] [2020] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-05-06 17:21:23 [Info] [2020] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-05-06 17:21:24 [Info] [2020] item: --windows-sysinfoext-check
2026-05-06 17:21:24 [Info] [2020] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-05-06 17:21:24 [Info] [2020] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-05-06 17:21:24 [Info] [2020] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 17:21:24 [Info] [2020] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 17:21:25 [Info] [2020] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-05-06 17:21:25 [Info] [2020] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-05-06 17:21:25 [Info] [2020] Prepare stage1: --windows-sysinfoext-check
2026-05-06 17:21:25 [Info] [2020] Prepare stage2
2026-05-06 17:21:29 [Info] [2020] log memory size is 30720KB, real memory size is 23000KB
2026-05-06 17:21:34 [Info] [2020] stage3: --windows-sysinfoext-check
2026-05-06 17:21:34 [Info] [2020] Loader after check
2026-05-06 17:21:35 [Info] [2020] Enter reuse wait state.
2026-05-06 17:21:36 [Info] [2020] recvmsg: EXIT
2026-05-06 17:21:36 [Info] [2020] Recv Exit Msg, Exit...
2026-05-06 18:41:50 [Info] [2696] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-05-06 18:41:50 [Info] [2696] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap179511778064108 
2026-05-06 18:41:50 [Info] [2696] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-05-06 18:41:50 [Info] [2696] Resource monitor start
2026-05-06 18:41:50 [Info] [2696] ipc client init success
2026-05-06 18:41:50 [Info] [2696] Ipc init: 0
2026-05-06 18:41:50 [Info] [2696] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-05-06 18:41:50 [Info] [2696] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-05-06 18:41:50 [Info] [2696] start ipc thread id[4460]
2026-05-06 18:41:50 [Info] [2696] Connect Yundun ipc server return state is 0
2026-05-06 18:41:50 [Info] [2696] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-05-06 18:41:50 [Info] [2696] CIpcMsgHandlerMgr::run Enter
2026-05-06 18:41:50 [Info] [2696] CResourceMonitor::run Enter
2026-05-06 18:41:50 [Info] [2696] yundun connected
2026-05-06 18:41:50 [Info] [2696] Report thread
2026-05-06 18:41:50 [Info] [2696] Monitor thread
2026-05-06 18:41:51 [Info] [2696] Loader thread
2026-05-06 18:41:51 [Info] [2696] recvmsg: HELLO
2026-05-06 18:41:51 [Info] [2696] recvmsg: WORK
2026-05-06 18:41:51 [Info] [2696] no use encode, return to old mode
2026-05-06 18:41:51 [Info] [2696] PythonEngineImpl Init...
2026-05-06 18:41:51 [Info] [2696] log fd cnt is [250], real fd cnt is [262]
2026-05-06 18:41:52 [Info] [2696] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 18:41:52 [Info] [2696] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 18:41:52 [Info] [2696] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 18:41:52 [Info] [2696] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 18:41:52 [Info] [2696] log memory size is 20480KB, real memory size is 14408KB
2026-05-06 18:41:53 [Info] [2696] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-05-06 18:41:53 [Info] [2696] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-05-06 18:41:54 [Info] [2696] item: --secnet_rasp_agent
2026-05-06 18:41:54 [Info] [2696] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-05-06 18:41:54 [Info] [2696] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-05-06 18:41:54 [Info] [2696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-05-06 18:41:54 [Info] [2696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-05-06 18:41:54 [Info] [2696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-05-06 18:41:55 [Info] [2696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-05-06 18:41:55 [Info] [2696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-05-06 18:41:55 [Info] [2696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-05-06 18:41:55 [Info] [2696] Download redirect files success.
2026-05-06 18:41:55 [Info] [2696] Prepare stage1: --secnet_rasp_agent
2026-05-06 18:41:55 [Info] [2696] Prepare stage2
2026-05-06 18:41:59 [Info] [2696] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-05-06 18:41:59 [Info] [2696] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-05-06 18:41:59 [Info] [2696] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 18:41:59 [Info] [2696] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 18:41:59 [Info] [2696] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-05-06 18:41:59 [Info] [2696] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-05-06 18:41:59 [Info] [2696] stage3: --secnet_rasp_agent
2026-05-06 18:41:59 [Info] [2696] Loader after check
2026-05-06 18:42:00 [Info] [2696] Enter reuse wait state.
2026-05-06 18:42:01 [Info] [2696] log memory size is 30720KB, real memory size is 21220KB
2026-05-06 18:42:06 [Info] [2696] recvmsg: EXIT
2026-05-06 18:42:06 [Info] [2696] Recv Exit Msg, Exit...
2026-05-06 23:26:50 [Info] [2280] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13====================
2026-05-06 23:26:50 [Info] [2280] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap82341778081201 
2026-05-06 23:26:50 [Info] [2280] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-05-06 23:26:50 [Info] [2280] Resource monitor start
2026-05-06 23:26:50 [Info] [2280] ipc client init success
2026-05-06 23:26:50 [Info] [2280] Ipc init: 0
2026-05-06 23:26:50 [Info] [2280] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-05-06 23:26:50 [Info] [2280] CResourceMonitor::run Enter
2026-05-06 23:26:50 [Info] [2280] CIpcMsgHandlerMgr::run Enter
2026-05-06 23:26:50 [Info] [2280] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll
2026-05-06 23:26:50 [Info] [2280] start ipc thread id[4424]
2026-05-06 23:26:50 [Info] [2280] Connect Yundun ipc server return state is 0
2026-05-06 23:26:51 [Info] [2280] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll
2026-05-06 23:26:51 [Info] [2280] yundun connected
2026-05-06 23:26:51 [Info] [2280] Report thread
2026-05-06 23:26:51 [Info] [2280] Monitor thread
2026-05-06 23:26:51 [Info] [2280] Loader thread
2026-05-06 23:26:51 [Info] [2280] PythonEngineImpl Init...
2026-05-06 23:26:51 [Info] [2280] recvmsg: HELLO
2026-05-06 23:26:51 [Info] [2280] recvmsg: WORK
2026-05-06 23:26:51 [Info] [2280] no use encode, return to old mode
2026-05-06 23:26:51 [Info] [2280] log fd cnt is [250], real fd cnt is [260]
2026-05-06 23:26:51 [Info] [2280] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 23:26:51 [Info] [2280] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-05-06 23:26:51 [Info] [2280] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 23:26:52 [Info] [2280] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 23:26:52 [Info] [2280] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-05-06 23:26:52 [Info] [2280] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-05-06 23:26:52 [Info] [2280] log memory size is 20480KB, real memory size is 14608KB
2026-05-06 23:26:53 [Info] [2280] item: --windows-sysinfoext-check
2026-05-06 23:26:53 [Info] [2280] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-05-06 23:26:53 [Info] [2280] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-05-06 23:26:53 [Info] [2280] start post buffer update.aegis.aliyun.com/file_policy/file
2026-05-06 23:26:53 [Info] [2280] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-05-06 23:26:53 [Info] [2280] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-05-06 23:26:53 [Info] [2280] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-05-06 23:26:53 [Info] [2280] Prepare stage1: --windows-sysinfoext-check
2026-05-06 23:26:53 [Info] [2280] Prepare stage2
2026-05-06 23:26:55 [Warn] [2280] high cpu, cpu is 16
2026-05-06 23:26:55 [Info] [2280] try get sys version
2026-05-06 23:26:55 [Info] [2280] win sys info:2/10:0:3
2026-05-06 23:26:55 [Info] [2280] suit legal version, enable cpu control
2026-05-06 23:26:55 [Warn] [2280] High CPU Warning: 16
2026-05-06 23:26:56 [Warn] [2280] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-05-06 23:26:57 [Info] [2280] log memory size is 30720KB, real memory size is 22956KB
2026-05-06 23:26:57 [Info] [2280] stage3: --windows-sysinfoext-check
2026-05-06 23:26:57 [Info] [2280] Loader after check
2026-05-06 23:26:58 [Warn] [2280] high cpu, cpu is 13
2026-05-06 23:26:58 [Warn] [2280] High CPU Warning: 13
2026-05-06 23:26:58 [Info] [2280] Enter reuse wait state.
2026-05-06 23:27:00 [Info] [2280] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-05-06 23:27:02 [Info] [2280] recvmsg: EXIT
2026-05-06 23:27:02 [Info] [2280] Recv Exit Msg, Exit...