| Server IP : 123.56.80.60 / Your IP : 216.73.216.217 Web Server : Apache/2.4.54 (Win32) OpenSSL/1.1.1s PHP/7.4.33 mod_fcgid/2.3.10-dev System : Windows NT iZhx3sob14hnz7Z 10.0 build 14393 (Windows Server 2016) i586 User : SYSTEM ( 0) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/data/rtap/log/ |
Upload File : |
2026-03-20 02:13:46 [Info] [3984] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-20 02:13:46 [Info] [3984] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap311421773944025 2026-03-20 02:13:46 [Info] [3984] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-20 02:13:46 [Info] [3984] Resource monitor start 2026-03-20 02:13:46 [Info] [3984] ipc client init success 2026-03-20 02:13:46 [Info] [3984] Ipc init: 0 2026-03-20 02:13:46 [Info] [3984] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-20 02:13:46 [Info] [3984] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-20 02:13:46 [Info] [3984] start ipc thread id[2188] 2026-03-20 02:13:46 [Info] [3984] Connect Yundun ipc server return state is 0 2026-03-20 02:13:46 [Info] [3984] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-20 02:13:46 [Info] [3984] CResourceMonitor::run Enter 2026-03-20 02:13:46 [Info] [3984] CIpcMsgHandlerMgr::run Enter 2026-03-20 02:13:46 [Info] [3984] Report thread 2026-03-20 02:13:46 [Info] [3984] Monitor thread 2026-03-20 02:13:46 [Info] [3984] Loader thread 2026-03-20 02:13:46 [Info] [3984] PythonEngineImpl Init... 2026-03-20 02:13:52 [Info] [3984] yundun connected 2026-03-20 02:13:55 [Info] [3984] recvmsg: HELLO 2026-03-20 02:13:55 [Info] [3984] recvmsg: WORK 2026-03-20 02:13:55 [Info] [3984] no use encode, return to old mode 2026-03-20 02:13:55 [Info] [3984] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-20 02:13:55 [Info] [3984] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 02:13:55 [Info] [3984] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 02:13:55 [Info] [3984] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 02:13:57 [Info] [3984] log fd cnt is [250], real fd cnt is [264] 2026-03-20 02:13:58 [Info] [3984] log memory size is 20480KB, real memory size is 13264KB 2026-03-20 02:14:09 [Warn] [3984] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-20 02:14:20 [Warn] [3984] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-03-20 02:14:20 [Info] [3984] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 02:14:20 [Info] [3984] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-20 02:14:20 [Info] [3984] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-20 02:14:22 [Info] [3984] item: --windows-sysinfoext-check 2026-03-20 02:14:22 [Info] [3984] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-20 02:14:22 [Info] [3984] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-20 02:14:22 [Info] [3984] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 02:14:22 [Info] [3984] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 02:14:22 [Info] [3984] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-20 02:14:22 [Info] [3984] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-20 02:14:23 [Info] [3984] Prepare stage1: --windows-sysinfoext-check 2026-03-20 02:14:23 [Info] [3984] Prepare stage2 2026-03-20 02:14:23 [Warn] [3984] high cpu, cpu is 15 2026-03-20 02:14:23 [Info] [3984] try get sys version 2026-03-20 02:14:23 [Info] [3984] win sys info:2/10:0:3 2026-03-20 02:14:23 [Info] [3984] suit legal version, enable cpu control 2026-03-20 02:14:23 [Warn] [3984] High CPU Warning: 15 2026-03-20 02:14:24 [Warn] [3984] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-20 02:14:24 [Info] [3984] stage3: --windows-sysinfoext-check 2026-03-20 02:14:24 [Info] [3984] Loader after check 2026-03-20 02:14:25 [Info] [3984] Enter reuse wait state. 2026-03-20 02:14:27 [Info] [3984] log memory size is 30720KB, real memory size is 23396KB 2026-03-20 02:14:28 [Info] [3984] recvmsg: EXIT 2026-03-20 02:14:28 [Info] [3984] Recv Exit Msg, Exit... 2026-03-20 05:17:39 [Info] [3336] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-20 05:17:39 [Info] [3336] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap16381773955059 2026-03-20 05:17:39 [Info] [3336] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-20 05:17:39 [Info] [3336] Resource monitor start 2026-03-20 05:17:39 [Info] [3336] ipc client init success 2026-03-20 05:17:39 [Info] [3336] Ipc init: 0 2026-03-20 05:17:39 [Info] [3336] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-20 05:17:39 [Info] [3336] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-20 05:17:39 [Info] [3336] start ipc thread id[3220] 2026-03-20 05:17:39 [Info] [3336] Connect Yundun ipc server return state is 0 2026-03-20 05:17:39 [Info] [3336] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-20 05:17:39 [Info] [3336] CResourceMonitor::run Enter 2026-03-20 05:17:39 [Info] [3336] CIpcMsgHandlerMgr::run Enter 2026-03-20 05:17:39 [Info] [3336] Report thread 2026-03-20 05:17:39 [Info] [3336] Monitor thread 2026-03-20 05:17:39 [Info] [3336] Loader thread 2026-03-20 05:17:39 [Info] [3336] PythonEngineImpl Init... 2026-03-20 05:17:39 [Info] [3336] yundun connected 2026-03-20 05:17:40 [Info] [3336] recvmsg: HELLO 2026-03-20 05:17:40 [Info] [3336] recvmsg: WORK 2026-03-20 05:17:40 [Info] [3336] no use encode, return to old mode 2026-03-20 05:17:40 [Info] [3336] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 05:17:40 [Info] [3336] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 05:17:40 [Info] [3336] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 05:17:40 [Info] [3336] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 05:17:40 [Info] [3336] log fd cnt is [250], real fd cnt is [286] 2026-03-20 05:17:40 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-20 05:17:40 [Info] [3336] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-20 05:17:41 [Info] [3336] log memory size is 20480KB, real memory size is 14812KB 2026-03-20 05:17:42 [Info] [3336] item: --sca 2026-03-20 05:17:42 [Info] [3336] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-20 05:17:42 [Info] [3336] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-20 05:17:42 [Info] [3336] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py 2026-03-20 05:17:42 [Info] [3336] start do http get request for update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py 2026-03-20 05:17:42 [Info] [3336] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py.md5 2026-03-20 05:17:42 [Info] [3336] start do http get request for aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py.md5 2026-03-20 05:17:42 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py.md5, http code : 200, curl ret : 0 2026-03-20 05:17:42 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py, http code : 200, curl ret : 0 2026-03-20 05:17:42 [Info] [3336] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/sca.py 2026-03-20 05:17:42 [Info] [3336] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/version.py 2026-03-20 05:17:42 [Info] [3336] start do http get request for update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/version.py 2026-03-20 05:17:42 [Info] [3336] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/version.py.md5 2026-03-20 05:17:42 [Info] [3336] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/version.py.md5 2026-03-20 05:17:42 [Info] [3336] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-20 05:17:42 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/version.py.md5, http code : 200, curl ret : 0 2026-03-20 05:17:42 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/version.py, http code : 200, curl ret : 0 2026-03-20 05:17:42 [Info] [3336] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/version.py 2026-03-20 05:17:42 [Info] [3336] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py 2026-03-20 05:17:42 [Info] [3336] start do http get request for update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py 2026-03-20 05:17:43 [Info] [3336] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py.md5 2026-03-20 05:17:43 [Info] [3336] start do http get request for aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py.md5 2026-03-20 05:17:43 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py.md5, http code : 200, curl ret : 0 2026-03-20 05:17:43 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py, http code : 200, curl ret : 0 2026-03-20 05:17:43 [Info] [3336] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/sca_utils.py 2026-03-20 05:17:43 [Info] [3336] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py 2026-03-20 05:17:43 [Info] [3336] start do http get request for update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py 2026-03-20 05:17:43 [Info] [3336] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py.md5 2026-03-20 05:17:43 [Info] [3336] start do http get request for aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py.md5 2026-03-20 05:17:43 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py.md5, http code : 200, curl ret : 0 2026-03-20 05:17:43 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py, http code : 200, curl ret : 0 2026-03-20 05:17:43 [Info] [3336] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/sca_common_proc.py 2026-03-20 05:17:43 [Info] [3336] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py 2026-03-20 05:17:43 [Info] [3336] start do http get request for update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py 2026-03-20 05:17:44 [Info] [3336] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py.md5 2026-03-20 05:17:44 [Info] [3336] start do http get request for aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py.md5 2026-03-20 05:17:44 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py.md5, http code : 200, curl ret : 0 2026-03-20 05:17:44 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py, http code : 200, curl ret : 0 2026-03-20 05:17:44 [Info] [3336] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/sca_java_proc.py 2026-03-20 05:17:44 [Info] [3336] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_node_proc.py 2026-03-20 05:17:44 [Info] [3336] start do http get request for update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_node_proc.py 2026-03-20 05:17:44 [Info] [3336] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_node_proc.py.md5 2026-03-20 05:17:44 [Info] [3336] start do http get request for aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_node_proc.py.md5 2026-03-20 05:17:44 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_node_proc.py.md5, http code : 200, curl ret : 0 2026-03-20 05:17:44 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_node_proc.py, http code : 200, curl ret : 0 2026-03-20 05:17:44 [Info] [3336] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/sca_node_proc.py 2026-03-20 05:17:44 [Info] [3336] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-03-20 05:17:44 [Info] [3336] start do http get request for update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-03-20 05:17:44 [Info] [3336] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py.md5 2026-03-20 05:17:44 [Info] [3336] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py.md5 2026-03-20 05:17:44 [Warn] [3336] high cpu, cpu is 14 2026-03-20 05:17:44 [Info] [3336] try get sys version 2026-03-20 05:17:44 [Info] [3336] win sys info:2/10:0:3 2026-03-20 05:17:44 [Info] [3336] suit legal version, enable cpu control 2026-03-20 05:17:44 [Warn] [3336] High CPU Warning: 14 2026-03-20 05:17:44 [Warn] [3336] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-20 05:17:44 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py.md5, http code : 200, curl ret : 0 2026-03-20 05:17:44 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py, http code : 200, curl ret : 0 2026-03-20 05:17:45 [Info] [3336] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/sca_webcontainer_proc.py 2026-03-20 05:17:45 [Info] [3336] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_business_type.py 2026-03-20 05:17:45 [Info] [3336] start do http get request for update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_business_type.py 2026-03-20 05:17:45 [Info] [3336] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_business_type.py.md5 2026-03-20 05:17:45 [Info] [3336] start do http get request for aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_business_type.py.md5 2026-03-20 05:17:45 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_business_type.py.md5, http code : 200, curl ret : 0 2026-03-20 05:17:45 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_business_type.py, http code : 200, curl ret : 0 2026-03-20 05:17:45 [Info] [3336] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/sca_business_type.py 2026-03-20 05:17:45 [Info] [3336] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-03-20 05:17:45 [Info] [3336] start do http get request for update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-03-20 05:17:45 [Info] [3336] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_python_proc.py.md5 2026-03-20 05:17:45 [Info] [3336] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_python_proc.py.md5 2026-03-20 05:17:45 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_python_proc.py.md5, http code : 200, curl ret : 0 2026-03-20 05:17:45 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_python_proc.py, http code : 200, curl ret : 0 2026-03-20 05:17:45 [Info] [3336] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/sca_python_proc.py 2026-03-20 05:17:45 [Info] [3336] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-03-20 05:17:45 [Info] [3336] start do http get request for update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-03-20 05:17:46 [Info] [3336] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py.md5 2026-03-20 05:17:46 [Info] [3336] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py.md5 2026-03-20 05:17:46 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py.md5, http code : 200, curl ret : 0 2026-03-20 05:17:46 [Info] [3336] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py, http code : 200, curl ret : 0 2026-03-20 05:17:46 [Info] [3336] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/sca_poc_vul_scan.py 2026-03-20 05:17:46 [Info] [3336] Download redirect files success. 2026-03-20 05:17:46 [Info] [3336] Prepare stage1: --sca 2026-03-20 05:17:46 [Info] [3336] Prepare stage2 2026-03-20 05:17:47 [Warn] [3336] high cpu, cpu is 37 2026-03-20 05:17:47 [Warn] [3336] High CPU Warning: 37 2026-03-20 05:17:50 [Info] [3336] log memory size is 30720KB, real memory size is 33000KB 2026-03-20 05:17:54 [Info] [3336] log memory size is 40960KB, real memory size is 33292KB 2026-03-20 05:18:19 [Warn] [3336] high cpu, cpu is 21 2026-03-20 05:18:19 [Warn] [3336] High CPU Warning: 21 2026-03-20 05:18:19 [Warn] [3336] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:sca.py line: 188 in func: init_analyzer File:sca.py line: 390 in func: start 2026-03-20 05:18:21 [Info] [3336] stage3: --sca 2026-03-20 05:18:21 [Info] [3336] Loader after check 2026-03-20 05:18:22 [Info] [3336] Enter reuse wait state. 2026-03-20 05:18:23 [Info] [3336] recvmsg: EXIT 2026-03-20 05:18:23 [Info] [3336] Recv Exit Msg, Exit... 2026-03-20 07:42:08 [Info] [3140] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-20 07:42:08 [Info] [3140] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap299121773963717 2026-03-20 07:42:08 [Info] [3140] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-20 07:42:08 [Info] [3140] Resource monitor start 2026-03-20 07:42:08 [Info] [3140] ipc client init success 2026-03-20 07:42:08 [Info] [3140] Ipc init: 0 2026-03-20 07:42:08 [Info] [3140] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-20 07:42:08 [Info] [3140] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-20 07:42:08 [Info] [3140] start ipc thread id[2692] 2026-03-20 07:42:08 [Info] [3140] Connect Yundun ipc server return state is 0 2026-03-20 07:42:08 [Info] [3140] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-20 07:42:08 [Info] [3140] CResourceMonitor::run Enter 2026-03-20 07:42:08 [Info] [3140] CIpcMsgHandlerMgr::run Enter 2026-03-20 07:42:08 [Info] [3140] Report thread 2026-03-20 07:42:08 [Info] [3140] Monitor thread 2026-03-20 07:42:08 [Info] [3140] Loader thread 2026-03-20 07:42:08 [Info] [3140] PythonEngineImpl Init... 2026-03-20 07:42:14 [Info] [3140] yundun connected 2026-03-20 07:42:16 [Info] [3140] log fd cnt is [250], real fd cnt is [261] 2026-03-20 07:42:16 [Info] [3140] recvmsg: HELLO 2026-03-20 07:42:16 [Info] [3140] recvmsg: WORK 2026-03-20 07:42:16 [Info] [3140] no use encode, return to old mode 2026-03-20 07:42:16 [Info] [3140] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 07:42:16 [Info] [3140] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 07:42:16 [Info] [3140] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 07:42:17 [Info] [3140] log memory size is 20480KB, real memory size is 13148KB 2026-03-20 07:42:21 [Info] [3140] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 07:42:21 [Info] [3140] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-20 07:42:21 [Info] [3140] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-20 07:42:22 [Info] [3140] item: --windows-sysinfoext-check 2026-03-20 07:42:22 [Info] [3140] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-20 07:42:22 [Info] [3140] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-20 07:42:22 [Info] [3140] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 07:42:23 [Info] [3140] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 07:42:23 [Info] [3140] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-20 07:42:23 [Info] [3140] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-20 07:42:23 [Info] [3140] Prepare stage1: --windows-sysinfoext-check 2026-03-20 07:42:23 [Info] [3140] Prepare stage2 2026-03-20 07:42:25 [Info] [3140] stage3: --windows-sysinfoext-check 2026-03-20 07:42:25 [Info] [3140] Loader after check 2026-03-20 07:42:25 [Info] [3140] log memory size is 30720KB, real memory size is 23228KB 2026-03-20 07:42:26 [Info] [3140] Enter reuse wait state. 2026-03-20 07:42:29 [Info] [3140] recvmsg: EXIT 2026-03-20 07:42:29 [Info] [3140] Recv Exit Msg, Exit... 2026-03-20 07:53:37 [Info] [4576] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-20 07:53:37 [Info] [4576] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap321981773964417 2026-03-20 07:53:37 [Info] [4576] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-20 07:53:37 [Info] [4576] Resource monitor start 2026-03-20 07:53:37 [Info] [4576] ipc client init success 2026-03-20 07:53:37 [Info] [4576] Ipc init: 0 2026-03-20 07:53:37 [Info] [4576] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-20 07:53:37 [Info] [4576] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-20 07:53:37 [Info] [4576] start ipc thread id[3964] 2026-03-20 07:53:37 [Info] [4576] Connect Yundun ipc server return state is 0 2026-03-20 07:53:37 [Info] [4576] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-20 07:53:37 [Info] [4576] CResourceMonitor::run Enter 2026-03-20 07:53:37 [Info] [4576] CIpcMsgHandlerMgr::run Enter 2026-03-20 07:53:37 [Info] [4576] Report thread 2026-03-20 07:53:37 [Info] [4576] Monitor thread 2026-03-20 07:53:37 [Info] [4576] Loader thread 2026-03-20 07:53:37 [Info] [4576] PythonEngineImpl Init... 2026-03-20 07:53:37 [Info] [4576] yundun connected 2026-03-20 07:53:37 [Info] [4576] recvmsg: HELLO 2026-03-20 07:53:37 [Info] [4576] recvmsg: WORK 2026-03-20 07:53:37 [Info] [4576] no use encode, return to old mode 2026-03-20 07:53:38 [Info] [4576] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 07:53:38 [Info] [4576] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 07:53:38 [Info] [4576] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 07:53:38 [Info] [4576] log fd cnt is [250], real fd cnt is [274] 2026-03-20 07:53:39 [Info] [4576] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 07:53:39 [Info] [4576] log memory size is 20480KB, real memory size is 14548KB 2026-03-20 07:53:39 [Info] [4576] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-20 07:53:39 [Info] [4576] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-20 07:53:40 [Info] [4576] item: --windows-vul-clean 2026-03-20 07:53:40 [Info] [4576] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py 2026-03-20 07:53:40 [Info] [4576] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py 2026-03-20 07:53:40 [Info] [4576] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 07:53:40 [Info] [4576] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 07:53:40 [Info] [4576] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-03-20 07:53:40 [Info] [4576] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-03-20 07:53:41 [Info] [4576] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-03-20 07:53:41 [Info] [4576] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py, http code : 200, curl ret : 0 2026-03-20 07:53:41 [Info] [4576] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py 2026-03-20 07:53:41 [Info] [4576] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/windows-vul-clean.py 2026-03-20 07:53:41 [Info] [4576] Prepare stage1: --windows-vul-clean 2026-03-20 07:53:41 [Info] [4576] Prepare stage2 2026-03-20 07:53:41 [Info] [4576] stage3: --windows-vul-clean 2026-03-20 07:53:41 [Info] [4576] Loader after check 2026-03-20 07:53:42 [Info] [4576] Enter reuse wait state. 2026-03-20 07:53:45 [Info] [4576] recvmsg: EXIT 2026-03-20 07:53:45 [Info] [4576] Recv Exit Msg, Exit... 2026-03-20 08:53:30 [Info] [740] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-20 08:53:30 [Info] [740] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap111631773968010 2026-03-20 08:53:30 [Info] [740] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-20 08:53:30 [Info] [740] Resource monitor start 2026-03-20 08:53:30 [Info] [740] ipc client init success 2026-03-20 08:53:30 [Info] [740] Ipc init: 0 2026-03-20 08:53:30 [Info] [740] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-20 08:53:30 [Info] [740] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-20 08:53:30 [Info] [740] start ipc thread id[1128] 2026-03-20 08:53:30 [Info] [740] Connect Yundun ipc server return state is 0 2026-03-20 08:53:30 [Info] [740] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-20 08:53:30 [Info] [740] CResourceMonitor::run Enter 2026-03-20 08:53:30 [Info] [740] CIpcMsgHandlerMgr::run Enter 2026-03-20 08:53:30 [Info] [740] Report thread 2026-03-20 08:53:30 [Info] [740] Monitor thread 2026-03-20 08:53:30 [Info] [740] Loader thread 2026-03-20 08:53:30 [Info] [740] PythonEngineImpl Init... 2026-03-20 08:53:30 [Info] [740] yundun connected 2026-03-20 08:53:31 [Info] [740] recvmsg: HELLO 2026-03-20 08:53:31 [Info] [740] recvmsg: WORK 2026-03-20 08:53:31 [Info] [740] no use encode, return to old mode 2026-03-20 08:53:31 [Info] [740] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 08:53:31 [Info] [740] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 08:53:31 [Info] [740] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 08:53:31 [Info] [740] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 08:53:31 [Info] [740] log fd cnt is [250], real fd cnt is [282] 2026-03-20 08:53:31 [Info] [740] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-20 08:53:31 [Info] [740] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-20 08:53:32 [Info] [740] log memory size is 20480KB, real memory size is 14824KB 2026-03-20 08:53:32 [Info] [740] item: --windows-process-check 2026-03-20 08:53:32 [Info] [740] cgroup name aegisRtap0 2026-03-20 08:53:32 [Info] [740] try get sys version 2026-03-20 08:53:32 [Info] [740] win sys info:2/10:0:3 2026-03-20 08:53:32 [Info] [740] suit legal version, enable cpu control 2026-03-20 08:53:32 [Info] [740] get AssignProcessToJobObject handle [00000478] 2026-03-20 08:53:32 [Info] [740] Set setJobExtended. 2026-03-20 08:53:32 [Info] [740] Set cpu [9%] 2026-03-20 08:53:32 [Info] [740] Set cpu success 2026-03-20 08:53:32 [Info] [740] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py 2026-03-20 08:53:32 [Info] [740] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py 2026-03-20 08:53:32 [Info] [740] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 08:53:32 [Info] [740] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 08:53:33 [Info] [740] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-03-20 08:53:33 [Info] [740] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-03-20 08:53:33 [Info] [740] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-03-20 08:53:33 [Info] [740] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py, http code : 200, curl ret : 0 2026-03-20 08:53:33 [Info] [740] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py 2026-03-20 08:53:33 [Info] [740] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/windows-process-check.py 2026-03-20 08:53:33 [Info] [740] Prepare stage1: --windows-process-check 2026-03-20 08:53:33 [Info] [740] Prepare stage2 2026-03-20 08:53:37 [Info] [740] log memory size is 30720KB, real memory size is 20608KB 2026-03-20 08:53:40 [Info] [740] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-20 08:53:52 [Info] [740] stage3: --windows-process-check 2026-03-20 08:53:52 [Info] [740] Loader after check 2026-03-20 08:53:53 [Info] [740] Enter reuse wait state. 2026-03-20 08:53:58 [Info] [740] recvmsg: EXIT 2026-03-20 08:53:58 [Info] [740] Recv Exit Msg, Exit... 2026-03-20 10:32:14 [Info] [4884] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-20 10:32:14 [Info] [4884] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap305081773973934 2026-03-20 10:32:14 [Info] [4884] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-20 10:32:14 [Info] [4884] Resource monitor start 2026-03-20 10:32:14 [Info] [4884] ipc client init success 2026-03-20 10:32:14 [Info] [4884] Ipc init: 0 2026-03-20 10:32:14 [Info] [4884] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-20 10:32:14 [Info] [4884] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-20 10:32:14 [Info] [4884] start ipc thread id[412] 2026-03-20 10:32:14 [Info] [4884] Connect Yundun ipc server return state is 0 2026-03-20 10:32:14 [Info] [4884] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-20 10:32:14 [Info] [4884] CResourceMonitor::run Enter 2026-03-20 10:32:14 [Info] [4884] CIpcMsgHandlerMgr::run Enter 2026-03-20 10:32:14 [Info] [4884] Report thread 2026-03-20 10:32:14 [Info] [4884] Monitor thread 2026-03-20 10:32:14 [Info] [4884] Loader thread 2026-03-20 10:32:14 [Info] [4884] PythonEngineImpl Init... 2026-03-20 10:32:14 [Info] [4884] yundun connected 2026-03-20 10:32:14 [Info] [4884] recvmsg: HELLO 2026-03-20 10:32:14 [Info] [4884] recvmsg: WORK 2026-03-20 10:32:14 [Info] [4884] no use encode, return to old mode 2026-03-20 10:32:14 [Info] [4884] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 10:32:14 [Info] [4884] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 10:32:14 [Info] [4884] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 10:32:15 [Info] [4884] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 10:32:15 [Info] [4884] log fd cnt is [250], real fd cnt is [282] 2026-03-20 10:32:15 [Info] [4884] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-20 10:32:15 [Info] [4884] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-20 10:32:16 [Info] [4884] log memory size is 20480KB, real memory size is 14832KB 2026-03-20 10:32:16 [Info] [4884] item: --windows-registry-check 2026-03-20 10:32:16 [Info] [4884] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py 2026-03-20 10:32:16 [Info] [4884] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py 2026-03-20 10:32:16 [Info] [4884] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 10:32:16 [Info] [4884] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 10:32:16 [Info] [4884] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-03-20 10:32:16 [Info] [4884] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-03-20 10:32:16 [Info] [4884] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-03-20 10:32:16 [Info] [4884] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py, http code : 200, curl ret : 0 2026-03-20 10:32:16 [Info] [4884] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py 2026-03-20 10:32:17 [Info] [4884] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/windows-registry-check.py 2026-03-20 10:32:17 [Info] [4884] Prepare stage1: --windows-registry-check 2026-03-20 10:32:17 [Info] [4884] Prepare stage2 2026-03-20 10:32:39 [Info] [4884] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-20 10:32:54 [Info] [4884] stage3: --windows-registry-check 2026-03-20 10:32:54 [Info] [4884] Loader after check 2026-03-20 10:32:55 [Info] [4884] Enter reuse wait state. 2026-03-20 10:32:58 [Info] [4884] recvmsg: EXIT 2026-03-20 10:32:58 [Info] [4884] Recv Exit Msg, Exit... 2026-03-20 10:44:23 [Info] [2012] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-20 10:44:23 [Info] [2012] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap1211773974663 2026-03-20 10:44:23 [Info] [2012] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-20 10:44:23 [Info] [2012] Resource monitor start 2026-03-20 10:44:23 [Info] [2012] ipc client init success 2026-03-20 10:44:23 [Info] [2012] Ipc init: 0 2026-03-20 10:44:23 [Info] [2012] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-20 10:44:23 [Info] [2012] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-20 10:44:23 [Info] [2012] start ipc thread id[4168] 2026-03-20 10:44:23 [Info] [2012] Connect Yundun ipc server return state is 0 2026-03-20 10:44:23 [Info] [2012] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-20 10:44:23 [Info] [2012] CResourceMonitor::run Enter 2026-03-20 10:44:23 [Info] [2012] CIpcMsgHandlerMgr::run Enter 2026-03-20 10:44:23 [Info] [2012] Report thread 2026-03-20 10:44:23 [Info] [2012] Monitor thread 2026-03-20 10:44:23 [Info] [2012] Loader thread 2026-03-20 10:44:23 [Info] [2012] PythonEngineImpl Init... 2026-03-20 10:44:23 [Info] [2012] yundun connected 2026-03-20 10:44:24 [Info] [2012] recvmsg: HELLO 2026-03-20 10:44:24 [Info] [2012] recvmsg: WORK 2026-03-20 10:44:24 [Info] [2012] no use encode, return to old mode 2026-03-20 10:44:24 [Info] [2012] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 10:44:24 [Info] [2012] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 10:44:24 [Info] [2012] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 10:44:24 [Info] [2012] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 10:44:24 [Info] [2012] log fd cnt is [250], real fd cnt is [282] 2026-03-20 10:44:24 [Info] [2012] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-20 10:44:24 [Info] [2012] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-20 10:44:25 [Info] [2012] log memory size is 20480KB, real memory size is 14744KB 2026-03-20 10:44:26 [Info] [2012] item: --windows-driver-version-check 2026-03-20 10:44:26 [Info] [2012] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py 2026-03-20 10:44:26 [Info] [2012] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py 2026-03-20 10:44:26 [Info] [2012] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 10:44:26 [Info] [2012] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 10:44:26 [Info] [2012] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-03-20 10:44:26 [Info] [2012] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-03-20 10:44:26 [Info] [2012] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-03-20 10:44:26 [Info] [2012] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py, http code : 200, curl ret : 0 2026-03-20 10:44:26 [Info] [2012] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py 2026-03-20 10:44:26 [Info] [2012] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/windows-driver-version-check.py 2026-03-20 10:44:26 [Info] [2012] Prepare stage1: --windows-driver-version-check 2026-03-20 10:44:26 [Info] [2012] Prepare stage2 2026-03-20 10:44:26 [Info] [2012] stage3: --windows-driver-version-check 2026-03-20 10:44:26 [Info] [2012] Loader after check 2026-03-20 10:44:27 [Info] [2012] Enter reuse wait state. 2026-03-20 10:44:31 [Info] [2012] recvmsg: EXIT 2026-03-20 10:44:31 [Info] [2012] Recv Exit Msg, Exit... 2026-03-20 10:44:47 [Info] [1404] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-20 10:44:47 [Info] [1404] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap1991773974687 2026-03-20 10:44:47 [Info] [1404] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-20 10:44:47 [Info] [1404] Resource monitor start 2026-03-20 10:44:47 [Info] [1404] ipc client init success 2026-03-20 10:44:47 [Info] [1404] Ipc init: 0 2026-03-20 10:44:47 [Info] [1404] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-20 10:44:47 [Info] [1404] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-20 10:44:47 [Info] [1404] start ipc thread id[1992] 2026-03-20 10:44:47 [Info] [1404] Connect Yundun ipc server return state is 0 2026-03-20 10:44:47 [Info] [1404] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-20 10:44:47 [Info] [1404] CResourceMonitor::run Enter 2026-03-20 10:44:47 [Info] [1404] CIpcMsgHandlerMgr::run Enter 2026-03-20 10:44:47 [Info] [1404] Report thread 2026-03-20 10:44:47 [Info] [1404] Monitor thread 2026-03-20 10:44:47 [Info] [1404] Loader thread 2026-03-20 10:44:47 [Info] [1404] PythonEngineImpl Init... 2026-03-20 10:44:47 [Info] [1404] yundun connected 2026-03-20 10:44:47 [Info] [1404] recvmsg: HELLO 2026-03-20 10:44:47 [Info] [1404] recvmsg: WORK 2026-03-20 10:44:47 [Info] [1404] no use encode, return to old mode 2026-03-20 10:44:47 [Info] [1404] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 10:44:47 [Info] [1404] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 10:44:47 [Info] [1404] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 10:44:48 [Info] [1404] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 10:44:48 [Info] [1404] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-20 10:44:48 [Info] [1404] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-20 10:44:48 [Info] [1404] log fd cnt is [250], real fd cnt is [281] 2026-03-20 10:44:49 [Info] [1404] log memory size is 20480KB, real memory size is 14864KB 2026-03-20 10:44:49 [Info] [1404] item: --windows-schedule-task-check 2026-03-20 10:44:49 [Info] [1404] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py 2026-03-20 10:44:49 [Info] [1404] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py 2026-03-20 10:44:49 [Info] [1404] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 10:44:49 [Info] [1404] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 10:44:49 [Info] [1404] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-03-20 10:44:49 [Info] [1404] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-03-20 10:44:49 [Info] [1404] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-03-20 10:44:49 [Info] [1404] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py, http code : 200, curl ret : 0 2026-03-20 10:44:49 [Info] [1404] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py 2026-03-20 10:44:49 [Info] [1404] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/windows-schedule-task-check.py 2026-03-20 10:44:49 [Info] [1404] Prepare stage1: --windows-schedule-task-check 2026-03-20 10:44:49 [Info] [1404] Prepare stage2 2026-03-20 10:44:50 [Info] [1404] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-20 10:44:53 [Info] [1404] log memory size is 30720KB, real memory size is 23684KB 2026-03-20 10:45:20 [Info] [1404] stage3: --windows-schedule-task-check 2026-03-20 10:45:20 [Info] [1404] Loader after check 2026-03-20 10:45:21 [Info] [1404] Enter reuse wait state. 2026-03-20 10:45:23 [Info] [1404] recvmsg: EXIT 2026-03-20 10:45:23 [Info] [1404] Recv Exit Msg, Exit... 2026-03-20 11:16:32 [Info] [1956] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-20 11:16:32 [Info] [1956] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap64201773976592 2026-03-20 11:16:32 [Info] [1956] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-20 11:16:32 [Info] [1956] Resource monitor start 2026-03-20 11:16:32 [Info] [1956] ipc client init success 2026-03-20 11:16:32 [Info] [1956] Ipc init: 0 2026-03-20 11:16:32 [Info] [1956] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-20 11:16:32 [Info] [1956] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-20 11:16:32 [Info] [1956] start ipc thread id[4192] 2026-03-20 11:16:32 [Info] [1956] Connect Yundun ipc server return state is 0 2026-03-20 11:16:32 [Info] [1956] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-20 11:16:32 [Info] [1956] CResourceMonitor::run Enter 2026-03-20 11:16:32 [Info] [1956] CIpcMsgHandlerMgr::run Enter 2026-03-20 11:16:32 [Info] [1956] Report thread 2026-03-20 11:16:32 [Info] [1956] Monitor thread 2026-03-20 11:16:32 [Info] [1956] Loader thread 2026-03-20 11:16:32 [Info] [1956] PythonEngineImpl Init... 2026-03-20 11:16:32 [Info] [1956] yundun connected 2026-03-20 11:16:33 [Info] [1956] recvmsg: HELLO 2026-03-20 11:16:33 [Info] [1956] recvmsg: WORK 2026-03-20 11:16:33 [Info] [1956] no use encode, return to old mode 2026-03-20 11:16:33 [Info] [1956] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 11:16:33 [Info] [1956] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 11:16:33 [Info] [1956] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 11:16:33 [Info] [1956] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 11:16:33 [Info] [1956] log fd cnt is [250], real fd cnt is [282] 2026-03-20 11:16:33 [Info] [1956] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-20 11:16:33 [Info] [1956] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-20 11:16:34 [Info] [1956] log memory size is 20480KB, real memory size is 14832KB 2026-03-20 11:16:34 [Info] [1956] item: --windows-autorun-item-check 2026-03-20 11:16:34 [Info] [1956] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py 2026-03-20 11:16:34 [Info] [1956] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py 2026-03-20 11:16:34 [Info] [1956] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 11:16:34 [Info] [1956] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 11:16:34 [Info] [1956] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-03-20 11:16:34 [Info] [1956] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-03-20 11:16:35 [Info] [1956] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-03-20 11:16:35 [Info] [1956] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py, http code : 200, curl ret : 0 2026-03-20 11:16:35 [Info] [1956] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py 2026-03-20 11:16:35 [Info] [1956] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/windows-autorun-item-check.py 2026-03-20 11:16:35 [Info] [1956] Prepare stage1: --windows-autorun-item-check 2026-03-20 11:16:35 [Info] [1956] Prepare stage2 2026-03-20 11:16:35 [Warn] [1956] high cpu, cpu is 13 2026-03-20 11:16:35 [Info] [1956] try get sys version 2026-03-20 11:16:35 [Info] [1956] win sys info:2/10:0:3 2026-03-20 11:16:35 [Info] [1956] suit legal version, enable cpu control 2026-03-20 11:16:35 [Warn] [1956] High CPU Warning: 13 2026-03-20 11:16:35 [Warn] [1956] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-autorun-item-check.py line: 220 in func: EnumRegKeyValue File:windows-autorun-item-check.py line: 257 in func: GetAutoRunByReg File:windows-autorun-item-check.py line: 500 in func: check File:windows-autorun-item-check.py line: 80 in func: main File:windows-autorun-item-check.py line: 534 in func: start 2026-03-20 11:16:38 [Info] [1956] log memory size is 30720KB, real memory size is 22584KB 2026-03-20 11:16:44 [Info] [1956] stage3: --windows-autorun-item-check 2026-03-20 11:16:44 [Info] [1956] Loader after check 2026-03-20 11:16:45 [Info] [1956] Enter reuse wait state. 2026-03-20 11:16:48 [Info] [1956] recvmsg: EXIT 2026-03-20 11:16:48 [Info] [1956] Recv Exit Msg, Exit... 2026-03-20 11:36:08 [Info] [3456] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-20 11:36:08 [Info] [3456] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap102601773977768 2026-03-20 11:36:08 [Info] [3456] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-20 11:36:08 [Info] [3456] Resource monitor start 2026-03-20 11:36:08 [Info] [3456] ipc client init success 2026-03-20 11:36:08 [Info] [3456] Ipc init: 0 2026-03-20 11:36:08 [Info] [3456] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-20 11:36:08 [Info] [3456] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-20 11:36:08 [Info] [3456] start ipc thread id[3004] 2026-03-20 11:36:08 [Info] [3456] Connect Yundun ipc server return state is 0 2026-03-20 11:36:08 [Info] [3456] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-20 11:36:08 [Info] [3456] CResourceMonitor::run Enter 2026-03-20 11:36:08 [Info] [3456] CIpcMsgHandlerMgr::run Enter 2026-03-20 11:36:08 [Info] [3456] Report thread 2026-03-20 11:36:08 [Info] [3456] Monitor thread 2026-03-20 11:36:08 [Info] [3456] Loader thread 2026-03-20 11:36:08 [Info] [3456] PythonEngineImpl Init... 2026-03-20 11:36:08 [Info] [3456] yundun connected 2026-03-20 11:36:08 [Info] [3456] recvmsg: HELLO 2026-03-20 11:36:08 [Info] [3456] recvmsg: WORK 2026-03-20 11:36:08 [Info] [3456] no use encode, return to old mode 2026-03-20 11:36:08 [Info] [3456] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 11:36:08 [Info] [3456] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 11:36:08 [Info] [3456] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 11:36:09 [Info] [3456] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 11:36:09 [Info] [3456] log fd cnt is [250], real fd cnt is [282] 2026-03-20 11:36:09 [Info] [3456] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-20 11:36:09 [Info] [3456] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-20 11:36:10 [Info] [3456] log memory size is 20480KB, real memory size is 14852KB 2026-03-20 11:36:10 [Info] [3456] item: --tcp-connect-check 2026-03-20 11:36:10 [Info] [3456] cgroup name aegisRtap0 2026-03-20 11:36:10 [Info] [3456] try get sys version 2026-03-20 11:36:10 [Info] [3456] win sys info:2/10:0:3 2026-03-20 11:36:10 [Info] [3456] suit legal version, enable cpu control 2026-03-20 11:36:10 [Info] [3456] get AssignProcessToJobObject handle [00000478] 2026-03-20 11:36:10 [Info] [3456] Set setJobExtended. 2026-03-20 11:36:10 [Info] [3456] Set cpu [9%] 2026-03-20 11:36:10 [Info] [3456] Set cpu success 2026-03-20 11:36:10 [Info] [3456] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py 2026-03-20 11:36:10 [Info] [3456] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py 2026-03-20 11:36:10 [Info] [3456] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 11:36:10 [Info] [3456] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 11:36:10 [Info] [3456] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-03-20 11:36:10 [Info] [3456] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-03-20 11:36:10 [Info] [3456] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-03-20 11:36:10 [Info] [3456] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py, http code : 200, curl ret : 0 2026-03-20 11:36:10 [Info] [3456] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py 2026-03-20 11:36:10 [Info] [3456] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/tcp-connect-check.py 2026-03-20 11:36:10 [Info] [3456] Prepare stage1: --tcp-connect-check 2026-03-20 11:36:10 [Info] [3456] Prepare stage2 2026-03-20 11:36:14 [Info] [3456] stage3: --tcp-connect-check 2026-03-20 11:36:14 [Info] [3456] Loader after check 2026-03-20 11:36:15 [Info] [3456] Enter reuse wait state. 2026-03-20 11:36:19 [Info] [3456] recvmsg: EXIT 2026-03-20 11:36:19 [Info] [3456] Recv Exit Msg, Exit... 2026-03-20 13:11:28 [Info] [4268] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-20 13:11:28 [Info] [4268] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap289201773983482 2026-03-20 13:11:28 [Info] [4268] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-20 13:11:29 [Info] [4268] Resource monitor start 2026-03-20 13:11:29 [Info] [4268] ipc client init success 2026-03-20 13:11:29 [Info] [4268] Ipc init: 0 2026-03-20 13:11:29 [Info] [4268] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-20 13:11:29 [Info] [4268] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-20 13:11:29 [Info] [4268] start ipc thread id[4812] 2026-03-20 13:11:29 [Info] [4268] Connect Yundun ipc server return state is 0 2026-03-20 13:11:29 [Info] [4268] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-20 13:11:29 [Info] [4268] CResourceMonitor::run Enter 2026-03-20 13:11:29 [Info] [4268] CIpcMsgHandlerMgr::run Enter 2026-03-20 13:11:29 [Info] [4268] Report thread 2026-03-20 13:11:29 [Info] [4268] Monitor thread 2026-03-20 13:11:29 [Info] [4268] Loader thread 2026-03-20 13:11:29 [Info] [4268] PythonEngineImpl Init... 2026-03-20 13:11:35 [Info] [4268] log fd cnt is [250], real fd cnt is [257] 2026-03-20 13:11:35 [Info] [4268] yundun connected 2026-03-20 13:11:35 [Info] [4268] recvmsg: HELLO 2026-03-20 13:11:35 [Info] [4268] recvmsg: WORK 2026-03-20 13:11:35 [Info] [4268] no use encode, return to old mode 2026-03-20 13:11:35 [Info] [4268] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 13:11:35 [Info] [4268] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 13:11:35 [Info] [4268] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 13:11:36 [Info] [4268] log memory size is 20480KB, real memory size is 13140KB 2026-03-20 13:11:44 [Info] [4268] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 13:11:45 [Info] [4268] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-20 13:11:45 [Info] [4268] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-20 13:11:46 [Info] [4268] item: --windows-sysinfoext-check 2026-03-20 13:11:46 [Info] [4268] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-20 13:11:46 [Info] [4268] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-20 13:11:46 [Info] [4268] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 13:11:46 [Info] [4268] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 13:11:46 [Info] [4268] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-20 13:11:46 [Info] [4268] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-20 13:11:46 [Info] [4268] Prepare stage1: --windows-sysinfoext-check 2026-03-20 13:11:46 [Info] [4268] Prepare stage2 2026-03-20 13:11:47 [Warn] [4268] high cpu, cpu is 24 2026-03-20 13:11:47 [Info] [4268] try get sys version 2026-03-20 13:11:47 [Info] [4268] win sys info:2/10:0:3 2026-03-20 13:11:47 [Info] [4268] suit legal version, enable cpu control 2026-03-20 13:11:47 [Warn] [4268] High CPU Warning: 24 2026-03-20 13:11:47 [Warn] [4268] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-20 13:11:48 [Info] [4268] stage3: --windows-sysinfoext-check 2026-03-20 13:11:48 [Info] [4268] Loader after check 2026-03-20 13:11:48 [Info] [4268] log memory size is 30720KB, real memory size is 23216KB 2026-03-20 13:11:49 [Info] [4268] Enter reuse wait state. 2026-03-20 13:11:54 [Info] [4268] recvmsg: EXIT 2026-03-20 13:11:54 [Info] [4268] Recv Exit Msg, Exit... 2026-03-20 18:39:50 [Info] [2188] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-20 18:39:50 [Info] [2188] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap276511774003162 2026-03-20 18:39:50 [Info] [2188] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-20 18:39:50 [Info] [2188] Resource monitor start 2026-03-20 18:39:50 [Info] [2188] ipc client init success 2026-03-20 18:39:50 [Info] [2188] Ipc init: 0 2026-03-20 18:39:50 [Info] [2188] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-20 18:39:50 [Info] [2188] CResourceMonitor::run Enter 2026-03-20 18:39:50 [Info] [2188] CIpcMsgHandlerMgr::run Enter 2026-03-20 18:39:50 [Info] [2188] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-20 18:39:50 [Info] [2188] start ipc thread id[4528] 2026-03-20 18:39:50 [Info] [2188] Connect Yundun ipc server return state is 0 2026-03-20 18:39:50 [Info] [2188] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-20 18:39:50 [Info] [2188] yundun connected 2026-03-20 18:39:50 [Info] [2188] Report thread 2026-03-20 18:39:50 [Info] [2188] Monitor thread 2026-03-20 18:39:50 [Info] [2188] Loader thread 2026-03-20 18:39:50 [Info] [2188] PythonEngineImpl Init... 2026-03-20 18:39:51 [Info] [2188] recvmsg: HELLO 2026-03-20 18:39:51 [Info] [2188] recvmsg: WORK 2026-03-20 18:39:51 [Info] [2188] no use encode, return to old mode 2026-03-20 18:39:51 [Info] [2188] log fd cnt is [250], real fd cnt is [263] 2026-03-20 18:39:51 [Info] [2188] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 18:39:51 [Info] [2188] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 18:39:51 [Info] [2188] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 18:39:51 [Info] [2188] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 18:39:51 [Info] [2188] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-20 18:39:51 [Info] [2188] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-20 18:39:52 [Info] [2188] log memory size is 20480KB, real memory size is 14904KB 2026-03-20 18:39:53 [Info] [2188] item: --windows-sysinfoext-check 2026-03-20 18:39:53 [Info] [2188] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-20 18:39:53 [Info] [2188] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-20 18:39:53 [Info] [2188] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 18:39:53 [Info] [2188] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 18:39:53 [Info] [2188] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-20 18:39:53 [Info] [2188] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-20 18:39:53 [Info] [2188] Prepare stage1: --windows-sysinfoext-check 2026-03-20 18:39:53 [Info] [2188] Prepare stage2 2026-03-20 18:39:55 [Warn] [2188] high cpu, cpu is 15 2026-03-20 18:39:55 [Info] [2188] try get sys version 2026-03-20 18:39:55 [Info] [2188] win sys info:2/10:0:3 2026-03-20 18:39:55 [Info] [2188] suit legal version, enable cpu control 2026-03-20 18:39:55 [Warn] [2188] High CPU Warning: 15 2026-03-20 18:39:56 [Warn] [2188] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-20 18:39:57 [Info] [2188] log memory size is 30720KB, real memory size is 23124KB 2026-03-20 18:39:58 [Info] [2188] stage3: --windows-sysinfoext-check 2026-03-20 18:39:58 [Info] [2188] Loader after check 2026-03-20 18:39:58 [Info] [2188] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-20 18:39:59 [Info] [2188] Enter reuse wait state. 2026-03-20 18:39:59 [Info] [3984] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-20 18:39:59 [Info] [3984] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap277711774003199 2026-03-20 18:39:59 [Info] [3984] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-20 18:39:59 [Info] [3984] Resource monitor start 2026-03-20 18:39:59 [Info] [3984] ipc client init success 2026-03-20 18:39:59 [Info] [3984] Ipc init: 0 2026-03-20 18:39:59 [Info] [3984] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-20 18:39:59 [Info] [3984] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-20 18:39:59 [Info] [3984] start ipc thread id[892] 2026-03-20 18:39:59 [Info] [3984] Connect Yundun ipc server return state is 0 2026-03-20 18:39:59 [Info] [3984] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-20 18:39:59 [Info] [3984] CResourceMonitor::run Enter 2026-03-20 18:39:59 [Info] [3984] CIpcMsgHandlerMgr::run Enter 2026-03-20 18:39:59 [Info] [3984] yundun connected 2026-03-20 18:39:59 [Info] [3984] Report thread 2026-03-20 18:39:59 [Info] [3984] Monitor thread 2026-03-20 18:39:59 [Info] [3984] Loader thread 2026-03-20 18:39:59 [Info] [3984] PythonEngineImpl Init... 2026-03-20 18:40:00 [Info] [3984] recvmsg: HELLO 2026-03-20 18:40:00 [Info] [3984] recvmsg: WORK 2026-03-20 18:40:00 [Info] [3984] no use encode, return to old mode 2026-03-20 18:40:00 [Info] [3984] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 18:40:00 [Info] [3984] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 18:40:00 [Info] [3984] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 18:40:00 [Info] [3984] log fd cnt is [250], real fd cnt is [282] 2026-03-20 18:40:00 [Info] [3984] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 18:40:01 [Info] [3984] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-20 18:40:01 [Info] [3984] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-20 18:40:01 [Info] [3984] log memory size is 20480KB, real memory size is 14796KB 2026-03-20 18:40:02 [Info] [3984] item: --windows-vul-check 2026-03-20 18:40:02 [Info] [3984] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-20 18:40:02 [Info] [3984] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-20 18:40:02 [Info] [3984] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/windows-vul-check.py 2026-03-20 18:40:02 [Info] [3984] start do http get request for update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/windows-vul-check.py 2026-03-20 18:40:02 [Info] [3984] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-check.py.md5 2026-03-20 18:40:02 [Info] [3984] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-check.py.md5 2026-03-20 18:40:03 [Info] [3984] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-check.py.md5, http code : 200, curl ret : 0 2026-03-20 18:40:03 [Info] [3984] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-check.py, http code : 200, curl ret : 0 2026-03-20 18:40:03 [Info] [2188] recvmsg: EXIT 2026-03-20 18:40:03 [Info] [2188] Recv Exit Msg, Exit... 2026-03-20 18:40:03 [Info] [3984] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/plugin/windows-vul-check.py 2026-03-20 18:40:03 [Info] [3984] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-20 18:40:03 [Info] [3984] Download redirect files success. 2026-03-20 18:40:03 [Info] [3984] Prepare stage1: --windows-vul-check 2026-03-20 18:40:03 [Info] [3984] Prepare stage2 2026-03-20 18:40:04 [Info] [3984] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-03-20 18:40:04 [Info] [3984] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-03-20 18:40:04 [Info] [3984] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 18:40:04 [Info] [3984] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 18:40:04 [Info] [3984] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-03-20 18:40:04 [Info] [3984] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-03-20 18:40:04 [Info] [3984] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0 2026-03-20 18:40:04 [Info] [3984] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0 2026-03-20 18:40:04 [Info] [3984] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat 2026-03-20 18:40:04 [Info] [3984] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat 2026-03-20 18:40:04 [Warn] [3984] high cpu, cpu is 37 2026-03-20 18:40:04 [Info] [3984] try get sys version 2026-03-20 18:40:04 [Info] [3984] win sys info:2/10:0:3 2026-03-20 18:40:04 [Info] [3984] suit legal version, enable cpu control 2026-03-20 18:40:04 [Warn] [3984] High CPU Warning: 37 2026-03-20 18:40:04 [Warn] [3984] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:genericpath.py line: 37 in func: isfile File:windows-vul-check.py line: 413 in func: load_kb_log_status File:windows-vul-check.py line: 994 in func: start 2026-03-20 18:40:04 [Info] [3984] stage3: --windows-vul-check 2026-03-20 18:40:04 [Info] [3984] Loader after check 2026-03-20 18:40:05 [Info] [3984] log memory size is 30720KB, real memory size is 23452KB 2026-03-20 18:40:05 [Info] [3984] Enter reuse wait state. 2026-03-20 18:40:09 [Info] [3984] recvmsg: EXIT 2026-03-20 18:40:09 [Info] [3984] Recv Exit Msg, Exit... 2026-03-20 19:08:05 [Info] [2352] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-20 19:08:05 [Info] [2352] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap5091774004885 2026-03-20 19:08:05 [Info] [2352] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-20 19:08:05 [Info] [2352] Resource monitor start 2026-03-20 19:08:05 [Info] [2352] ipc client init success 2026-03-20 19:08:05 [Info] [2352] Ipc init: 0 2026-03-20 19:08:05 [Info] [2352] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-20 19:08:05 [Info] [2352] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-20 19:08:05 [Info] [2352] start ipc thread id[1072] 2026-03-20 19:08:05 [Info] [2352] Connect Yundun ipc server return state is 0 2026-03-20 19:08:05 [Info] [2352] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-20 19:08:05 [Info] [2352] CResourceMonitor::run Enter 2026-03-20 19:08:05 [Info] [2352] CIpcMsgHandlerMgr::run Enter 2026-03-20 19:08:05 [Info] [2352] Report thread 2026-03-20 19:08:05 [Info] [2352] Monitor thread 2026-03-20 19:08:05 [Info] [2352] Loader thread 2026-03-20 19:08:05 [Info] [2352] PythonEngineImpl Init... 2026-03-20 19:08:05 [Info] [2352] yundun connected 2026-03-20 19:08:06 [Info] [2352] recvmsg: HELLO 2026-03-20 19:08:06 [Info] [2352] recvmsg: WORK 2026-03-20 19:08:06 [Info] [2352] no use encode, return to old mode 2026-03-20 19:08:06 [Info] [2352] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 19:08:06 [Info] [2352] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-20 19:08:06 [Info] [2352] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 19:08:06 [Info] [2352] log fd cnt is [250], real fd cnt is [282] 2026-03-20 19:08:06 [Info] [2352] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 19:08:06 [Info] [2352] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-20 19:08:06 [Info] [2352] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-20 19:08:07 [Info] [2352] log memory size is 20480KB, real memory size is 14708KB 2026-03-20 19:08:07 [Info] [2352] item: --secnet_rasp_agent 2026-03-20 19:08:07 [Info] [2352] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-20 19:08:08 [Info] [2352] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-20 19:08:08 [Info] [2352] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-03-20 19:08:08 [Info] [2352] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-20 19:08:08 [Info] [2352] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-03-20 19:08:08 [Info] [2352] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-03-20 19:08:08 [Info] [2352] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-03-20 19:08:08 [Info] [2352] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-03-20 19:08:08 [Info] [2352] Download redirect files success. 2026-03-20 19:08:08 [Info] [2352] Prepare stage1: --secnet_rasp_agent 2026-03-20 19:08:08 [Info] [2352] Prepare stage2 2026-03-20 19:08:08 [Warn] [2352] high cpu, cpu is 16 2026-03-20 19:08:08 [Info] [2352] try get sys version 2026-03-20 19:08:08 [Info] [2352] win sys info:2/10:0:3 2026-03-20 19:08:08 [Info] [2352] suit legal version, enable cpu control 2026-03-20 19:08:08 [Warn] [2352] High CPU Warning: 16 2026-03-20 19:08:08 [Warn] [2352] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:subprocess.py line: 644 in func: _execute_child File:subprocess.py line: 394 in func: __init__ File:subprocess.py line: 216 in func: check_output File:secnet_rasp_agent_lib.py line: 55 in func: read_host_uuid File:secnet_rasp_agent.py line: 218 in func: main File:secnet_rasp_agent.py line: 240 in func: start 2026-03-20 19:08:09 [Info] [2352] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-20 19:08:09 [Info] [2352] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-20 19:08:09 [Info] [2352] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-20 19:08:09 [Info] [2352] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-20 19:08:09 [Info] [2352] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-03-20 19:08:09 [Info] [2352] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-20 19:08:09 [Info] [2352] stage3: --secnet_rasp_agent 2026-03-20 19:08:09 [Info] [2352] Loader after check 2026-03-20 19:08:10 [Info] [2352] Enter reuse wait state. 2026-03-20 19:08:11 [Info] [2352] log memory size is 30720KB, real memory size is 21396KB 2026-03-20 19:08:13 [Info] [2352] recvmsg: EXIT 2026-03-20 19:08:13 [Info] [2352] Recv Exit Msg, Exit... 2026-03-27 02:55:42 [Info] [4460] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-27 02:55:42 [Info] [4460] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap155361774551342 2026-03-27 02:55:42 [Info] [4460] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-27 02:55:42 [Info] [4460] Resource monitor start 2026-03-27 02:55:42 [Info] [4460] ipc client init success 2026-03-27 02:55:42 [Info] [4460] Ipc init: 0 2026-03-27 02:55:42 [Info] [4460] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-27 02:55:42 [Info] [4460] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-27 02:55:42 [Info] [4460] start ipc thread id[3520] 2026-03-27 02:55:42 [Info] [4460] Connect Yundun ipc server return state is 0 2026-03-27 02:55:42 [Info] [4460] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-27 02:55:42 [Info] [4460] CResourceMonitor::run Enter 2026-03-27 02:55:42 [Info] [4460] CIpcMsgHandlerMgr::run Enter 2026-03-27 02:55:42 [Info] [4460] Report thread 2026-03-27 02:55:42 [Info] [4460] Monitor thread 2026-03-27 02:55:42 [Info] [4460] Loader thread 2026-03-27 02:55:42 [Info] [4460] PythonEngineImpl Init... 2026-03-27 02:55:42 [Info] [4460] yundun connected 2026-03-27 02:55:43 [Info] [4460] recvmsg: HELLO 2026-03-27 02:55:43 [Info] [4460] recvmsg: WORK 2026-03-27 02:55:43 [Info] [4460] no use encode, return to old mode 2026-03-27 02:55:43 [Info] [4460] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 02:55:43 [Info] [4460] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 02:55:43 [Info] [4460] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 02:55:43 [Info] [4460] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 02:55:43 [Info] [4460] log fd cnt is [250], real fd cnt is [282] 2026-03-27 02:55:43 [Info] [4460] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-27 02:55:43 [Info] [4460] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-27 02:55:44 [Info] [4460] log memory size is 20480KB, real memory size is 14824KB 2026-03-27 02:55:44 [Info] [4460] item: --sca 2026-03-27 02:55:44 [Info] [4460] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-27 02:55:45 [Info] [4460] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-27 02:55:45 [Info] [4460] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-03-27 02:55:45 [Info] [4460] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-03-27 02:55:45 [Info] [4460] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-03-27 02:55:45 [Info] [4460] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-03-27 02:55:45 [Info] [4460] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-03-27 02:55:45 [Info] [4460] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-03-27 02:55:45 [Info] [4460] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-03-27 02:55:45 [Info] [4460] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-03-27 02:55:45 [Info] [4460] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-03-27 02:55:45 [Info] [4460] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-03-27 02:55:45 [Info] [4460] Download redirect files success. 2026-03-27 02:55:45 [Info] [4460] Prepare stage1: --sca 2026-03-27 02:55:45 [Info] [4460] Prepare stage2 2026-03-27 02:55:47 [Warn] [4460] high cpu, cpu is 29 2026-03-27 02:55:47 [Info] [4460] try get sys version 2026-03-27 02:55:47 [Info] [4460] win sys info:2/10:0:3 2026-03-27 02:55:47 [Info] [4460] suit legal version, enable cpu control 2026-03-27 02:55:47 [Warn] [4460] High CPU Warning: 29 2026-03-27 02:55:48 [Warn] [4460] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-27 02:55:49 [Info] [4460] log memory size is 30720KB, real memory size is 32880KB 2026-03-27 02:55:54 [Info] [4460] log memory size is 40960KB, real memory size is 33160KB 2026-03-27 02:56:30 [Info] [4460] stage3: --sca 2026-03-27 02:56:30 [Info] [4460] Loader after check 2026-03-27 02:56:33 [Info] [4460] Enter reuse wait state. 2026-03-27 02:56:34 [Info] [4460] recvmsg: EXIT 2026-03-27 02:56:34 [Info] [4460] Recv Exit Msg, Exit... 2026-03-27 03:46:22 [Info] [1332] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-27 03:46:22 [Info] [1332] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap254571774554380 2026-03-27 03:46:22 [Info] [1332] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-27 03:46:22 [Info] [1332] Resource monitor start 2026-03-27 03:46:22 [Info] [1332] ipc client init success 2026-03-27 03:46:22 [Info] [1332] Ipc init: 0 2026-03-27 03:46:22 [Info] [1332] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-27 03:46:22 [Info] [1332] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-27 03:46:22 [Info] [1332] start ipc thread id[3844] 2026-03-27 03:46:22 [Info] [1332] Connect Yundun ipc server return state is 0 2026-03-27 03:46:22 [Info] [1332] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-27 03:46:22 [Info] [1332] CResourceMonitor::run Enter 2026-03-27 03:46:22 [Info] [1332] CIpcMsgHandlerMgr::run Enter 2026-03-27 03:46:22 [Info] [1332] Report thread 2026-03-27 03:46:22 [Info] [1332] Monitor thread 2026-03-27 03:46:22 [Info] [1332] Loader thread 2026-03-27 03:46:22 [Info] [1332] PythonEngineImpl Init... 2026-03-27 03:46:29 [Info] [1332] yundun connected 2026-03-27 03:46:30 [Info] [1332] recvmsg: HELLO 2026-03-27 03:46:30 [Info] [1332] recvmsg: WORK 2026-03-27 03:46:30 [Info] [1332] no use encode, return to old mode 2026-03-27 03:46:30 [Info] [1332] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 03:46:30 [Info] [1332] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 03:46:30 [Info] [1332] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 03:46:32 [Info] [1332] log fd cnt is [250], real fd cnt is [264] 2026-03-27 03:46:33 [Info] [1332] log memory size is 20480KB, real memory size is 13136KB 2026-03-27 03:46:35 [Info] [1332] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-27 03:46:38 [Info] [1332] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 03:46:39 [Info] [1332] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-27 03:46:39 [Info] [1332] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-27 03:46:41 [Info] [1332] item: --windows-sysinfoext-check 2026-03-27 03:46:41 [Info] [1332] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-27 03:46:41 [Info] [1332] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-27 03:46:41 [Info] [1332] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 03:46:41 [Info] [1332] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 03:46:41 [Info] [1332] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-27 03:46:41 [Info] [1332] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-27 03:46:42 [Info] [1332] Prepare stage1: --windows-sysinfoext-check 2026-03-27 03:46:42 [Info] [1332] Prepare stage2 2026-03-27 03:46:42 [Warn] [1332] high cpu, cpu is 14 2026-03-27 03:46:42 [Info] [1332] try get sys version 2026-03-27 03:46:42 [Info] [1332] win sys info:2/10:0:3 2026-03-27 03:46:42 [Info] [1332] suit legal version, enable cpu control 2026-03-27 03:46:42 [Warn] [1332] High CPU Warning: 14 2026-03-27 03:46:42 [Warn] [1332] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:__init__.py line: 28 in func: __WrapDispatch File:__init__.py line: 96 in func: Dispatch File:__init__.py line: 483 in func: _get_good_single_object_ File:__init__.py line: 494 in func: _get_good_object_ File:util.py line: 84 in func: next File:wmi.py line: 491 in func: __init__ File:wmi.py line: 781 in func: __init__ File:wmi.py line: 1156 in func: _cached_classes File:wmi.py line: 1145 in func: __getattr__ File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-03-27 03:46:44 [Info] [1332] stage3: --windows-sysinfoext-check 2026-03-27 03:46:44 [Info] [1332] Loader after check 2026-03-27 03:46:44 [Warn] [1332] high cpu, cpu is 14 2026-03-27 03:46:44 [Warn] [1332] High CPU Warning: 14 2026-03-27 03:46:45 [Info] [1332] Enter reuse wait state. 2026-03-27 03:46:45 [Info] [1332] log memory size is 30720KB, real memory size is 23332KB 2026-03-27 03:46:46 [Info] [1332] recvmsg: EXIT 2026-03-27 03:46:46 [Info] [1332] Recv Exit Msg, Exit... 2026-03-27 07:54:07 [Info] [3728] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-27 07:54:07 [Info] [3728] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap84701774569247 2026-03-27 07:54:07 [Info] [3728] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-27 07:54:07 [Info] [3728] Resource monitor start 2026-03-27 07:54:07 [Info] [3728] ipc client init success 2026-03-27 07:54:07 [Info] [3728] Ipc init: 0 2026-03-27 07:54:07 [Info] [3728] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-27 07:54:07 [Info] [3728] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-27 07:54:07 [Info] [3728] start ipc thread id[4676] 2026-03-27 07:54:07 [Info] [3728] Connect Yundun ipc server return state is 0 2026-03-27 07:54:07 [Info] [3728] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-27 07:54:07 [Info] [3728] CResourceMonitor::run Enter 2026-03-27 07:54:07 [Info] [3728] CIpcMsgHandlerMgr::run Enter 2026-03-27 07:54:07 [Info] [3728] Report thread 2026-03-27 07:54:07 [Info] [3728] Monitor thread 2026-03-27 07:54:07 [Info] [3728] Loader thread 2026-03-27 07:54:07 [Info] [3728] PythonEngineImpl Init... 2026-03-27 07:54:07 [Info] [3728] yundun connected 2026-03-27 07:54:08 [Info] [3728] recvmsg: HELLO 2026-03-27 07:54:08 [Info] [3728] recvmsg: WORK 2026-03-27 07:54:08 [Info] [3728] no use encode, return to old mode 2026-03-27 07:54:08 [Info] [3728] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 07:54:08 [Info] [3728] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 07:54:08 [Info] [3728] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 07:54:08 [Info] [3728] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 07:54:08 [Info] [3728] log fd cnt is [250], real fd cnt is [282] 2026-03-27 07:54:09 [Info] [3728] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-27 07:54:09 [Info] [3728] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-27 07:54:09 [Info] [3728] log memory size is 20480KB, real memory size is 14836KB 2026-03-27 07:54:10 [Info] [3728] item: --windows-vul-clean 2026-03-27 07:54:10 [Info] [3728] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-27 07:54:10 [Info] [3728] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-27 07:54:10 [Info] [3728] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 07:54:10 [Info] [3728] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 07:54:10 [Info] [3728] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-03-27 07:54:10 [Info] [3728] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-03-27 07:54:10 [Info] [3728] Prepare stage1: --windows-vul-clean 2026-03-27 07:54:10 [Info] [3728] Prepare stage2 2026-03-27 07:54:10 [Info] [3728] stage3: --windows-vul-clean 2026-03-27 07:54:10 [Info] [3728] Loader after check 2026-03-27 07:54:10 [Info] [3728] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-27 07:54:11 [Info] [3728] Enter reuse wait state. 2026-03-27 07:54:15 [Info] [3728] recvmsg: EXIT 2026-03-27 07:54:15 [Info] [3728] Recv Exit Msg, Exit... 2026-03-27 08:53:24 [Info] [4140] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-27 08:53:24 [Info] [4140] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap200821774572803 2026-03-27 08:53:24 [Info] [4140] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-27 08:53:24 [Info] [4140] Resource monitor start 2026-03-27 08:53:24 [Info] [4140] ipc client init success 2026-03-27 08:53:24 [Info] [4140] Ipc init: 0 2026-03-27 08:53:24 [Info] [4140] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-27 08:53:24 [Info] [4140] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-27 08:53:24 [Info] [4140] start ipc thread id[3944] 2026-03-27 08:53:24 [Info] [4140] Connect Yundun ipc server return state is 0 2026-03-27 08:53:24 [Info] [4140] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-27 08:53:24 [Info] [4140] CResourceMonitor::run Enter 2026-03-27 08:53:24 [Info] [4140] CIpcMsgHandlerMgr::run Enter 2026-03-27 08:53:24 [Info] [4140] Report thread 2026-03-27 08:53:24 [Info] [4140] Monitor thread 2026-03-27 08:53:24 [Info] [4140] Loader thread 2026-03-27 08:53:24 [Info] [4140] PythonEngineImpl Init... 2026-03-27 08:53:24 [Info] [4140] yundun connected 2026-03-27 08:53:24 [Info] [4140] recvmsg: HELLO 2026-03-27 08:53:24 [Info] [4140] recvmsg: WORK 2026-03-27 08:53:24 [Info] [4140] no use encode, return to old mode 2026-03-27 08:53:24 [Info] [4140] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 08:53:24 [Info] [4140] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 08:53:24 [Info] [4140] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 08:53:24 [Info] [4140] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 08:53:25 [Info] [4140] log fd cnt is [250], real fd cnt is [282] 2026-03-27 08:53:25 [Info] [4140] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-27 08:53:25 [Info] [4140] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-27 08:53:26 [Info] [4140] log memory size is 20480KB, real memory size is 14844KB 2026-03-27 08:53:26 [Info] [4140] item: --windows-process-check 2026-03-27 08:53:26 [Info] [4140] cgroup name aegisRtap0 2026-03-27 08:53:26 [Info] [4140] try get sys version 2026-03-27 08:53:26 [Info] [4140] win sys info:2/10:0:3 2026-03-27 08:53:26 [Info] [4140] suit legal version, enable cpu control 2026-03-27 08:53:26 [Info] [4140] get AssignProcessToJobObject handle [00000478] 2026-03-27 08:53:26 [Info] [4140] Set setJobExtended. 2026-03-27 08:53:26 [Info] [4140] Set cpu [9%] 2026-03-27 08:53:26 [Info] [4140] Set cpu success 2026-03-27 08:53:26 [Info] [4140] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-27 08:53:26 [Info] [4140] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-27 08:53:26 [Info] [4140] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 08:53:26 [Info] [4140] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 08:53:26 [Info] [4140] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-03-27 08:53:26 [Info] [4140] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-03-27 08:53:26 [Info] [4140] Prepare stage1: --windows-process-check 2026-03-27 08:53:26 [Info] [4140] Prepare stage2 2026-03-27 08:53:30 [Info] [4140] log memory size is 30720KB, real memory size is 20628KB 2026-03-27 08:53:44 [Info] [4140] stage3: --windows-process-check 2026-03-27 08:53:44 [Info] [4140] Loader after check 2026-03-27 08:53:45 [Info] [4140] Enter reuse wait state. 2026-03-27 08:53:47 [Info] [4140] recvmsg: EXIT 2026-03-27 08:53:47 [Info] [4140] Recv Exit Msg, Exit... 2026-03-27 09:15:15 [Info] [4012] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-27 09:15:15 [Info] [4012] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap243311774574104 2026-03-27 09:15:15 [Info] [4012] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-27 09:15:15 [Info] [4012] Resource monitor start 2026-03-27 09:15:15 [Info] [4012] ipc client init success 2026-03-27 09:15:15 [Info] [4012] Ipc init: 0 2026-03-27 09:15:15 [Info] [4012] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-27 09:15:15 [Info] [4012] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-27 09:15:15 [Info] [4012] start ipc thread id[2508] 2026-03-27 09:15:15 [Info] [4012] Connect Yundun ipc server return state is 0 2026-03-27 09:15:15 [Info] [4012] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-27 09:15:15 [Info] [4012] CResourceMonitor::run Enter 2026-03-27 09:15:15 [Info] [4012] CIpcMsgHandlerMgr::run Enter 2026-03-27 09:15:15 [Info] [4012] Report thread 2026-03-27 09:15:15 [Info] [4012] Monitor thread 2026-03-27 09:15:15 [Info] [4012] Loader thread 2026-03-27 09:15:15 [Info] [4012] PythonEngineImpl Init... 2026-03-27 09:15:21 [Info] [4012] yundun connected 2026-03-27 09:15:21 [Info] [4012] recvmsg: HELLO 2026-03-27 09:15:21 [Info] [4012] recvmsg: WORK 2026-03-27 09:15:21 [Info] [4012] no use encode, return to old mode 2026-03-27 09:15:21 [Info] [4012] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 09:15:21 [Info] [4012] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 09:15:21 [Info] [4012] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 09:15:22 [Info] [4012] log fd cnt is [250], real fd cnt is [264] 2026-03-27 09:15:23 [Info] [4012] log memory size is 20480KB, real memory size is 13152KB 2026-03-27 09:15:29 [Info] [4012] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 09:15:29 [Info] [4012] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-27 09:15:29 [Info] [4012] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-27 09:15:30 [Info] [4012] item: --windows-sysinfoext-check 2026-03-27 09:15:30 [Info] [4012] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-27 09:15:30 [Info] [4012] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-27 09:15:30 [Info] [4012] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 09:15:31 [Info] [4012] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 09:15:31 [Info] [4012] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-27 09:15:31 [Info] [4012] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-27 09:15:31 [Info] [4012] Prepare stage1: --windows-sysinfoext-check 2026-03-27 09:15:31 [Info] [4012] Prepare stage2 2026-03-27 09:15:31 [Info] [4012] log memory size is 30720KB, real memory size is 22692KB 2026-03-27 09:15:33 [Info] [4012] stage3: --windows-sysinfoext-check 2026-03-27 09:15:33 [Info] [4012] Loader after check 2026-03-27 09:15:34 [Info] [4012] Enter reuse wait state. 2026-03-27 09:15:36 [Info] [4012] recvmsg: EXIT 2026-03-27 09:15:36 [Info] [4012] Recv Exit Msg, Exit... 2026-03-27 10:33:16 [Info] [3756] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-27 10:33:16 [Info] [3756] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap68821774578795 2026-03-27 10:33:16 [Info] [3756] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-27 10:33:16 [Info] [3756] Resource monitor start 2026-03-27 10:33:16 [Info] [3756] ipc client init success 2026-03-27 10:33:16 [Info] [3756] Ipc init: 0 2026-03-27 10:33:16 [Info] [3756] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-27 10:33:16 [Info] [3756] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-27 10:33:16 [Info] [3756] start ipc thread id[4324] 2026-03-27 10:33:16 [Info] [3756] Connect Yundun ipc server return state is 0 2026-03-27 10:33:16 [Info] [3756] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-27 10:33:16 [Info] [3756] CResourceMonitor::run Enter 2026-03-27 10:33:16 [Info] [3756] CIpcMsgHandlerMgr::run Enter 2026-03-27 10:33:16 [Info] [3756] Report thread 2026-03-27 10:33:16 [Info] [3756] Monitor thread 2026-03-27 10:33:16 [Info] [3756] Loader thread 2026-03-27 10:33:16 [Info] [3756] PythonEngineImpl Init... 2026-03-27 10:33:16 [Info] [3756] yundun connected 2026-03-27 10:33:16 [Info] [3756] recvmsg: HELLO 2026-03-27 10:33:16 [Info] [3756] recvmsg: WORK 2026-03-27 10:33:16 [Info] [3756] no use encode, return to old mode 2026-03-27 10:33:16 [Info] [3756] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 10:33:16 [Info] [3756] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 10:33:16 [Info] [3756] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 10:33:17 [Info] [3756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 10:33:17 [Info] [3756] log fd cnt is [250], real fd cnt is [286] 2026-03-27 10:33:17 [Info] [3756] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-27 10:33:17 [Info] [3756] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-27 10:33:18 [Info] [3756] log memory size is 20480KB, real memory size is 14808KB 2026-03-27 10:33:18 [Info] [3756] item: --windows-registry-check 2026-03-27 10:33:18 [Info] [3756] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-27 10:33:18 [Info] [3756] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-27 10:33:18 [Info] [3756] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 10:33:18 [Info] [3756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 10:33:18 [Info] [3756] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-03-27 10:33:18 [Info] [3756] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-03-27 10:33:19 [Info] [3756] Prepare stage1: --windows-registry-check 2026-03-27 10:33:19 [Info] [3756] Prepare stage2 2026-03-27 10:33:48 [Info] [3756] stage3: --windows-registry-check 2026-03-27 10:33:48 [Info] [3756] Loader after check 2026-03-27 10:33:49 [Info] [3756] Enter reuse wait state. 2026-03-27 10:33:51 [Info] [3756] recvmsg: EXIT 2026-03-27 10:33:51 [Info] [3756] Recv Exit Msg, Exit... 2026-03-27 10:46:26 [Info] [5100] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-27 10:46:26 [Info] [5100] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap94651774579586 2026-03-27 10:46:26 [Info] [5100] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-27 10:46:26 [Info] [5100] Resource monitor start 2026-03-27 10:46:26 [Info] [5100] ipc client init success 2026-03-27 10:46:26 [Info] [5100] Ipc init: 0 2026-03-27 10:46:26 [Info] [5100] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-27 10:46:26 [Info] [5100] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-27 10:46:26 [Info] [5100] start ipc thread id[1428] 2026-03-27 10:46:26 [Info] [5100] Connect Yundun ipc server return state is 0 2026-03-27 10:46:26 [Info] [5100] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-27 10:46:26 [Info] [5100] CResourceMonitor::run Enter 2026-03-27 10:46:26 [Info] [5100] CIpcMsgHandlerMgr::run Enter 2026-03-27 10:46:26 [Info] [5100] yundun connected 2026-03-27 10:46:26 [Info] [5100] Report thread 2026-03-27 10:46:26 [Info] [5100] Monitor thread 2026-03-27 10:46:26 [Info] [5100] Loader thread 2026-03-27 10:46:26 [Info] [5100] PythonEngineImpl Init... 2026-03-27 10:46:27 [Info] [5100] recvmsg: HELLO 2026-03-27 10:46:27 [Info] [5100] log fd cnt is [250], real fd cnt is [263] 2026-03-27 10:46:27 [Info] [5100] recvmsg: WORK 2026-03-27 10:46:27 [Info] [5100] no use encode, return to old mode 2026-03-27 10:46:27 [Info] [5100] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 10:46:27 [Info] [5100] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 10:46:27 [Info] [5100] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 10:46:28 [Info] [5100] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 10:46:28 [Info] [5100] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-27 10:46:28 [Info] [5100] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-27 10:46:28 [Info] [5100] log memory size is 20480KB, real memory size is 14828KB 2026-03-27 10:46:29 [Info] [5100] item: --windows-driver-version-check 2026-03-27 10:46:29 [Info] [5100] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-27 10:46:29 [Info] [5100] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-27 10:46:29 [Info] [5100] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 10:46:29 [Info] [5100] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 10:46:29 [Info] [5100] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-03-27 10:46:29 [Info] [5100] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-03-27 10:46:29 [Info] [5100] Prepare stage1: --windows-driver-version-check 2026-03-27 10:46:29 [Info] [5100] Prepare stage2 2026-03-27 10:46:29 [Info] [5100] stage3: --windows-driver-version-check 2026-03-27 10:46:29 [Info] [5100] Loader after check 2026-03-27 10:46:30 [Info] [5100] Enter reuse wait state. 2026-03-27 10:46:34 [Info] [5100] recvmsg: EXIT 2026-03-27 10:46:34 [Info] [5100] Recv Exit Msg, Exit... 2026-03-27 10:47:13 [Info] [1296] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-27 10:47:13 [Info] [1296] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap96181774579633 2026-03-27 10:47:13 [Info] [1296] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-27 10:47:13 [Info] [1296] Resource monitor start 2026-03-27 10:47:13 [Info] [1296] ipc client init success 2026-03-27 10:47:13 [Info] [1296] Ipc init: 0 2026-03-27 10:47:13 [Info] [1296] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-27 10:47:13 [Info] [1296] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-27 10:47:13 [Info] [1296] start ipc thread id[4284] 2026-03-27 10:47:13 [Info] [1296] Connect Yundun ipc server return state is 0 2026-03-27 10:47:13 [Info] [1296] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-27 10:47:13 [Info] [1296] CResourceMonitor::run Enter 2026-03-27 10:47:13 [Info] [1296] CIpcMsgHandlerMgr::run Enter 2026-03-27 10:47:13 [Info] [1296] Report thread 2026-03-27 10:47:13 [Info] [1296] Monitor thread 2026-03-27 10:47:13 [Info] [1296] Loader thread 2026-03-27 10:47:13 [Info] [1296] PythonEngineImpl Init... 2026-03-27 10:47:14 [Info] [1296] yundun connected 2026-03-27 10:47:14 [Info] [1296] recvmsg: HELLO 2026-03-27 10:47:14 [Info] [1296] recvmsg: WORK 2026-03-27 10:47:14 [Info] [1296] no use encode, return to old mode 2026-03-27 10:47:14 [Info] [1296] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 10:47:14 [Info] [1296] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 10:47:14 [Info] [1296] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 10:47:14 [Info] [1296] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 10:47:14 [Info] [1296] log fd cnt is [250], real fd cnt is [282] 2026-03-27 10:47:15 [Info] [1296] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-27 10:47:15 [Info] [1296] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-27 10:47:15 [Info] [1296] log memory size is 20480KB, real memory size is 14832KB 2026-03-27 10:47:16 [Info] [1296] item: --windows-schedule-task-check 2026-03-27 10:47:16 [Info] [1296] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-27 10:47:16 [Info] [1296] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-27 10:47:16 [Info] [1296] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 10:47:16 [Info] [1296] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 10:47:16 [Info] [1296] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-03-27 10:47:16 [Info] [1296] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-03-27 10:47:16 [Info] [1296] Prepare stage1: --windows-schedule-task-check 2026-03-27 10:47:16 [Info] [1296] Prepare stage2 2026-03-27 10:47:17 [Warn] [1296] high cpu, cpu is 13 2026-03-27 10:47:17 [Info] [1296] try get sys version 2026-03-27 10:47:17 [Info] [1296] win sys info:2/10:0:3 2026-03-27 10:47:17 [Info] [1296] suit legal version, enable cpu control 2026-03-27 10:47:17 [Warn] [1296] High CPU Warning: 13 2026-03-27 10:47:17 [Warn] [1296] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:<COMObject <unknown>> line: 2 in func: GetFolders File:windows-schedule-task-check.py line: 346 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 372 in func: GetScheduleTaskByCom File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks File:windows-schedule-task-check.py line: 425 in func: check File:windows-schedule-task-check.py line: 61 in func: main File:windows-schedule-task-check.py line: 433 in func: start 2026-03-27 10:47:20 [Info] [1296] log memory size is 30720KB, real memory size is 23580KB 2026-03-27 10:47:47 [Info] [1296] stage3: --windows-schedule-task-check 2026-03-27 10:47:47 [Info] [1296] Loader after check 2026-03-27 10:47:48 [Info] [1296] Enter reuse wait state. 2026-03-27 10:47:49 [Info] [1296] recvmsg: EXIT 2026-03-27 10:47:49 [Info] [1296] Recv Exit Msg, Exit... 2026-03-27 11:16:24 [Info] [2128] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-27 11:16:24 [Info] [2128] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap153361774581384 2026-03-27 11:16:24 [Info] [2128] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-27 11:16:24 [Info] [2128] Resource monitor start 2026-03-27 11:16:24 [Info] [2128] ipc client init success 2026-03-27 11:16:24 [Info] [2128] Ipc init: 0 2026-03-27 11:16:24 [Info] [2128] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-27 11:16:24 [Info] [2128] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-27 11:16:24 [Info] [2128] start ipc thread id[5028] 2026-03-27 11:16:24 [Info] [2128] Connect Yundun ipc server return state is 0 2026-03-27 11:16:24 [Info] [2128] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-27 11:16:24 [Info] [2128] CResourceMonitor::run Enter 2026-03-27 11:16:24 [Info] [2128] CIpcMsgHandlerMgr::run Enter 2026-03-27 11:16:24 [Info] [2128] Report thread 2026-03-27 11:16:24 [Info] [2128] Monitor thread 2026-03-27 11:16:24 [Info] [2128] Loader thread 2026-03-27 11:16:24 [Info] [2128] PythonEngineImpl Init... 2026-03-27 11:16:24 [Info] [2128] yundun connected 2026-03-27 11:16:25 [Info] [2128] recvmsg: HELLO 2026-03-27 11:16:25 [Info] [2128] recvmsg: WORK 2026-03-27 11:16:25 [Info] [2128] no use encode, return to old mode 2026-03-27 11:16:25 [Info] [2128] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 11:16:25 [Info] [2128] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 11:16:25 [Info] [2128] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 11:16:25 [Info] [2128] log fd cnt is [250], real fd cnt is [274] 2026-03-27 11:16:26 [Info] [2128] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 11:16:26 [Info] [2128] log memory size is 20480KB, real memory size is 14616KB 2026-03-27 11:16:26 [Info] [2128] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-27 11:16:26 [Info] [2128] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-27 11:16:28 [Info] [2128] item: --windows-autorun-item-check 2026-03-27 11:16:28 [Info] [2128] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-27 11:16:28 [Info] [2128] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-27 11:16:28 [Info] [2128] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 11:16:28 [Info] [2128] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 11:16:28 [Info] [2128] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-03-27 11:16:28 [Info] [2128] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-03-27 11:16:28 [Info] [2128] Prepare stage1: --windows-autorun-item-check 2026-03-27 11:16:28 [Info] [2128] Prepare stage2 2026-03-27 11:16:30 [Info] [2128] log memory size is 30720KB, real memory size is 22540KB 2026-03-27 11:16:38 [Info] [2128] stage3: --windows-autorun-item-check 2026-03-27 11:16:38 [Info] [2128] Loader after check 2026-03-27 11:16:39 [Info] [2128] Enter reuse wait state. 2026-03-27 11:16:44 [Info] [2128] recvmsg: EXIT 2026-03-27 11:16:44 [Info] [2128] Recv Exit Msg, Exit... 2026-03-27 11:44:20 [Info] [1332] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-27 11:44:20 [Info] [1332] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap208091774583060 2026-03-27 11:44:20 [Info] [1332] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-27 11:44:20 [Info] [1332] Resource monitor start 2026-03-27 11:44:20 [Info] [1332] ipc client init success 2026-03-27 11:44:20 [Info] [1332] Ipc init: 0 2026-03-27 11:44:20 [Info] [1332] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-27 11:44:20 [Info] [1332] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-27 11:44:20 [Info] [1332] start ipc thread id[232] 2026-03-27 11:44:20 [Info] [1332] Connect Yundun ipc server return state is 0 2026-03-27 11:44:20 [Info] [1332] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-27 11:44:20 [Info] [1332] CResourceMonitor::run Enter 2026-03-27 11:44:20 [Info] [1332] CIpcMsgHandlerMgr::run Enter 2026-03-27 11:44:20 [Info] [1332] Report thread 2026-03-27 11:44:20 [Info] [1332] Monitor thread 2026-03-27 11:44:20 [Info] [1332] Loader thread 2026-03-27 11:44:20 [Info] [1332] PythonEngineImpl Init... 2026-03-27 11:44:20 [Info] [1332] yundun connected 2026-03-27 11:44:21 [Info] [1332] recvmsg: HELLO 2026-03-27 11:44:21 [Info] [1332] recvmsg: WORK 2026-03-27 11:44:21 [Info] [1332] no use encode, return to old mode 2026-03-27 11:44:21 [Info] [1332] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 11:44:21 [Info] [1332] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 11:44:21 [Info] [1332] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 11:44:21 [Info] [1332] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 11:44:21 [Info] [1332] log fd cnt is [250], real fd cnt is [282] 2026-03-27 11:44:21 [Info] [1332] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-27 11:44:21 [Info] [1332] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-27 11:44:22 [Info] [1332] log memory size is 20480KB, real memory size is 14836KB 2026-03-27 11:44:22 [Info] [1332] item: --tcp-connect-check 2026-03-27 11:44:22 [Info] [1332] cgroup name aegisRtap0 2026-03-27 11:44:22 [Info] [1332] try get sys version 2026-03-27 11:44:22 [Info] [1332] win sys info:2/10:0:3 2026-03-27 11:44:22 [Info] [1332] suit legal version, enable cpu control 2026-03-27 11:44:22 [Info] [1332] get AssignProcessToJobObject handle [00000478] 2026-03-27 11:44:22 [Info] [1332] Set setJobExtended. 2026-03-27 11:44:22 [Info] [1332] Set cpu [9%] 2026-03-27 11:44:22 [Info] [1332] Set cpu success 2026-03-27 11:44:22 [Info] [1332] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-27 11:44:22 [Info] [1332] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-27 11:44:22 [Info] [1332] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 11:44:22 [Info] [1332] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 11:44:22 [Info] [1332] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-03-27 11:44:22 [Info] [1332] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-03-27 11:44:23 [Info] [1332] Prepare stage1: --tcp-connect-check 2026-03-27 11:44:23 [Info] [1332] Prepare stage2 2026-03-27 11:44:24 [Info] [1332] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-27 11:44:25 [Info] [1332] stage3: --tcp-connect-check 2026-03-27 11:44:25 [Info] [1332] Loader after check 2026-03-27 11:44:26 [Info] [1332] Enter reuse wait state. 2026-03-27 11:44:32 [Info] [1332] recvmsg: EXIT 2026-03-27 11:44:32 [Info] [1332] Recv Exit Msg, Exit... 2026-03-27 14:45:16 [Info] [3924] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-27 14:45:16 [Info] [3924] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap234471774593902 2026-03-27 14:45:16 [Info] [3924] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-27 14:45:16 [Info] [3924] Resource monitor start 2026-03-27 14:45:16 [Info] [3924] ipc client init success 2026-03-27 14:45:16 [Info] [3924] Ipc init: 0 2026-03-27 14:45:16 [Info] [3924] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-27 14:45:16 [Info] [3924] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-27 14:45:16 [Info] [3924] start ipc thread id[2988] 2026-03-27 14:45:16 [Info] [3924] Connect Yundun ipc server return state is 0 2026-03-27 14:45:24 [Info] [3924] Monitor thread 2026-03-27 14:45:24 [Info] [3924] Report thread 2026-03-27 14:45:24 [Info] [3924] yundun connected 2026-03-27 14:45:24 [Info] [3924] CIpcMsgHandlerMgr::run Enter 2026-03-27 14:45:24 [Info] [3924] CResourceMonitor::run Enter 2026-03-27 14:45:24 [Info] [3924] recvmsg: HELLO 2026-03-27 14:45:24 [Info] [3924] recvmsg: WORK 2026-03-27 14:45:24 [Info] [3924] no use encode, return to old mode 2026-03-27 14:45:25 [Info] [3924] log fd cnt is [250], real fd cnt is [242] 2026-03-27 14:45:28 [Info] [3924] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-27 14:45:31 [Info] [3924] Loader thread 2026-03-27 14:45:31 [Info] [3924] PythonEngineImpl Init... 2026-03-27 14:45:33 [Info] [3924] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 14:45:33 [Info] [3924] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 14:45:33 [Info] [3924] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 14:45:34 [Info] [3924] log memory size is 20480KB, real memory size is 13504KB 2026-03-27 14:45:35 [Info] [3924] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 14:45:35 [Info] [3924] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-27 14:45:35 [Info] [3924] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-27 14:45:36 [Info] [3924] item: --windows-sysinfoext-check 2026-03-27 14:45:36 [Info] [3924] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-27 14:45:36 [Info] [3924] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-27 14:45:36 [Info] [3924] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 14:45:37 [Info] [3924] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 14:45:37 [Info] [3924] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-27 14:45:37 [Info] [3924] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-27 14:45:37 [Info] [3924] Prepare stage1: --windows-sysinfoext-check 2026-03-27 14:45:37 [Info] [3924] Prepare stage2 2026-03-27 14:45:38 [Info] [3924] log memory size is 30720KB, real memory size is 23036KB 2026-03-27 14:45:40 [Info] [3924] stage3: --windows-sysinfoext-check 2026-03-27 14:45:40 [Info] [3924] Loader after check 2026-03-27 14:45:41 [Info] [3924] Enter reuse wait state. 2026-03-27 14:45:44 [Info] [3924] recvmsg: EXIT 2026-03-27 14:45:44 [Info] [3924] Recv Exit Msg, Exit... 2026-03-27 18:59:08 [Info] [692] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-27 18:59:08 [Info] [692] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap76981774609148 2026-03-27 18:59:08 [Info] [692] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-27 18:59:08 [Info] [692] Resource monitor start 2026-03-27 18:59:08 [Info] [692] ipc client init success 2026-03-27 18:59:08 [Info] [692] Ipc init: 0 2026-03-27 18:59:08 [Info] [692] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-27 18:59:08 [Info] [692] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-27 18:59:08 [Info] [692] start ipc thread id[4884] 2026-03-27 18:59:08 [Info] [692] Connect Yundun ipc server return state is 0 2026-03-27 18:59:08 [Info] [692] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-27 18:59:08 [Info] [692] CResourceMonitor::run Enter 2026-03-27 18:59:08 [Info] [692] CIpcMsgHandlerMgr::run Enter 2026-03-27 18:59:08 [Info] [692] Report thread 2026-03-27 18:59:08 [Info] [692] Monitor thread 2026-03-27 18:59:08 [Info] [692] Loader thread 2026-03-27 18:59:08 [Info] [692] PythonEngineImpl Init... 2026-03-27 18:59:08 [Info] [692] yundun connected 2026-03-27 18:59:09 [Info] [692] recvmsg: HELLO 2026-03-27 18:59:09 [Info] [692] recvmsg: WORK 2026-03-27 18:59:09 [Info] [692] no use encode, return to old mode 2026-03-27 18:59:09 [Info] [692] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 18:59:09 [Info] [692] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 18:59:09 [Info] [692] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 18:59:09 [Info] [692] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 18:59:09 [Info] [692] log fd cnt is [250], real fd cnt is [282] 2026-03-27 18:59:10 [Info] [692] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-27 18:59:10 [Info] [692] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-27 18:59:10 [Info] [692] log memory size is 20480KB, real memory size is 14824KB 2026-03-27 18:59:11 [Info] [692] item: --secnet_rasp_agent 2026-03-27 18:59:11 [Info] [692] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-27 18:59:11 [Info] [692] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-27 18:59:11 [Info] [692] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-03-27 18:59:11 [Info] [692] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-27 18:59:11 [Info] [692] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-03-27 18:59:11 [Info] [692] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-03-27 18:59:11 [Info] [692] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-03-27 18:59:11 [Info] [692] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-03-27 18:59:11 [Info] [692] Download redirect files success. 2026-03-27 18:59:11 [Info] [692] Prepare stage1: --secnet_rasp_agent 2026-03-27 18:59:11 [Info] [692] Prepare stage2 2026-03-27 18:59:12 [Info] [692] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-27 18:59:12 [Info] [692] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-27 18:59:12 [Info] [692] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 18:59:12 [Info] [692] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 18:59:12 [Info] [692] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-03-27 18:59:12 [Info] [692] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-27 18:59:12 [Info] [692] stage3: --secnet_rasp_agent 2026-03-27 18:59:12 [Info] [692] Loader after check 2026-03-27 18:59:13 [Info] [692] Enter reuse wait state. 2026-03-27 18:59:14 [Info] [692] log memory size is 30720KB, real memory size is 21320KB 2026-03-27 18:59:16 [Info] [692] recvmsg: EXIT 2026-03-27 18:59:16 [Info] [692] Recv Exit Msg, Exit... 2026-03-27 20:13:51 [Info] [4084] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-03-27 20:13:51 [Info] [4084] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap222401774613601 2026-03-27 20:13:51 [Info] [4084] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-27 20:13:55 [Info] [4084] Resource monitor start 2026-03-27 20:13:55 [Info] [4084] ipc client init success 2026-03-27 20:13:55 [Info] [4084] Ipc init: 0 2026-03-27 20:13:55 [Info] [4084] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-27 20:13:55 [Info] [4084] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-03-27 20:13:55 [Info] [4084] start ipc thread id[1524] 2026-03-27 20:13:55 [Info] [4084] Connect Yundun ipc server return state is 0 2026-03-27 20:13:55 [Info] [4084] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-03-27 20:13:55 [Info] [4084] CResourceMonitor::run Enter 2026-03-27 20:13:55 [Info] [4084] CIpcMsgHandlerMgr::run Enter 2026-03-27 20:13:55 [Info] [4084] yundun connected 2026-03-27 20:13:55 [Info] [4084] Report thread 2026-03-27 20:13:55 [Info] [4084] Monitor thread 2026-03-27 20:13:55 [Info] [4084] Loader thread 2026-03-27 20:13:55 [Info] [4084] PythonEngineImpl Init... 2026-03-27 20:13:55 [Info] [4084] recvmsg: HELLO 2026-03-27 20:13:56 [Info] [4084] recvmsg: WORK 2026-03-27 20:13:56 [Info] [4084] no use encode, return to old mode 2026-03-27 20:13:56 [Info] [4084] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 20:13:56 [Info] [4084] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-27 20:13:56 [Info] [4084] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 20:13:56 [Info] [4084] log fd cnt is [250], real fd cnt is [264] 2026-03-27 20:13:58 [Info] [4084] log memory size is 20480KB, real memory size is 13628KB 2026-03-27 20:13:58 [Info] [4084] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 20:13:59 [Info] [4084] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-27 20:13:59 [Info] [4084] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-27 20:14:00 [Info] [4084] item: --windows-sysinfoext-check 2026-03-27 20:14:00 [Info] [4084] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-27 20:14:00 [Info] [4084] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-27 20:14:00 [Info] [4084] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-27 20:14:00 [Info] [4084] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-27 20:14:00 [Info] [4084] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-27 20:14:00 [Info] [4084] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-27 20:14:00 [Info] [4084] Prepare stage1: --windows-sysinfoext-check 2026-03-27 20:14:00 [Info] [4084] Prepare stage2 2026-03-27 20:14:01 [Warn] [4084] high cpu, cpu is 24 2026-03-27 20:14:01 [Info] [4084] try get sys version 2026-03-27 20:14:01 [Info] [4084] win sys info:2/10:0:3 2026-03-27 20:14:01 [Info] [4084] suit legal version, enable cpu control 2026-03-27 20:14:01 [Warn] [4084] High CPU Warning: 24 2026-03-27 20:14:02 [Warn] [4084] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-27 20:14:02 [Info] [4084] stage3: --windows-sysinfoext-check 2026-03-27 20:14:02 [Info] [4084] Loader after check 2026-03-27 20:14:03 [Info] [4084] log memory size is 30720KB, real memory size is 23260KB 2026-03-27 20:14:03 [Info] [4084] Enter reuse wait state. 2026-03-27 20:14:06 [Info] [4084] recvmsg: EXIT 2026-03-27 20:14:06 [Info] [4084] Recv Exit Msg, Exit... 2026-04-03 05:07:21 [Info] [3748] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-03 05:07:21 [Info] [3748] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap175051775164041 2026-04-03 05:07:21 [Info] [3748] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-03 05:07:21 [Info] [3748] Resource monitor start 2026-04-03 05:07:21 [Info] [3748] ipc client init success 2026-04-03 05:07:21 [Info] [3748] Ipc init: 0 2026-04-03 05:07:21 [Info] [3748] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-03 05:07:21 [Info] [3748] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-03 05:07:21 [Info] [3748] start ipc thread id[400] 2026-04-03 05:07:21 [Info] [3748] Connect Yundun ipc server return state is 0 2026-04-03 05:07:21 [Info] [3748] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-03 05:07:21 [Info] [3748] CResourceMonitor::run Enter 2026-04-03 05:07:21 [Info] [3748] CIpcMsgHandlerMgr::run Enter 2026-04-03 05:07:21 [Info] [3748] Report thread 2026-04-03 05:07:21 [Info] [3748] Monitor thread 2026-04-03 05:07:21 [Info] [3748] Loader thread 2026-04-03 05:07:21 [Info] [3748] PythonEngineImpl Init... 2026-04-03 05:07:21 [Info] [3748] yundun connected 2026-04-03 05:07:22 [Info] [3748] recvmsg: HELLO 2026-04-03 05:07:22 [Info] [3748] recvmsg: WORK 2026-04-03 05:07:22 [Info] [3748] no use encode, return to old mode 2026-04-03 05:07:22 [Info] [3748] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 05:07:22 [Info] [3748] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 05:07:22 [Info] [3748] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 05:07:22 [Info] [3748] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 05:07:22 [Info] [3748] log fd cnt is [250], real fd cnt is [282] 2026-04-03 05:07:22 [Info] [3748] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-03 05:07:22 [Info] [3748] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-03 05:07:23 [Info] [3748] log memory size is 20480KB, real memory size is 14848KB 2026-04-03 05:07:23 [Info] [3748] item: --sca 2026-04-03 05:07:23 [Info] [3748] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-03 05:07:24 [Info] [3748] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-03 05:07:24 [Info] [3748] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-04-03 05:07:24 [Info] [3748] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-04-03 05:07:24 [Info] [3748] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-04-03 05:07:24 [Info] [3748] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-04-03 05:07:24 [Info] [3748] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-04-03 05:07:24 [Info] [3748] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-04-03 05:07:24 [Info] [3748] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-04-03 05:07:24 [Info] [3748] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-04-03 05:07:24 [Info] [3748] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-04-03 05:07:24 [Info] [3748] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-04-03 05:07:24 [Info] [3748] Download redirect files success. 2026-04-03 05:07:24 [Info] [3748] Prepare stage1: --sca 2026-04-03 05:07:24 [Info] [3748] Prepare stage2 2026-04-03 05:07:26 [Warn] [3748] high cpu, cpu is 23 2026-04-03 05:07:26 [Info] [3748] try get sys version 2026-04-03 05:07:26 [Info] [3748] win sys info:2/10:0:3 2026-04-03 05:07:26 [Info] [3748] suit legal version, enable cpu control 2026-04-03 05:07:26 [Warn] [3748] High CPU Warning: 23 2026-04-03 05:07:27 [Warn] [3748] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-03 05:07:28 [Info] [3748] log memory size is 30720KB, real memory size is 32708KB 2026-04-03 05:07:32 [Info] [3748] log memory size is 40960KB, real memory size is 33256KB 2026-04-03 05:07:36 [Info] [3748] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-03 05:07:59 [Warn] [3748] high cpu, cpu is 24 2026-04-03 05:07:59 [Warn] [3748] High CPU Warning: 24 2026-04-03 05:07:59 [Warn] [3748] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-03 05:08:12 [Info] [3748] stage3: --sca 2026-04-03 05:08:12 [Info] [3748] Loader after check 2026-04-03 05:08:13 [Info] [3748] Enter reuse wait state. 2026-04-03 05:08:17 [Info] [3748] recvmsg: EXIT 2026-04-03 05:08:17 [Info] [3748] Recv Exit Msg, Exit... 2026-04-03 05:14:32 [Info] [3812] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-03 05:14:32 [Info] [3812] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap188051775164439 2026-04-03 05:14:32 [Info] [3812] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-03 05:14:32 [Info] [3812] Resource monitor start 2026-04-03 05:14:32 [Info] [3812] ipc client init success 2026-04-03 05:14:32 [Info] [3812] Ipc init: 0 2026-04-03 05:14:32 [Info] [3812] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-03 05:14:32 [Info] [3812] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-03 05:14:32 [Info] [3812] start ipc thread id[1920] 2026-04-03 05:14:32 [Info] [3812] Connect Yundun ipc server return state is 0 2026-04-03 05:14:32 [Info] [3812] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-03 05:14:32 [Info] [3812] CResourceMonitor::run Enter 2026-04-03 05:14:32 [Info] [3812] CIpcMsgHandlerMgr::run Enter 2026-04-03 05:14:32 [Info] [3812] yundun connected 2026-04-03 05:14:32 [Info] [3812] Report thread 2026-04-03 05:14:32 [Info] [3812] Monitor thread 2026-04-03 05:14:32 [Info] [3812] Loader thread 2026-04-03 05:14:32 [Info] [3812] PythonEngineImpl Init... 2026-04-03 05:14:33 [Info] [3812] recvmsg: HELLO 2026-04-03 05:14:33 [Info] [3812] recvmsg: WORK 2026-04-03 05:14:33 [Info] [3812] no use encode, return to old mode 2026-04-03 05:14:33 [Info] [3812] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 05:14:33 [Info] [3812] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 05:14:33 [Info] [3812] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 05:14:33 [Info] [3812] log fd cnt is [250], real fd cnt is [278] 2026-04-03 05:14:34 [Info] [3812] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 05:14:35 [Info] [3812] log memory size is 20480KB, real memory size is 14568KB 2026-04-03 05:14:35 [Info] [3812] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-03 05:14:35 [Info] [3812] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-03 05:14:38 [Info] [3812] item: --windows-sysinfoext-check 2026-04-03 05:14:38 [Info] [3812] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-03 05:14:38 [Info] [3812] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-03 05:14:38 [Info] [3812] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 05:14:38 [Info] [3812] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 05:14:38 [Info] [3812] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-03 05:14:38 [Info] [3812] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-03 05:14:38 [Info] [3812] Prepare stage1: --windows-sysinfoext-check 2026-04-03 05:14:38 [Info] [3812] Prepare stage2 2026-04-03 05:14:39 [Info] [3812] log memory size is 30720KB, real memory size is 23064KB 2026-04-03 05:14:40 [Info] [3812] stage3: --windows-sysinfoext-check 2026-04-03 05:14:40 [Info] [3812] Loader after check 2026-04-03 05:14:41 [Info] [3812] Enter reuse wait state. 2026-04-03 05:14:43 [Info] [3812] recvmsg: EXIT 2026-04-03 05:14:43 [Info] [3812] Recv Exit Msg, Exit... 2026-04-03 07:54:00 [Info] [4300] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-03 07:54:00 [Info] [4300] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap173891775174040 2026-04-03 07:54:00 [Info] [4300] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-03 07:54:00 [Info] [4300] Resource monitor start 2026-04-03 07:54:00 [Info] [4300] ipc client init success 2026-04-03 07:54:00 [Info] [4300] Ipc init: 0 2026-04-03 07:54:00 [Info] [4300] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-03 07:54:00 [Info] [4300] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-03 07:54:00 [Info] [4300] start ipc thread id[3604] 2026-04-03 07:54:00 [Info] [4300] Connect Yundun ipc server return state is 0 2026-04-03 07:54:00 [Info] [4300] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-03 07:54:00 [Info] [4300] CResourceMonitor::run Enter 2026-04-03 07:54:00 [Info] [4300] CIpcMsgHandlerMgr::run Enter 2026-04-03 07:54:00 [Info] [4300] yundun connected 2026-04-03 07:54:00 [Info] [4300] Report thread 2026-04-03 07:54:00 [Info] [4300] Monitor thread 2026-04-03 07:54:00 [Info] [4300] Loader thread 2026-04-03 07:54:00 [Info] [4300] PythonEngineImpl Init... 2026-04-03 07:54:01 [Info] [4300] recvmsg: HELLO 2026-04-03 07:54:01 [Info] [4300] recvmsg: WORK 2026-04-03 07:54:01 [Info] [4300] no use encode, return to old mode 2026-04-03 07:54:01 [Info] [4300] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 07:54:01 [Info] [4300] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 07:54:01 [Info] [4300] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 07:54:01 [Info] [4300] log fd cnt is [250], real fd cnt is [278] 2026-04-03 07:54:03 [Info] [4300] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 07:54:03 [Info] [4300] log memory size is 20480KB, real memory size is 14496KB 2026-04-03 07:54:03 [Info] [4300] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-03 07:54:03 [Info] [4300] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-03 07:54:05 [Info] [4300] item: --windows-vul-clean 2026-04-03 07:54:05 [Info] [4300] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-03 07:54:05 [Info] [4300] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-03 07:54:05 [Info] [4300] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 07:54:05 [Info] [4300] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 07:54:06 [Info] [4300] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-04-03 07:54:06 [Info] [4300] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-04-03 07:54:06 [Info] [4300] Prepare stage1: --windows-vul-clean 2026-04-03 07:54:06 [Info] [4300] Prepare stage2 2026-04-03 07:54:07 [Info] [4300] stage3: --windows-vul-clean 2026-04-03 07:54:07 [Info] [4300] Loader after check 2026-04-03 07:54:08 [Info] [4300] Enter reuse wait state. 2026-04-03 07:54:12 [Info] [4300] recvmsg: EXIT 2026-04-03 07:54:12 [Info] [4300] Recv Exit Msg, Exit... 2026-04-03 08:53:21 [Info] [2280] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-03 08:53:21 [Info] [2280] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap290151775177600 2026-04-03 08:53:21 [Info] [2280] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-03 08:53:21 [Info] [2280] Resource monitor start 2026-04-03 08:53:21 [Info] [2280] ipc client init success 2026-04-03 08:53:21 [Info] [2280] Ipc init: 0 2026-04-03 08:53:21 [Info] [2280] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-03 08:53:21 [Info] [2280] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-03 08:53:21 [Info] [2280] start ipc thread id[3528] 2026-04-03 08:53:21 [Info] [2280] Connect Yundun ipc server return state is 0 2026-04-03 08:53:21 [Info] [2280] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-03 08:53:21 [Info] [2280] CResourceMonitor::run Enter 2026-04-03 08:53:21 [Info] [2280] CIpcMsgHandlerMgr::run Enter 2026-04-03 08:53:21 [Info] [2280] Report thread 2026-04-03 08:53:21 [Info] [2280] Monitor thread 2026-04-03 08:53:21 [Info] [2280] Loader thread 2026-04-03 08:53:21 [Info] [2280] PythonEngineImpl Init... 2026-04-03 08:53:21 [Info] [2280] yundun connected 2026-04-03 08:53:23 [Info] [2280] recvmsg: HELLO 2026-04-03 08:53:23 [Info] [2280] log fd cnt is [250], real fd cnt is [263] 2026-04-03 08:53:23 [Info] [2280] recvmsg: WORK 2026-04-03 08:53:23 [Info] [2280] no use encode, return to old mode 2026-04-03 08:53:23 [Info] [2280] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 08:53:23 [Info] [2280] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 08:53:23 [Info] [2280] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 08:53:23 [Info] [2280] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 08:53:23 [Info] [2280] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-03 08:53:23 [Info] [2280] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-03 08:53:24 [Info] [2280] log memory size is 20480KB, real memory size is 14676KB 2026-04-03 08:53:24 [Info] [2280] item: --windows-process-check 2026-04-03 08:53:24 [Info] [2280] cgroup name aegisRtap0 2026-04-03 08:53:24 [Info] [2280] try get sys version 2026-04-03 08:53:24 [Info] [2280] win sys info:2/10:0:3 2026-04-03 08:53:24 [Info] [2280] suit legal version, enable cpu control 2026-04-03 08:53:24 [Info] [2280] get AssignProcessToJobObject handle [00000478] 2026-04-03 08:53:24 [Info] [2280] Set setJobExtended. 2026-04-03 08:53:24 [Info] [2280] Set cpu [9%] 2026-04-03 08:53:24 [Info] [2280] Set cpu success 2026-04-03 08:53:24 [Info] [2280] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-03 08:53:24 [Info] [2280] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-03 08:53:24 [Info] [2280] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 08:53:25 [Info] [2280] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 08:53:25 [Info] [2280] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-04-03 08:53:25 [Info] [2280] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-04-03 08:53:25 [Info] [2280] Prepare stage1: --windows-process-check 2026-04-03 08:53:25 [Info] [2280] Prepare stage2 2026-04-03 08:53:28 [Info] [2280] log memory size is 30720KB, real memory size is 20616KB 2026-04-03 08:53:41 [Info] [2280] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-03 08:53:43 [Info] [2280] stage3: --windows-process-check 2026-04-03 08:53:43 [Info] [2280] Loader after check 2026-04-03 08:53:44 [Info] [2280] Enter reuse wait state. 2026-04-03 08:53:48 [Info] [2280] recvmsg: EXIT 2026-04-03 08:53:48 [Info] [2280] Recv Exit Msg, Exit... 2026-04-03 10:32:30 [Info] [3868] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-03 10:32:30 [Info] [3868] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap156771775183550 2026-04-03 10:32:30 [Info] [3868] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-03 10:32:30 [Info] [3868] Resource monitor start 2026-04-03 10:32:30 [Info] [3868] ipc client init success 2026-04-03 10:32:30 [Info] [3868] Ipc init: 0 2026-04-03 10:32:30 [Info] [3868] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-03 10:32:30 [Info] [3868] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-03 10:32:30 [Info] [3868] start ipc thread id[4972] 2026-04-03 10:32:30 [Info] [3868] Connect Yundun ipc server return state is 0 2026-04-03 10:32:30 [Info] [3868] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-03 10:32:30 [Info] [3868] CResourceMonitor::run Enter 2026-04-03 10:32:30 [Info] [3868] CIpcMsgHandlerMgr::run Enter 2026-04-03 10:32:30 [Info] [3868] Report thread 2026-04-03 10:32:30 [Info] [3868] Monitor thread 2026-04-03 10:32:30 [Info] [3868] Loader thread 2026-04-03 10:32:30 [Info] [3868] PythonEngineImpl Init... 2026-04-03 10:32:30 [Info] [3868] yundun connected 2026-04-03 10:32:31 [Info] [3868] recvmsg: HELLO 2026-04-03 10:32:31 [Info] [3868] recvmsg: WORK 2026-04-03 10:32:31 [Info] [3868] no use encode, return to old mode 2026-04-03 10:32:31 [Info] [3868] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 10:32:31 [Info] [3868] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 10:32:31 [Info] [3868] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 10:32:31 [Info] [3868] log fd cnt is [250], real fd cnt is [282] 2026-04-03 10:32:31 [Info] [3868] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 10:32:31 [Info] [3868] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-03 10:32:31 [Info] [3868] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-03 10:32:32 [Info] [3868] log memory size is 20480KB, real memory size is 14740KB 2026-04-03 10:32:32 [Info] [3868] item: --windows-registry-check 2026-04-03 10:32:32 [Info] [3868] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-03 10:32:32 [Info] [3868] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-03 10:32:32 [Info] [3868] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 10:32:33 [Info] [3868] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 10:32:33 [Info] [3868] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-04-03 10:32:33 [Info] [3868] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-04-03 10:32:33 [Info] [3868] Prepare stage1: --windows-registry-check 2026-04-03 10:32:33 [Info] [3868] Prepare stage2 2026-04-03 10:32:39 [Info] [3568] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-03 10:32:39 [Info] [3568] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap157071775183559 2026-04-03 10:32:39 [Info] [3568] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-03 10:32:39 [Info] [3568] Resource monitor start 2026-04-03 10:32:39 [Info] [3568] ipc client init success 2026-04-03 10:32:39 [Info] [3568] Ipc init: 0 2026-04-03 10:32:39 [Info] [3568] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-03 10:32:39 [Info] [3568] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-03 10:32:39 [Info] [3568] start ipc thread id[4528] 2026-04-03 10:32:39 [Info] [3568] Connect Yundun ipc server return state is 0 2026-04-03 10:32:39 [Info] [3568] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-03 10:32:39 [Info] [3568] CResourceMonitor::run Enter 2026-04-03 10:32:39 [Info] [3568] CIpcMsgHandlerMgr::run Enter 2026-04-03 10:32:39 [Info] [3568] Report thread 2026-04-03 10:32:39 [Info] [3568] Monitor thread 2026-04-03 10:32:39 [Info] [3568] Loader thread 2026-04-03 10:32:39 [Info] [3568] PythonEngineImpl Init... 2026-04-03 10:32:39 [Info] [3568] yundun connected 2026-04-03 10:32:40 [Info] [3568] recvmsg: HELLO 2026-04-03 10:32:40 [Info] [3568] recvmsg: WORK 2026-04-03 10:32:40 [Info] [3568] no use encode, return to old mode 2026-04-03 10:32:40 [Info] [3568] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 10:32:40 [Info] [3568] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 10:32:40 [Info] [3568] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 10:32:40 [Info] [3568] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 10:32:40 [Info] [3568] log fd cnt is [250], real fd cnt is [282] 2026-04-03 10:32:40 [Info] [3568] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-03 10:32:40 [Info] [3568] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-03 10:32:41 [Info] [3568] log memory size is 20480KB, real memory size is 14836KB 2026-04-03 10:32:41 [Info] [3568] item: --windows-schedule-task-check 2026-04-03 10:32:41 [Info] [3568] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-03 10:32:41 [Info] [3568] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-03 10:32:41 [Info] [3568] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 10:32:42 [Info] [3568] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 10:32:42 [Info] [3568] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-04-03 10:32:42 [Info] [3568] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-04-03 10:32:42 [Info] [3568] Prepare stage1: --windows-schedule-task-check 2026-04-03 10:32:42 [Info] [3568] Prepare stage2 2026-04-03 10:32:42 [Warn] [3568] high cpu, cpu is 17 2026-04-03 10:32:42 [Info] [3568] try get sys version 2026-04-03 10:32:42 [Info] [3568] win sys info:2/10:0:3 2026-04-03 10:32:42 [Info] [3568] suit legal version, enable cpu control 2026-04-03 10:32:42 [Warn] [3568] High CPU Warning: 17 2026-04-03 10:32:42 [Warn] [3568] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:<COMObject <unknown>> line: 2 in func: GetTasks File:windows-schedule-task-check.py line: 347 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 372 in func: GetScheduleTaskByCom File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks File:windows-schedule-task-check.py line: 425 in func: check File:windows-schedule-task-check.py line: 61 in func: main File:windows-schedule-task-check.py line: 433 in func: start 2026-04-03 10:32:45 [Info] [3568] log memory size is 30720KB, real memory size is 23660KB 2026-04-03 10:33:02 [Info] [3868] stage3: --windows-registry-check 2026-04-03 10:33:02 [Info] [3868] Loader after check 2026-04-03 10:33:03 [Info] [3868] Enter reuse wait state. 2026-04-03 10:33:07 [Info] [3868] recvmsg: EXIT 2026-04-03 10:33:07 [Info] [3868] Recv Exit Msg, Exit... 2026-04-03 10:33:13 [Info] [3568] stage3: --windows-schedule-task-check 2026-04-03 10:33:13 [Info] [3568] Loader after check 2026-04-03 10:33:14 [Info] [3568] Enter reuse wait state. 2026-04-03 10:33:17 [Info] [3568] recvmsg: EXIT 2026-04-03 10:33:17 [Info] [3568] Recv Exit Msg, Exit... 2026-04-03 10:33:21 [Info] [4752] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-03 10:33:21 [Info] [4752] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap158441775183601 2026-04-03 10:33:21 [Info] [4752] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-03 10:33:21 [Info] [4752] Resource monitor start 2026-04-03 10:33:21 [Info] [4752] ipc client init success 2026-04-03 10:33:21 [Info] [4752] Ipc init: 0 2026-04-03 10:33:21 [Info] [4752] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-03 10:33:21 [Info] [4752] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-03 10:33:21 [Info] [4752] start ipc thread id[1028] 2026-04-03 10:33:21 [Info] [4752] Connect Yundun ipc server return state is 0 2026-04-03 10:33:21 [Info] [4752] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-03 10:33:21 [Info] [4752] CResourceMonitor::run Enter 2026-04-03 10:33:21 [Info] [4752] CIpcMsgHandlerMgr::run Enter 2026-04-03 10:33:21 [Info] [4752] Report thread 2026-04-03 10:33:21 [Info] [4752] Monitor thread 2026-04-03 10:33:21 [Info] [4752] Loader thread 2026-04-03 10:33:21 [Info] [4752] PythonEngineImpl Init... 2026-04-03 10:33:21 [Info] [4752] yundun connected 2026-04-03 10:33:22 [Info] [4752] recvmsg: HELLO 2026-04-03 10:33:22 [Info] [4752] recvmsg: WORK 2026-04-03 10:33:22 [Info] [4752] no use encode, return to old mode 2026-04-03 10:33:22 [Info] [4752] log fd cnt is [250], real fd cnt is [263] 2026-04-03 10:33:22 [Info] [4752] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 10:33:22 [Info] [4752] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 10:33:22 [Info] [4752] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 10:33:23 [Info] [4752] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 10:33:23 [Info] [4752] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-03 10:33:23 [Info] [4752] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-03 10:33:23 [Info] [4752] log memory size is 20480KB, real memory size is 14668KB 2026-04-03 10:33:24 [Info] [4752] item: --windows-driver-version-check 2026-04-03 10:33:24 [Info] [4752] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-03 10:33:24 [Info] [4752] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-03 10:33:24 [Info] [4752] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 10:33:24 [Info] [4752] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 10:33:25 [Info] [4752] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-04-03 10:33:25 [Info] [4752] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-04-03 10:33:25 [Info] [4752] Prepare stage1: --windows-driver-version-check 2026-04-03 10:33:25 [Info] [4752] Prepare stage2 2026-04-03 10:33:25 [Info] [4752] stage3: --windows-driver-version-check 2026-04-03 10:33:25 [Info] [4752] Loader after check 2026-04-03 10:33:26 [Info] [4752] Enter reuse wait state. 2026-04-03 10:33:29 [Info] [4752] recvmsg: EXIT 2026-04-03 10:33:29 [Info] [4752] Recv Exit Msg, Exit... 2026-04-03 10:42:52 [Info] [2532] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-03 10:42:52 [Info] [2532] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap176661775184159 2026-04-03 10:42:52 [Info] [2532] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-03 10:42:52 [Info] [2532] Resource monitor start 2026-04-03 10:42:52 [Info] [2532] ipc client init success 2026-04-03 10:42:52 [Info] [2532] Ipc init: 0 2026-04-03 10:42:52 [Info] [2532] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-03 10:42:52 [Info] [2532] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-03 10:42:52 [Info] [2532] start ipc thread id[4636] 2026-04-03 10:42:52 [Info] [2532] Connect Yundun ipc server return state is 0 2026-04-03 10:42:52 [Info] [2532] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-03 10:42:52 [Info] [2532] CResourceMonitor::run Enter 2026-04-03 10:42:52 [Info] [2532] CIpcMsgHandlerMgr::run Enter 2026-04-03 10:42:52 [Info] [2532] Report thread 2026-04-03 10:42:52 [Info] [2532] Monitor thread 2026-04-03 10:42:52 [Info] [2532] Loader thread 2026-04-03 10:42:52 [Info] [2532] PythonEngineImpl Init... 2026-04-03 10:42:56 [Info] [2532] yundun connected 2026-04-03 10:42:57 [Info] [2532] log fd cnt is [250], real fd cnt is [261] 2026-04-03 10:42:57 [Info] [2532] recvmsg: HELLO 2026-04-03 10:42:57 [Info] [2532] recvmsg: WORK 2026-04-03 10:42:57 [Info] [2532] no use encode, return to old mode 2026-04-03 10:42:58 [Info] [2532] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 10:42:58 [Info] [2532] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 10:42:58 [Info] [2532] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 10:42:58 [Info] [2532] log memory size is 20480KB, real memory size is 13156KB 2026-04-03 10:43:07 [Info] [2532] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 10:43:07 [Info] [2532] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-03 10:43:07 [Info] [2532] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-03 10:43:08 [Info] [2532] item: --windows-sysinfoext-check 2026-04-03 10:43:08 [Info] [2532] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-03 10:43:08 [Info] [2532] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-03 10:43:08 [Info] [2532] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 10:43:08 [Info] [2532] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 10:43:08 [Info] [2532] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-03 10:43:08 [Info] [2532] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-03 10:43:09 [Info] [2532] Prepare stage1: --windows-sysinfoext-check 2026-04-03 10:43:09 [Info] [2532] Prepare stage2 2026-04-03 10:43:10 [Warn] [2532] high cpu, cpu is 15 2026-04-03 10:43:10 [Info] [2532] try get sys version 2026-04-03 10:43:10 [Info] [2532] win sys info:2/10:0:3 2026-04-03 10:43:10 [Info] [2532] suit legal version, enable cpu control 2026-04-03 10:43:10 [Warn] [2532] High CPU Warning: 15 2026-04-03 10:43:10 [Warn] [2532] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-03 10:43:10 [Info] [2532] stage3: --windows-sysinfoext-check 2026-04-03 10:43:10 [Info] [2532] Loader after check 2026-04-03 10:43:11 [Info] [2532] log memory size is 30720KB, real memory size is 23228KB 2026-04-03 10:43:11 [Info] [2532] Enter reuse wait state. 2026-04-03 10:43:16 [Info] [2532] recvmsg: EXIT 2026-04-03 10:43:16 [Info] [2532] Recv Exit Msg, Exit... 2026-04-03 10:57:23 [Info] [2940] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-03 10:57:23 [Info] [2940] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap205531775185043 2026-04-03 10:57:23 [Info] [2940] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-03 10:57:23 [Info] [2940] Resource monitor start 2026-04-03 10:57:23 [Info] [2940] ipc client init success 2026-04-03 10:57:23 [Info] [2940] Ipc init: 0 2026-04-03 10:57:23 [Info] [2940] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-03 10:57:23 [Info] [2940] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-03 10:57:23 [Info] [2940] start ipc thread id[2660] 2026-04-03 10:57:23 [Info] [2940] Connect Yundun ipc server return state is 0 2026-04-03 10:57:23 [Info] [2940] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-03 10:57:23 [Info] [2940] CResourceMonitor::run Enter 2026-04-03 10:57:23 [Info] [2940] CIpcMsgHandlerMgr::run Enter 2026-04-03 10:57:23 [Info] [2940] Report thread 2026-04-03 10:57:23 [Info] [2940] Monitor thread 2026-04-03 10:57:23 [Info] [2940] Loader thread 2026-04-03 10:57:23 [Info] [2940] PythonEngineImpl Init... 2026-04-03 10:57:23 [Info] [2940] yundun connected 2026-04-03 10:57:23 [Info] [2940] recvmsg: HELLO 2026-04-03 10:57:23 [Info] [2940] recvmsg: WORK 2026-04-03 10:57:23 [Info] [2940] no use encode, return to old mode 2026-04-03 10:57:23 [Info] [2940] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 10:57:23 [Info] [2940] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 10:57:23 [Info] [2940] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 10:57:24 [Info] [2940] log fd cnt is [250], real fd cnt is [282] 2026-04-03 10:57:24 [Info] [2940] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 10:57:24 [Info] [2940] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-03 10:57:24 [Info] [2940] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-03 10:57:25 [Info] [2940] log memory size is 20480KB, real memory size is 14764KB 2026-04-03 10:57:25 [Info] [2940] item: --tcp-connect-check 2026-04-03 10:57:25 [Info] [2940] cgroup name aegisRtap0 2026-04-03 10:57:25 [Info] [2940] try get sys version 2026-04-03 10:57:25 [Info] [2940] win sys info:2/10:0:3 2026-04-03 10:57:25 [Info] [2940] suit legal version, enable cpu control 2026-04-03 10:57:25 [Info] [2940] get AssignProcessToJobObject handle [00000478] 2026-04-03 10:57:25 [Info] [2940] Set setJobExtended. 2026-04-03 10:57:25 [Info] [2940] Set cpu [9%] 2026-04-03 10:57:25 [Info] [2940] Set cpu success 2026-04-03 10:57:25 [Info] [2940] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-03 10:57:25 [Info] [2940] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-03 10:57:25 [Info] [2940] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 10:57:25 [Info] [2940] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 10:57:26 [Info] [2940] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-04-03 10:57:26 [Info] [2940] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-04-03 10:57:26 [Info] [2940] Prepare stage1: --tcp-connect-check 2026-04-03 10:57:26 [Info] [2940] Prepare stage2 2026-04-03 10:57:29 [Info] [2940] stage3: --tcp-connect-check 2026-04-03 10:57:29 [Info] [2940] Loader after check 2026-04-03 10:57:30 [Info] [2940] Enter reuse wait state. 2026-04-03 10:57:35 [Info] [2940] recvmsg: EXIT 2026-04-03 10:57:35 [Info] [2940] Recv Exit Msg, Exit... 2026-04-03 11:11:49 [Info] [4808] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-03 11:11:49 [Info] [4808] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap233811775185909 2026-04-03 11:11:49 [Info] [4808] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-03 11:11:49 [Info] [4808] Resource monitor start 2026-04-03 11:11:49 [Info] [4808] ipc client init success 2026-04-03 11:11:49 [Info] [4808] Ipc init: 0 2026-04-03 11:11:49 [Info] [4808] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-03 11:11:49 [Info] [4808] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-03 11:11:49 [Info] [4808] start ipc thread id[160] 2026-04-03 11:11:49 [Info] [4808] Connect Yundun ipc server return state is 0 2026-04-03 11:11:49 [Info] [4808] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-03 11:11:49 [Info] [4808] CResourceMonitor::run Enter 2026-04-03 11:11:49 [Info] [4808] CIpcMsgHandlerMgr::run Enter 2026-04-03 11:11:49 [Info] [4808] Report thread 2026-04-03 11:11:49 [Info] [4808] Monitor thread 2026-04-03 11:11:49 [Info] [4808] Loader thread 2026-04-03 11:11:49 [Info] [4808] PythonEngineImpl Init... 2026-04-03 11:11:49 [Info] [4808] yundun connected 2026-04-03 11:11:49 [Info] [4808] recvmsg: HELLO 2026-04-03 11:11:49 [Info] [4808] recvmsg: WORK 2026-04-03 11:11:49 [Info] [4808] no use encode, return to old mode 2026-04-03 11:11:49 [Info] [4808] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 11:11:49 [Info] [4808] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 11:11:49 [Info] [4808] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 11:11:50 [Info] [4808] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 11:11:50 [Info] [4808] log fd cnt is [250], real fd cnt is [282] 2026-04-03 11:11:50 [Info] [4808] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-03 11:11:50 [Info] [4808] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-03 11:11:51 [Info] [4808] log memory size is 20480KB, real memory size is 14776KB 2026-04-03 11:11:51 [Info] [4808] item: --windows-autorun-item-check 2026-04-03 11:11:51 [Info] [4808] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-03 11:11:51 [Info] [4808] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-03 11:11:51 [Info] [4808] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 11:11:51 [Info] [4808] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 11:11:51 [Info] [4808] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-04-03 11:11:51 [Info] [4808] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-04-03 11:11:51 [Info] [4808] Prepare stage1: --windows-autorun-item-check 2026-04-03 11:11:51 [Info] [4808] Prepare stage2 2026-04-03 11:11:55 [Info] [4808] log memory size is 30720KB, real memory size is 22568KB 2026-04-03 11:12:01 [Info] [4808] stage3: --windows-autorun-item-check 2026-04-03 11:12:01 [Info] [4808] Loader after check 2026-04-03 11:12:02 [Info] [4808] Enter reuse wait state. 2026-04-03 11:12:04 [Info] [4808] recvmsg: EXIT 2026-04-03 11:12:04 [Info] [4808] Recv Exit Msg, Exit... 2026-04-03 16:11:32 [Info] [2440] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-03 16:11:32 [Info] [2440] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap164721775203862 2026-04-03 16:11:32 [Info] [2440] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-03 16:11:32 [Info] [2440] Resource monitor start 2026-04-03 16:11:32 [Info] [2440] ipc client init success 2026-04-03 16:11:32 [Info] [2440] Ipc init: 0 2026-04-03 16:11:32 [Info] [2440] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-03 16:11:32 [Info] [2440] CResourceMonitor::run Enter 2026-04-03 16:11:32 [Info] [2440] CIpcMsgHandlerMgr::run Enter 2026-04-03 16:11:32 [Info] [2440] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-03 16:11:32 [Info] [2440] start ipc thread id[4928] 2026-04-03 16:11:32 [Info] [2440] Connect Yundun ipc server return state is 0 2026-04-03 16:11:32 [Info] [2440] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-03 16:11:32 [Info] [2440] yundun connected 2026-04-03 16:11:32 [Info] [2440] Report thread 2026-04-03 16:11:32 [Info] [2440] Monitor thread 2026-04-03 16:11:32 [Info] [2440] Loader thread 2026-04-03 16:11:32 [Info] [2440] PythonEngineImpl Init... 2026-04-03 16:11:32 [Info] [2440] recvmsg: HELLO 2026-04-03 16:11:32 [Info] [2440] recvmsg: WORK 2026-04-03 16:11:32 [Info] [2440] no use encode, return to old mode 2026-04-03 16:11:33 [Info] [2440] log fd cnt is [250], real fd cnt is [263] 2026-04-03 16:11:33 [Info] [2440] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 16:11:33 [Info] [2440] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 16:11:33 [Info] [2440] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 16:11:33 [Info] [2440] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 16:11:33 [Info] [2440] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-03 16:11:33 [Info] [2440] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-03 16:11:34 [Info] [2440] log memory size is 20480KB, real memory size is 14840KB 2026-04-03 16:11:34 [Info] [2440] item: --windows-sysinfoext-check 2026-04-03 16:11:34 [Info] [2440] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-03 16:11:34 [Info] [2440] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-03 16:11:34 [Info] [2440] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 16:11:35 [Info] [2440] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 16:11:35 [Info] [2440] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-03 16:11:35 [Info] [2440] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-03 16:11:35 [Info] [2440] Prepare stage1: --windows-sysinfoext-check 2026-04-03 16:11:35 [Info] [2440] Prepare stage2 2026-04-03 16:11:37 [Warn] [2440] high cpu, cpu is 18 2026-04-03 16:11:37 [Info] [2440] try get sys version 2026-04-03 16:11:37 [Info] [2440] win sys info:2/10:0:3 2026-04-03 16:11:37 [Info] [2440] suit legal version, enable cpu control 2026-04-03 16:11:37 [Warn] [2440] High CPU Warning: 18 2026-04-03 16:11:37 [Warn] [2440] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-03 16:11:38 [Info] [2440] log memory size is 30720KB, real memory size is 23156KB 2026-04-03 16:11:39 [Info] [2440] stage3: --windows-sysinfoext-check 2026-04-03 16:11:39 [Info] [2440] Loader after check 2026-04-03 16:11:39 [Warn] [2440] high cpu, cpu is 12 2026-04-03 16:11:39 [Warn] [2440] High CPU Warning: 12 2026-04-03 16:11:40 [Info] [2440] Enter reuse wait state. 2026-04-03 16:11:43 [Info] [2440] recvmsg: EXIT 2026-04-03 16:11:43 [Info] [2440] Recv Exit Msg, Exit... 2026-04-03 19:34:26 [Info] [2660] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-03 19:34:26 [Info] [2660] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap235571775216066 2026-04-03 19:34:26 [Info] [2660] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-03 19:34:26 [Info] [2660] Resource monitor start 2026-04-03 19:34:26 [Info] [2660] ipc client init success 2026-04-03 19:34:26 [Info] [2660] Ipc init: 0 2026-04-03 19:34:26 [Info] [2660] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-03 19:34:26 [Info] [2660] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-03 19:34:26 [Info] [2660] start ipc thread id[1048] 2026-04-03 19:34:26 [Info] [2660] Connect Yundun ipc server return state is 0 2026-04-03 19:34:26 [Info] [2660] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-03 19:34:26 [Info] [2660] CResourceMonitor::run Enter 2026-04-03 19:34:26 [Info] [2660] CIpcMsgHandlerMgr::run Enter 2026-04-03 19:34:26 [Info] [2660] Report thread 2026-04-03 19:34:26 [Info] [2660] Monitor thread 2026-04-03 19:34:26 [Info] [2660] Loader thread 2026-04-03 19:34:26 [Info] [2660] PythonEngineImpl Init... 2026-04-03 19:34:26 [Info] [2660] yundun connected 2026-04-03 19:34:26 [Info] [2660] recvmsg: HELLO 2026-04-03 19:34:26 [Info] [2660] recvmsg: WORK 2026-04-03 19:34:26 [Info] [2660] no use encode, return to old mode 2026-04-03 19:34:26 [Info] [2660] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 19:34:26 [Info] [2660] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 19:34:26 [Info] [2660] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 19:34:27 [Info] [2660] log fd cnt is [250], real fd cnt is [282] 2026-04-03 19:34:27 [Info] [2660] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 19:34:27 [Info] [2660] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-03 19:34:27 [Info] [2660] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-03 19:34:28 [Info] [2660] log memory size is 20480KB, real memory size is 14748KB 2026-04-03 19:34:28 [Info] [2660] item: --secnet_rasp_agent 2026-04-03 19:34:28 [Info] [2660] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-03 19:34:28 [Info] [2660] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-03 19:34:28 [Info] [2660] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-04-03 19:34:28 [Info] [2660] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-03 19:34:28 [Info] [2660] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-04-03 19:34:28 [Info] [2660] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-04-03 19:34:28 [Info] [2660] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-04-03 19:34:28 [Info] [2660] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-04-03 19:34:28 [Info] [2660] Download redirect files success. 2026-04-03 19:34:28 [Info] [2660] Prepare stage1: --secnet_rasp_agent 2026-04-03 19:34:28 [Info] [2660] Prepare stage2 2026-04-03 19:34:29 [Info] [2660] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-03 19:34:29 [Info] [2660] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-03 19:34:29 [Info] [2660] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 19:34:30 [Info] [2660] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 19:34:30 [Info] [2660] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-04-03 19:34:30 [Info] [2660] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-03 19:34:30 [Info] [2660] stage3: --secnet_rasp_agent 2026-04-03 19:34:30 [Info] [2660] Loader after check 2026-04-03 19:34:31 [Info] [2660] Enter reuse wait state. 2026-04-03 19:34:32 [Info] [2660] log memory size is 30720KB, real memory size is 21364KB 2026-04-03 19:34:33 [Info] [2660] recvmsg: EXIT 2026-04-03 19:34:33 [Info] [2660] Recv Exit Msg, Exit... 2026-04-03 21:39:35 [Info] [3644] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-03 21:39:35 [Info] [3644] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap152251775223549 2026-04-03 21:39:35 [Info] [3644] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-03 21:39:35 [Info] [3644] Resource monitor start 2026-04-03 21:39:35 [Info] [3644] ipc client init success 2026-04-03 21:39:35 [Info] [3644] Ipc init: 0 2026-04-03 21:39:35 [Info] [3644] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-03 21:39:35 [Info] [3644] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-03 21:39:35 [Info] [3644] start ipc thread id[4344] 2026-04-03 21:39:35 [Info] [3644] Connect Yundun ipc server return state is 0 2026-04-03 21:39:35 [Info] [3644] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-03 21:39:35 [Info] [3644] CResourceMonitor::run Enter 2026-04-03 21:39:35 [Info] [3644] CIpcMsgHandlerMgr::run Enter 2026-04-03 21:39:35 [Info] [3644] yundun connected 2026-04-03 21:39:35 [Info] [3644] Report thread 2026-04-03 21:39:35 [Info] [3644] Monitor thread 2026-04-03 21:39:35 [Info] [3644] Loader thread 2026-04-03 21:39:35 [Info] [3644] PythonEngineImpl Init... 2026-04-03 21:39:36 [Info] [3644] recvmsg: HELLO 2026-04-03 21:39:36 [Info] [3644] recvmsg: WORK 2026-04-03 21:39:36 [Info] [3644] no use encode, return to old mode 2026-04-03 21:39:36 [Info] [3644] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 21:39:36 [Info] [3644] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 21:39:36 [Info] [3644] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 21:39:36 [Info] [3644] log fd cnt is [250], real fd cnt is [274] 2026-04-03 21:39:37 [Info] [3644] log memory size is 20480KB, real memory size is 14532KB 2026-04-03 21:39:37 [Info] [3644] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 21:39:37 [Info] [3644] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-03 21:39:37 [Info] [3644] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-03 21:39:38 [Info] [3644] item: --windows-sysinfoext-check 2026-04-03 21:39:38 [Info] [3644] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-03 21:39:38 [Info] [3644] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-03 21:39:38 [Info] [3644] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 21:39:39 [Info] [3644] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 21:39:39 [Info] [3644] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-03 21:39:39 [Info] [3644] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-03 21:39:39 [Info] [3644] Prepare stage1: --windows-sysinfoext-check 2026-04-03 21:39:39 [Info] [3644] Prepare stage2 2026-04-03 21:39:39 [Info] [3368] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-03 21:39:39 [Info] [3368] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap153231775223579 2026-04-03 21:39:39 [Info] [3368] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-03 21:39:39 [Info] [3368] Resource monitor start 2026-04-03 21:39:39 [Info] [3368] ipc client init success 2026-04-03 21:39:39 [Info] [3368] Ipc init: 0 2026-04-03 21:39:39 [Info] [3368] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-03 21:39:39 [Info] [3368] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-03 21:39:39 [Info] [3368] start ipc thread id[1128] 2026-04-03 21:39:39 [Info] [3368] Connect Yundun ipc server return state is 0 2026-04-03 21:39:39 [Info] [3368] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-03 21:39:39 [Info] [3368] CResourceMonitor::run Enter 2026-04-03 21:39:39 [Info] [3368] CIpcMsgHandlerMgr::run Enter 2026-04-03 21:39:39 [Info] [3368] Report thread 2026-04-03 21:39:39 [Info] [3368] Monitor thread 2026-04-03 21:39:39 [Info] [3368] Loader thread 2026-04-03 21:39:39 [Info] [3368] PythonEngineImpl Init... 2026-04-03 21:39:40 [Info] [3368] yundun connected 2026-04-03 21:39:40 [Info] [3368] recvmsg: HELLO 2026-04-03 21:39:40 [Info] [3368] log fd cnt is [250], real fd cnt is [263] 2026-04-03 21:39:41 [Info] [3368] recvmsg: WORK 2026-04-03 21:39:41 [Info] [3368] no use encode, return to old mode 2026-04-03 21:39:41 [Info] [3368] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 21:39:41 [Info] [3368] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-03 21:39:41 [Info] [3368] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 21:39:41 [Info] [3368] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 21:39:41 [Info] [3368] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-03 21:39:41 [Info] [3368] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-03 21:39:41 [Info] [3644] log memory size is 30720KB, real memory size is 23096KB 2026-04-03 21:39:42 [Info] [3368] log memory size is 20480KB, real memory size is 14756KB 2026-04-03 21:39:42 [Info] [3644] stage3: --windows-sysinfoext-check 2026-04-03 21:39:42 [Info] [3644] Loader after check 2026-04-03 21:39:42 [Info] [3368] item: --windows-vul-check 2026-04-03 21:39:42 [Info] [3368] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-03 21:39:42 [Info] [3368] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-03 21:39:42 [Info] [3368] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py 2026-04-03 21:39:42 [Info] [3368] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-03 21:39:42 [Info] [3368] Download redirect files success. 2026-04-03 21:39:42 [Info] [3368] Prepare stage1: --windows-vul-check 2026-04-03 21:39:42 [Info] [3368] Prepare stage2 2026-04-03 21:39:43 [Info] [3644] Enter reuse wait state. 2026-04-03 21:39:43 [Info] [3368] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-04-03 21:39:43 [Info] [3368] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-04-03 21:39:43 [Info] [3368] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-03 21:39:43 [Info] [3368] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-03 21:39:43 [Info] [3368] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-04-03 21:39:43 [Info] [3368] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-04-03 21:39:43 [Info] [3368] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0 2026-04-03 21:39:43 [Info] [3368] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0 2026-04-03 21:39:43 [Info] [3368] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat 2026-04-03 21:39:43 [Info] [3368] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat 2026-04-03 21:39:44 [Info] [3368] stage3: --windows-vul-check 2026-04-03 21:39:44 [Info] [3368] Loader after check 2026-04-03 21:39:45 [Info] [3368] Enter reuse wait state. 2026-04-03 21:39:46 [Info] [3368] log memory size is 30720KB, real memory size is 23356KB 2026-04-03 21:39:47 [Info] [3644] recvmsg: EXIT 2026-04-03 21:39:47 [Info] [3644] Recv Exit Msg, Exit... 2026-04-03 21:39:50 [Info] [3368] recvmsg: EXIT 2026-04-03 21:39:50 [Info] [3368] Recv Exit Msg, Exit... 2026-04-10 01:24:27 [Info] [2148] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-10 01:24:27 [Info] [2148] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap154891775755451 2026-04-10 01:24:27 [Info] [2148] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-10 01:24:27 [Info] [2148] Resource monitor start 2026-04-10 01:24:27 [Info] [2148] ipc client init success 2026-04-10 01:24:27 [Info] [2148] Ipc init: 0 2026-04-10 01:24:27 [Info] [2148] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-10 01:24:27 [Info] [2148] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-10 01:24:27 [Info] [2148] start ipc thread id[4896] 2026-04-10 01:24:27 [Info] [2148] Connect Yundun ipc server return state is 0 2026-04-10 01:24:27 [Info] [2148] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-10 01:24:27 [Info] [2148] CResourceMonitor::run Enter 2026-04-10 01:24:27 [Info] [2148] CIpcMsgHandlerMgr::run Enter 2026-04-10 01:24:27 [Info] [2148] Report thread 2026-04-10 01:24:27 [Info] [2148] Monitor thread 2026-04-10 01:24:27 [Info] [2148] Loader thread 2026-04-10 01:24:27 [Info] [2148] PythonEngineImpl Init... 2026-04-10 01:24:27 [Info] [2148] yundun connected 2026-04-10 01:24:29 [Info] [2148] recvmsg: HELLO 2026-04-10 01:24:29 [Info] [2148] log fd cnt is [250], real fd cnt is [263] 2026-04-10 01:24:29 [Info] [2148] recvmsg: WORK 2026-04-10 01:24:29 [Info] [2148] no use encode, return to old mode 2026-04-10 01:24:29 [Info] [2148] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-10 01:24:29 [Info] [2148] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 01:24:29 [Info] [2148] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 01:24:29 [Info] [2148] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 01:24:30 [Info] [2148] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 01:24:30 [Info] [2148] log memory size is 20480KB, real memory size is 14664KB 2026-04-10 01:24:30 [Info] [2148] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-10 01:24:30 [Info] [2148] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-10 01:24:31 [Info] [2148] item: --windows-sysinfoext-check 2026-04-10 01:24:31 [Info] [2148] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-10 01:24:31 [Info] [2148] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-10 01:24:31 [Info] [2148] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 01:24:31 [Info] [2148] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 01:24:31 [Info] [2148] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-10 01:24:31 [Info] [2148] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-10 01:24:31 [Info] [2148] Prepare stage1: --windows-sysinfoext-check 2026-04-10 01:24:31 [Info] [2148] Prepare stage2 2026-04-10 01:24:33 [Info] [2148] stage3: --windows-sysinfoext-check 2026-04-10 01:24:33 [Info] [2148] Loader after check 2026-04-10 01:24:34 [Info] [2148] log memory size is 30720KB, real memory size is 23212KB 2026-04-10 01:24:34 [Info] [2148] Enter reuse wait state. 2026-04-10 01:24:39 [Info] [2148] recvmsg: EXIT 2026-04-10 01:24:39 [Info] [2148] Recv Exit Msg, Exit... 2026-04-10 02:01:30 [Info] [2244] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-10 02:01:30 [Info] [2244] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap228011775757690 2026-04-10 02:01:30 [Info] [2244] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-10 02:01:30 [Info] [2244] Resource monitor start 2026-04-10 02:01:30 [Info] [2244] ipc client init success 2026-04-10 02:01:30 [Info] [2244] Ipc init: 0 2026-04-10 02:01:30 [Info] [2244] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-10 02:01:30 [Info] [2244] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-10 02:01:30 [Info] [2244] start ipc thread id[4420] 2026-04-10 02:01:30 [Info] [2244] Connect Yundun ipc server return state is 0 2026-04-10 02:01:30 [Info] [2244] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-10 02:01:30 [Info] [2244] CResourceMonitor::run Enter 2026-04-10 02:01:30 [Info] [2244] CIpcMsgHandlerMgr::run Enter 2026-04-10 02:01:30 [Info] [2244] Report thread 2026-04-10 02:01:30 [Info] [2244] Monitor thread 2026-04-10 02:01:30 [Info] [2244] Loader thread 2026-04-10 02:01:30 [Info] [2244] PythonEngineImpl Init... 2026-04-10 02:01:31 [Info] [2244] yundun connected 2026-04-10 02:01:31 [Info] [2244] recvmsg: HELLO 2026-04-10 02:01:31 [Info] [2244] recvmsg: WORK 2026-04-10 02:01:31 [Info] [2244] no use encode, return to old mode 2026-04-10 02:01:31 [Info] [2244] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 02:01:31 [Info] [2244] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 02:01:31 [Info] [2244] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 02:01:31 [Info] [2244] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 02:01:32 [Info] [2244] log fd cnt is [250], real fd cnt is [286] 2026-04-10 02:01:32 [Info] [2244] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-10 02:01:32 [Info] [2244] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-10 02:01:33 [Info] [2244] log memory size is 20480KB, real memory size is 14836KB 2026-04-10 02:01:33 [Info] [2244] item: --sca 2026-04-10 02:01:33 [Info] [2244] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-10 02:01:33 [Info] [2244] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-10 02:01:33 [Info] [2244] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-04-10 02:01:33 [Info] [2244] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-04-10 02:01:33 [Info] [2244] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-04-10 02:01:33 [Info] [2244] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-04-10 02:01:33 [Info] [2244] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-04-10 02:01:33 [Info] [2244] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-04-10 02:01:34 [Info] [2244] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-04-10 02:01:34 [Info] [2244] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-04-10 02:01:34 [Info] [2244] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-04-10 02:01:34 [Info] [2244] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-04-10 02:01:34 [Info] [2244] Download redirect files success. 2026-04-10 02:01:34 [Info] [2244] Prepare stage1: --sca 2026-04-10 02:01:34 [Info] [2244] Prepare stage2 2026-04-10 02:01:36 [Warn] [2244] high cpu, cpu is 29 2026-04-10 02:01:36 [Info] [2244] try get sys version 2026-04-10 02:01:36 [Info] [2244] win sys info:2/10:0:3 2026-04-10 02:01:36 [Info] [2244] suit legal version, enable cpu control 2026-04-10 02:01:36 [Warn] [2244] High CPU Warning: 29 2026-04-10 02:01:36 [Warn] [2244] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:sca_utils.py line: 3607 in func: get_listening_by_pid File:sca_utils.py line: 3631 in func: listening File:sca.py line: 205 in func: init_analyzer File:sca.py line: 390 in func: start 2026-04-10 02:01:37 [Info] [2244] log memory size is 30720KB, real memory size is 32896KB 2026-04-10 02:01:41 [Info] [2244] log memory size is 40960KB, real memory size is 33300KB 2026-04-10 02:01:54 [Info] [2244] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-10 02:02:10 [Info] [2244] stage3: --sca 2026-04-10 02:02:10 [Info] [2244] Loader after check 2026-04-10 02:02:11 [Info] [2244] Enter reuse wait state. 2026-04-10 02:02:14 [Info] [2244] recvmsg: EXIT 2026-04-10 02:02:14 [Info] [2244] Recv Exit Msg, Exit... 2026-04-10 06:52:50 [Info] [4292] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-10 06:52:50 [Info] [4292] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap142791775775149 2026-04-10 06:52:50 [Info] [4292] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-10 06:52:50 [Info] [4292] Resource monitor start 2026-04-10 06:52:50 [Info] [4292] ipc client init success 2026-04-10 06:52:50 [Info] [4292] Ipc init: 0 2026-04-10 06:52:50 [Info] [4292] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-10 06:52:50 [Info] [4292] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-10 06:52:50 [Info] [4292] start ipc thread id[3688] 2026-04-10 06:52:50 [Info] [4292] Connect Yundun ipc server return state is 0 2026-04-10 06:52:50 [Info] [4292] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-10 06:52:55 [Info] [4292] Loader thread 2026-04-10 06:52:55 [Info] [4292] PythonEngineImpl Init... 2026-04-10 06:52:55 [Info] [4292] Monitor thread 2026-04-10 06:52:55 [Info] [4292] Report thread 2026-04-10 06:52:55 [Info] [4292] yundun connected 2026-04-10 06:52:55 [Info] [4292] CIpcMsgHandlerMgr::run Enter 2026-04-10 06:52:55 [Info] [4292] CResourceMonitor::run Enter 2026-04-10 06:52:55 [Info] [4292] recvmsg: HELLO 2026-04-10 06:52:55 [Info] [4292] recvmsg: WORK 2026-04-10 06:52:55 [Info] [4292] no use encode, return to old mode 2026-04-10 06:52:55 [Info] [4292] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 06:52:55 [Info] [4292] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 06:52:55 [Info] [4292] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 06:52:56 [Info] [4292] log fd cnt is [250], real fd cnt is [264] 2026-04-10 06:52:57 [Info] [4292] log memory size is 20480KB, real memory size is 13180KB 2026-04-10 06:53:07 [Warn] [4292] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-10 06:53:17 [Warn] [4292] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-10 06:53:18 [Info] [4292] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 06:53:18 [Info] [4292] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-10 06:53:18 [Info] [4292] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-10 06:53:19 [Info] [4292] item: --windows-sysinfoext-check 2026-04-10 06:53:19 [Info] [4292] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-10 06:53:19 [Info] [4292] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-10 06:53:19 [Info] [4292] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 06:53:20 [Info] [4292] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 06:53:20 [Info] [4292] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-10 06:53:20 [Info] [4292] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-10 06:53:20 [Info] [4292] Prepare stage1: --windows-sysinfoext-check 2026-04-10 06:53:20 [Info] [4292] Prepare stage2 2026-04-10 06:53:20 [Warn] [4292] high cpu, cpu is 12 2026-04-10 06:53:20 [Info] [4292] try get sys version 2026-04-10 06:53:20 [Info] [4292] win sys info:2/10:0:3 2026-04-10 06:53:20 [Info] [4292] suit legal version, enable cpu control 2026-04-10 06:53:20 [Warn] [4292] High CPU Warning: 12 2026-04-10 06:53:20 [Warn] [4292] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:__init__.py line: 87 in func: Moniker File:__init__.py line: 72 in func: GetObject File:wmi.py line: 1276 in func: connect File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-04-10 06:53:21 [Info] [4292] log memory size is 30720KB, real memory size is 23112KB 2026-04-10 06:53:22 [Info] [4292] stage3: --windows-sysinfoext-check 2026-04-10 06:53:22 [Info] [4292] Loader after check 2026-04-10 06:53:22 [Warn] [4292] high cpu, cpu is 12 2026-04-10 06:53:22 [Warn] [4292] High CPU Warning: 12 2026-04-10 06:53:23 [Info] [4292] Enter reuse wait state. 2026-04-10 06:53:27 [Info] [4292] recvmsg: EXIT 2026-04-10 06:53:27 [Info] [4292] Recv Exit Msg, Exit... 2026-04-10 07:44:06 [Info] [2244] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-10 07:44:06 [Info] [2244] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap243921775778246 2026-04-10 07:44:06 [Info] [2244] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-10 07:44:06 [Info] [2244] Resource monitor start 2026-04-10 07:44:06 [Info] [2244] ipc client init success 2026-04-10 07:44:06 [Info] [2244] Ipc init: 0 2026-04-10 07:44:06 [Info] [2244] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-10 07:44:06 [Info] [2244] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-10 07:44:06 [Info] [2244] start ipc thread id[4680] 2026-04-10 07:44:06 [Info] [2244] Connect Yundun ipc server return state is 0 2026-04-10 07:44:06 [Info] [2244] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-10 07:44:06 [Info] [2244] CResourceMonitor::run Enter 2026-04-10 07:44:06 [Info] [2244] CIpcMsgHandlerMgr::run Enter 2026-04-10 07:44:06 [Info] [2244] yundun connected 2026-04-10 07:44:06 [Info] [2244] Report thread 2026-04-10 07:44:06 [Info] [2244] Monitor thread 2026-04-10 07:44:06 [Info] [2244] Loader thread 2026-04-10 07:44:06 [Info] [2244] PythonEngineImpl Init... 2026-04-10 07:44:07 [Info] [2244] recvmsg: HELLO 2026-04-10 07:44:07 [Info] [2244] recvmsg: WORK 2026-04-10 07:44:07 [Info] [2244] no use encode, return to old mode 2026-04-10 07:44:07 [Info] [2244] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 07:44:07 [Info] [2244] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 07:44:07 [Info] [2244] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 07:44:07 [Info] [2244] log fd cnt is [250], real fd cnt is [274] 2026-04-10 07:44:08 [Info] [2244] log memory size is 20480KB, real memory size is 13520KB 2026-04-10 07:44:09 [Info] [2244] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 07:44:09 [Info] [2244] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-10 07:44:09 [Info] [2244] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-10 07:44:10 [Info] [2244] item: --windows-vul-clean 2026-04-10 07:44:10 [Info] [2244] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-10 07:44:10 [Info] [2244] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-10 07:44:10 [Info] [2244] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 07:44:10 [Info] [2244] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 07:44:10 [Info] [2244] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-04-10 07:44:10 [Info] [2244] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-04-10 07:44:11 [Info] [2244] Prepare stage1: --windows-vul-clean 2026-04-10 07:44:11 [Info] [2244] Prepare stage2 2026-04-10 07:44:11 [Info] [2244] stage3: --windows-vul-clean 2026-04-10 07:44:11 [Info] [2244] Loader after check 2026-04-10 07:44:12 [Info] [2244] Enter reuse wait state. 2026-04-10 07:44:14 [Info] [2244] recvmsg: EXIT 2026-04-10 07:44:14 [Info] [2244] Recv Exit Msg, Exit... 2026-04-10 08:43:51 [Info] [692] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-10 08:43:51 [Info] [692] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap33311775781831 2026-04-10 08:43:51 [Info] [692] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-10 08:43:51 [Info] [692] Resource monitor start 2026-04-10 08:43:51 [Info] [692] ipc client init success 2026-04-10 08:43:51 [Info] [692] Ipc init: 0 2026-04-10 08:43:51 [Info] [692] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-10 08:43:51 [Info] [692] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-10 08:43:51 [Info] [692] start ipc thread id[3520] 2026-04-10 08:43:51 [Info] [692] Connect Yundun ipc server return state is 0 2026-04-10 08:43:51 [Info] [692] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-10 08:43:51 [Info] [692] CResourceMonitor::run Enter 2026-04-10 08:43:51 [Info] [692] CIpcMsgHandlerMgr::run Enter 2026-04-10 08:43:51 [Info] [692] Report thread 2026-04-10 08:43:51 [Info] [692] Monitor thread 2026-04-10 08:43:51 [Info] [692] Loader thread 2026-04-10 08:43:51 [Info] [692] PythonEngineImpl Init... 2026-04-10 08:43:51 [Info] [692] yundun connected 2026-04-10 08:43:52 [Info] [692] recvmsg: HELLO 2026-04-10 08:43:52 [Info] [692] recvmsg: WORK 2026-04-10 08:43:52 [Info] [692] no use encode, return to old mode 2026-04-10 08:43:52 [Info] [692] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 08:43:52 [Info] [692] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 08:43:52 [Info] [692] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 08:43:52 [Info] [692] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 08:43:52 [Info] [692] log fd cnt is [250], real fd cnt is [286] 2026-04-10 08:43:52 [Info] [692] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-10 08:43:52 [Info] [692] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-10 08:43:53 [Info] [692] log memory size is 20480KB, real memory size is 14824KB 2026-04-10 08:43:54 [Info] [692] item: --windows-process-check 2026-04-10 08:43:54 [Info] [692] cgroup name aegisRtap0 2026-04-10 08:43:54 [Info] [692] try get sys version 2026-04-10 08:43:54 [Info] [692] win sys info:2/10:0:3 2026-04-10 08:43:54 [Info] [692] suit legal version, enable cpu control 2026-04-10 08:43:54 [Info] [692] get AssignProcessToJobObject handle [00000478] 2026-04-10 08:43:54 [Info] [692] Set setJobExtended. 2026-04-10 08:43:54 [Info] [692] Set cpu [9%] 2026-04-10 08:43:54 [Info] [692] Set cpu success 2026-04-10 08:43:54 [Info] [692] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-10 08:43:54 [Info] [692] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-10 08:43:54 [Info] [692] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 08:43:54 [Info] [692] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 08:43:54 [Info] [692] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-04-10 08:43:54 [Info] [692] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-04-10 08:43:54 [Info] [692] Prepare stage1: --windows-process-check 2026-04-10 08:43:54 [Info] [692] Prepare stage2 2026-04-10 08:43:57 [Info] [692] log memory size is 30720KB, real memory size is 20588KB 2026-04-10 08:44:11 [Info] [692] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-10 08:44:12 [Info] [692] stage3: --windows-process-check 2026-04-10 08:44:12 [Info] [692] Loader after check 2026-04-10 08:44:13 [Info] [692] Enter reuse wait state. 2026-04-10 08:44:15 [Info] [692] recvmsg: EXIT 2026-04-10 08:44:15 [Info] [692] Recv Exit Msg, Exit... 2026-04-10 10:24:16 [Info] [872] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-10 10:24:16 [Info] [872] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap230061775787856 2026-04-10 10:24:16 [Info] [872] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-10 10:24:16 [Info] [872] Resource monitor start 2026-04-10 10:24:16 [Info] [872] ipc client init success 2026-04-10 10:24:16 [Info] [872] Ipc init: 0 2026-04-10 10:24:16 [Info] [872] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-10 10:24:16 [Info] [872] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-10 10:24:16 [Info] [872] start ipc thread id[4968] 2026-04-10 10:24:16 [Info] [872] Connect Yundun ipc server return state is 0 2026-04-10 10:24:16 [Info] [872] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-10 10:24:16 [Info] [872] CResourceMonitor::run Enter 2026-04-10 10:24:16 [Info] [872] CIpcMsgHandlerMgr::run Enter 2026-04-10 10:24:16 [Info] [872] Report thread 2026-04-10 10:24:16 [Info] [872] Monitor thread 2026-04-10 10:24:16 [Info] [872] Loader thread 2026-04-10 10:24:16 [Info] [872] PythonEngineImpl Init... 2026-04-10 10:24:16 [Info] [872] yundun connected 2026-04-10 10:24:16 [Info] [872] recvmsg: HELLO 2026-04-10 10:24:17 [Info] [872] recvmsg: WORK 2026-04-10 10:24:17 [Info] [872] no use encode, return to old mode 2026-04-10 10:24:17 [Info] [872] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 10:24:17 [Info] [872] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 10:24:17 [Info] [872] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 10:24:17 [Info] [872] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 10:24:17 [Info] [872] log fd cnt is [250], real fd cnt is [286] 2026-04-10 10:24:17 [Info] [872] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-10 10:24:17 [Info] [872] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-10 10:24:18 [Info] [872] log memory size is 20480KB, real memory size is 14832KB 2026-04-10 10:24:18 [Info] [872] item: --windows-schedule-task-check 2026-04-10 10:24:18 [Info] [872] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-10 10:24:18 [Info] [872] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-10 10:24:18 [Info] [872] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 10:24:18 [Info] [872] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 10:24:19 [Info] [872] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-04-10 10:24:19 [Info] [872] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-04-10 10:24:19 [Info] [872] Prepare stage1: --windows-schedule-task-check 2026-04-10 10:24:19 [Info] [872] Prepare stage2 2026-04-10 10:24:19 [Warn] [872] high cpu, cpu is 12 2026-04-10 10:24:19 [Info] [872] try get sys version 2026-04-10 10:24:19 [Info] [872] win sys info:2/10:0:3 2026-04-10 10:24:19 [Info] [872] suit legal version, enable cpu control 2026-04-10 10:24:19 [Warn] [872] High CPU Warning: 12 2026-04-10 10:24:19 [Warn] [872] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:<COMObject <unknown>> line: 2 in func: GetTasks File:windows-schedule-task-check.py line: 347 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 372 in func: GetScheduleTaskByCom File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks File:windows-schedule-task-check.py line: 425 in func: check File:windows-schedule-task-check.py line: 61 in func: main File:windows-schedule-task-check.py line: 433 in func: start 2026-04-10 10:24:22 [Info] [872] log memory size is 30720KB, real memory size is 23668KB 2026-04-10 10:24:25 [Info] [288] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-10 10:24:25 [Info] [288] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap230361775787865 2026-04-10 10:24:25 [Info] [288] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-10 10:24:25 [Info] [288] Resource monitor start 2026-04-10 10:24:25 [Info] [288] ipc client init success 2026-04-10 10:24:25 [Info] [288] Ipc init: 0 2026-04-10 10:24:25 [Info] [288] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-10 10:24:25 [Info] [288] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-10 10:24:25 [Info] [288] start ipc thread id[2148] 2026-04-10 10:24:25 [Info] [288] Connect Yundun ipc server return state is 0 2026-04-10 10:24:25 [Info] [288] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-10 10:24:25 [Info] [288] CResourceMonitor::run Enter 2026-04-10 10:24:25 [Info] [288] CIpcMsgHandlerMgr::run Enter 2026-04-10 10:24:25 [Info] [288] yundun connected 2026-04-10 10:24:25 [Info] [288] Report thread 2026-04-10 10:24:25 [Info] [288] Monitor thread 2026-04-10 10:24:25 [Info] [288] Loader thread 2026-04-10 10:24:25 [Info] [288] PythonEngineImpl Init... 2026-04-10 10:24:26 [Info] [288] recvmsg: HELLO 2026-04-10 10:24:26 [Info] [288] recvmsg: WORK 2026-04-10 10:24:26 [Info] [288] no use encode, return to old mode 2026-04-10 10:24:26 [Info] [288] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 10:24:26 [Info] [288] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 10:24:26 [Info] [288] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 10:24:27 [Info] [288] log fd cnt is [250], real fd cnt is [277] 2026-04-10 10:24:27 [Info] [288] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 10:24:28 [Info] [288] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-10 10:24:28 [Info] [288] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-10 10:24:28 [Info] [288] log memory size is 20480KB, real memory size is 14608KB 2026-04-10 10:24:29 [Info] [288] item: --windows-registry-check 2026-04-10 10:24:29 [Info] [288] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-10 10:24:29 [Info] [288] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-10 10:24:29 [Info] [288] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 10:24:30 [Info] [288] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 10:24:30 [Info] [288] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-04-10 10:24:30 [Info] [288] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-04-10 10:24:30 [Info] [288] Prepare stage1: --windows-registry-check 2026-04-10 10:24:30 [Info] [288] Prepare stage2 2026-04-10 10:24:52 [Info] [872] stage3: --windows-schedule-task-check 2026-04-10 10:24:52 [Info] [872] Loader after check 2026-04-10 10:24:53 [Info] [872] Enter reuse wait state. 2026-04-10 10:24:57 [Info] [872] recvmsg: EXIT 2026-04-10 10:24:57 [Info] [872] Recv Exit Msg, Exit... 2026-04-10 10:24:58 [Info] [288] stage3: --windows-registry-check 2026-04-10 10:24:58 [Info] [288] Loader after check 2026-04-10 10:24:59 [Info] [288] Enter reuse wait state. 2026-04-10 10:25:03 [Info] [288] recvmsg: EXIT 2026-04-10 10:25:03 [Info] [288] Recv Exit Msg, Exit... 2026-04-10 10:31:39 [Info] [1828] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-10 10:31:39 [Info] [1828] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap244531775788299 2026-04-10 10:31:39 [Info] [1828] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-10 10:31:39 [Info] [1828] Resource monitor start 2026-04-10 10:31:39 [Info] [1828] ipc client init success 2026-04-10 10:31:39 [Info] [1828] Ipc init: 0 2026-04-10 10:31:39 [Info] [1828] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-10 10:31:39 [Info] [1828] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-10 10:31:39 [Info] [1828] start ipc thread id[2616] 2026-04-10 10:31:39 [Info] [1828] Connect Yundun ipc server return state is 0 2026-04-10 10:31:39 [Info] [1828] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-10 10:31:39 [Info] [1828] CResourceMonitor::run Enter 2026-04-10 10:31:39 [Info] [1828] CIpcMsgHandlerMgr::run Enter 2026-04-10 10:31:39 [Info] [1828] yundun connected 2026-04-10 10:31:39 [Info] [1828] Report thread 2026-04-10 10:31:39 [Info] [1828] Monitor thread 2026-04-10 10:31:39 [Info] [1828] Loader thread 2026-04-10 10:31:39 [Info] [1828] PythonEngineImpl Init... 2026-04-10 10:31:39 [Info] [1828] recvmsg: HELLO 2026-04-10 10:31:40 [Info] [1828] recvmsg: WORK 2026-04-10 10:31:40 [Info] [1828] no use encode, return to old mode 2026-04-10 10:31:40 [Info] [1828] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 10:31:40 [Info] [1828] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 10:31:40 [Info] [1828] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 10:31:40 [Info] [1828] log fd cnt is [250], real fd cnt is [274] 2026-04-10 10:31:41 [Info] [1828] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 10:31:41 [Info] [1828] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-10 10:31:41 [Info] [1828] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-10 10:31:41 [Info] [1828] log memory size is 20480KB, real memory size is 14568KB 2026-04-10 10:31:43 [Info] [1828] item: --windows-driver-version-check 2026-04-10 10:31:43 [Info] [1828] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-10 10:31:43 [Info] [1828] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-10 10:31:43 [Info] [1828] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 10:31:43 [Info] [1828] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 10:31:43 [Info] [1828] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-04-10 10:31:43 [Info] [1828] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-04-10 10:31:43 [Info] [1828] Prepare stage1: --windows-driver-version-check 2026-04-10 10:31:43 [Info] [1828] Prepare stage2 2026-04-10 10:31:43 [Info] [1828] stage3: --windows-driver-version-check 2026-04-10 10:31:43 [Info] [1828] Loader after check 2026-04-10 10:31:44 [Info] [1828] Enter reuse wait state. 2026-04-10 10:31:45 [Info] [1828] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-10 10:31:46 [Info] [1828] recvmsg: EXIT 2026-04-10 10:31:46 [Info] [1828] Recv Exit Msg, Exit... 2026-04-10 10:49:40 [Info] [92] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-10 10:49:40 [Info] [92] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap279831775789380 2026-04-10 10:49:40 [Info] [92] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-10 10:49:40 [Info] [92] Resource monitor start 2026-04-10 10:49:40 [Info] [92] ipc client init success 2026-04-10 10:49:40 [Info] [92] Ipc init: 0 2026-04-10 10:49:40 [Info] [92] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-10 10:49:40 [Info] [92] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-10 10:49:40 [Info] [92] start ipc thread id[4560] 2026-04-10 10:49:40 [Info] [92] Connect Yundun ipc server return state is 0 2026-04-10 10:49:40 [Info] [92] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-10 10:49:40 [Info] [92] CResourceMonitor::run Enter 2026-04-10 10:49:40 [Info] [92] CIpcMsgHandlerMgr::run Enter 2026-04-10 10:49:40 [Info] [92] Report thread 2026-04-10 10:49:40 [Info] [92] Monitor thread 2026-04-10 10:49:40 [Info] [92] Loader thread 2026-04-10 10:49:40 [Info] [92] PythonEngineImpl Init... 2026-04-10 10:49:40 [Info] [92] yundun connected 2026-04-10 10:49:41 [Info] [92] recvmsg: HELLO 2026-04-10 10:49:41 [Info] [92] recvmsg: WORK 2026-04-10 10:49:41 [Info] [92] no use encode, return to old mode 2026-04-10 10:49:41 [Info] [92] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 10:49:41 [Info] [92] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 10:49:41 [Info] [92] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 10:49:41 [Info] [92] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 10:49:41 [Info] [92] log fd cnt is [250], real fd cnt is [282] 2026-04-10 10:49:41 [Info] [92] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-10 10:49:41 [Info] [92] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-10 10:49:42 [Info] [92] log memory size is 20480KB, real memory size is 14816KB 2026-04-10 10:49:43 [Info] [92] item: --tcp-connect-check 2026-04-10 10:49:43 [Info] [92] cgroup name aegisRtap0 2026-04-10 10:49:43 [Info] [92] try get sys version 2026-04-10 10:49:43 [Info] [92] win sys info:2/10:0:3 2026-04-10 10:49:43 [Info] [92] suit legal version, enable cpu control 2026-04-10 10:49:43 [Info] [92] get AssignProcessToJobObject handle [00000478] 2026-04-10 10:49:43 [Info] [92] Set setJobExtended. 2026-04-10 10:49:43 [Info] [92] Set cpu [9%] 2026-04-10 10:49:43 [Info] [92] Set cpu success 2026-04-10 10:49:43 [Info] [92] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-10 10:49:43 [Info] [92] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-10 10:49:43 [Info] [92] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 10:49:43 [Info] [92] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 10:49:43 [Info] [92] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-04-10 10:49:43 [Info] [92] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-04-10 10:49:43 [Info] [92] Prepare stage1: --tcp-connect-check 2026-04-10 10:49:43 [Info] [92] Prepare stage2 2026-04-10 10:49:44 [Info] [92] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-10 10:49:46 [Info] [92] stage3: --tcp-connect-check 2026-04-10 10:49:46 [Info] [92] Loader after check 2026-04-10 10:49:47 [Info] [92] Enter reuse wait state. 2026-04-10 10:49:52 [Info] [92] recvmsg: EXIT 2026-04-10 10:49:52 [Info] [92] Recv Exit Msg, Exit... 2026-04-10 11:11:13 [Info] [3820] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-10 11:11:13 [Info] [3820] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap322051775790673 2026-04-10 11:11:13 [Info] [3820] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-10 11:11:13 [Info] [3820] Resource monitor start 2026-04-10 11:11:13 [Info] [3820] ipc client init success 2026-04-10 11:11:13 [Info] [3820] Ipc init: 0 2026-04-10 11:11:13 [Info] [3820] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-10 11:11:13 [Info] [3820] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-10 11:11:13 [Info] [3820] start ipc thread id[2568] 2026-04-10 11:11:13 [Info] [3820] Connect Yundun ipc server return state is 0 2026-04-10 11:11:13 [Info] [3820] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-10 11:11:13 [Info] [3820] CResourceMonitor::run Enter 2026-04-10 11:11:13 [Info] [3820] CIpcMsgHandlerMgr::run Enter 2026-04-10 11:11:13 [Info] [3820] Report thread 2026-04-10 11:11:13 [Info] [3820] Monitor thread 2026-04-10 11:11:13 [Info] [3820] Loader thread 2026-04-10 11:11:13 [Info] [3820] PythonEngineImpl Init... 2026-04-10 11:11:13 [Info] [3820] yundun connected 2026-04-10 11:11:14 [Info] [3820] recvmsg: HELLO 2026-04-10 11:11:14 [Info] [3820] recvmsg: WORK 2026-04-10 11:11:14 [Info] [3820] no use encode, return to old mode 2026-04-10 11:11:14 [Info] [3820] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 11:11:14 [Info] [3820] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 11:11:14 [Info] [3820] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 11:11:14 [Info] [3820] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 11:11:14 [Info] [3820] log fd cnt is [250], real fd cnt is [282] 2026-04-10 11:11:14 [Info] [3820] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-10 11:11:14 [Info] [3820] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-10 11:11:15 [Info] [3820] log memory size is 20480KB, real memory size is 14840KB 2026-04-10 11:11:15 [Info] [3820] item: --windows-autorun-item-check 2026-04-10 11:11:15 [Info] [3820] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-10 11:11:15 [Info] [3820] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-10 11:11:15 [Info] [3820] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 11:11:15 [Info] [3820] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 11:11:15 [Info] [3820] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-04-10 11:11:15 [Info] [3820] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-04-10 11:11:16 [Info] [3820] Prepare stage1: --windows-autorun-item-check 2026-04-10 11:11:16 [Info] [3820] Prepare stage2 2026-04-10 11:11:16 [Warn] [3820] high cpu, cpu is 13 2026-04-10 11:11:16 [Info] [3820] try get sys version 2026-04-10 11:11:16 [Info] [3820] win sys info:2/10:0:3 2026-04-10 11:11:16 [Info] [3820] suit legal version, enable cpu control 2026-04-10 11:11:16 [Warn] [3820] High CPU Warning: 13 2026-04-10 11:11:16 [Warn] [3820] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-autorun-item-check.py line: 220 in func: EnumRegKeyValue File:windows-autorun-item-check.py line: 257 in func: GetAutoRunByReg File:windows-autorun-item-check.py line: 500 in func: check File:windows-autorun-item-check.py line: 80 in func: main File:windows-autorun-item-check.py line: 534 in func: start 2026-04-10 11:11:19 [Info] [3820] log memory size is 30720KB, real memory size is 22616KB 2026-04-10 11:11:26 [Info] [3820] stage3: --windows-autorun-item-check 2026-04-10 11:11:26 [Info] [3820] Loader after check 2026-04-10 11:11:27 [Info] [3820] Enter reuse wait state. 2026-04-10 11:11:29 [Info] [3820] recvmsg: EXIT 2026-04-10 11:11:29 [Info] [3820] Recv Exit Msg, Exit... 2026-04-10 12:23:05 [Info] [3208] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-10 12:23:05 [Info] [3208] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap134571775794966 2026-04-10 12:23:05 [Info] [3208] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-10 12:23:05 [Info] [3208] Resource monitor start 2026-04-10 12:23:05 [Info] [3208] ipc client init success 2026-04-10 12:23:05 [Info] [3208] Ipc init: 0 2026-04-10 12:23:05 [Info] [3208] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-10 12:23:05 [Info] [3208] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-10 12:23:10 [Info] [3208] CIpcMsgHandlerMgr::run Enter 2026-04-10 12:23:10 [Info] [3208] CResourceMonitor::run Enter 2026-04-10 12:23:10 [Info] [3208] start ipc thread id[4088] 2026-04-10 12:23:10 [Info] [3208] Connect Yundun ipc server return state is 0 2026-04-10 12:23:10 [Info] [3208] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-10 12:23:11 [Info] [3208] log fd cnt is [250], real fd cnt is [242] 2026-04-10 12:23:15 [Info] [3208] Loader thread 2026-04-10 12:23:15 [Info] [3208] PythonEngineImpl Init... 2026-04-10 12:23:15 [Info] [3208] Monitor thread 2026-04-10 12:23:15 [Info] [3208] Report thread 2026-04-10 12:23:15 [Info] [3208] yundun connected 2026-04-10 12:23:15 [Info] [3208] recvmsg: HELLO 2026-04-10 12:23:15 [Info] [3208] recvmsg: WORK 2026-04-10 12:23:15 [Info] [3208] no use encode, return to old mode 2026-04-10 12:23:15 [Info] [3208] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 12:23:15 [Info] [3208] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 12:23:15 [Info] [3208] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 12:23:16 [Info] [3208] log memory size is 20480KB, real memory size is 13140KB 2026-04-10 12:23:17 [Info] [3208] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 12:23:18 [Info] [3208] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-10 12:23:18 [Info] [3208] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-10 12:23:19 [Info] [3208] item: --windows-sysinfoext-check 2026-04-10 12:23:19 [Info] [3208] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-10 12:23:19 [Info] [3208] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-10 12:23:19 [Info] [3208] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 12:23:19 [Info] [3208] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 12:23:19 [Info] [3208] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-10 12:23:19 [Info] [3208] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-10 12:23:19 [Info] [3208] Prepare stage1: --windows-sysinfoext-check 2026-04-10 12:23:19 [Info] [3208] Prepare stage2 2026-04-10 12:23:20 [Info] [3208] log memory size is 30720KB, real memory size is 23156KB 2026-04-10 12:23:21 [Info] [3208] stage3: --windows-sysinfoext-check 2026-04-10 12:23:21 [Info] [3208] Loader after check 2026-04-10 12:23:21 [Warn] [3208] high cpu, cpu is 12 2026-04-10 12:23:21 [Info] [3208] try get sys version 2026-04-10 12:23:21 [Info] [3208] win sys info:2/10:0:3 2026-04-10 12:23:21 [Info] [3208] suit legal version, enable cpu control 2026-04-10 12:23:21 [Warn] [3208] High CPU Warning: 12 2026-04-10 12:23:21 [Warn] [3208] resource monitor exp type: High CPU Warning, script runing: 0 2026-04-10 12:23:22 [Info] [3208] Enter reuse wait state. 2026-04-10 12:23:26 [Info] [3208] recvmsg: EXIT 2026-04-10 12:23:26 [Info] [3208] Recv Exit Msg, Exit... 2026-04-10 17:52:17 [Info] [84] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-10 17:52:17 [Info] [84] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap124481775814726 2026-04-10 17:52:17 [Info] [84] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-10 17:52:22 [Info] [84] Resource monitor start 2026-04-10 17:52:22 [Info] [84] ipc client init success 2026-04-10 17:52:22 [Info] [84] Ipc init: 0 2026-04-10 17:52:22 [Info] [84] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-10 17:52:28 [Info] [84] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-10 17:52:28 [Info] [84] start ipc thread id[3236] 2026-04-10 17:52:28 [Info] [84] Connect Yundun ipc server return state is 0 2026-04-10 17:52:30 [Info] [84] CResourceMonitor::run Enter 2026-04-10 17:52:30 [Info] [84] CIpcMsgHandlerMgr::run Enter 2026-04-10 17:52:30 [Info] [84] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-10 17:52:31 [Info] [84] log fd cnt is [250], real fd cnt is [242] 2026-04-10 17:52:31 [Info] [84] yundun connected 2026-04-10 17:52:31 [Info] [84] Report thread 2026-04-10 17:52:31 [Info] [84] Monitor thread 2026-04-10 17:52:31 [Info] [84] Loader thread 2026-04-10 17:52:31 [Info] [84] PythonEngineImpl Init... 2026-04-10 17:52:31 [Info] [84] recvmsg: HELLO 2026-04-10 17:52:31 [Info] [84] recvmsg: WORK 2026-04-10 17:52:31 [Info] [84] no use encode, return to old mode 2026-04-10 17:52:31 [Info] [84] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 17:52:31 [Info] [84] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 17:52:31 [Info] [84] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 17:52:31 [Info] [84] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 17:52:32 [Info] [84] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-10 17:52:32 [Info] [84] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-10 17:52:32 [Info] [84] log memory size is 20480KB, real memory size is 14612KB 2026-04-10 17:52:33 [Info] [84] item: --windows-sysinfoext-check 2026-04-10 17:52:33 [Info] [84] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-10 17:52:33 [Info] [84] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-10 17:52:33 [Info] [84] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 17:52:33 [Info] [84] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 17:52:33 [Info] [84] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-10 17:52:33 [Info] [84] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-10 17:52:33 [Info] [84] Prepare stage1: --windows-sysinfoext-check 2026-04-10 17:52:33 [Info] [84] Prepare stage2 2026-04-10 17:52:36 [Info] [84] log memory size is 30720KB, real memory size is 23056KB 2026-04-10 17:52:36 [Info] [84] stage3: --windows-sysinfoext-check 2026-04-10 17:52:36 [Info] [84] Loader after check 2026-04-10 17:52:37 [Warn] [84] high cpu, cpu is 15 2026-04-10 17:52:37 [Info] [84] try get sys version 2026-04-10 17:52:37 [Info] [84] win sys info:2/10:0:3 2026-04-10 17:52:37 [Info] [84] suit legal version, enable cpu control 2026-04-10 17:52:37 [Warn] [84] High CPU Warning: 15 2026-04-10 17:52:37 [Warn] [84] resource monitor exp type: High CPU Warning, script runing: 0 2026-04-10 17:52:37 [Info] [84] Enter reuse wait state. 2026-04-10 17:52:39 [Info] [84] recvmsg: EXIT 2026-04-10 17:52:39 [Info] [84] Recv Exit Msg, Exit... 2026-04-10 18:07:09 [Info] [2344] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-10 18:07:09 [Info] [2344] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap153971775815629 2026-04-10 18:07:09 [Info] [2344] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-10 18:07:09 [Info] [2344] Resource monitor start 2026-04-10 18:07:09 [Info] [2344] ipc client init success 2026-04-10 18:07:09 [Info] [2344] Ipc init: 0 2026-04-10 18:07:09 [Info] [2344] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-10 18:07:09 [Info] [2344] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-10 18:07:09 [Info] [2344] start ipc thread id[656] 2026-04-10 18:07:09 [Info] [2344] Connect Yundun ipc server return state is 0 2026-04-10 18:07:09 [Info] [2344] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-10 18:07:09 [Info] [2344] CResourceMonitor::run Enter 2026-04-10 18:07:09 [Info] [2344] CIpcMsgHandlerMgr::run Enter 2026-04-10 18:07:09 [Info] [2344] Report thread 2026-04-10 18:07:09 [Info] [2344] Monitor thread 2026-04-10 18:07:09 [Info] [2344] Loader thread 2026-04-10 18:07:09 [Info] [2344] PythonEngineImpl Init... 2026-04-10 18:07:09 [Info] [2344] yundun connected 2026-04-10 18:07:10 [Info] [2344] recvmsg: HELLO 2026-04-10 18:07:10 [Info] [2344] recvmsg: WORK 2026-04-10 18:07:10 [Info] [2344] no use encode, return to old mode 2026-04-10 18:07:10 [Info] [2344] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 18:07:10 [Info] [2344] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 18:07:10 [Info] [2344] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 18:07:10 [Info] [2344] log fd cnt is [250], real fd cnt is [274] 2026-04-10 18:07:11 [Info] [2344] log memory size is 20480KB, real memory size is 14528KB 2026-04-10 18:07:11 [Info] [2344] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 18:07:11 [Info] [2344] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-10 18:07:11 [Info] [2344] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-10 18:07:13 [Info] [2344] item: --secnet_rasp_agent 2026-04-10 18:07:13 [Info] [2344] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-10 18:07:13 [Info] [2344] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-10 18:07:13 [Info] [2344] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-04-10 18:07:13 [Info] [2344] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-10 18:07:13 [Info] [2344] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-04-10 18:07:13 [Info] [2344] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-04-10 18:07:13 [Info] [2344] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-04-10 18:07:13 [Info] [2344] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-04-10 18:07:13 [Info] [2344] Download redirect files success. 2026-04-10 18:07:13 [Info] [2344] Prepare stage1: --secnet_rasp_agent 2026-04-10 18:07:13 [Info] [2344] Prepare stage2 2026-04-10 18:07:14 [Info] [2344] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-10 18:07:14 [Info] [2344] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-10 18:07:14 [Info] [2344] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 18:07:14 [Info] [2344] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 18:07:15 [Info] [2344] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-04-10 18:07:15 [Info] [2344] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-10 18:07:15 [Info] [2344] stage3: --secnet_rasp_agent 2026-04-10 18:07:15 [Info] [2344] Loader after check 2026-04-10 18:07:15 [Info] [2344] log memory size is 30720KB, real memory size is 21368KB 2026-04-10 18:07:16 [Info] [2344] Enter reuse wait state. 2026-04-10 18:07:21 [Info] [2344] recvmsg: EXIT 2026-04-10 18:07:21 [Info] [2344] Recv Exit Msg, Exit... 2026-04-10 23:19:51 [Info] [4728] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-10 23:19:51 [Info] [4728] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap110881775834378 2026-04-10 23:19:51 [Info] [4728] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-10 23:19:51 [Info] [4728] Resource monitor start 2026-04-10 23:19:51 [Info] [4728] ipc client init success 2026-04-10 23:19:51 [Info] [4728] Ipc init: 0 2026-04-10 23:19:51 [Info] [4728] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-10 23:19:51 [Info] [4728] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-10 23:19:56 [Info] [4728] CIpcMsgHandlerMgr::run Enter 2026-04-10 23:19:56 [Info] [4728] CResourceMonitor::run Enter 2026-04-10 23:19:56 [Info] [4728] start ipc thread id[3312] 2026-04-10 23:19:56 [Info] [4728] Connect Yundun ipc server return state is 0 2026-04-10 23:19:56 [Info] [4728] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-10 23:19:56 [Info] [4728] Report thread 2026-04-10 23:19:56 [Info] [4728] Monitor thread 2026-04-10 23:19:56 [Info] [4728] Loader thread 2026-04-10 23:19:56 [Info] [4728] PythonEngineImpl Init... 2026-04-10 23:19:57 [Info] [4728] log fd cnt is [250], real fd cnt is [259] 2026-04-10 23:19:58 [Info] [4728] log memory size is 20480KB, real memory size is 12848KB 2026-04-10 23:19:58 [Info] [4728] yundun connected 2026-04-10 23:19:59 [Info] [4728] recvmsg: HELLO 2026-04-10 23:19:59 [Info] [4728] recvmsg: WORK 2026-04-10 23:19:59 [Info] [4728] no use encode, return to old mode 2026-04-10 23:19:59 [Info] [4728] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 23:19:59 [Info] [4728] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-10 23:19:59 [Info] [4728] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 23:19:59 [Info] [4728] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 23:19:59 [Info] [4728] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-10 23:19:59 [Info] [4728] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-10 23:20:01 [Info] [4728] item: --windows-sysinfoext-check 2026-04-10 23:20:01 [Info] [4728] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-10 23:20:01 [Info] [4728] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-10 23:20:01 [Info] [4728] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-10 23:20:01 [Info] [4728] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-10 23:20:01 [Info] [4728] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-10 23:20:01 [Info] [4728] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-10 23:20:01 [Info] [4728] Prepare stage1: --windows-sysinfoext-check 2026-04-10 23:20:01 [Info] [4728] Prepare stage2 2026-04-10 23:20:02 [Info] [4728] log memory size is 30720KB, real memory size is 23048KB 2026-04-10 23:20:03 [Info] [4728] stage3: --windows-sysinfoext-check 2026-04-10 23:20:03 [Info] [4728] Loader after check 2026-04-10 23:20:04 [Info] [4728] Enter reuse wait state. 2026-04-10 23:20:08 [Info] [4728] recvmsg: EXIT 2026-04-10 23:20:08 [Info] [4728] Recv Exit Msg, Exit... 2026-04-17 02:02:52 [Info] [2428] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-17 02:02:52 [Info] [2428] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap320111776362572 2026-04-17 02:02:52 [Info] [2428] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-17 02:02:52 [Info] [2428] Resource monitor start 2026-04-17 02:02:52 [Info] [2428] ipc client init success 2026-04-17 02:02:52 [Info] [2428] Ipc init: 0 2026-04-17 02:02:52 [Info] [2428] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-17 02:02:52 [Info] [2428] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-17 02:02:52 [Info] [2428] start ipc thread id[5020] 2026-04-17 02:02:52 [Info] [2428] Connect Yundun ipc server return state is 0 2026-04-17 02:02:52 [Info] [2428] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-17 02:02:52 [Info] [2428] CResourceMonitor::run Enter 2026-04-17 02:02:52 [Info] [2428] CIpcMsgHandlerMgr::run Enter 2026-04-17 02:02:52 [Info] [2428] Report thread 2026-04-17 02:02:52 [Info] [2428] Monitor thread 2026-04-17 02:02:52 [Info] [2428] Loader thread 2026-04-17 02:02:52 [Info] [2428] PythonEngineImpl Init... 2026-04-17 02:02:52 [Info] [2428] yundun connected 2026-04-17 02:02:52 [Info] [2428] recvmsg: HELLO 2026-04-17 02:02:52 [Info] [2428] recvmsg: WORK 2026-04-17 02:02:52 [Info] [2428] no use encode, return to old mode 2026-04-17 02:02:52 [Info] [2428] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 02:02:52 [Info] [2428] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 02:02:52 [Info] [2428] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 02:02:53 [Info] [2428] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 02:02:53 [Info] [2428] log fd cnt is [250], real fd cnt is [282] 2026-04-17 02:02:53 [Info] [2428] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-17 02:02:53 [Info] [2428] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-17 02:02:54 [Info] [2428] log memory size is 20480KB, real memory size is 14844KB 2026-04-17 02:02:54 [Info] [2428] item: --sca 2026-04-17 02:02:54 [Info] [2428] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-17 02:02:54 [Info] [2428] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-17 02:02:54 [Info] [2428] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-04-17 02:02:54 [Info] [2428] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-04-17 02:02:54 [Info] [2428] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-04-17 02:02:54 [Info] [2428] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-04-17 02:02:54 [Info] [2428] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-04-17 02:02:54 [Info] [2428] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-04-17 02:02:54 [Info] [2428] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-04-17 02:02:54 [Info] [2428] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-04-17 02:02:55 [Info] [2428] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-04-17 02:02:55 [Info] [2428] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-04-17 02:02:55 [Info] [2428] Download redirect files success. 2026-04-17 02:02:55 [Info] [2428] Prepare stage1: --sca 2026-04-17 02:02:55 [Info] [2428] Prepare stage2 2026-04-17 02:02:57 [Warn] [2428] high cpu, cpu is 26 2026-04-17 02:02:57 [Info] [2428] try get sys version 2026-04-17 02:02:57 [Info] [2428] win sys info:2/10:0:3 2026-04-17 02:02:57 [Info] [2428] suit legal version, enable cpu control 2026-04-17 02:02:57 [Warn] [2428] High CPU Warning: 26 2026-04-17 02:02:57 [Warn] [2428] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-17 02:02:58 [Info] [2428] log memory size is 30720KB, real memory size is 32700KB 2026-04-17 02:03:02 [Info] [2428] log memory size is 40960KB, real memory size is 33240KB 2026-04-17 02:03:27 [Info] [2428] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-17 02:03:35 [Info] [2428] stage3: --sca 2026-04-17 02:03:35 [Info] [2428] Loader after check 2026-04-17 02:03:36 [Info] [2428] Enter reuse wait state. 2026-04-17 02:03:40 [Info] [2428] recvmsg: EXIT 2026-04-17 02:03:40 [Info] [2428] Recv Exit Msg, Exit... 2026-04-17 03:10:52 [Info] [1892] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-17 03:10:52 [Info] [1892] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap125401776366644 2026-04-17 03:10:52 [Info] [1892] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-17 03:10:52 [Info] [1892] Resource monitor start 2026-04-17 03:10:52 [Info] [1892] ipc client init success 2026-04-17 03:10:52 [Info] [1892] Ipc init: 0 2026-04-17 03:10:52 [Info] [1892] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-17 03:10:52 [Info] [1892] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-17 03:10:52 [Info] [1892] start ipc thread id[3492] 2026-04-17 03:10:52 [Info] [1892] Connect Yundun ipc server return state is 0 2026-04-17 03:10:58 [Info] [1892] Monitor thread 2026-04-17 03:10:58 [Info] [1892] Report thread 2026-04-17 03:10:58 [Info] [1892] yundun connected 2026-04-17 03:10:58 [Info] [1892] CIpcMsgHandlerMgr::run Enter 2026-04-17 03:10:58 [Info] [1892] CResourceMonitor::run Enter 2026-04-17 03:10:58 [Info] [1892] recvmsg: HELLO 2026-04-17 03:10:58 [Info] [1892] recvmsg: WORK 2026-04-17 03:10:58 [Info] [1892] no use encode, return to old mode 2026-04-17 03:10:59 [Info] [1892] log fd cnt is [250], real fd cnt is [242] 2026-04-17 03:11:02 [Info] [1892] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-17 03:11:07 [Info] [1892] Loader thread 2026-04-17 03:11:07 [Info] [1892] PythonEngineImpl Init... 2026-04-17 03:11:07 [Info] [1892] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 03:11:07 [Info] [1892] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 03:11:07 [Info] [1892] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 03:11:08 [Info] [1892] log memory size is 20480KB, real memory size is 13132KB 2026-04-17 03:11:14 [Info] [1892] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 03:11:14 [Info] [1892] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-17 03:11:14 [Info] [1892] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-17 03:11:15 [Info] [1892] item: --windows-sysinfoext-check 2026-04-17 03:11:15 [Info] [1892] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-17 03:11:15 [Info] [1892] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-17 03:11:15 [Info] [1892] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 03:11:15 [Info] [1892] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 03:11:16 [Info] [1892] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-17 03:11:16 [Info] [1892] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-17 03:11:16 [Info] [1892] Prepare stage1: --windows-sysinfoext-check 2026-04-17 03:11:16 [Info] [1892] Prepare stage2 2026-04-17 03:11:17 [Warn] [1892] high cpu, cpu is 18 2026-04-17 03:11:17 [Info] [1892] try get sys version 2026-04-17 03:11:17 [Info] [1892] win sys info:2/10:0:3 2026-04-17 03:11:17 [Info] [1892] suit legal version, enable cpu control 2026-04-17 03:11:17 [Warn] [1892] High CPU Warning: 18 2026-04-17 03:11:17 [Warn] [1892] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-17 03:11:18 [Info] [1892] stage3: --windows-sysinfoext-check 2026-04-17 03:11:18 [Info] [1892] Loader after check 2026-04-17 03:11:19 [Info] [1892] Enter reuse wait state. 2026-04-17 03:11:20 [Info] [1892] log memory size is 30720KB, real memory size is 23340KB 2026-04-17 03:11:22 [Info] [1892] recvmsg: EXIT 2026-04-17 03:11:22 [Info] [1892] Recv Exit Msg, Exit... 2026-04-17 07:50:11 [Info] [3876] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-17 07:50:11 [Info] [3876] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap17581776383411 2026-04-17 07:50:11 [Info] [3876] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-17 07:50:11 [Info] [3876] Resource monitor start 2026-04-17 07:50:11 [Info] [3876] ipc client init success 2026-04-17 07:50:11 [Info] [3876] Ipc init: 0 2026-04-17 07:50:11 [Info] [3876] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-17 07:50:11 [Info] [3876] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-17 07:50:11 [Info] [3876] start ipc thread id[1664] 2026-04-17 07:50:11 [Info] [3876] Connect Yundun ipc server return state is 0 2026-04-17 07:50:11 [Info] [3876] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-17 07:50:11 [Info] [3876] CResourceMonitor::run Enter 2026-04-17 07:50:11 [Info] [3876] CIpcMsgHandlerMgr::run Enter 2026-04-17 07:50:11 [Info] [3876] Report thread 2026-04-17 07:50:11 [Info] [3876] Monitor thread 2026-04-17 07:50:11 [Info] [3876] Loader thread 2026-04-17 07:50:11 [Info] [3876] PythonEngineImpl Init... 2026-04-17 07:50:11 [Info] [3876] yundun connected 2026-04-17 07:50:11 [Info] [3876] recvmsg: HELLO 2026-04-17 07:50:12 [Info] [3876] recvmsg: WORK 2026-04-17 07:50:12 [Info] [3876] no use encode, return to old mode 2026-04-17 07:50:12 [Info] [3876] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 07:50:12 [Info] [3876] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 07:50:12 [Info] [3876] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 07:50:12 [Info] [3876] log fd cnt is [250], real fd cnt is [282] 2026-04-17 07:50:12 [Info] [3876] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 07:50:12 [Info] [3876] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-17 07:50:12 [Info] [3876] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-17 07:50:13 [Info] [3876] log memory size is 20480KB, real memory size is 14820KB 2026-04-17 07:50:13 [Info] [3876] item: --windows-vul-clean 2026-04-17 07:50:13 [Info] [3876] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-17 07:50:13 [Info] [3876] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-17 07:50:13 [Info] [3876] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 07:50:14 [Info] [3876] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 07:50:14 [Info] [3876] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-04-17 07:50:14 [Info] [3876] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-04-17 07:50:14 [Info] [3876] Prepare stage1: --windows-vul-clean 2026-04-17 07:50:14 [Info] [3876] Prepare stage2 2026-04-17 07:50:14 [Info] [3876] stage3: --windows-vul-clean 2026-04-17 07:50:14 [Info] [3876] Loader after check 2026-04-17 07:50:15 [Info] [3876] Enter reuse wait state. 2026-04-17 07:50:19 [Info] [3876] recvmsg: EXIT 2026-04-17 07:50:19 [Info] [3876] Recv Exit Msg, Exit... 2026-04-17 08:40:38 [Info] [2316] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-17 08:40:38 [Info] [2316] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap116141776386429 2026-04-17 08:40:38 [Info] [2316] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-17 08:40:43 [Info] [2316] Resource monitor start 2026-04-17 08:40:43 [Info] [2316] ipc client init success 2026-04-17 08:40:43 [Info] [2316] Ipc init: 0 2026-04-17 08:40:43 [Info] [2316] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-17 08:40:43 [Info] [2316] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-17 08:40:47 [Info] [2316] CIpcMsgHandlerMgr::run Enter 2026-04-17 08:40:47 [Info] [2316] CResourceMonitor::run Enter 2026-04-17 08:40:47 [Info] [2316] start ipc thread id[4820] 2026-04-17 08:40:47 [Info] [2316] Connect Yundun ipc server return state is 0 2026-04-17 08:40:47 [Info] [2316] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-17 08:40:48 [Info] [2316] log fd cnt is [250], real fd cnt is [242] 2026-04-17 08:40:52 [Info] [2316] yundun connected 2026-04-17 08:40:52 [Info] [2316] Report thread 2026-04-17 08:40:52 [Info] [2316] Monitor thread 2026-04-17 08:40:55 [Info] [2316] Loader thread 2026-04-17 08:40:55 [Info] [2316] PythonEngineImpl Init... 2026-04-17 08:40:55 [Info] [2316] recvmsg: HELLO 2026-04-17 08:40:57 [Info] [2316] recvmsg: WORK 2026-04-17 08:40:57 [Info] [2316] no use encode, return to old mode 2026-04-17 08:40:57 [Info] [2316] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 08:40:57 [Info] [2316] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 08:40:57 [Info] [2316] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 08:40:57 [Info] [2316] log memory size is 20480KB, real memory size is 13508KB 2026-04-17 08:40:58 [Info] [2316] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 08:40:58 [Info] [2316] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-17 08:40:58 [Info] [2316] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-17 08:40:59 [Info] [2316] item: --windows-sysinfoext-check 2026-04-17 08:40:59 [Info] [2316] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-17 08:40:59 [Info] [2316] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-17 08:40:59 [Info] [2316] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 08:40:59 [Info] [2316] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 08:41:00 [Info] [2316] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-17 08:41:00 [Info] [2316] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-17 08:41:00 [Info] [2316] Prepare stage1: --windows-sysinfoext-check 2026-04-17 08:41:00 [Info] [2316] Prepare stage2 2026-04-17 08:41:01 [Info] [2316] log memory size is 30720KB, real memory size is 23036KB 2026-04-17 08:41:03 [Info] [2316] stage3: --windows-sysinfoext-check 2026-04-17 08:41:03 [Info] [2316] Loader after check 2026-04-17 08:41:04 [Info] [2316] Enter reuse wait state. 2026-04-17 08:41:08 [Info] [2316] recvmsg: EXIT 2026-04-17 08:41:08 [Info] [2316] Recv Exit Msg, Exit... 2026-04-17 08:49:36 [Info] [4328] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-17 08:49:36 [Info] [4328] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap134001776386976 2026-04-17 08:49:36 [Info] [4328] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-17 08:49:36 [Info] [4328] Resource monitor start 2026-04-17 08:49:36 [Info] [4328] ipc client init success 2026-04-17 08:49:36 [Info] [4328] Ipc init: 0 2026-04-17 08:49:36 [Info] [4328] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-17 08:49:36 [Info] [4328] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-17 08:49:36 [Info] [4328] start ipc thread id[5052] 2026-04-17 08:49:36 [Info] [4328] Connect Yundun ipc server return state is 0 2026-04-17 08:49:36 [Info] [4328] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-17 08:49:37 [Info] [4328] CResourceMonitor::run Enter 2026-04-17 08:49:37 [Info] [4328] CIpcMsgHandlerMgr::run Enter 2026-04-17 08:49:37 [Info] [4328] Report thread 2026-04-17 08:49:37 [Info] [4328] Monitor thread 2026-04-17 08:49:37 [Info] [4328] Loader thread 2026-04-17 08:49:37 [Info] [4328] PythonEngineImpl Init... 2026-04-17 08:49:37 [Info] [4328] yundun connected 2026-04-17 08:49:37 [Info] [4328] recvmsg: HELLO 2026-04-17 08:49:37 [Info] [4328] recvmsg: WORK 2026-04-17 08:49:37 [Info] [4328] no use encode, return to old mode 2026-04-17 08:49:37 [Info] [4328] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 08:49:37 [Info] [4328] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 08:49:37 [Info] [4328] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 08:49:37 [Info] [4328] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 08:49:38 [Info] [4328] log fd cnt is [250], real fd cnt is [286] 2026-04-17 08:49:38 [Info] [4328] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-17 08:49:38 [Info] [4328] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-17 08:49:39 [Info] [4328] log memory size is 20480KB, real memory size is 14816KB 2026-04-17 08:49:39 [Info] [4328] item: --windows-process-check 2026-04-17 08:49:39 [Info] [4328] cgroup name aegisRtap0 2026-04-17 08:49:39 [Info] [4328] try get sys version 2026-04-17 08:49:39 [Info] [4328] win sys info:2/10:0:3 2026-04-17 08:49:39 [Info] [4328] suit legal version, enable cpu control 2026-04-17 08:49:39 [Info] [4328] get AssignProcessToJobObject handle [00000478] 2026-04-17 08:49:39 [Info] [4328] Set setJobExtended. 2026-04-17 08:49:39 [Info] [4328] Set cpu [9%] 2026-04-17 08:49:39 [Info] [4328] Set cpu success 2026-04-17 08:49:39 [Info] [4328] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-17 08:49:39 [Info] [4328] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-17 08:49:39 [Info] [4328] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 08:49:39 [Info] [4328] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 08:49:39 [Info] [4328] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-04-17 08:49:39 [Info] [4328] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-04-17 08:49:40 [Info] [4328] Prepare stage1: --windows-process-check 2026-04-17 08:49:40 [Info] [4328] Prepare stage2 2026-04-17 08:49:43 [Info] [4328] log memory size is 30720KB, real memory size is 20640KB 2026-04-17 08:50:01 [Info] [4328] stage3: --windows-process-check 2026-04-17 08:50:01 [Info] [4328] Loader after check 2026-04-17 08:50:02 [Info] [4328] Enter reuse wait state. 2026-04-17 08:50:04 [Info] [4328] recvmsg: EXIT 2026-04-17 08:50:04 [Info] [4328] Recv Exit Msg, Exit... 2026-04-17 10:24:18 [Info] [4592] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-17 10:24:18 [Info] [4592] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap319551776392658 2026-04-17 10:24:18 [Info] [4592] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-17 10:24:18 [Info] [4592] Resource monitor start 2026-04-17 10:24:18 [Info] [4592] ipc client init success 2026-04-17 10:24:18 [Info] [4592] Ipc init: 0 2026-04-17 10:24:18 [Info] [4592] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-17 10:24:18 [Info] [4592] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-17 10:24:18 [Info] [4592] start ipc thread id[4152] 2026-04-17 10:24:18 [Info] [4592] Connect Yundun ipc server return state is 0 2026-04-17 10:24:18 [Info] [4592] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-17 10:24:18 [Info] [4592] CResourceMonitor::run Enter 2026-04-17 10:24:18 [Info] [4592] CIpcMsgHandlerMgr::run Enter 2026-04-17 10:24:18 [Info] [4592] Report thread 2026-04-17 10:24:18 [Info] [4592] Monitor thread 2026-04-17 10:24:18 [Info] [4592] Loader thread 2026-04-17 10:24:18 [Info] [4592] PythonEngineImpl Init... 2026-04-17 10:24:18 [Info] [4592] yundun connected 2026-04-17 10:24:19 [Info] [4592] recvmsg: HELLO 2026-04-17 10:24:19 [Info] [4592] recvmsg: WORK 2026-04-17 10:24:19 [Info] [4592] no use encode, return to old mode 2026-04-17 10:24:19 [Info] [4592] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 10:24:19 [Info] [4592] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 10:24:19 [Info] [4592] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 10:24:19 [Info] [4592] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 10:24:19 [Info] [4592] log fd cnt is [250], real fd cnt is [286] 2026-04-17 10:24:19 [Info] [4592] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-17 10:24:19 [Info] [4592] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-17 10:24:20 [Info] [4592] log memory size is 20480KB, real memory size is 14808KB 2026-04-17 10:24:20 [Info] [4592] item: --windows-registry-check 2026-04-17 10:24:20 [Info] [4592] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-17 10:24:20 [Info] [4592] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-17 10:24:20 [Info] [4592] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 10:24:21 [Info] [4592] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 10:24:21 [Info] [4592] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-04-17 10:24:21 [Info] [4592] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-04-17 10:24:21 [Info] [4592] Prepare stage1: --windows-registry-check 2026-04-17 10:24:21 [Info] [4592] Prepare stage2 2026-04-17 10:24:34 [Info] [4592] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-17 10:24:49 [Info] [4592] stage3: --windows-registry-check 2026-04-17 10:24:49 [Info] [4592] Loader after check 2026-04-17 10:24:50 [Info] [4592] Enter reuse wait state. 2026-04-17 10:24:54 [Info] [4592] recvmsg: EXIT 2026-04-17 10:24:54 [Info] [4592] Recv Exit Msg, Exit... 2026-04-17 10:25:46 [Info] [464] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-17 10:25:46 [Info] [464] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap322421776392746 2026-04-17 10:25:46 [Info] [464] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-17 10:25:46 [Info] [464] Resource monitor start 2026-04-17 10:25:46 [Info] [464] ipc client init success 2026-04-17 10:25:46 [Info] [464] Ipc init: 0 2026-04-17 10:25:46 [Info] [464] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-17 10:25:46 [Info] [464] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-17 10:25:46 [Info] [464] start ipc thread id[5084] 2026-04-17 10:25:46 [Info] [464] Connect Yundun ipc server return state is 0 2026-04-17 10:25:46 [Info] [464] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-17 10:25:46 [Info] [464] CResourceMonitor::run Enter 2026-04-17 10:25:46 [Info] [464] CIpcMsgHandlerMgr::run Enter 2026-04-17 10:25:46 [Info] [464] Report thread 2026-04-17 10:25:46 [Info] [464] Monitor thread 2026-04-17 10:25:46 [Info] [464] Loader thread 2026-04-17 10:25:46 [Info] [464] PythonEngineImpl Init... 2026-04-17 10:25:46 [Info] [464] yundun connected 2026-04-17 10:25:47 [Info] [464] recvmsg: HELLO 2026-04-17 10:25:47 [Info] [464] recvmsg: WORK 2026-04-17 10:25:47 [Info] [464] no use encode, return to old mode 2026-04-17 10:25:47 [Info] [464] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 10:25:47 [Info] [464] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 10:25:47 [Info] [464] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 10:25:47 [Info] [464] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 10:25:47 [Info] [464] log fd cnt is [250], real fd cnt is [282] 2026-04-17 10:25:47 [Info] [464] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-17 10:25:47 [Info] [464] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-17 10:25:48 [Info] [464] log memory size is 20480KB, real memory size is 14784KB 2026-04-17 10:25:48 [Info] [464] item: --windows-driver-version-check 2026-04-17 10:25:48 [Info] [464] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-17 10:25:48 [Info] [464] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-17 10:25:48 [Info] [464] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 10:25:49 [Info] [464] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 10:25:49 [Info] [464] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-04-17 10:25:49 [Info] [464] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-04-17 10:25:49 [Info] [464] Prepare stage1: --windows-driver-version-check 2026-04-17 10:25:49 [Info] [464] Prepare stage2 2026-04-17 10:25:49 [Info] [464] stage3: --windows-driver-version-check 2026-04-17 10:25:49 [Info] [464] Loader after check 2026-04-17 10:25:50 [Info] [464] Enter reuse wait state. 2026-04-17 10:25:54 [Info] [464] recvmsg: EXIT 2026-04-17 10:25:54 [Info] [464] Recv Exit Msg, Exit... 2026-04-17 10:27:26 [Info] [1536] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-17 10:27:26 [Info] [1536] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap325691776392846 2026-04-17 10:27:26 [Info] [1536] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-17 10:27:26 [Info] [1536] Resource monitor start 2026-04-17 10:27:26 [Info] [1536] ipc client init success 2026-04-17 10:27:26 [Info] [1536] Ipc init: 0 2026-04-17 10:27:26 [Info] [1536] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-17 10:27:26 [Info] [1536] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-17 10:27:26 [Info] [1536] start ipc thread id[2380] 2026-04-17 10:27:26 [Info] [1536] Connect Yundun ipc server return state is 0 2026-04-17 10:27:26 [Info] [1536] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-17 10:27:26 [Info] [1536] CResourceMonitor::run Enter 2026-04-17 10:27:26 [Info] [1536] CIpcMsgHandlerMgr::run Enter 2026-04-17 10:27:26 [Info] [1536] Report thread 2026-04-17 10:27:26 [Info] [1536] Monitor thread 2026-04-17 10:27:26 [Info] [1536] Loader thread 2026-04-17 10:27:26 [Info] [1536] PythonEngineImpl Init... 2026-04-17 10:27:26 [Info] [1536] yundun connected 2026-04-17 10:27:27 [Info] [1536] recvmsg: HELLO 2026-04-17 10:27:27 [Info] [1536] recvmsg: WORK 2026-04-17 10:27:27 [Info] [1536] no use encode, return to old mode 2026-04-17 10:27:27 [Info] [1536] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 10:27:27 [Info] [1536] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 10:27:27 [Info] [1536] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 10:27:27 [Info] [1536] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 10:27:27 [Info] [1536] log fd cnt is [250], real fd cnt is [282] 2026-04-17 10:27:27 [Info] [1536] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-17 10:27:27 [Info] [1536] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-17 10:27:28 [Info] [1536] log memory size is 20480KB, real memory size is 14816KB 2026-04-17 10:27:29 [Info] [1536] item: --tcp-connect-check 2026-04-17 10:27:29 [Info] [1536] cgroup name aegisRtap0 2026-04-17 10:27:29 [Info] [1536] try get sys version 2026-04-17 10:27:29 [Info] [1536] win sys info:2/10:0:3 2026-04-17 10:27:29 [Info] [1536] suit legal version, enable cpu control 2026-04-17 10:27:29 [Info] [1536] get AssignProcessToJobObject handle [00000478] 2026-04-17 10:27:29 [Info] [1536] Set setJobExtended. 2026-04-17 10:27:29 [Info] [1536] Set cpu [9%] 2026-04-17 10:27:29 [Info] [1536] Set cpu success 2026-04-17 10:27:29 [Info] [1536] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-17 10:27:29 [Info] [1536] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-17 10:27:29 [Info] [1536] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 10:27:29 [Info] [1536] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 10:27:29 [Info] [1536] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-04-17 10:27:29 [Info] [1536] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-04-17 10:27:29 [Info] [1536] Prepare stage1: --tcp-connect-check 2026-04-17 10:27:29 [Info] [1536] Prepare stage2 2026-04-17 10:27:32 [Info] [1536] stage3: --tcp-connect-check 2026-04-17 10:27:32 [Info] [1536] Loader after check 2026-04-17 10:27:33 [Info] [1536] Enter reuse wait state. 2026-04-17 10:27:38 [Info] [1536] recvmsg: EXIT 2026-04-17 10:27:38 [Info] [1536] Recv Exit Msg, Exit... 2026-04-17 10:30:27 [Info] [4372] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-17 10:30:27 [Info] [4372] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap3921776393027 2026-04-17 10:30:27 [Info] [4372] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-17 10:30:27 [Info] [4372] Resource monitor start 2026-04-17 10:30:27 [Info] [4372] ipc client init success 2026-04-17 10:30:27 [Info] [4372] Ipc init: 0 2026-04-17 10:30:27 [Info] [4372] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-17 10:30:27 [Info] [4372] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-17 10:30:27 [Info] [4372] start ipc thread id[2920] 2026-04-17 10:30:27 [Info] [4372] Connect Yundun ipc server return state is 0 2026-04-17 10:30:27 [Info] [4372] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-17 10:30:27 [Info] [4372] CResourceMonitor::run Enter 2026-04-17 10:30:27 [Info] [4372] CIpcMsgHandlerMgr::run Enter 2026-04-17 10:30:27 [Info] [4372] Report thread 2026-04-17 10:30:27 [Info] [4372] Monitor thread 2026-04-17 10:30:27 [Info] [4372] Loader thread 2026-04-17 10:30:27 [Info] [4372] PythonEngineImpl Init... 2026-04-17 10:30:27 [Info] [4372] yundun connected 2026-04-17 10:30:28 [Info] [4372] recvmsg: HELLO 2026-04-17 10:30:28 [Info] [4372] recvmsg: WORK 2026-04-17 10:30:28 [Info] [4372] no use encode, return to old mode 2026-04-17 10:30:28 [Info] [4372] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 10:30:28 [Info] [4372] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 10:30:28 [Info] [4372] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 10:30:28 [Info] [4372] log fd cnt is [250], real fd cnt is [282] 2026-04-17 10:30:28 [Info] [4372] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 10:30:29 [Info] [4372] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-17 10:30:29 [Info] [4372] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-17 10:30:29 [Info] [4372] log memory size is 20480KB, real memory size is 14792KB 2026-04-17 10:30:30 [Info] [4372] item: --windows-schedule-task-check 2026-04-17 10:30:30 [Info] [4372] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-17 10:30:30 [Info] [4372] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-17 10:30:30 [Info] [4372] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 10:30:30 [Info] [4372] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 10:30:30 [Info] [4372] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-04-17 10:30:30 [Info] [4372] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-04-17 10:30:30 [Info] [4372] Prepare stage1: --windows-schedule-task-check 2026-04-17 10:30:30 [Info] [4372] Prepare stage2 2026-04-17 10:30:33 [Info] [4372] log memory size is 30720KB, real memory size is 23608KB 2026-04-17 10:31:03 [Info] [4372] stage3: --windows-schedule-task-check 2026-04-17 10:31:03 [Info] [4372] Loader after check 2026-04-17 10:31:04 [Info] [4372] Enter reuse wait state. 2026-04-17 10:31:07 [Info] [4372] recvmsg: EXIT 2026-04-17 10:31:07 [Info] [4372] Recv Exit Msg, Exit... 2026-04-17 11:11:02 [Info] [5116] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-17 11:11:02 [Info] [5116] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap83441776395462 2026-04-17 11:11:02 [Info] [5116] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-17 11:11:02 [Info] [5116] Resource monitor start 2026-04-17 11:11:02 [Info] [5116] ipc client init success 2026-04-17 11:11:02 [Info] [5116] Ipc init: 0 2026-04-17 11:11:02 [Info] [5116] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-17 11:11:02 [Info] [5116] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-17 11:11:02 [Info] [5116] start ipc thread id[4840] 2026-04-17 11:11:02 [Info] [5116] Connect Yundun ipc server return state is 0 2026-04-17 11:11:02 [Info] [5116] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-17 11:11:02 [Info] [5116] CResourceMonitor::run Enter 2026-04-17 11:11:02 [Info] [5116] CIpcMsgHandlerMgr::run Enter 2026-04-17 11:11:02 [Info] [5116] Report thread 2026-04-17 11:11:02 [Info] [5116] Monitor thread 2026-04-17 11:11:02 [Info] [5116] Loader thread 2026-04-17 11:11:02 [Info] [5116] PythonEngineImpl Init... 2026-04-17 11:11:02 [Info] [5116] yundun connected 2026-04-17 11:11:03 [Info] [5116] recvmsg: HELLO 2026-04-17 11:11:03 [Info] [5116] recvmsg: WORK 2026-04-17 11:11:03 [Info] [5116] no use encode, return to old mode 2026-04-17 11:11:03 [Info] [5116] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 11:11:03 [Info] [5116] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 11:11:03 [Info] [5116] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 11:11:03 [Info] [5116] log fd cnt is [250], real fd cnt is [274] 2026-04-17 11:11:04 [Info] [5116] log memory size is 20480KB, real memory size is 14524KB 2026-04-17 11:11:04 [Info] [5116] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 11:11:05 [Info] [5116] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-17 11:11:05 [Info] [5116] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-17 11:11:06 [Info] [5116] item: --windows-autorun-item-check 2026-04-17 11:11:06 [Info] [5116] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-17 11:11:06 [Info] [5116] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-17 11:11:06 [Info] [5116] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 11:11:06 [Info] [5116] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 11:11:06 [Info] [5116] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-04-17 11:11:06 [Info] [5116] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-04-17 11:11:06 [Info] [5116] Prepare stage1: --windows-autorun-item-check 2026-04-17 11:11:06 [Info] [5116] Prepare stage2 2026-04-17 11:11:08 [Info] [5116] log memory size is 30720KB, real memory size is 22608KB 2026-04-17 11:11:16 [Info] [5116] stage3: --windows-autorun-item-check 2026-04-17 11:11:16 [Info] [5116] Loader after check 2026-04-17 11:11:17 [Info] [5116] Enter reuse wait state. 2026-04-17 11:11:19 [Info] [5116] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-17 11:11:22 [Info] [5116] recvmsg: EXIT 2026-04-17 11:11:22 [Info] [5116] Recv Exit Msg, Exit... 2026-04-17 14:09:33 [Info] [5004] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-17 14:09:33 [Info] [5004] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap105081776406159 2026-04-17 14:09:33 [Info] [5004] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-17 14:09:33 [Info] [5004] Resource monitor start 2026-04-17 14:09:33 [Info] [5004] ipc client init success 2026-04-17 14:09:33 [Info] [5004] Ipc init: 0 2026-04-17 14:09:33 [Info] [5004] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-17 14:09:33 [Info] [5004] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-17 14:09:33 [Info] [5004] start ipc thread id[4968] 2026-04-17 14:09:33 [Info] [5004] Connect Yundun ipc server return state is 0 2026-04-17 14:09:33 [Info] [5004] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-17 14:09:33 [Info] [5004] CResourceMonitor::run Enter 2026-04-17 14:09:33 [Info] [5004] CIpcMsgHandlerMgr::run Enter 2026-04-17 14:09:33 [Info] [5004] Report thread 2026-04-17 14:09:33 [Info] [5004] Monitor thread 2026-04-17 14:09:33 [Info] [5004] Loader thread 2026-04-17 14:09:33 [Info] [5004] PythonEngineImpl Init... 2026-04-17 14:09:38 [Info] [5004] yundun connected 2026-04-17 14:09:38 [Info] [5004] recvmsg: HELLO 2026-04-17 14:09:38 [Info] [5004] recvmsg: WORK 2026-04-17 14:09:38 [Info] [5004] no use encode, return to old mode 2026-04-17 14:09:38 [Info] [5004] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 14:09:38 [Info] [5004] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 14:09:38 [Info] [5004] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 14:09:39 [Info] [5004] log fd cnt is [250], real fd cnt is [264] 2026-04-17 14:09:40 [Info] [5004] log memory size is 20480KB, real memory size is 13172KB 2026-04-17 14:09:52 [Warn] [5004] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-17 14:10:02 [Warn] [5004] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-17 14:10:12 [Warn] [5004] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-17 14:10:12 [Info] [5004] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 14:10:13 [Info] [5004] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-17 14:10:13 [Info] [5004] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-17 14:10:13 [Info] [5004] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-17 14:10:14 [Info] [5004] item: --windows-sysinfoext-check 2026-04-17 14:10:14 [Info] [5004] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-17 14:10:14 [Info] [5004] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-17 14:10:14 [Info] [5004] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 14:10:14 [Info] [5004] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 14:10:14 [Info] [5004] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-17 14:10:14 [Info] [5004] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-17 14:10:14 [Info] [5004] Prepare stage1: --windows-sysinfoext-check 2026-04-17 14:10:14 [Info] [5004] Prepare stage2 2026-04-17 14:10:17 [Info] [5004] stage3: --windows-sysinfoext-check 2026-04-17 14:10:17 [Info] [5004] Loader after check 2026-04-17 14:10:17 [Info] [5004] log memory size is 30720KB, real memory size is 23220KB 2026-04-17 14:10:18 [Info] [5004] Enter reuse wait state. 2026-04-17 14:10:19 [Info] [5004] recvmsg: EXIT 2026-04-17 14:10:19 [Info] [5004] Recv Exit Msg, Exit... 2026-04-17 18:05:59 [Info] [4852] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-17 18:05:59 [Info] [4852] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap241081776420358 2026-04-17 18:05:59 [Info] [4852] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-17 18:05:59 [Info] [4852] Resource monitor start 2026-04-17 18:05:59 [Info] [4852] ipc client init success 2026-04-17 18:05:59 [Info] [4852] Ipc init: 0 2026-04-17 18:05:59 [Info] [4852] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-17 18:05:59 [Info] [4852] CResourceMonitor::run Enter 2026-04-17 18:05:59 [Info] [4852] CIpcMsgHandlerMgr::run Enter 2026-04-17 18:05:59 [Info] [4852] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-17 18:05:59 [Info] [4852] start ipc thread id[4820] 2026-04-17 18:05:59 [Info] [4852] Connect Yundun ipc server return state is 0 2026-04-17 18:05:59 [Info] [4852] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-17 18:05:59 [Info] [4852] yundun connected 2026-04-17 18:05:59 [Info] [4852] Report thread 2026-04-17 18:05:59 [Info] [4852] Monitor thread 2026-04-17 18:05:59 [Info] [4852] Loader thread 2026-04-17 18:05:59 [Info] [4852] recvmsg: HELLO 2026-04-17 18:05:59 [Info] [4852] recvmsg: WORK 2026-04-17 18:05:59 [Info] [4852] no use encode, return to old mode 2026-04-17 18:05:59 [Info] [4852] PythonEngineImpl Init... 2026-04-17 18:06:00 [Info] [4852] log fd cnt is [250], real fd cnt is [263] 2026-04-17 18:06:00 [Info] [4852] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 18:06:00 [Info] [4852] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 18:06:00 [Info] [4852] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 18:06:00 [Info] [4852] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 18:06:00 [Info] [4852] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-17 18:06:00 [Info] [4852] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-17 18:06:01 [Info] [4852] log memory size is 20480KB, real memory size is 14900KB 2026-04-17 18:06:02 [Info] [4852] item: --secnet_rasp_agent 2026-04-17 18:06:02 [Info] [4852] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-17 18:06:02 [Info] [4852] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-17 18:06:02 [Info] [4852] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-04-17 18:06:02 [Info] [4852] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-17 18:06:02 [Info] [4852] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-04-17 18:06:02 [Info] [4852] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-04-17 18:06:02 [Info] [4852] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-04-17 18:06:02 [Info] [4852] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-04-17 18:06:02 [Info] [4852] Download redirect files success. 2026-04-17 18:06:02 [Info] [4852] Prepare stage1: --secnet_rasp_agent 2026-04-17 18:06:02 [Info] [4852] Prepare stage2 2026-04-17 18:06:05 [Info] [4852] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-17 18:06:06 [Info] [4852] log memory size is 30720KB, real memory size is 21096KB 2026-04-17 18:06:06 [Info] [4852] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-17 18:06:06 [Info] [4852] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-17 18:06:06 [Info] [4852] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 18:06:06 [Info] [4852] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 18:06:07 [Info] [4852] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-04-17 18:06:07 [Info] [4852] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-17 18:06:07 [Info] [4852] stage3: --secnet_rasp_agent 2026-04-17 18:06:07 [Info] [4852] Loader after check 2026-04-17 18:06:08 [Info] [4852] Enter reuse wait state. 2026-04-17 18:06:10 [Info] [4852] recvmsg: EXIT 2026-04-17 18:06:10 [Info] [4852] Recv Exit Msg, Exit... 2026-04-17 19:38:19 [Info] [2236] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-17 19:38:19 [Info] [2236] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap93751776425881 2026-04-17 19:38:19 [Info] [2236] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-17 19:38:19 [Info] [2236] Resource monitor start 2026-04-17 19:38:19 [Info] [2236] ipc client init success 2026-04-17 19:38:19 [Info] [2236] Ipc init: 0 2026-04-17 19:38:19 [Info] [2236] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-17 19:38:19 [Info] [2236] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-17 19:38:19 [Info] [2236] start ipc thread id[2536] 2026-04-17 19:38:19 [Info] [2236] Connect Yundun ipc server return state is 0 2026-04-17 19:38:19 [Info] [2236] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-17 19:38:19 [Info] [2236] CResourceMonitor::run Enter 2026-04-17 19:38:19 [Info] [2236] CIpcMsgHandlerMgr::run Enter 2026-04-17 19:38:19 [Info] [2236] Report thread 2026-04-17 19:38:19 [Info] [2236] Monitor thread 2026-04-17 19:38:19 [Info] [2236] Loader thread 2026-04-17 19:38:19 [Info] [2236] PythonEngineImpl Init... 2026-04-17 19:38:19 [Info] [2236] yundun connected 2026-04-17 19:38:24 [Info] [2236] recvmsg: HELLO 2026-04-17 19:38:24 [Info] [2236] recvmsg: WORK 2026-04-17 19:38:24 [Info] [2236] no use encode, return to old mode 2026-04-17 19:38:24 [Info] [2236] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 19:38:24 [Info] [2236] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 19:38:24 [Info] [2236] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 19:38:25 [Info] [2236] log fd cnt is [250], real fd cnt is [264] 2026-04-17 19:38:26 [Info] [2236] log memory size is 20480KB, real memory size is 13164KB 2026-04-17 19:38:42 [Warn] [2236] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-17 19:38:42 [Info] [4040] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-17 19:38:42 [Info] [4040] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap94511776425904 2026-04-17 19:38:42 [Info] [4040] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-17 19:38:42 [Info] [4040] Resource monitor start 2026-04-17 19:38:42 [Info] [4040] ipc client init success 2026-04-17 19:38:42 [Info] [4040] Ipc init: 0 2026-04-17 19:38:42 [Info] [4040] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-17 19:38:42 [Info] [4040] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-17 19:38:42 [Info] [4040] start ipc thread id[5020] 2026-04-17 19:38:42 [Info] [4040] Connect Yundun ipc server return state is 0 2026-04-17 19:38:42 [Info] [4040] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-17 19:38:42 [Info] [4040] CResourceMonitor::run Enter 2026-04-17 19:38:42 [Info] [4040] CIpcMsgHandlerMgr::run Enter 2026-04-17 19:38:42 [Info] [4040] yundun connected 2026-04-17 19:38:42 [Info] [4040] Report thread 2026-04-17 19:38:42 [Info] [4040] Monitor thread 2026-04-17 19:38:42 [Info] [4040] Loader thread 2026-04-17 19:38:42 [Info] [4040] PythonEngineImpl Init... 2026-04-17 19:38:42 [Info] [4040] recvmsg: HELLO 2026-04-17 19:38:42 [Info] [4040] recvmsg: WORK 2026-04-17 19:38:42 [Info] [4040] no use encode, return to old mode 2026-04-17 19:38:42 [Info] [4040] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 19:38:42 [Info] [4040] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-17 19:38:42 [Info] [4040] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 19:38:43 [Info] [4040] log fd cnt is [250], real fd cnt is [279] 2026-04-17 19:38:44 [Info] [4040] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 19:38:44 [Info] [4040] log memory size is 20480KB, real memory size is 14688KB 2026-04-17 19:38:44 [Info] [4040] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-17 19:38:44 [Info] [4040] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-17 19:38:46 [Info] [4040] item: --windows-vul-check 2026-04-17 19:38:46 [Info] [4040] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-17 19:38:46 [Info] [4040] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-17 19:38:46 [Info] [4040] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py 2026-04-17 19:38:46 [Info] [4040] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-17 19:38:46 [Info] [4040] Download redirect files success. 2026-04-17 19:38:46 [Info] [4040] Prepare stage1: --windows-vul-check 2026-04-17 19:38:46 [Info] [4040] Prepare stage2 2026-04-17 19:38:47 [Info] [4040] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-04-17 19:38:47 [Info] [4040] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-04-17 19:38:47 [Info] [4040] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 19:38:47 [Info] [4040] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 19:38:47 [Info] [4040] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-04-17 19:38:47 [Info] [4040] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-04-17 19:38:47 [Info] [4040] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0 2026-04-17 19:38:47 [Info] [4040] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0 2026-04-17 19:38:47 [Info] [4040] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat 2026-04-17 19:38:47 [Info] [4040] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat 2026-04-17 19:38:48 [Info] [4040] stage3: --windows-vul-check 2026-04-17 19:38:48 [Info] [4040] Loader after check 2026-04-17 19:38:48 [Info] [4040] log memory size is 30720KB, real memory size is 23552KB 2026-04-17 19:38:49 [Info] [4040] Enter reuse wait state. 2026-04-17 19:38:49 [Info] [2236] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-17 19:38:49 [Info] [4040] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-17 19:38:52 [Warn] [2236] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-17 19:38:53 [Info] [4040] recvmsg: EXIT 2026-04-17 19:38:53 [Info] [4040] Recv Exit Msg, Exit... 2026-04-17 19:39:02 [Warn] [2236] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-17 19:39:02 [Info] [2236] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 19:39:02 [Info] [2236] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-17 19:39:02 [Info] [2236] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-17 19:39:03 [Info] [2236] item: --windows-sysinfoext-check 2026-04-17 19:39:03 [Info] [2236] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-17 19:39:03 [Info] [2236] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-17 19:39:03 [Info] [2236] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-17 19:39:04 [Info] [2236] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-17 19:39:04 [Info] [2236] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-17 19:39:04 [Info] [2236] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-17 19:39:04 [Info] [2236] Prepare stage1: --windows-sysinfoext-check 2026-04-17 19:39:04 [Info] [2236] Prepare stage2 2026-04-17 19:39:05 [Warn] [2236] high cpu, cpu is 17 2026-04-17 19:39:05 [Info] [2236] try get sys version 2026-04-17 19:39:05 [Info] [2236] win sys info:2/10:0:3 2026-04-17 19:39:05 [Info] [2236] suit legal version, enable cpu control 2026-04-17 19:39:05 [Warn] [2236] High CPU Warning: 17 2026-04-17 19:39:06 [Warn] [2236] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-17 19:39:07 [Info] [2236] log memory size is 30720KB, real memory size is 23084KB 2026-04-17 19:39:07 [Info] [2236] stage3: --windows-sysinfoext-check 2026-04-17 19:39:07 [Info] [2236] Loader after check 2026-04-17 19:39:08 [Warn] [2236] high cpu, cpu is 15 2026-04-17 19:39:08 [Warn] [2236] High CPU Warning: 15 2026-04-17 19:39:08 [Info] [2236] Enter reuse wait state. 2026-04-17 19:39:11 [Info] [2236] recvmsg: EXIT 2026-04-17 19:39:11 [Info] [2236] Recv Exit Msg, Exit... 2026-04-24 02:03:05 [Info] [5072] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-24 02:03:05 [Info] [5072] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap82281776967385 2026-04-24 02:03:05 [Info] [5072] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-24 02:03:05 [Info] [5072] Resource monitor start 2026-04-24 02:03:05 [Info] [5072] ipc client init success 2026-04-24 02:03:05 [Info] [5072] Ipc init: 0 2026-04-24 02:03:05 [Info] [5072] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-24 02:03:05 [Info] [5072] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-24 02:03:05 [Info] [5072] start ipc thread id[3792] 2026-04-24 02:03:05 [Info] [5072] Connect Yundun ipc server return state is 0 2026-04-24 02:03:05 [Info] [5072] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-24 02:03:05 [Info] [5072] CResourceMonitor::run Enter 2026-04-24 02:03:05 [Info] [5072] CIpcMsgHandlerMgr::run Enter 2026-04-24 02:03:05 [Info] [5072] Report thread 2026-04-24 02:03:05 [Info] [5072] Monitor thread 2026-04-24 02:03:05 [Info] [5072] Loader thread 2026-04-24 02:03:05 [Info] [5072] PythonEngineImpl Init... 2026-04-24 02:03:05 [Info] [5072] yundun connected 2026-04-24 02:03:06 [Info] [5072] recvmsg: HELLO 2026-04-24 02:03:06 [Info] [5072] recvmsg: WORK 2026-04-24 02:03:06 [Info] [5072] no use encode, return to old mode 2026-04-24 02:03:06 [Info] [5072] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 02:03:06 [Info] [5072] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 02:03:06 [Info] [5072] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 02:03:06 [Info] [5072] log fd cnt is [250], real fd cnt is [282] 2026-04-24 02:03:06 [Info] [5072] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 02:03:06 [Info] [5072] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-24 02:03:06 [Info] [5072] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-24 02:03:07 [Info] [5072] log memory size is 20480KB, real memory size is 14812KB 2026-04-24 02:03:07 [Info] [5072] item: --sca 2026-04-24 02:03:07 [Info] [5072] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-24 02:03:08 [Info] [5072] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-24 02:03:08 [Info] [5072] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-04-24 02:03:08 [Info] [5072] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-04-24 02:03:08 [Info] [5072] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-04-24 02:03:08 [Info] [5072] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-04-24 02:03:08 [Info] [5072] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-04-24 02:03:08 [Info] [5072] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-04-24 02:03:08 [Info] [5072] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-04-24 02:03:08 [Info] [5072] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-04-24 02:03:08 [Info] [5072] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-04-24 02:03:08 [Info] [5072] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-04-24 02:03:08 [Info] [5072] Download redirect files success. 2026-04-24 02:03:08 [Info] [5072] Prepare stage1: --sca 2026-04-24 02:03:08 [Info] [5072] Prepare stage2 2026-04-24 02:03:10 [Warn] [5072] high cpu, cpu is 21 2026-04-24 02:03:10 [Info] [5072] try get sys version 2026-04-24 02:03:10 [Info] [5072] win sys info:2/10:0:3 2026-04-24 02:03:10 [Info] [5072] suit legal version, enable cpu control 2026-04-24 02:03:10 [Warn] [5072] High CPU Warning: 21 2026-04-24 02:03:11 [Warn] [5072] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-24 02:03:12 [Info] [5072] log memory size is 30720KB, real memory size is 32916KB 2026-04-24 02:03:16 [Info] [5072] log memory size is 40960KB, real memory size is 33196KB 2026-04-24 02:03:45 [Warn] [5072] high cpu, cpu is 29 2026-04-24 02:03:45 [Warn] [5072] High CPU Warning: 29 2026-04-24 02:03:45 [Warn] [5072] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-24 02:03:46 [Info] [5072] stage3: --sca 2026-04-24 02:03:46 [Info] [5072] Loader after check 2026-04-24 02:03:47 [Info] [5072] Enter reuse wait state. 2026-04-24 02:03:49 [Info] [5072] recvmsg: EXIT 2026-04-24 02:03:49 [Info] [5072] Recv Exit Msg, Exit... 2026-04-24 04:48:55 [Info] [684] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-24 04:48:55 [Info] [684] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap79361776977330 2026-04-24 04:48:55 [Info] [684] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-24 04:48:55 [Info] [684] Resource monitor start 2026-04-24 04:48:55 [Info] [684] ipc client init success 2026-04-24 04:48:55 [Info] [684] Ipc init: 0 2026-04-24 04:48:55 [Info] [684] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-24 04:48:55 [Info] [684] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-24 04:48:55 [Info] [684] start ipc thread id[4500] 2026-04-24 04:48:55 [Info] [684] Connect Yundun ipc server return state is 0 2026-04-24 04:48:55 [Info] [684] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-24 04:49:03 [Info] [684] Loader thread 2026-04-24 04:49:03 [Info] [684] PythonEngineImpl Init... 2026-04-24 04:49:03 [Info] [684] Monitor thread 2026-04-24 04:49:03 [Info] [684] Report thread 2026-04-24 04:49:03 [Info] [684] yundun connected 2026-04-24 04:49:03 [Info] [684] CIpcMsgHandlerMgr::run Enter 2026-04-24 04:49:03 [Info] [684] CResourceMonitor::run Enter 2026-04-24 04:49:03 [Info] [684] recvmsg: HELLO 2026-04-24 04:49:03 [Info] [684] recvmsg: WORK 2026-04-24 04:49:03 [Info] [684] no use encode, return to old mode 2026-04-24 04:49:03 [Info] [684] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 04:49:03 [Info] [684] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 04:49:03 [Info] [684] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 04:49:04 [Info] [684] log fd cnt is [250], real fd cnt is [264] 2026-04-24 04:49:05 [Info] [684] log memory size is 20480KB, real memory size is 13188KB 2026-04-24 04:49:32 [Warn] [684] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-24 04:49:42 [Warn] [684] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-24 04:49:42 [Info] [684] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 04:49:43 [Info] [684] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-24 04:49:43 [Info] [684] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-24 04:49:44 [Info] [684] item: --windows-sysinfoext-check 2026-04-24 04:49:44 [Info] [684] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-24 04:49:44 [Info] [684] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-24 04:49:44 [Info] [684] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 04:49:44 [Info] [684] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 04:49:44 [Info] [684] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-24 04:49:44 [Info] [684] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-24 04:49:44 [Info] [684] Prepare stage1: --windows-sysinfoext-check 2026-04-24 04:49:44 [Info] [684] Prepare stage2 2026-04-24 04:49:45 [Info] [684] log memory size is 30720KB, real memory size is 23144KB 2026-04-24 04:49:46 [Info] [684] stage3: --windows-sysinfoext-check 2026-04-24 04:49:46 [Info] [684] Loader after check 2026-04-24 04:49:47 [Info] [684] Enter reuse wait state. 2026-04-24 04:49:52 [Info] [684] recvmsg: EXIT 2026-04-24 04:49:52 [Info] [684] Recv Exit Msg, Exit... 2026-04-24 07:43:52 [Info] [1468] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-24 07:43:52 [Info] [1468] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap94631776987832 2026-04-24 07:43:52 [Info] [1468] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-24 07:43:52 [Info] [1468] Resource monitor start 2026-04-24 07:43:52 [Info] [1468] ipc client init success 2026-04-24 07:43:52 [Info] [1468] Ipc init: 0 2026-04-24 07:43:52 [Info] [1468] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-24 07:43:52 [Info] [1468] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-24 07:43:52 [Info] [1468] start ipc thread id[1228] 2026-04-24 07:43:52 [Info] [1468] Connect Yundun ipc server return state is 0 2026-04-24 07:43:52 [Info] [1468] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-24 07:43:52 [Info] [1468] CResourceMonitor::run Enter 2026-04-24 07:43:52 [Info] [1468] CIpcMsgHandlerMgr::run Enter 2026-04-24 07:43:52 [Info] [1468] Report thread 2026-04-24 07:43:52 [Info] [1468] Monitor thread 2026-04-24 07:43:52 [Info] [1468] Loader thread 2026-04-24 07:43:52 [Info] [1468] PythonEngineImpl Init... 2026-04-24 07:43:52 [Info] [1468] yundun connected 2026-04-24 07:43:52 [Info] [1468] recvmsg: HELLO 2026-04-24 07:43:52 [Info] [1468] recvmsg: WORK 2026-04-24 07:43:52 [Info] [1468] no use encode, return to old mode 2026-04-24 07:43:52 [Info] [1468] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 07:43:52 [Info] [1468] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 07:43:52 [Info] [1468] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 07:43:53 [Info] [1468] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 07:43:53 [Info] [1468] log fd cnt is [250], real fd cnt is [282] 2026-04-24 07:43:53 [Info] [1468] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-24 07:43:53 [Info] [1468] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-24 07:43:54 [Info] [1468] log memory size is 20480KB, real memory size is 14840KB 2026-04-24 07:43:54 [Info] [1468] item: --windows-vul-clean 2026-04-24 07:43:54 [Info] [1468] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-24 07:43:54 [Info] [1468] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-04-24 07:43:54 [Info] [1468] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 07:43:54 [Info] [1468] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 07:43:54 [Info] [1468] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-04-24 07:43:54 [Info] [1468] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-04-24 07:43:55 [Info] [1468] Prepare stage1: --windows-vul-clean 2026-04-24 07:43:55 [Info] [1468] Prepare stage2 2026-04-24 07:43:55 [Info] [1468] stage3: --windows-vul-clean 2026-04-24 07:43:55 [Info] [1468] Loader after check 2026-04-24 07:43:56 [Info] [1468] Enter reuse wait state. 2026-04-24 07:43:59 [Info] [1468] recvmsg: EXIT 2026-04-24 07:43:59 [Info] [1468] Recv Exit Msg, Exit... 2026-04-24 08:49:03 [Info] [4200] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-24 08:49:03 [Info] [4200] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap222311776991742 2026-04-24 08:49:03 [Info] [4200] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-24 08:49:03 [Info] [4200] Resource monitor start 2026-04-24 08:49:03 [Info] [4200] ipc client init success 2026-04-24 08:49:03 [Info] [4200] Ipc init: 0 2026-04-24 08:49:03 [Info] [4200] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-24 08:49:03 [Info] [4200] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-24 08:49:03 [Info] [4200] start ipc thread id[4824] 2026-04-24 08:49:03 [Info] [4200] Connect Yundun ipc server return state is 0 2026-04-24 08:49:03 [Info] [4200] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-24 08:49:03 [Info] [4200] CResourceMonitor::run Enter 2026-04-24 08:49:03 [Info] [4200] CIpcMsgHandlerMgr::run Enter 2026-04-24 08:49:03 [Info] [4200] yundun connected 2026-04-24 08:49:03 [Info] [4200] Report thread 2026-04-24 08:49:03 [Info] [4200] Monitor thread 2026-04-24 08:49:03 [Info] [4200] Loader thread 2026-04-24 08:49:03 [Info] [4200] PythonEngineImpl Init... 2026-04-24 08:49:03 [Info] [4200] recvmsg: HELLO 2026-04-24 08:49:03 [Info] [4200] recvmsg: WORK 2026-04-24 08:49:03 [Info] [4200] no use encode, return to old mode 2026-04-24 08:49:04 [Info] [4200] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 08:49:04 [Info] [4200] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 08:49:04 [Info] [4200] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 08:49:04 [Info] [4200] log fd cnt is [250], real fd cnt is [274] 2026-04-24 08:49:05 [Info] [4200] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 08:49:06 [Info] [4200] log memory size is 20480KB, real memory size is 14500KB 2026-04-24 08:49:06 [Info] [4200] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-24 08:49:06 [Info] [4200] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-24 08:49:08 [Info] [4200] item: --windows-process-check 2026-04-24 08:49:08 [Info] [4200] cgroup name aegisRtap0 2026-04-24 08:49:08 [Info] [4200] try get sys version 2026-04-24 08:49:08 [Info] [4200] win sys info:2/10:0:3 2026-04-24 08:49:08 [Info] [4200] suit legal version, enable cpu control 2026-04-24 08:49:08 [Info] [4200] get AssignProcessToJobObject handle [00000478] 2026-04-24 08:49:08 [Info] [4200] Set setJobExtended. 2026-04-24 08:49:08 [Info] [4200] Set cpu [9%] 2026-04-24 08:49:08 [Info] [4200] Set cpu success 2026-04-24 08:49:08 [Info] [4200] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-24 08:49:08 [Info] [4200] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-04-24 08:49:08 [Info] [4200] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 08:49:08 [Info] [4200] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 08:49:09 [Info] [4200] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-04-24 08:49:09 [Info] [4200] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-04-24 08:49:09 [Info] [4200] Prepare stage1: --windows-process-check 2026-04-24 08:49:09 [Info] [4200] Prepare stage2 2026-04-24 08:49:15 [Info] [4200] log memory size is 30720KB, real memory size is 20636KB 2026-04-24 08:49:46 [Info] [4200] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-24 08:50:08 [Info] [4200] stage3: --windows-process-check 2026-04-24 08:50:08 [Info] [4200] Loader after check 2026-04-24 08:50:09 [Info] [4200] Enter reuse wait state. 2026-04-24 08:50:14 [Info] [4200] log fd cnt is [300], real fd cnt is [347] 2026-04-24 08:50:14 [Info] [4200] recvmsg: EXIT 2026-04-24 08:50:14 [Info] [4200] Recv Exit Msg, Exit... 2026-04-24 10:17:27 [Info] [872] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-24 10:17:27 [Info] [872] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap67321776997030 2026-04-24 10:17:27 [Info] [872] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-24 10:17:27 [Info] [872] Resource monitor start 2026-04-24 10:17:27 [Info] [872] ipc client init success 2026-04-24 10:17:27 [Info] [872] Ipc init: 0 2026-04-24 10:17:27 [Info] [872] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-24 10:17:27 [Info] [872] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-24 10:17:27 [Info] [872] start ipc thread id[5100] 2026-04-24 10:17:27 [Info] [872] Connect Yundun ipc server return state is 0 2026-04-24 10:17:27 [Info] [872] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-24 10:17:27 [Info] [872] CResourceMonitor::run Enter 2026-04-24 10:17:27 [Info] [872] CIpcMsgHandlerMgr::run Enter 2026-04-24 10:17:27 [Info] [872] Report thread 2026-04-24 10:17:33 [Info] [872] yundun connected 2026-04-24 10:17:33 [Info] [872] Loader thread 2026-04-24 10:17:33 [Info] [872] PythonEngineImpl Init... 2026-04-24 10:17:33 [Info] [872] Monitor thread 2026-04-24 10:17:33 [Info] [872] recvmsg: HELLO 2026-04-24 10:17:33 [Info] [872] recvmsg: WORK 2026-04-24 10:17:33 [Info] [872] no use encode, return to old mode 2026-04-24 10:17:33 [Info] [872] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 10:17:33 [Info] [872] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 10:17:33 [Info] [872] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 10:17:34 [Info] [872] log fd cnt is [250], real fd cnt is [264] 2026-04-24 10:17:35 [Info] [872] log memory size is 20480KB, real memory size is 13144KB 2026-04-24 10:17:47 [Warn] [872] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-24 10:17:57 [Warn] [872] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-24 10:17:57 [Info] [872] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 10:17:57 [Info] [872] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-24 10:17:57 [Info] [872] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-24 10:17:58 [Info] [872] item: --windows-sysinfoext-check 2026-04-24 10:17:58 [Info] [872] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-24 10:17:58 [Info] [872] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-24 10:17:58 [Info] [872] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 10:17:58 [Info] [872] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 10:17:59 [Info] [872] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-24 10:17:59 [Info] [872] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-24 10:17:59 [Info] [872] Prepare stage1: --windows-sysinfoext-check 2026-04-24 10:17:59 [Info] [872] Prepare stage2 2026-04-24 10:17:59 [Info] [872] log memory size is 30720KB, real memory size is 22644KB 2026-04-24 10:18:01 [Info] [872] stage3: --windows-sysinfoext-check 2026-04-24 10:18:01 [Info] [872] Loader after check 2026-04-24 10:18:02 [Info] [872] Enter reuse wait state. 2026-04-24 10:18:04 [Info] [872] recvmsg: EXIT 2026-04-24 10:18:04 [Info] [872] Recv Exit Msg, Exit... 2026-04-24 10:24:31 [Info] [2716] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-24 10:24:31 [Info] [2716] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap81721776997471 2026-04-24 10:24:31 [Info] [2716] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-24 10:24:31 [Info] [2716] Resource monitor start 2026-04-24 10:24:31 [Info] [2716] ipc client init success 2026-04-24 10:24:31 [Info] [2716] Ipc init: 0 2026-04-24 10:24:31 [Info] [2716] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-24 10:24:31 [Info] [2716] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-24 10:24:31 [Info] [2716] start ipc thread id[4904] 2026-04-24 10:24:31 [Info] [2716] Connect Yundun ipc server return state is 0 2026-04-24 10:24:31 [Info] [2716] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-24 10:24:31 [Info] [2716] CResourceMonitor::run Enter 2026-04-24 10:24:31 [Info] [2716] CIpcMsgHandlerMgr::run Enter 2026-04-24 10:24:31 [Info] [2716] Report thread 2026-04-24 10:24:31 [Info] [2716] Monitor thread 2026-04-24 10:24:31 [Info] [2716] Loader thread 2026-04-24 10:24:31 [Info] [2716] PythonEngineImpl Init... 2026-04-24 10:24:32 [Info] [2716] yundun connected 2026-04-24 10:24:32 [Info] [2716] recvmsg: HELLO 2026-04-24 10:24:32 [Info] [2716] recvmsg: WORK 2026-04-24 10:24:32 [Info] [2716] no use encode, return to old mode 2026-04-24 10:24:32 [Info] [2716] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 10:24:32 [Info] [2716] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 10:24:32 [Info] [2716] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 10:24:32 [Info] [2716] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 10:24:32 [Info] [2716] log fd cnt is [250], real fd cnt is [282] 2026-04-24 10:24:33 [Info] [2716] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-24 10:24:33 [Info] [2716] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-24 10:24:34 [Info] [2716] log memory size is 20480KB, real memory size is 14808KB 2026-04-24 10:24:34 [Info] [2716] item: --windows-registry-check 2026-04-24 10:24:34 [Info] [2716] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-24 10:24:34 [Info] [2716] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-04-24 10:24:34 [Info] [2716] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 10:24:34 [Info] [2716] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 10:24:34 [Info] [2716] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-04-24 10:24:34 [Info] [2716] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-04-24 10:24:34 [Info] [2716] Prepare stage1: --windows-registry-check 2026-04-24 10:24:34 [Info] [2716] Prepare stage2 2026-04-24 10:24:47 [Info] [2716] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-24 10:25:03 [Info] [2716] stage3: --windows-registry-check 2026-04-24 10:25:03 [Info] [2716] Loader after check 2026-04-24 10:25:04 [Info] [2716] Enter reuse wait state. 2026-04-24 10:25:07 [Info] [2716] recvmsg: EXIT 2026-04-24 10:25:07 [Info] [2716] Recv Exit Msg, Exit... 2026-04-24 10:26:04 [Info] [4324] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-24 10:26:04 [Info] [4324] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap84761776997564 2026-04-24 10:26:04 [Info] [4324] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-24 10:26:04 [Info] [4324] Resource monitor start 2026-04-24 10:26:04 [Info] [4324] ipc client init success 2026-04-24 10:26:04 [Info] [4324] Ipc init: 0 2026-04-24 10:26:04 [Info] [4324] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-24 10:26:04 [Info] [4324] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-24 10:26:04 [Info] [4324] start ipc thread id[3108] 2026-04-24 10:26:04 [Info] [4324] Connect Yundun ipc server return state is 0 2026-04-24 10:26:04 [Info] [4324] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-24 10:26:04 [Info] [4324] CResourceMonitor::run Enter 2026-04-24 10:26:04 [Info] [4324] CIpcMsgHandlerMgr::run Enter 2026-04-24 10:26:04 [Info] [4324] yundun connected 2026-04-24 10:26:04 [Info] [4324] Report thread 2026-04-24 10:26:04 [Info] [4324] Monitor thread 2026-04-24 10:26:04 [Info] [4324] Loader thread 2026-04-24 10:26:04 [Info] [4324] PythonEngineImpl Init... 2026-04-24 10:26:04 [Info] [4324] recvmsg: HELLO 2026-04-24 10:26:04 [Info] [4324] recvmsg: WORK 2026-04-24 10:26:04 [Info] [4324] no use encode, return to old mode 2026-04-24 10:26:04 [Info] [4324] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 10:26:04 [Info] [4324] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 10:26:04 [Info] [4324] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 10:26:05 [Info] [4324] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 10:26:05 [Info] [4324] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-24 10:26:05 [Info] [4324] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-24 10:26:05 [Info] [4324] log fd cnt is [250], real fd cnt is [281] 2026-04-24 10:26:06 [Info] [4324] log memory size is 20480KB, real memory size is 14844KB 2026-04-24 10:26:06 [Info] [4324] item: --windows-driver-version-check 2026-04-24 10:26:06 [Info] [4324] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-24 10:26:06 [Info] [4324] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-04-24 10:26:06 [Info] [4324] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 10:26:06 [Info] [4324] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 10:26:06 [Info] [4324] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-04-24 10:26:06 [Info] [4324] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-04-24 10:26:06 [Info] [4324] Prepare stage1: --windows-driver-version-check 2026-04-24 10:26:06 [Info] [4324] Prepare stage2 2026-04-24 10:26:06 [Info] [4324] stage3: --windows-driver-version-check 2026-04-24 10:26:06 [Info] [4324] Loader after check 2026-04-24 10:26:07 [Info] [4324] Enter reuse wait state. 2026-04-24 10:26:11 [Info] [4324] recvmsg: EXIT 2026-04-24 10:26:11 [Info] [4324] Recv Exit Msg, Exit... 2026-04-24 10:27:44 [Info] [2616] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-24 10:27:44 [Info] [2616] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap88021776997664 2026-04-24 10:27:44 [Info] [2616] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-24 10:27:44 [Info] [2616] Resource monitor start 2026-04-24 10:27:44 [Info] [2616] ipc client init success 2026-04-24 10:27:44 [Info] [2616] Ipc init: 0 2026-04-24 10:27:44 [Info] [2616] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-24 10:27:44 [Info] [2616] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-24 10:27:44 [Info] [2616] start ipc thread id[1536] 2026-04-24 10:27:44 [Info] [2616] Connect Yundun ipc server return state is 0 2026-04-24 10:27:44 [Info] [2616] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-24 10:27:44 [Info] [2616] CResourceMonitor::run Enter 2026-04-24 10:27:44 [Info] [2616] CIpcMsgHandlerMgr::run Enter 2026-04-24 10:27:44 [Info] [2616] Report thread 2026-04-24 10:27:44 [Info] [2616] Monitor thread 2026-04-24 10:27:44 [Info] [2616] Loader thread 2026-04-24 10:27:44 [Info] [2616] PythonEngineImpl Init... 2026-04-24 10:27:44 [Info] [2616] yundun connected 2026-04-24 10:27:44 [Info] [2616] recvmsg: HELLO 2026-04-24 10:27:44 [Info] [2616] recvmsg: WORK 2026-04-24 10:27:44 [Info] [2616] no use encode, return to old mode 2026-04-24 10:27:45 [Info] [2616] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 10:27:45 [Info] [2616] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 10:27:45 [Info] [2616] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 10:27:45 [Info] [2616] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 10:27:45 [Info] [2616] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-24 10:27:45 [Info] [2616] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-24 10:27:45 [Info] [2616] log fd cnt is [250], real fd cnt is [281] 2026-04-24 10:27:46 [Info] [2616] log memory size is 20480KB, real memory size is 14880KB 2026-04-24 10:27:46 [Info] [2616] item: --tcp-connect-check 2026-04-24 10:27:46 [Info] [2616] cgroup name aegisRtap0 2026-04-24 10:27:46 [Info] [2616] try get sys version 2026-04-24 10:27:46 [Info] [2616] win sys info:2/10:0:3 2026-04-24 10:27:46 [Info] [2616] suit legal version, enable cpu control 2026-04-24 10:27:46 [Info] [2616] get AssignProcessToJobObject handle [00000478] 2026-04-24 10:27:46 [Info] [2616] Set setJobExtended. 2026-04-24 10:27:46 [Info] [2616] Set cpu [9%] 2026-04-24 10:27:46 [Info] [2616] Set cpu success 2026-04-24 10:27:46 [Info] [2616] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-24 10:27:46 [Info] [2616] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-04-24 10:27:46 [Info] [2616] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 10:27:46 [Info] [2616] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 10:27:46 [Info] [2616] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-04-24 10:27:46 [Info] [2616] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-04-24 10:27:46 [Info] [2616] Prepare stage1: --tcp-connect-check 2026-04-24 10:27:46 [Info] [2616] Prepare stage2 2026-04-24 10:27:49 [Info] [2616] stage3: --tcp-connect-check 2026-04-24 10:27:49 [Info] [2616] Loader after check 2026-04-24 10:27:50 [Info] [2616] Enter reuse wait state. 2026-04-24 10:27:56 [Info] [2616] recvmsg: EXIT 2026-04-24 10:27:56 [Info] [2616] Recv Exit Msg, Exit... 2026-04-24 10:30:25 [Info] [2828] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-24 10:30:25 [Info] [2828] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap93281776997825 2026-04-24 10:30:25 [Info] [2828] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-24 10:30:25 [Info] [2828] Resource monitor start 2026-04-24 10:30:25 [Info] [2828] ipc client init success 2026-04-24 10:30:25 [Info] [2828] Ipc init: 0 2026-04-24 10:30:25 [Info] [2828] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-24 10:30:25 [Info] [2828] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-24 10:30:25 [Info] [2828] start ipc thread id[4632] 2026-04-24 10:30:25 [Info] [2828] Connect Yundun ipc server return state is 0 2026-04-24 10:30:25 [Info] [2828] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-24 10:30:25 [Info] [2828] CResourceMonitor::run Enter 2026-04-24 10:30:25 [Info] [2828] CIpcMsgHandlerMgr::run Enter 2026-04-24 10:30:25 [Info] [2828] Report thread 2026-04-24 10:30:25 [Info] [2828] Monitor thread 2026-04-24 10:30:25 [Info] [2828] Loader thread 2026-04-24 10:30:25 [Info] [2828] PythonEngineImpl Init... 2026-04-24 10:30:25 [Info] [2828] yundun connected 2026-04-24 10:30:25 [Info] [2828] recvmsg: HELLO 2026-04-24 10:30:25 [Info] [2828] recvmsg: WORK 2026-04-24 10:30:25 [Info] [2828] no use encode, return to old mode 2026-04-24 10:30:26 [Info] [2828] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 10:30:26 [Info] [2828] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 10:30:26 [Info] [2828] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 10:30:26 [Info] [2828] log fd cnt is [250], real fd cnt is [274] 2026-04-24 10:30:26 [Info] [2828] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 10:30:26 [Info] [2828] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-24 10:30:26 [Info] [2828] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-24 10:30:27 [Info] [2828] log memory size is 20480KB, real memory size is 14816KB 2026-04-24 10:30:27 [Info] [2828] item: --windows-schedule-task-check 2026-04-24 10:30:27 [Info] [2828] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-24 10:30:27 [Info] [2828] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-04-24 10:30:27 [Info] [2828] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 10:30:27 [Info] [2828] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 10:30:27 [Info] [2828] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-04-24 10:30:27 [Info] [2828] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-04-24 10:30:28 [Info] [2828] Prepare stage1: --windows-schedule-task-check 2026-04-24 10:30:28 [Info] [2828] Prepare stage2 2026-04-24 10:30:31 [Info] [2828] log memory size is 30720KB, real memory size is 23612KB 2026-04-24 10:30:58 [Info] [2828] stage3: --windows-schedule-task-check 2026-04-24 10:30:58 [Info] [2828] Loader after check 2026-04-24 10:30:59 [Info] [2828] Enter reuse wait state. 2026-04-24 10:31:01 [Info] [2828] recvmsg: EXIT 2026-04-24 10:31:01 [Info] [2828] Recv Exit Msg, Exit... 2026-04-24 11:10:48 [Info] [2568] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-24 11:10:48 [Info] [2568] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap172401777000248 2026-04-24 11:10:48 [Info] [2568] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-24 11:10:48 [Info] [2568] Resource monitor start 2026-04-24 11:10:48 [Info] [2568] ipc client init success 2026-04-24 11:10:48 [Info] [2568] Ipc init: 0 2026-04-24 11:10:48 [Info] [2568] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-24 11:10:48 [Info] [2568] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-24 11:10:48 [Info] [2568] start ipc thread id[2520] 2026-04-24 11:10:48 [Info] [2568] Connect Yundun ipc server return state is 0 2026-04-24 11:10:48 [Info] [2568] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-24 11:10:48 [Info] [2568] CResourceMonitor::run Enter 2026-04-24 11:10:48 [Info] [2568] CIpcMsgHandlerMgr::run Enter 2026-04-24 11:10:48 [Info] [2568] Report thread 2026-04-24 11:10:48 [Info] [2568] Monitor thread 2026-04-24 11:10:48 [Info] [2568] Loader thread 2026-04-24 11:10:48 [Info] [2568] PythonEngineImpl Init... 2026-04-24 11:10:48 [Info] [2568] yundun connected 2026-04-24 11:10:48 [Info] [2568] recvmsg: HELLO 2026-04-24 11:10:48 [Info] [2568] recvmsg: WORK 2026-04-24 11:10:48 [Info] [2568] no use encode, return to old mode 2026-04-24 11:10:49 [Info] [2568] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 11:10:49 [Info] [2568] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 11:10:49 [Info] [2568] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 11:10:49 [Info] [2568] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 11:10:49 [Info] [2568] log fd cnt is [250], real fd cnt is [282] 2026-04-24 11:10:49 [Info] [2568] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-24 11:10:49 [Info] [2568] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-24 11:10:50 [Info] [2568] log memory size is 20480KB, real memory size is 14760KB 2026-04-24 11:10:50 [Info] [2568] item: --windows-autorun-item-check 2026-04-24 11:10:50 [Info] [2568] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-24 11:10:50 [Info] [2568] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-04-24 11:10:50 [Info] [2568] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 11:10:50 [Info] [2568] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 11:10:50 [Info] [2568] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-04-24 11:10:50 [Info] [2568] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-04-24 11:10:51 [Info] [2568] Prepare stage1: --windows-autorun-item-check 2026-04-24 11:10:51 [Info] [2568] Prepare stage2 2026-04-24 11:10:51 [Warn] [2568] high cpu, cpu is 15 2026-04-24 11:10:51 [Info] [2568] try get sys version 2026-04-24 11:10:51 [Info] [2568] win sys info:2/10:0:3 2026-04-24 11:10:51 [Info] [2568] suit legal version, enable cpu control 2026-04-24 11:10:51 [Warn] [2568] High CPU Warning: 15 2026-04-24 11:10:51 [Warn] [2568] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-autorun-item-check.py line: 220 in func: EnumRegKeyValue File:windows-autorun-item-check.py line: 257 in func: GetAutoRunByReg File:windows-autorun-item-check.py line: 500 in func: check File:windows-autorun-item-check.py line: 80 in func: main File:windows-autorun-item-check.py line: 534 in func: start 2026-04-24 11:10:54 [Info] [2568] log memory size is 30720KB, real memory size is 22628KB 2026-04-24 11:11:01 [Info] [2568] stage3: --windows-autorun-item-check 2026-04-24 11:11:01 [Info] [2568] Loader after check 2026-04-24 11:11:02 [Info] [2568] Enter reuse wait state. 2026-04-24 11:11:04 [Info] [2568] recvmsg: EXIT 2026-04-24 11:11:04 [Info] [2568] Recv Exit Msg, Exit... 2026-04-24 15:46:38 [Info] [2536] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-24 15:46:38 [Info] [2536] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap56261777016760 2026-04-24 15:46:38 [Info] [2536] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-24 15:46:38 [Info] [2536] Resource monitor start 2026-04-24 15:46:38 [Info] [2536] ipc client init success 2026-04-24 15:46:38 [Info] [2536] Ipc init: 0 2026-04-24 15:46:38 [Info] [2536] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-24 15:46:38 [Info] [2536] CResourceMonitor::run Enter 2026-04-24 15:46:38 [Info] [2536] CIpcMsgHandlerMgr::run Enter 2026-04-24 15:46:38 [Info] [2536] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-24 15:46:38 [Info] [2536] start ipc thread id[464] 2026-04-24 15:46:38 [Info] [2536] Connect Yundun ipc server return state is 0 2026-04-24 15:46:39 [Info] [2536] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-24 15:46:39 [Info] [2536] yundun connected 2026-04-24 15:46:39 [Info] [2536] Report thread 2026-04-24 15:46:39 [Info] [2536] Monitor thread 2026-04-24 15:46:39 [Info] [2536] Loader thread 2026-04-24 15:46:39 [Info] [2536] PythonEngineImpl Init... 2026-04-24 15:46:39 [Info] [2536] recvmsg: HELLO 2026-04-24 15:46:39 [Info] [2536] recvmsg: WORK 2026-04-24 15:46:39 [Info] [2536] no use encode, return to old mode 2026-04-24 15:46:39 [Info] [2536] log fd cnt is [250], real fd cnt is [262] 2026-04-24 15:46:40 [Info] [2536] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 15:46:40 [Info] [2536] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 15:46:40 [Info] [2536] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 15:46:40 [Info] [2536] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 15:46:40 [Info] [2536] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-24 15:46:40 [Info] [2536] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-24 15:46:40 [Info] [2536] log memory size is 20480KB, real memory size is 14868KB 2026-04-24 15:46:41 [Info] [2536] item: --windows-sysinfoext-check 2026-04-24 15:46:41 [Info] [2536] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-24 15:46:41 [Info] [2536] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-24 15:46:41 [Info] [2536] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 15:46:41 [Info] [2536] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 15:46:41 [Info] [2536] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-24 15:46:41 [Info] [2536] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-24 15:46:42 [Info] [2536] Prepare stage1: --windows-sysinfoext-check 2026-04-24 15:46:42 [Info] [2536] Prepare stage2 2026-04-24 15:46:43 [Warn] [2536] high cpu, cpu is 13 2026-04-24 15:46:43 [Info] [2536] try get sys version 2026-04-24 15:46:43 [Info] [2536] win sys info:2/10:0:3 2026-04-24 15:46:43 [Info] [2536] suit legal version, enable cpu control 2026-04-24 15:46:43 [Warn] [2536] High CPU Warning: 13 2026-04-24 15:46:44 [Warn] [2536] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-04-24 15:46:45 [Info] [2536] log memory size is 30720KB, real memory size is 23108KB 2026-04-24 15:46:46 [Info] [2536] stage3: --windows-sysinfoext-check 2026-04-24 15:46:46 [Info] [2536] Loader after check 2026-04-24 15:46:46 [Warn] [2536] high cpu, cpu is 13 2026-04-24 15:46:46 [Warn] [2536] High CPU Warning: 13 2026-04-24 15:46:47 [Info] [2536] Enter reuse wait state. 2026-04-24 15:46:48 [Info] [2536] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-24 15:46:50 [Info] [2536] recvmsg: EXIT 2026-04-24 15:46:50 [Info] [2536] Recv Exit Msg, Exit... 2026-04-24 18:04:08 [Info] [3184] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-24 18:04:08 [Info] [3184] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap326911777025048 2026-04-24 18:04:08 [Info] [3184] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-24 18:04:08 [Info] [3184] Resource monitor start 2026-04-24 18:04:08 [Info] [3184] ipc client init success 2026-04-24 18:04:08 [Info] [3184] Ipc init: 0 2026-04-24 18:04:08 [Info] [3184] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-24 18:04:08 [Info] [3184] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-24 18:04:08 [Info] [3184] start ipc thread id[984] 2026-04-24 18:04:08 [Info] [3184] Connect Yundun ipc server return state is 0 2026-04-24 18:04:08 [Info] [3184] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-24 18:04:08 [Info] [3184] CResourceMonitor::run Enter 2026-04-24 18:04:08 [Info] [3184] CIpcMsgHandlerMgr::run Enter 2026-04-24 18:04:08 [Info] [3184] Report thread 2026-04-24 18:04:08 [Info] [3184] Monitor thread 2026-04-24 18:04:08 [Info] [3184] Loader thread 2026-04-24 18:04:08 [Info] [3184] PythonEngineImpl Init... 2026-04-24 18:04:08 [Info] [3184] yundun connected 2026-04-24 18:04:09 [Info] [3184] recvmsg: HELLO 2026-04-24 18:04:09 [Info] [3184] recvmsg: WORK 2026-04-24 18:04:09 [Info] [3184] no use encode, return to old mode 2026-04-24 18:04:09 [Info] [3184] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 18:04:09 [Info] [3184] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 18:04:09 [Info] [3184] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 18:04:09 [Info] [3184] log fd cnt is [250], real fd cnt is [282] 2026-04-24 18:04:09 [Info] [3184] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 18:04:09 [Info] [3184] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-24 18:04:09 [Info] [3184] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-24 18:04:10 [Info] [3184] log memory size is 20480KB, real memory size is 14756KB 2026-04-24 18:04:11 [Info] [3184] item: --secnet_rasp_agent 2026-04-24 18:04:11 [Info] [3184] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-04-24 18:04:11 [Info] [3184] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-04-24 18:04:11 [Info] [3184] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-04-24 18:04:11 [Info] [3184] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-04-24 18:04:11 [Info] [3184] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-04-24 18:04:11 [Info] [3184] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-04-24 18:04:11 [Info] [3184] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-04-24 18:04:11 [Info] [3184] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-04-24 18:04:11 [Info] [3184] Download redirect files success. 2026-04-24 18:04:11 [Info] [3184] Prepare stage1: --secnet_rasp_agent 2026-04-24 18:04:11 [Info] [3184] Prepare stage2 2026-04-24 18:04:12 [Info] [3184] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-24 18:04:12 [Info] [3184] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-24 18:04:12 [Info] [3184] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 18:04:12 [Info] [3184] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 18:04:13 [Info] [3184] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-04-24 18:04:13 [Info] [3184] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-04-24 18:04:13 [Info] [3184] stage3: --secnet_rasp_agent 2026-04-24 18:04:13 [Info] [3184] Loader after check 2026-04-24 18:04:14 [Info] [3184] Enter reuse wait state. 2026-04-24 18:04:14 [Info] [3184] log memory size is 30720KB, real memory size is 21296KB 2026-04-24 18:04:16 [Info] [3184] recvmsg: EXIT 2026-04-24 18:04:16 [Info] [3184] Recv Exit Msg, Exit... 2026-04-24 21:14:45 [Info] [4868] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-04-24 21:14:45 [Info] [4868] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap44481777036468 2026-04-24 21:14:45 [Info] [4868] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-04-24 21:14:45 [Info] [4868] Resource monitor start 2026-04-24 21:14:45 [Info] [4868] ipc client init success 2026-04-24 21:14:45 [Info] [4868] Ipc init: 0 2026-04-24 21:14:45 [Info] [4868] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-04-24 21:14:45 [Info] [4868] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-04-24 21:14:45 [Info] [4868] start ipc thread id[2132] 2026-04-24 21:14:45 [Info] [4868] Connect Yundun ipc server return state is 0 2026-04-24 21:14:45 [Info] [4868] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-04-24 21:14:45 [Info] [4868] CResourceMonitor::run Enter 2026-04-24 21:14:45 [Info] [4868] CIpcMsgHandlerMgr::run Enter 2026-04-24 21:14:45 [Info] [4868] Report thread 2026-04-24 21:14:45 [Info] [4868] Monitor thread 2026-04-24 21:14:45 [Info] [4868] Loader thread 2026-04-24 21:14:45 [Info] [4868] PythonEngineImpl Init... 2026-04-24 21:14:51 [Info] [4868] yundun connected 2026-04-24 21:14:51 [Info] [4868] recvmsg: HELLO 2026-04-24 21:14:51 [Info] [4868] recvmsg: WORK 2026-04-24 21:14:51 [Info] [4868] no use encode, return to old mode 2026-04-24 21:14:52 [Info] [4868] log fd cnt is [250], real fd cnt is [263] 2026-04-24 21:14:52 [Info] [4868] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 21:14:52 [Info] [4868] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-04-24 21:14:52 [Info] [4868] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 21:14:53 [Info] [4868] log memory size is 20480KB, real memory size is 13124KB 2026-04-24 21:14:59 [Info] [4868] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-04-24 21:15:10 [Warn] [4868] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-24 21:15:20 [Warn] [4868] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-24 21:15:30 [Warn] [4868] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28 2026-04-24 21:15:30 [Info] [4868] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 21:15:30 [Info] [4868] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-04-24 21:15:30 [Info] [4868] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-04-24 21:15:32 [Info] [4868] item: --windows-sysinfoext-check 2026-04-24 21:15:32 [Info] [4868] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-24 21:15:32 [Info] [4868] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-24 21:15:32 [Info] [4868] start post buffer update.aegis.aliyun.com/file_policy/file 2026-04-24 21:15:32 [Info] [4868] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-04-24 21:15:32 [Info] [4868] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-04-24 21:15:32 [Info] [4868] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-04-24 21:15:32 [Info] [4868] Prepare stage1: --windows-sysinfoext-check 2026-04-24 21:15:32 [Info] [4868] Prepare stage2 2026-04-24 21:15:33 [Info] [4868] log memory size is 30720KB, real memory size is 23060KB 2026-04-24 21:15:34 [Info] [4868] stage3: --windows-sysinfoext-check 2026-04-24 21:15:34 [Info] [4868] Loader after check 2026-04-24 21:15:35 [Info] [4868] Enter reuse wait state. 2026-04-24 21:15:39 [Info] [4868] recvmsg: EXIT 2026-04-24 21:15:39 [Info] [4868] Recv Exit Msg, Exit... 2026-05-01 00:51:37 [Info] [3404] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-01 00:51:37 [Info] [3404] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap31671777567897 2026-05-01 00:51:37 [Info] [3404] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-01 00:51:37 [Info] [3404] Resource monitor start 2026-05-01 00:51:37 [Info] [3404] ipc client init success 2026-05-01 00:51:37 [Info] [3404] Ipc init: 0 2026-05-01 00:51:37 [Info] [3404] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-01 00:51:37 [Info] [3404] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-01 00:51:37 [Info] [3404] start ipc thread id[1332] 2026-05-01 00:51:37 [Info] [3404] Connect Yundun ipc server return state is 0 2026-05-01 00:51:37 [Info] [3404] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-01 00:51:37 [Info] [3404] CResourceMonitor::run Enter 2026-05-01 00:51:37 [Info] [3404] CIpcMsgHandlerMgr::run Enter 2026-05-01 00:51:37 [Info] [3404] Report thread 2026-05-01 00:51:37 [Info] [3404] Monitor thread 2026-05-01 00:51:37 [Info] [3404] Loader thread 2026-05-01 00:51:37 [Info] [3404] PythonEngineImpl Init... 2026-05-01 00:51:37 [Info] [3404] yundun connected 2026-05-01 00:51:38 [Info] [3404] recvmsg: HELLO 2026-05-01 00:51:38 [Info] [3404] recvmsg: WORK 2026-05-01 00:51:38 [Info] [3404] no use encode, return to old mode 2026-05-01 00:51:38 [Info] [3404] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 00:51:38 [Info] [3404] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 00:51:38 [Info] [3404] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 00:51:38 [Info] [3404] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 00:51:38 [Info] [3404] log fd cnt is [250], real fd cnt is [282] 2026-05-01 00:51:39 [Info] [3404] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-01 00:51:39 [Info] [3404] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-01 00:51:39 [Info] [3404] log memory size is 20480KB, real memory size is 14816KB 2026-05-01 00:51:40 [Info] [3404] item: --windows-sysinfoext-check 2026-05-01 00:51:40 [Info] [3404] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-01 00:51:40 [Info] [3404] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-01 00:51:40 [Info] [3404] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 00:51:40 [Info] [3404] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 00:51:40 [Info] [3404] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-01 00:51:40 [Info] [3404] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-01 00:51:40 [Info] [3404] Prepare stage1: --windows-sysinfoext-check 2026-05-01 00:51:40 [Info] [3404] Prepare stage2 2026-05-01 00:51:40 [Warn] [3404] high cpu, cpu is 14 2026-05-01 00:51:40 [Info] [3404] try get sys version 2026-05-01 00:51:40 [Info] [3404] win sys info:2/10:0:3 2026-05-01 00:51:40 [Info] [3404] suit legal version, enable cpu control 2026-05-01 00:51:40 [Warn] [3404] High CPU Warning: 14 2026-05-01 00:51:41 [Warn] [3404] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:util.py line: 84 in func: next File:wmi.py line: 1009 in func: query File:wmi.py line: 817 in func: query File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-05-01 00:51:42 [Info] [3404] stage3: --windows-sysinfoext-check 2026-05-01 00:51:42 [Info] [3404] Loader after check 2026-05-01 00:51:43 [Warn] [3404] high cpu, cpu is 15 2026-05-01 00:51:43 [Warn] [3404] High CPU Warning: 15 2026-05-01 00:51:43 [Info] [3404] Enter reuse wait state. 2026-05-01 00:51:44 [Info] [3404] log memory size is 30720KB, real memory size is 23364KB 2026-05-01 00:51:45 [Info] [3404] recvmsg: EXIT 2026-05-01 00:51:45 [Info] [3404] Recv Exit Msg, Exit... 2026-05-01 02:05:31 [Info] [1664] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-01 02:05:31 [Info] [1664] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap176471777572331 2026-05-01 02:05:31 [Info] [1664] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-01 02:05:31 [Info] [1664] Resource monitor start 2026-05-01 02:05:31 [Info] [1664] ipc client init success 2026-05-01 02:05:31 [Info] [1664] Ipc init: 0 2026-05-01 02:05:31 [Info] [1664] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-01 02:05:31 [Info] [1664] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-01 02:05:31 [Info] [1664] start ipc thread id[2552] 2026-05-01 02:05:31 [Info] [1664] Connect Yundun ipc server return state is 0 2026-05-01 02:05:31 [Info] [1664] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-01 02:05:31 [Info] [1664] CResourceMonitor::run Enter 2026-05-01 02:05:31 [Info] [1664] CIpcMsgHandlerMgr::run Enter 2026-05-01 02:05:31 [Info] [1664] Report thread 2026-05-01 02:05:31 [Info] [1664] Monitor thread 2026-05-01 02:05:31 [Info] [1664] Loader thread 2026-05-01 02:05:31 [Info] [1664] PythonEngineImpl Init... 2026-05-01 02:05:31 [Info] [1664] yundun connected 2026-05-01 02:05:31 [Info] [1664] recvmsg: HELLO 2026-05-01 02:05:31 [Info] [1664] recvmsg: WORK 2026-05-01 02:05:31 [Info] [1664] no use encode, return to old mode 2026-05-01 02:05:31 [Info] [1664] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 02:05:31 [Info] [1664] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 02:05:31 [Info] [1664] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 02:05:32 [Info] [1664] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 02:05:32 [Info] [1664] log fd cnt is [250], real fd cnt is [282] 2026-05-01 02:05:32 [Info] [1664] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-01 02:05:32 [Info] [1664] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-01 02:05:33 [Info] [1664] log memory size is 20480KB, real memory size is 14832KB 2026-05-01 02:05:34 [Info] [1664] item: --sca 2026-05-01 02:05:34 [Info] [1664] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-05-01 02:05:34 [Info] [1664] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-05-01 02:05:34 [Info] [1664] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-05-01 02:05:34 [Info] [1664] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-05-01 02:05:34 [Info] [1664] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-05-01 02:05:34 [Info] [1664] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-05-01 02:05:35 [Info] [1664] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-05-01 02:05:35 [Info] [1664] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-05-01 02:05:35 [Info] [1664] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-05-01 02:05:35 [Info] [1664] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-05-01 02:05:35 [Info] [1664] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-05-01 02:05:35 [Info] [1664] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-05-01 02:05:35 [Info] [1664] Download redirect files success. 2026-05-01 02:05:35 [Info] [1664] Prepare stage1: --sca 2026-05-01 02:05:35 [Info] [1664] Prepare stage2 2026-05-01 02:05:36 [Warn] [1664] high cpu, cpu is 17 2026-05-01 02:05:36 [Info] [1664] try get sys version 2026-05-01 02:05:36 [Info] [1664] win sys info:2/10:0:3 2026-05-01 02:05:36 [Info] [1664] suit legal version, enable cpu control 2026-05-01 02:05:36 [Warn] [1664] High CPU Warning: 17 2026-05-01 02:05:36 [Warn] [1664] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:sca_utils.py line: 70 in func: <module> File:sca.py line: 44 in func: <module> 2026-05-01 02:05:37 [Info] [1664] log memory size is 30720KB, real memory size is 32724KB 2026-05-01 02:05:41 [Info] [1664] log memory size is 40960KB, real memory size is 33236KB 2026-05-01 02:06:11 [Info] [1664] stage3: --sca 2026-05-01 02:06:11 [Info] [1664] Loader after check 2026-05-01 02:06:12 [Info] [1664] Enter reuse wait state. 2026-05-01 02:06:15 [Info] [1664] recvmsg: EXIT 2026-05-01 02:06:15 [Info] [1664] Recv Exit Msg, Exit... 2026-05-01 06:19:28 [Info] [4624] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-01 06:19:28 [Info] [4624] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap18651777587567 2026-05-01 06:19:28 [Info] [4624] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-01 06:19:28 [Info] [4624] Resource monitor start 2026-05-01 06:19:28 [Info] [4624] ipc client init success 2026-05-01 06:19:28 [Info] [4624] Ipc init: 0 2026-05-01 06:19:28 [Info] [4624] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-01 06:19:28 [Info] [4624] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-01 06:19:28 [Info] [4624] start ipc thread id[4336] 2026-05-01 06:19:28 [Info] [4624] Connect Yundun ipc server return state is 0 2026-05-01 06:19:28 [Info] [4624] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-01 06:19:28 [Info] [4624] CResourceMonitor::run Enter 2026-05-01 06:19:28 [Info] [4624] CIpcMsgHandlerMgr::run Enter 2026-05-01 06:19:28 [Info] [4624] Report thread 2026-05-01 06:19:28 [Info] [4624] Monitor thread 2026-05-01 06:19:28 [Info] [4624] Loader thread 2026-05-01 06:19:28 [Info] [4624] PythonEngineImpl Init... 2026-05-01 06:19:28 [Info] [4624] yundun connected 2026-05-01 06:19:28 [Info] [4624] recvmsg: HELLO 2026-05-01 06:19:28 [Info] [4624] recvmsg: WORK 2026-05-01 06:19:28 [Info] [4624] no use encode, return to old mode 2026-05-01 06:19:28 [Info] [4624] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 06:19:28 [Info] [4624] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 06:19:28 [Info] [4624] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 06:19:29 [Info] [4624] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 06:19:29 [Info] [4624] log fd cnt is [250], real fd cnt is [282] 2026-05-01 06:19:29 [Info] [4624] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-01 06:19:29 [Info] [4624] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-01 06:19:30 [Info] [4624] log memory size is 20480KB, real memory size is 14840KB 2026-05-01 06:19:30 [Info] [4624] item: --windows-sysinfoext-check 2026-05-01 06:19:30 [Info] [4624] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-01 06:19:30 [Info] [4624] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-01 06:19:30 [Info] [4624] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 06:19:30 [Info] [4624] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 06:19:30 [Info] [4624] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-01 06:19:30 [Info] [4624] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-01 06:19:30 [Info] [4624] Prepare stage1: --windows-sysinfoext-check 2026-05-01 06:19:30 [Info] [4624] Prepare stage2 2026-05-01 06:19:31 [Warn] [4624] high cpu, cpu is 15 2026-05-01 06:19:31 [Info] [4624] try get sys version 2026-05-01 06:19:31 [Info] [4624] win sys info:2/10:0:3 2026-05-01 06:19:31 [Info] [4624] suit legal version, enable cpu control 2026-05-01 06:19:31 [Warn] [4624] High CPU Warning: 15 2026-05-01 06:19:31 [Warn] [4624] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:wmi.py line: 1009 in func: query File:wmi.py line: 817 in func: query File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-05-01 06:19:32 [Info] [4624] stage3: --windows-sysinfoext-check 2026-05-01 06:19:32 [Info] [4624] Loader after check 2026-05-01 06:19:33 [Warn] [4624] high cpu, cpu is 12 2026-05-01 06:19:33 [Warn] [4624] High CPU Warning: 12 2026-05-01 06:19:33 [Info] [4624] Enter reuse wait state. 2026-05-01 06:19:34 [Info] [4624] log memory size is 30720KB, real memory size is 23372KB 2026-05-01 06:19:35 [Info] [4624] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-01 06:19:35 [Info] [4624] recvmsg: EXIT 2026-05-01 06:19:35 [Info] [4624] Recv Exit Msg, Exit... 2026-05-01 07:44:42 [Info] [4236] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-01 07:44:42 [Info] [4236] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap185691777592682 2026-05-01 07:44:42 [Info] [4236] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-01 07:44:42 [Info] [4236] Resource monitor start 2026-05-01 07:44:42 [Info] [4236] ipc client init success 2026-05-01 07:44:42 [Info] [4236] Ipc init: 0 2026-05-01 07:44:42 [Info] [4236] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-01 07:44:42 [Info] [4236] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-01 07:44:42 [Info] [4236] start ipc thread id[4392] 2026-05-01 07:44:42 [Info] [4236] Connect Yundun ipc server return state is 0 2026-05-01 07:44:42 [Info] [4236] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-01 07:44:42 [Info] [4236] CResourceMonitor::run Enter 2026-05-01 07:44:42 [Info] [4236] CIpcMsgHandlerMgr::run Enter 2026-05-01 07:44:42 [Info] [4236] Report thread 2026-05-01 07:44:42 [Info] [4236] Monitor thread 2026-05-01 07:44:42 [Info] [4236] Loader thread 2026-05-01 07:44:42 [Info] [4236] PythonEngineImpl Init... 2026-05-01 07:44:42 [Info] [4236] yundun connected 2026-05-01 07:44:42 [Info] [4236] recvmsg: HELLO 2026-05-01 07:44:42 [Info] [4236] recvmsg: WORK 2026-05-01 07:44:42 [Info] [4236] no use encode, return to old mode 2026-05-01 07:44:42 [Info] [4236] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 07:44:42 [Info] [4236] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 07:44:42 [Info] [4236] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 07:44:43 [Info] [4236] log fd cnt is [250], real fd cnt is [282] 2026-05-01 07:44:43 [Info] [4236] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 07:44:43 [Info] [4236] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-01 07:44:43 [Info] [4236] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-01 07:44:44 [Info] [4236] log memory size is 20480KB, real memory size is 14768KB 2026-05-01 07:44:44 [Info] [4236] item: --windows-vul-clean 2026-05-01 07:44:44 [Info] [4236] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-05-01 07:44:44 [Info] [4236] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-05-01 07:44:44 [Info] [4236] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 07:44:44 [Info] [4236] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 07:44:44 [Info] [4236] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-05-01 07:44:44 [Info] [4236] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-05-01 07:44:44 [Info] [4236] Prepare stage1: --windows-vul-clean 2026-05-01 07:44:44 [Info] [4236] Prepare stage2 2026-05-01 07:44:45 [Info] [4236] stage3: --windows-vul-clean 2026-05-01 07:44:45 [Info] [4236] Loader after check 2026-05-01 07:44:46 [Info] [4236] Enter reuse wait state. 2026-05-01 07:44:49 [Info] [4236] recvmsg: EXIT 2026-05-01 07:44:49 [Info] [4236] Recv Exit Msg, Exit... 2026-05-01 08:49:44 [Info] [4820] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-01 08:49:44 [Info] [4820] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap313111777596584 2026-05-01 08:49:44 [Info] [4820] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-01 08:49:44 [Info] [4820] Resource monitor start 2026-05-01 08:49:44 [Info] [4820] ipc client init success 2026-05-01 08:49:44 [Info] [4820] Ipc init: 0 2026-05-01 08:49:44 [Info] [4820] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-01 08:49:44 [Info] [4820] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-01 08:49:44 [Info] [4820] start ipc thread id[2560] 2026-05-01 08:49:44 [Info] [4820] Connect Yundun ipc server return state is 0 2026-05-01 08:49:44 [Info] [4820] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-01 08:49:44 [Info] [4820] CResourceMonitor::run Enter 2026-05-01 08:49:44 [Info] [4820] CIpcMsgHandlerMgr::run Enter 2026-05-01 08:49:44 [Info] [4820] Report thread 2026-05-01 08:49:44 [Info] [4820] Monitor thread 2026-05-01 08:49:44 [Info] [4820] Loader thread 2026-05-01 08:49:44 [Info] [4820] PythonEngineImpl Init... 2026-05-01 08:49:44 [Info] [4820] yundun connected 2026-05-01 08:49:45 [Info] [4820] recvmsg: HELLO 2026-05-01 08:49:45 [Info] [4820] recvmsg: WORK 2026-05-01 08:49:45 [Info] [4820] no use encode, return to old mode 2026-05-01 08:49:45 [Info] [4820] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 08:49:45 [Info] [4820] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 08:49:45 [Info] [4820] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 08:49:45 [Info] [4820] log fd cnt is [250], real fd cnt is [282] 2026-05-01 08:49:45 [Info] [4820] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 08:49:46 [Info] [4820] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-01 08:49:46 [Info] [4820] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-01 08:49:46 [Info] [4820] log memory size is 20480KB, real memory size is 14820KB 2026-05-01 08:49:47 [Info] [4820] item: --windows-process-check 2026-05-01 08:49:47 [Info] [4820] cgroup name aegisRtap0 2026-05-01 08:49:47 [Info] [4820] try get sys version 2026-05-01 08:49:47 [Info] [4820] win sys info:2/10:0:3 2026-05-01 08:49:47 [Info] [4820] suit legal version, enable cpu control 2026-05-01 08:49:47 [Info] [4820] get AssignProcessToJobObject handle [00000478] 2026-05-01 08:49:47 [Info] [4820] Set setJobExtended. 2026-05-01 08:49:47 [Info] [4820] Set cpu [9%] 2026-05-01 08:49:47 [Info] [4820] Set cpu success 2026-05-01 08:49:47 [Info] [4820] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-05-01 08:49:47 [Info] [4820] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-05-01 08:49:47 [Info] [4820] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 08:49:47 [Info] [4820] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 08:49:47 [Info] [4820] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-05-01 08:49:47 [Info] [4820] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-05-01 08:49:47 [Info] [4820] Prepare stage1: --windows-process-check 2026-05-01 08:49:47 [Info] [4820] Prepare stage2 2026-05-01 08:49:50 [Info] [4820] log memory size is 30720KB, real memory size is 20636KB 2026-05-01 08:49:51 [Info] [4820] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-01 08:50:05 [Info] [4820] stage3: --windows-process-check 2026-05-01 08:50:05 [Info] [4820] Loader after check 2026-05-01 08:50:06 [Info] [4820] Enter reuse wait state. 2026-05-01 08:50:08 [Info] [4820] recvmsg: EXIT 2026-05-01 08:50:08 [Info] [4820] Recv Exit Msg, Exit... 2026-05-01 10:24:45 [Info] [2704] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-01 10:24:45 [Info] [2704] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap171601777602285 2026-05-01 10:24:45 [Info] [2704] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-01 10:24:45 [Info] [2704] Resource monitor start 2026-05-01 10:24:45 [Info] [2704] ipc client init success 2026-05-01 10:24:45 [Info] [2704] Ipc init: 0 2026-05-01 10:24:45 [Info] [2704] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-01 10:24:45 [Info] [2704] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-01 10:24:45 [Info] [2704] start ipc thread id[4728] 2026-05-01 10:24:45 [Info] [2704] Connect Yundun ipc server return state is 0 2026-05-01 10:24:45 [Info] [2704] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-01 10:24:45 [Info] [2704] CResourceMonitor::run Enter 2026-05-01 10:24:45 [Info] [2704] CIpcMsgHandlerMgr::run Enter 2026-05-01 10:24:45 [Info] [2704] Report thread 2026-05-01 10:24:45 [Info] [2704] Monitor thread 2026-05-01 10:24:45 [Info] [2704] Loader thread 2026-05-01 10:24:45 [Info] [2704] PythonEngineImpl Init... 2026-05-01 10:24:45 [Info] [2704] yundun connected 2026-05-01 10:24:45 [Info] [2704] recvmsg: HELLO 2026-05-01 10:24:45 [Info] [2704] recvmsg: WORK 2026-05-01 10:24:45 [Info] [2704] no use encode, return to old mode 2026-05-01 10:24:45 [Info] [2704] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 10:24:45 [Info] [2704] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 10:24:45 [Info] [2704] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 10:24:46 [Info] [2704] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 10:24:46 [Info] [2704] log fd cnt is [250], real fd cnt is [282] 2026-05-01 10:24:46 [Info] [2704] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-01 10:24:46 [Info] [2704] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-01 10:24:46 [Info] [2704] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-01 10:24:47 [Info] [2704] log memory size is 20480KB, real memory size is 14852KB 2026-05-01 10:24:47 [Info] [2704] item: --windows-schedule-task-check 2026-05-01 10:24:47 [Info] [2704] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-05-01 10:24:47 [Info] [2704] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-05-01 10:24:47 [Info] [2704] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 10:24:47 [Info] [2704] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 10:24:47 [Info] [2704] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-05-01 10:24:47 [Info] [2704] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-05-01 10:24:47 [Info] [2704] Prepare stage1: --windows-schedule-task-check 2026-05-01 10:24:47 [Info] [2704] Prepare stage2 2026-05-01 10:24:48 [Warn] [2704] high cpu, cpu is 16 2026-05-01 10:24:48 [Info] [2704] try get sys version 2026-05-01 10:24:48 [Info] [2704] win sys info:2/10:0:3 2026-05-01 10:24:48 [Info] [2704] suit legal version, enable cpu control 2026-05-01 10:24:48 [Warn] [2704] High CPU Warning: 16 2026-05-01 10:24:48 [Warn] [2704] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-schedule-task-check.py line: 382 in func: GetScheduleTaskByCom File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks File:windows-schedule-task-check.py line: 425 in func: check File:windows-schedule-task-check.py line: 61 in func: main File:windows-schedule-task-check.py line: 433 in func: start 2026-05-01 10:24:51 [Info] [2704] log memory size is 30720KB, real memory size is 23652KB 2026-05-01 10:25:18 [Info] [2704] stage3: --windows-schedule-task-check 2026-05-01 10:25:18 [Info] [2704] Loader after check 2026-05-01 10:25:19 [Info] [2704] Enter reuse wait state. 2026-05-01 10:25:21 [Info] [2704] recvmsg: EXIT 2026-05-01 10:25:21 [Info] [2704] Recv Exit Msg, Exit... 2026-05-01 10:25:45 [Info] [1244] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-01 10:25:45 [Info] [1244] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap173531777602344 2026-05-01 10:25:45 [Info] [1244] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-01 10:25:45 [Info] [1244] Resource monitor start 2026-05-01 10:25:45 [Info] [1244] ipc client init success 2026-05-01 10:25:45 [Info] [1244] Ipc init: 0 2026-05-01 10:25:45 [Info] [1244] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-01 10:25:45 [Info] [1244] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-01 10:25:45 [Info] [1244] start ipc thread id[2876] 2026-05-01 10:25:45 [Info] [1244] Connect Yundun ipc server return state is 0 2026-05-01 10:25:45 [Info] [1244] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-01 10:25:45 [Info] [1244] CResourceMonitor::run Enter 2026-05-01 10:25:45 [Info] [1244] CIpcMsgHandlerMgr::run Enter 2026-05-01 10:25:45 [Info] [1244] Report thread 2026-05-01 10:25:45 [Info] [1244] Monitor thread 2026-05-01 10:25:45 [Info] [1244] Loader thread 2026-05-01 10:25:45 [Info] [1244] PythonEngineImpl Init... 2026-05-01 10:25:45 [Info] [1244] yundun connected 2026-05-01 10:25:45 [Info] [1244] recvmsg: HELLO 2026-05-01 10:25:45 [Info] [1244] recvmsg: WORK 2026-05-01 10:25:45 [Info] [1244] no use encode, return to old mode 2026-05-01 10:25:45 [Info] [1244] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 10:25:45 [Info] [1244] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 10:25:45 [Info] [1244] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 10:25:46 [Info] [1244] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 10:25:46 [Info] [1244] log fd cnt is [250], real fd cnt is [282] 2026-05-01 10:25:46 [Info] [1244] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-01 10:25:46 [Info] [1244] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-01 10:25:47 [Info] [1244] log memory size is 20480KB, real memory size is 14784KB 2026-05-01 10:25:47 [Info] [1244] item: --windows-driver-version-check 2026-05-01 10:25:47 [Info] [1244] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-05-01 10:25:47 [Info] [1244] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-05-01 10:25:47 [Info] [1244] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 10:25:47 [Info] [1244] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 10:25:47 [Info] [1244] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-05-01 10:25:47 [Info] [1244] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-05-01 10:25:47 [Info] [1244] Prepare stage1: --windows-driver-version-check 2026-05-01 10:25:47 [Info] [1244] Prepare stage2 2026-05-01 10:25:47 [Info] [1244] stage3: --windows-driver-version-check 2026-05-01 10:25:47 [Info] [1244] Loader after check 2026-05-01 10:25:48 [Info] [1244] Enter reuse wait state. 2026-05-01 10:25:52 [Info] [1244] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-01 10:25:52 [Info] [1244] recvmsg: EXIT 2026-05-01 10:25:52 [Info] [1244] Recv Exit Msg, Exit... 2026-05-01 10:30:46 [Info] [2860] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-01 10:30:46 [Info] [2860] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap183391777602646 2026-05-01 10:30:46 [Info] [2860] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-01 10:30:46 [Info] [2860] Resource monitor start 2026-05-01 10:30:46 [Info] [2860] ipc client init success 2026-05-01 10:30:46 [Info] [2860] Ipc init: 0 2026-05-01 10:30:46 [Info] [2860] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-01 10:30:46 [Info] [2860] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-01 10:30:46 [Info] [2860] start ipc thread id[4612] 2026-05-01 10:30:46 [Info] [2860] Connect Yundun ipc server return state is 0 2026-05-01 10:30:46 [Info] [2860] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-01 10:30:46 [Info] [2860] CResourceMonitor::run Enter 2026-05-01 10:30:46 [Info] [2860] CIpcMsgHandlerMgr::run Enter 2026-05-01 10:30:46 [Info] [2860] Report thread 2026-05-01 10:30:46 [Info] [2860] Monitor thread 2026-05-01 10:30:46 [Info] [2860] Loader thread 2026-05-01 10:30:46 [Info] [2860] PythonEngineImpl Init... 2026-05-01 10:30:46 [Info] [2860] yundun connected 2026-05-01 10:30:47 [Info] [2860] recvmsg: HELLO 2026-05-01 10:30:47 [Info] [2860] recvmsg: WORK 2026-05-01 10:30:47 [Info] [2860] no use encode, return to old mode 2026-05-01 10:30:47 [Info] [2860] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 10:30:47 [Info] [2860] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 10:30:47 [Info] [2860] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 10:30:47 [Info] [2860] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 10:30:47 [Info] [2860] log fd cnt is [250], real fd cnt is [282] 2026-05-01 10:30:47 [Info] [2860] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-01 10:30:47 [Info] [2860] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-01 10:30:48 [Info] [2860] log memory size is 20480KB, real memory size is 14848KB 2026-05-01 10:30:48 [Info] [2860] item: --windows-registry-check 2026-05-01 10:30:48 [Info] [2860] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-05-01 10:30:48 [Info] [2860] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-05-01 10:30:48 [Info] [2860] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 10:30:48 [Info] [2860] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 10:30:49 [Info] [2860] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-05-01 10:30:49 [Info] [2860] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-05-01 10:30:49 [Info] [2860] Prepare stage1: --windows-registry-check 2026-05-01 10:30:49 [Info] [2860] Prepare stage2 2026-05-01 10:31:11 [Info] [184] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-01 10:31:11 [Info] [184] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap184201777602671 2026-05-01 10:31:11 [Info] [184] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-01 10:31:11 [Info] [184] Resource monitor start 2026-05-01 10:31:11 [Info] [184] ipc client init success 2026-05-01 10:31:11 [Info] [184] Ipc init: 0 2026-05-01 10:31:11 [Info] [184] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-01 10:31:11 [Info] [184] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-01 10:31:11 [Info] [184] start ipc thread id[1600] 2026-05-01 10:31:11 [Info] [184] Connect Yundun ipc server return state is 0 2026-05-01 10:31:11 [Info] [184] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-01 10:31:11 [Info] [184] CResourceMonitor::run Enter 2026-05-01 10:31:11 [Info] [184] CIpcMsgHandlerMgr::run Enter 2026-05-01 10:31:11 [Info] [184] Report thread 2026-05-01 10:31:11 [Info] [184] Monitor thread 2026-05-01 10:31:11 [Info] [184] Loader thread 2026-05-01 10:31:11 [Info] [184] PythonEngineImpl Init... 2026-05-01 10:31:12 [Info] [184] yundun connected 2026-05-01 10:31:12 [Info] [184] recvmsg: HELLO 2026-05-01 10:31:12 [Info] [184] recvmsg: WORK 2026-05-01 10:31:12 [Info] [184] no use encode, return to old mode 2026-05-01 10:31:12 [Info] [184] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 10:31:12 [Info] [184] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 10:31:12 [Info] [184] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 10:31:12 [Info] [184] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 10:31:12 [Info] [184] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-01 10:31:12 [Info] [184] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-01 10:31:12 [Info] [184] log fd cnt is [250], real fd cnt is [281] 2026-05-01 10:31:13 [Info] [184] log memory size is 20480KB, real memory size is 14860KB 2026-05-01 10:31:14 [Info] [184] item: --tcp-connect-check 2026-05-01 10:31:14 [Info] [184] cgroup name aegisRtap0 2026-05-01 10:31:14 [Info] [184] try get sys version 2026-05-01 10:31:14 [Info] [184] win sys info:2/10:0:3 2026-05-01 10:31:14 [Info] [184] suit legal version, enable cpu control 2026-05-01 10:31:14 [Info] [184] get AssignProcessToJobObject handle [00000478] 2026-05-01 10:31:14 [Info] [184] Set setJobExtended. 2026-05-01 10:31:14 [Info] [184] Set cpu [9%] 2026-05-01 10:31:14 [Info] [184] Set cpu success 2026-05-01 10:31:14 [Info] [184] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-05-01 10:31:14 [Info] [184] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-05-01 10:31:14 [Info] [184] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 10:31:14 [Info] [184] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 10:31:14 [Info] [184] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-05-01 10:31:14 [Info] [184] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-05-01 10:31:14 [Info] [184] Prepare stage1: --tcp-connect-check 2026-05-01 10:31:14 [Info] [184] Prepare stage2 2026-05-01 10:31:17 [Info] [184] stage3: --tcp-connect-check 2026-05-01 10:31:17 [Info] [184] Loader after check 2026-05-01 10:31:18 [Info] [184] Enter reuse wait state. 2026-05-01 10:31:19 [Info] [2860] stage3: --windows-registry-check 2026-05-01 10:31:19 [Info] [2860] Loader after check 2026-05-01 10:31:20 [Info] [2860] Enter reuse wait state. 2026-05-01 10:31:23 [Info] [184] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-01 10:31:23 [Info] [2860] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-01 10:31:23 [Info] [2860] recvmsg: EXIT 2026-05-01 10:31:23 [Info] [2860] Recv Exit Msg, Exit... 2026-05-01 10:31:25 [Info] [184] recvmsg: EXIT 2026-05-01 10:31:25 [Info] [184] Recv Exit Msg, Exit... 2026-05-01 11:08:57 [Info] [2056] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-01 11:08:57 [Info] [2056] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap258201777604937 2026-05-01 11:08:57 [Info] [2056] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-01 11:08:57 [Info] [2056] Resource monitor start 2026-05-01 11:08:57 [Info] [2056] ipc client init success 2026-05-01 11:08:57 [Info] [2056] Ipc init: 0 2026-05-01 11:08:57 [Info] [2056] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-01 11:08:57 [Info] [2056] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-01 11:08:57 [Info] [2056] start ipc thread id[1072] 2026-05-01 11:08:57 [Info] [2056] Connect Yundun ipc server return state is 0 2026-05-01 11:08:57 [Info] [2056] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-01 11:08:57 [Info] [2056] CResourceMonitor::run Enter 2026-05-01 11:08:57 [Info] [2056] CIpcMsgHandlerMgr::run Enter 2026-05-01 11:08:57 [Info] [2056] Report thread 2026-05-01 11:08:57 [Info] [2056] Monitor thread 2026-05-01 11:08:57 [Info] [2056] Loader thread 2026-05-01 11:08:57 [Info] [2056] PythonEngineImpl Init... 2026-05-01 11:08:57 [Info] [2056] yundun connected 2026-05-01 11:08:58 [Info] [2056] recvmsg: HELLO 2026-05-01 11:08:58 [Info] [2056] recvmsg: WORK 2026-05-01 11:08:58 [Info] [2056] no use encode, return to old mode 2026-05-01 11:08:58 [Info] [2056] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 11:08:58 [Info] [2056] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 11:08:58 [Info] [2056] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 11:08:58 [Info] [2056] log fd cnt is [250], real fd cnt is [282] 2026-05-01 11:08:58 [Info] [2056] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 11:08:59 [Info] [2056] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-01 11:08:59 [Info] [2056] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-01 11:08:59 [Info] [2056] log memory size is 20480KB, real memory size is 14816KB 2026-05-01 11:09:00 [Info] [2056] item: --windows-autorun-item-check 2026-05-01 11:09:00 [Info] [2056] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-05-01 11:09:00 [Info] [2056] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-05-01 11:09:00 [Info] [2056] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 11:09:00 [Info] [2056] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 11:09:00 [Info] [2056] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-05-01 11:09:00 [Info] [2056] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-05-01 11:09:00 [Info] [2056] Prepare stage1: --windows-autorun-item-check 2026-05-01 11:09:00 [Info] [2056] Prepare stage2 2026-05-01 11:09:04 [Info] [2056] log memory size is 30720KB, real memory size is 22564KB 2026-05-01 11:09:11 [Info] [2056] stage3: --windows-autorun-item-check 2026-05-01 11:09:11 [Info] [2056] Loader after check 2026-05-01 11:09:12 [Info] [2056] Enter reuse wait state. 2026-05-01 11:09:17 [Info] [2056] recvmsg: EXIT 2026-05-01 11:09:17 [Info] [2056] Recv Exit Msg, Exit... 2026-05-01 11:47:26 [Info] [1420] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-01 11:47:26 [Info] [1420] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap5921777607246 2026-05-01 11:47:26 [Info] [1420] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-01 11:47:26 [Info] [1420] Resource monitor start 2026-05-01 11:47:26 [Info] [1420] ipc client init success 2026-05-01 11:47:26 [Info] [1420] Ipc init: 0 2026-05-01 11:47:26 [Info] [1420] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-01 11:47:26 [Info] [1420] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-01 11:47:26 [Info] [1420] start ipc thread id[788] 2026-05-01 11:47:26 [Info] [1420] Connect Yundun ipc server return state is 0 2026-05-01 11:47:26 [Info] [1420] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-01 11:47:26 [Info] [1420] CResourceMonitor::run Enter 2026-05-01 11:47:26 [Info] [1420] CIpcMsgHandlerMgr::run Enter 2026-05-01 11:47:26 [Info] [1420] Report thread 2026-05-01 11:47:26 [Info] [1420] Monitor thread 2026-05-01 11:47:26 [Info] [1420] Loader thread 2026-05-01 11:47:26 [Info] [1420] PythonEngineImpl Init... 2026-05-01 11:47:26 [Info] [1420] yundun connected 2026-05-01 11:47:26 [Info] [1420] recvmsg: HELLO 2026-05-01 11:47:26 [Info] [1420] recvmsg: WORK 2026-05-01 11:47:26 [Info] [1420] no use encode, return to old mode 2026-05-01 11:47:27 [Info] [1420] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 11:47:27 [Info] [1420] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 11:47:27 [Info] [1420] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 11:47:27 [Info] [1420] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 11:47:27 [Info] [1420] log fd cnt is [250], real fd cnt is [282] 2026-05-01 11:47:27 [Info] [1420] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-01 11:47:27 [Info] [1420] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-01 11:47:28 [Info] [1420] log memory size is 20480KB, real memory size is 14832KB 2026-05-01 11:47:28 [Info] [1420] item: --windows-sysinfoext-check 2026-05-01 11:47:28 [Info] [1420] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-01 11:47:28 [Info] [1420] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-01 11:47:28 [Info] [1420] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 11:47:28 [Info] [1420] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 11:47:28 [Info] [1420] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-01 11:47:28 [Info] [1420] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-01 11:47:28 [Info] [1420] Prepare stage1: --windows-sysinfoext-check 2026-05-01 11:47:28 [Info] [1420] Prepare stage2 2026-05-01 11:47:29 [Warn] [1420] high cpu, cpu is 16 2026-05-01 11:47:29 [Info] [1420] try get sys version 2026-05-01 11:47:29 [Info] [1420] win sys info:2/10:0:3 2026-05-01 11:47:29 [Info] [1420] suit legal version, enable cpu control 2026-05-01 11:47:29 [Warn] [1420] High CPU Warning: 16 2026-05-01 11:47:29 [Warn] [1420] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:__init__.py line: 87 in func: Moniker File:__init__.py line: 72 in func: GetObject File:wmi.py line: 1276 in func: connect File:windows-sysinfoext-check.py line: 50 in func: GetSysCpuInfo File:windows-sysinfoext-check.py line: 174 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-05-01 11:47:30 [Info] [1420] stage3: --windows-sysinfoext-check 2026-05-01 11:47:30 [Info] [1420] Loader after check 2026-05-01 11:47:31 [Warn] [1420] high cpu, cpu is 18 2026-05-01 11:47:31 [Warn] [1420] High CPU Warning: 18 2026-05-01 11:47:31 [Info] [1420] Enter reuse wait state. 2026-05-01 11:47:32 [Info] [1420] log memory size is 30720KB, real memory size is 23400KB 2026-05-01 11:47:33 [Info] [1420] recvmsg: EXIT 2026-05-01 11:47:33 [Info] [1420] Recv Exit Msg, Exit... 2026-05-01 17:15:16 [Info] [2680] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-01 17:15:16 [Info] [2680] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap320551777626915 2026-05-01 17:15:16 [Info] [2680] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-01 17:15:16 [Info] [2680] Resource monitor start 2026-05-01 17:15:16 [Info] [2680] ipc client init success 2026-05-01 17:15:16 [Info] [2680] Ipc init: 0 2026-05-01 17:15:16 [Info] [2680] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-01 17:15:17 [Info] [2680] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-01 17:15:17 [Info] [2680] CResourceMonitor::run Enter 2026-05-01 17:15:17 [Info] [2680] CIpcMsgHandlerMgr::run Enter 2026-05-01 17:15:17 [Info] [2680] start ipc thread id[3828] 2026-05-01 17:15:17 [Info] [2680] Connect Yundun ipc server return state is 0 2026-05-01 17:15:17 [Info] [2680] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-01 17:15:17 [Info] [2680] yundun connected 2026-05-01 17:15:17 [Info] [2680] Report thread 2026-05-01 17:15:17 [Info] [2680] Monitor thread 2026-05-01 17:15:17 [Info] [2680] Loader thread 2026-05-01 17:15:17 [Info] [2680] PythonEngineImpl Init... 2026-05-01 17:15:17 [Info] [2680] recvmsg: HELLO 2026-05-01 17:15:17 [Info] [2680] recvmsg: WORK 2026-05-01 17:15:17 [Info] [2680] no use encode, return to old mode 2026-05-01 17:15:17 [Info] [2680] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 17:15:17 [Info] [2680] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 17:15:17 [Info] [2680] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 17:15:18 [Info] [2680] log fd cnt is [250], real fd cnt is [282] 2026-05-01 17:15:18 [Info] [2680] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 17:15:18 [Info] [2680] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-01 17:15:18 [Info] [2680] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-01 17:15:19 [Info] [2680] log memory size is 20480KB, real memory size is 14820KB 2026-05-01 17:15:19 [Info] [2680] item: --windows-sysinfoext-check 2026-05-01 17:15:19 [Info] [2680] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-01 17:15:19 [Info] [2680] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-01 17:15:19 [Info] [2680] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 17:15:19 [Info] [2680] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 17:15:19 [Info] [2680] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-01 17:15:19 [Info] [2680] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-01 17:15:19 [Info] [2680] Prepare stage1: --windows-sysinfoext-check 2026-05-01 17:15:19 [Info] [2680] Prepare stage2 2026-05-01 17:15:23 [Info] [2680] log memory size is 30720KB, real memory size is 23180KB 2026-05-01 17:15:24 [Info] [2680] stage3: --windows-sysinfoext-check 2026-05-01 17:15:24 [Info] [2680] Loader after check 2026-05-01 17:15:25 [Info] [2680] Enter reuse wait state. 2026-05-01 17:15:28 [Info] [2680] recvmsg: EXIT 2026-05-01 17:15:28 [Info] [2680] Recv Exit Msg, Exit... 2026-05-01 18:04:05 [Info] [1696] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-01 18:04:05 [Info] [1696] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap88551777629845 2026-05-01 18:04:05 [Info] [1696] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-01 18:04:05 [Info] [1696] Resource monitor start 2026-05-01 18:04:05 [Info] [1696] ipc client init success 2026-05-01 18:04:05 [Info] [1696] Ipc init: 0 2026-05-01 18:04:05 [Info] [1696] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-01 18:04:05 [Info] [1696] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-01 18:04:05 [Info] [1696] start ipc thread id[2844] 2026-05-01 18:04:05 [Info] [1696] Connect Yundun ipc server return state is 0 2026-05-01 18:04:05 [Info] [1696] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-01 18:04:05 [Info] [1696] CResourceMonitor::run Enter 2026-05-01 18:04:05 [Info] [1696] CIpcMsgHandlerMgr::run Enter 2026-05-01 18:04:05 [Info] [1696] Report thread 2026-05-01 18:04:05 [Info] [1696] Monitor thread 2026-05-01 18:04:05 [Info] [1696] Loader thread 2026-05-01 18:04:05 [Info] [1696] PythonEngineImpl Init... 2026-05-01 18:04:05 [Info] [1696] yundun connected 2026-05-01 18:04:05 [Info] [1696] recvmsg: HELLO 2026-05-01 18:04:05 [Info] [1696] recvmsg: WORK 2026-05-01 18:04:05 [Info] [1696] no use encode, return to old mode 2026-05-01 18:04:05 [Info] [1696] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 18:04:05 [Info] [1696] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 18:04:05 [Info] [1696] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 18:04:06 [Info] [1696] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 18:04:06 [Info] [1696] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-01 18:04:06 [Info] [1696] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-01 18:04:06 [Info] [1696] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-01 18:04:06 [Info] [1696] log fd cnt is [250], real fd cnt is [281] 2026-05-01 18:04:07 [Info] [1696] log memory size is 20480KB, real memory size is 14876KB 2026-05-01 18:04:07 [Info] [1696] item: --secnet_rasp_agent 2026-05-01 18:04:07 [Info] [1696] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-05-01 18:04:07 [Info] [1696] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-05-01 18:04:07 [Info] [1696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-05-01 18:04:07 [Info] [1696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-05-01 18:04:07 [Info] [1696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-05-01 18:04:07 [Info] [1696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-05-01 18:04:07 [Info] [1696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-05-01 18:04:07 [Info] [1696] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-05-01 18:04:07 [Info] [1696] Download redirect files success. 2026-05-01 18:04:07 [Info] [1696] Prepare stage1: --secnet_rasp_agent 2026-05-01 18:04:07 [Info] [1696] Prepare stage2 2026-05-01 18:04:08 [Info] [1696] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-05-01 18:04:08 [Info] [1696] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-05-01 18:04:08 [Info] [1696] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 18:04:08 [Info] [1696] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 18:04:09 [Info] [1696] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-05-01 18:04:09 [Info] [1696] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-05-01 18:04:09 [Info] [1696] stage3: --secnet_rasp_agent 2026-05-01 18:04:09 [Info] [1696] Loader after check 2026-05-01 18:04:10 [Info] [1696] Enter reuse wait state. 2026-05-01 18:04:11 [Info] [1696] log memory size is 30720KB, real memory size is 21344KB 2026-05-01 18:04:12 [Info] [1696] recvmsg: EXIT 2026-05-01 18:04:12 [Info] [1696] Recv Exit Msg, Exit... 2026-05-01 22:43:29 [Info] [4288] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-01 22:43:29 [Info] [4288] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap308311777646609 2026-05-01 22:43:29 [Info] [4288] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-01 22:43:29 [Info] [4288] Resource monitor start 2026-05-01 22:43:29 [Info] [4288] ipc client init success 2026-05-01 22:43:29 [Info] [4288] Ipc init: 0 2026-05-01 22:43:29 [Info] [4288] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-01 22:43:29 [Info] [4288] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-01 22:43:29 [Info] [4288] start ipc thread id[2860] 2026-05-01 22:43:29 [Info] [4288] Connect Yundun ipc server return state is 0 2026-05-01 22:43:29 [Info] [4288] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-01 22:43:29 [Info] [4288] CResourceMonitor::run Enter 2026-05-01 22:43:29 [Info] [4288] CIpcMsgHandlerMgr::run Enter 2026-05-01 22:43:29 [Info] [4288] Report thread 2026-05-01 22:43:29 [Info] [4288] Monitor thread 2026-05-01 22:43:29 [Info] [4288] Loader thread 2026-05-01 22:43:29 [Info] [4288] PythonEngineImpl Init... 2026-05-01 22:43:30 [Info] [4288] yundun connected 2026-05-01 22:43:30 [Info] [4288] recvmsg: HELLO 2026-05-01 22:43:30 [Info] [4288] recvmsg: WORK 2026-05-01 22:43:30 [Info] [4288] no use encode, return to old mode 2026-05-01 22:43:30 [Info] [4288] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 22:43:30 [Info] [4288] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 22:43:30 [Info] [4288] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 22:43:30 [Info] [4288] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 22:43:31 [Info] [4288] log fd cnt is [250], real fd cnt is [282] 2026-05-01 22:43:31 [Info] [4288] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-01 22:43:31 [Info] [4288] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-01 22:43:32 [Info] [4288] log memory size is 20480KB, real memory size is 14816KB 2026-05-01 22:43:32 [Info] [4288] item: --windows-sysinfoext-check 2026-05-01 22:43:32 [Info] [4288] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-01 22:43:32 [Info] [4288] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-01 22:43:32 [Info] [4288] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 22:43:32 [Info] [4288] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 22:43:32 [Info] [4288] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-01 22:43:32 [Info] [4288] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-01 22:43:32 [Info] [4288] Prepare stage1: --windows-sysinfoext-check 2026-05-01 22:43:32 [Info] [4288] Prepare stage2 2026-05-01 22:43:33 [Warn] [4288] high cpu, cpu is 12 2026-05-01 22:43:33 [Info] [4288] try get sys version 2026-05-01 22:43:33 [Info] [4288] win sys info:2/10:0:3 2026-05-01 22:43:33 [Info] [4288] suit legal version, enable cpu control 2026-05-01 22:43:33 [Warn] [4288] High CPU Warning: 12 2026-05-01 22:43:33 [Warn] [4288] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:util.py line: 84 in func: next File:wmi.py line: 1009 in func: query File:wmi.py line: 817 in func: query File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-05-01 22:43:33 [Info] [4288] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-01 22:43:34 [Info] [4288] stage3: --windows-sysinfoext-check 2026-05-01 22:43:34 [Info] [4288] Loader after check 2026-05-01 22:43:34 [Info] [3640] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-01 22:43:34 [Info] [3640] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap308481777646614 2026-05-01 22:43:34 [Info] [3640] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-01 22:43:34 [Info] [3640] Resource monitor start 2026-05-01 22:43:34 [Info] [3640] ipc client init success 2026-05-01 22:43:34 [Info] [3640] Ipc init: 0 2026-05-01 22:43:34 [Info] [3640] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-01 22:43:34 [Info] [3640] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-01 22:43:34 [Info] [3640] start ipc thread id[3136] 2026-05-01 22:43:34 [Info] [3640] Connect Yundun ipc server return state is 0 2026-05-01 22:43:34 [Info] [3640] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-01 22:43:34 [Info] [3640] CResourceMonitor::run Enter 2026-05-01 22:43:34 [Info] [3640] CIpcMsgHandlerMgr::run Enter 2026-05-01 22:43:34 [Info] [3640] yundun connected 2026-05-01 22:43:34 [Info] [3640] Report thread 2026-05-01 22:43:34 [Info] [3640] Monitor thread 2026-05-01 22:43:34 [Info] [3640] Loader thread 2026-05-01 22:43:34 [Info] [3640] PythonEngineImpl Init... 2026-05-01 22:43:35 [Warn] [4288] high cpu, cpu is 12 2026-05-01 22:43:35 [Warn] [4288] High CPU Warning: 12 2026-05-01 22:43:35 [Info] [3640] recvmsg: HELLO 2026-05-01 22:43:35 [Info] [3640] recvmsg: WORK 2026-05-01 22:43:35 [Info] [3640] no use encode, return to old mode 2026-05-01 22:43:35 [Info] [3640] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 22:43:35 [Info] [3640] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-01 22:43:35 [Info] [3640] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 22:43:35 [Info] [3640] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 22:43:35 [Info] [4288] Enter reuse wait state. 2026-05-01 22:43:35 [Info] [3640] log fd cnt is [250], real fd cnt is [282] 2026-05-01 22:43:35 [Info] [3640] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-01 22:43:35 [Info] [3640] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-01 22:43:36 [Info] [4288] log memory size is 30720KB, real memory size is 23344KB 2026-05-01 22:43:36 [Info] [3640] log memory size is 20480KB, real memory size is 14816KB 2026-05-01 22:43:37 [Info] [3640] item: --windows-vul-check 2026-05-01 22:43:37 [Info] [3640] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-05-01 22:43:37 [Info] [3640] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-05-01 22:43:37 [Info] [3640] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py 2026-05-01 22:43:37 [Info] [3640] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-05-01 22:43:37 [Info] [3640] Download redirect files success. 2026-05-01 22:43:37 [Info] [3640] Prepare stage1: --windows-vul-check 2026-05-01 22:43:37 [Info] [3640] Prepare stage2 2026-05-01 22:43:37 [Info] [3640] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-05-01 22:43:37 [Info] [3640] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-05-01 22:43:37 [Info] [3640] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-01 22:43:37 [Info] [3640] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-01 22:43:37 [Warn] [3640] high cpu, cpu is 15 2026-05-01 22:43:37 [Info] [3640] try get sys version 2026-05-01 22:43:37 [Info] [3640] win sys info:2/10:0:3 2026-05-01 22:43:37 [Info] [3640] suit legal version, enable cpu control 2026-05-01 22:43:37 [Warn] [3640] High CPU Warning: 15 2026-05-01 22:43:37 [Info] [3640] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-05-01 22:43:37 [Info] [3640] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-05-01 22:43:38 [Info] [3640] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0 2026-05-01 22:43:38 [Info] [3640] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0 2026-05-01 22:43:38 [Info] [3640] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat 2026-05-01 22:43:38 [Info] [3640] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_90\rule\vuldata_v2.dat 2026-05-01 22:43:38 [Warn] [3640] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:aegis_plugin_util.py line: 250 in func: __download_by_extension_interface File:aegis_plugin_util.py line: 386 in func: download_aegis_file File:windows-vul-check.py line: 370 in func: update_local_rule File:windows-vul-check.py line: 982 in func: start 2026-05-01 22:43:38 [Info] [4288] recvmsg: EXIT 2026-05-01 22:43:38 [Info] [4288] Recv Exit Msg, Exit... 2026-05-01 22:43:38 [Info] [3640] stage3: --windows-vul-check 2026-05-01 22:43:38 [Info] [3640] Loader after check 2026-05-01 22:43:39 [Info] [3640] Enter reuse wait state. 2026-05-01 22:43:41 [Info] [3640] log memory size is 30720KB, real memory size is 23480KB 2026-05-01 22:43:44 [Info] [3640] recvmsg: EXIT 2026-05-01 22:43:44 [Info] [3640] Recv Exit Msg, Exit... 2026-05-08 02:02:27 [Info] [3824] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-08 02:02:27 [Info] [3824] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap259881778176947 2026-05-08 02:02:27 [Info] [3824] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-08 02:02:28 [Info] [3824] Resource monitor start 2026-05-08 02:02:28 [Info] [3824] ipc client init success 2026-05-08 02:02:28 [Info] [3824] Ipc init: 0 2026-05-08 02:02:28 [Info] [3824] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-08 02:02:28 [Info] [3824] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-08 02:02:28 [Info] [3824] start ipc thread id[4168] 2026-05-08 02:02:28 [Info] [3824] Connect Yundun ipc server return state is 0 2026-05-08 02:02:28 [Info] [3824] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-08 02:02:29 [Info] [3824] CResourceMonitor::run Enter 2026-05-08 02:02:29 [Info] [3824] CIpcMsgHandlerMgr::run Enter 2026-05-08 02:02:29 [Info] [3824] yundun connected 2026-05-08 02:02:29 [Info] [3824] Report thread 2026-05-08 02:02:29 [Info] [3824] Monitor thread 2026-05-08 02:02:29 [Info] [3824] Loader thread 2026-05-08 02:02:29 [Info] [3824] PythonEngineImpl Init... 2026-05-08 02:02:29 [Info] [3824] recvmsg: HELLO 2026-05-08 02:02:31 [Info] [3824] recvmsg: WORK 2026-05-08 02:02:31 [Info] [3824] no use encode, return to old mode 2026-05-08 02:02:31 [Info] [3824] log fd cnt is [250], real fd cnt is [263] 2026-05-08 02:02:31 [Info] [3824] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 02:02:31 [Info] [3824] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 02:02:31 [Info] [3824] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 02:02:32 [Info] [3824] log memory size is 20480KB, real memory size is 13488KB 2026-05-08 02:02:33 [Info] [3824] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 02:02:35 [Info] [3824] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-08 02:02:35 [Info] [3824] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-08 02:02:40 [Info] [3824] item: --sca 2026-05-08 02:02:40 [Info] [3824] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-05-08 02:02:41 [Info] [3824] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-05-08 02:02:41 [Info] [3824] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-05-08 02:02:42 [Info] [3824] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-05-08 02:02:43 [Info] [3824] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-05-08 02:02:45 [Info] [3824] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-05-08 02:02:46 [Info] [3824] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-05-08 02:02:47 [Info] [3824] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-05-08 02:02:48 [Info] [3824] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-05-08 02:02:50 [Info] [3824] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-05-08 02:02:51 [Info] [3824] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-05-08 02:02:52 [Info] [3824] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-05-08 02:02:52 [Info] [3824] Download redirect files success. 2026-05-08 02:02:52 [Info] [3824] Prepare stage1: --sca 2026-05-08 02:02:52 [Info] [3824] Prepare stage2 2026-05-08 02:03:01 [Info] [3824] log memory size is 30720KB, real memory size is 28920KB 2026-05-08 02:03:09 [Info] [3824] log memory size is 40960KB, real memory size is 31212KB 2026-05-08 02:03:41 [Info] [3824] log fd cnt is [300], real fd cnt is [364] 2026-05-08 02:03:59 [Info] [3824] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-08 02:04:41 [Info] [3824] log fd cnt is [350], real fd cnt is [365] 2026-05-08 02:05:41 [Info] [3824] log fd cnt is [400], real fd cnt is [373] 2026-05-08 02:07:17 [Info] [3824] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-08 02:10:46 [Info] [3824] stage3: --sca 2026-05-08 02:10:46 [Info] [3824] Loader after check 2026-05-08 02:10:46 [Info] [3824] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-08 02:10:47 [Info] [3824] Enter reuse wait state. 2026-05-08 02:10:52 [Info] [3824] recvmsg: EXIT 2026-05-08 02:10:52 [Info] [3824] Recv Exit Msg, Exit... 2026-05-08 04:07:22 [Info] [3144] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-08 04:07:22 [Info] [3144] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap176961778184442 2026-05-08 04:07:22 [Info] [3144] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-08 04:07:22 [Info] [3144] Resource monitor start 2026-05-08 04:07:22 [Info] [3144] ipc client init success 2026-05-08 04:07:22 [Info] [3144] Ipc init: 0 2026-05-08 04:07:22 [Info] [3144] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-08 04:07:22 [Info] [3144] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-08 04:07:22 [Info] [3144] start ipc thread id[4972] 2026-05-08 04:07:22 [Info] [3144] Connect Yundun ipc server return state is 0 2026-05-08 04:07:22 [Info] [3144] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-08 04:07:22 [Info] [3144] CResourceMonitor::run Enter 2026-05-08 04:07:22 [Info] [3144] CIpcMsgHandlerMgr::run Enter 2026-05-08 04:07:22 [Info] [3144] Report thread 2026-05-08 04:07:22 [Info] [3144] Monitor thread 2026-05-08 04:07:22 [Info] [3144] Loader thread 2026-05-08 04:07:22 [Info] [3144] PythonEngineImpl Init... 2026-05-08 04:07:22 [Info] [3144] yundun connected 2026-05-08 04:07:22 [Info] [3144] recvmsg: HELLO 2026-05-08 04:07:22 [Info] [3144] recvmsg: WORK 2026-05-08 04:07:22 [Info] [3144] no use encode, return to old mode 2026-05-08 04:07:22 [Info] [3144] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 04:07:22 [Info] [3144] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 04:07:22 [Info] [3144] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 04:07:23 [Info] [3144] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 04:07:23 [Info] [3144] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-08 04:07:23 [Info] [3144] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-08 04:07:23 [Info] [3144] log fd cnt is [250], real fd cnt is [281] 2026-05-08 04:07:24 [Info] [3144] log memory size is 20480KB, real memory size is 14672KB 2026-05-08 04:07:24 [Info] [3144] item: --windows-sysinfoext-check 2026-05-08 04:07:24 [Info] [3144] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-08 04:07:24 [Info] [3144] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-08 04:07:24 [Info] [3144] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 04:07:24 [Info] [3144] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 04:07:24 [Info] [3144] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-08 04:07:24 [Info] [3144] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-08 04:07:24 [Info] [3144] Prepare stage1: --windows-sysinfoext-check 2026-05-08 04:07:24 [Info] [3144] Prepare stage2 2026-05-08 04:07:25 [Warn] [3144] high cpu, cpu is 13 2026-05-08 04:07:25 [Info] [3144] try get sys version 2026-05-08 04:07:25 [Info] [3144] win sys info:2/10:0:3 2026-05-08 04:07:25 [Info] [3144] suit legal version, enable cpu control 2026-05-08 04:07:25 [Warn] [3144] High CPU Warning: 13 2026-05-08 04:07:25 [Warn] [3144] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:<string> line: 12 in func: __init__ File:wmi.py line: 1145 in func: __getattr__ File:wmi.py line: 783 in func: __init__ File:wmi.py line: 1156 in func: _cached_classes File:wmi.py line: 1145 in func: __getattr__ File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-05-08 04:07:27 [Info] [3144] stage3: --windows-sysinfoext-check 2026-05-08 04:07:27 [Info] [3144] Loader after check 2026-05-08 04:07:28 [Info] [3144] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-08 04:07:28 [Info] [3144] log memory size is 30720KB, real memory size is 23028KB 2026-05-08 04:07:28 [Info] [3144] Enter reuse wait state. 2026-05-08 04:07:34 [Info] [3144] recvmsg: EXIT 2026-05-08 04:07:34 [Info] [3144] Recv Exit Msg, Exit... 2026-05-08 07:44:19 [Info] [692] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-08 07:44:19 [Info] [692] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap274361778197459 2026-05-08 07:44:19 [Info] [692] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-08 07:44:19 [Info] [692] Resource monitor start 2026-05-08 07:44:19 [Info] [692] ipc client init success 2026-05-08 07:44:19 [Info] [692] Ipc init: 0 2026-05-08 07:44:19 [Info] [692] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-08 07:44:19 [Info] [692] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-08 07:44:19 [Info] [692] start ipc thread id[4676] 2026-05-08 07:44:19 [Info] [692] Connect Yundun ipc server return state is 0 2026-05-08 07:44:19 [Info] [692] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-08 07:44:19 [Info] [692] CResourceMonitor::run Enter 2026-05-08 07:44:19 [Info] [692] CIpcMsgHandlerMgr::run Enter 2026-05-08 07:44:19 [Info] [692] Report thread 2026-05-08 07:44:19 [Info] [692] Monitor thread 2026-05-08 07:44:19 [Info] [692] Loader thread 2026-05-08 07:44:19 [Info] [692] PythonEngineImpl Init... 2026-05-08 07:44:19 [Info] [692] yundun connected 2026-05-08 07:44:19 [Info] [692] recvmsg: HELLO 2026-05-08 07:44:19 [Info] [692] recvmsg: WORK 2026-05-08 07:44:19 [Info] [692] no use encode, return to old mode 2026-05-08 07:44:19 [Info] [692] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 07:44:19 [Info] [692] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 07:44:19 [Info] [692] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 07:44:20 [Info] [692] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 07:44:20 [Info] [692] log fd cnt is [250], real fd cnt is [286] 2026-05-08 07:44:20 [Info] [692] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-08 07:44:20 [Info] [692] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-08 07:44:21 [Info] [692] log memory size is 20480KB, real memory size is 14652KB 2026-05-08 07:44:21 [Info] [692] item: --windows-vul-clean 2026-05-08 07:44:21 [Info] [692] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-05-08 07:44:21 [Info] [692] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-05-08 07:44:21 [Info] [692] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 07:44:21 [Info] [692] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 07:44:21 [Info] [692] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-05-08 07:44:21 [Info] [692] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-05-08 07:44:21 [Info] [692] Prepare stage1: --windows-vul-clean 2026-05-08 07:44:21 [Info] [692] Prepare stage2 2026-05-08 07:44:21 [Info] [692] stage3: --windows-vul-clean 2026-05-08 07:44:21 [Info] [692] Loader after check 2026-05-08 07:44:23 [Info] [692] Enter reuse wait state. 2026-05-08 07:44:26 [Info] [692] recvmsg: EXIT 2026-05-08 07:44:26 [Info] [692] Recv Exit Msg, Exit... 2026-05-08 08:42:51 [Info] [4472] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-08 08:42:51 [Info] [4472] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap61361778200971 2026-05-08 08:42:51 [Info] [4472] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-08 08:42:51 [Info] [4472] Resource monitor start 2026-05-08 08:42:51 [Info] [4472] ipc client init success 2026-05-08 08:42:51 [Info] [4472] Ipc init: 0 2026-05-08 08:42:51 [Info] [4472] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-08 08:42:51 [Info] [4472] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-08 08:42:51 [Info] [4472] start ipc thread id[4624] 2026-05-08 08:42:51 [Info] [4472] Connect Yundun ipc server return state is 0 2026-05-08 08:42:51 [Info] [4472] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-08 08:42:51 [Info] [4472] CResourceMonitor::run Enter 2026-05-08 08:42:51 [Info] [4472] CIpcMsgHandlerMgr::run Enter 2026-05-08 08:42:51 [Info] [4472] Report thread 2026-05-08 08:42:51 [Info] [4472] Monitor thread 2026-05-08 08:42:51 [Info] [4472] Loader thread 2026-05-08 08:42:51 [Info] [4472] PythonEngineImpl Init... 2026-05-08 08:42:51 [Info] [4472] yundun connected 2026-05-08 08:42:51 [Info] [4472] recvmsg: HELLO 2026-05-08 08:42:51 [Info] [4472] recvmsg: WORK 2026-05-08 08:42:51 [Info] [4472] no use encode, return to old mode 2026-05-08 08:42:52 [Info] [4472] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 08:42:52 [Info] [4472] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 08:42:52 [Info] [4472] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 08:42:52 [Info] [4472] log fd cnt is [250], real fd cnt is [282] 2026-05-08 08:42:52 [Info] [4472] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 08:42:52 [Info] [4472] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-08 08:42:52 [Info] [4472] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-08 08:42:53 [Info] [4472] log memory size is 20480KB, real memory size is 14588KB 2026-05-08 08:42:53 [Info] [4472] item: --windows-process-check 2026-05-08 08:42:53 [Info] [4472] cgroup name aegisRtap0 2026-05-08 08:42:53 [Info] [4472] try get sys version 2026-05-08 08:42:53 [Info] [4472] win sys info:2/10:0:3 2026-05-08 08:42:53 [Info] [4472] suit legal version, enable cpu control 2026-05-08 08:42:53 [Info] [4472] get AssignProcessToJobObject handle [00000478] 2026-05-08 08:42:53 [Info] [4472] Set setJobExtended. 2026-05-08 08:42:53 [Info] [4472] Set cpu [9%] 2026-05-08 08:42:53 [Info] [4472] Set cpu success 2026-05-08 08:42:53 [Info] [4472] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-05-08 08:42:53 [Info] [4472] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-05-08 08:42:53 [Info] [4472] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 08:42:53 [Info] [4472] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 08:42:53 [Info] [4472] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-05-08 08:42:53 [Info] [4472] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-05-08 08:42:54 [Info] [4472] Prepare stage1: --windows-process-check 2026-05-08 08:42:54 [Info] [4472] Prepare stage2 2026-05-08 08:43:01 [Info] [4472] log memory size is 30720KB, real memory size is 20488KB 2026-05-08 08:43:12 [Info] [4472] stage3: --windows-process-check 2026-05-08 08:43:12 [Info] [4472] Loader after check 2026-05-08 08:43:13 [Info] [4472] Enter reuse wait state. 2026-05-08 08:43:15 [Info] [4472] recvmsg: EXIT 2026-05-08 08:43:15 [Info] [4472] Recv Exit Msg, Exit... 2026-05-08 09:35:31 [Info] [2052] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-08 09:35:31 [Info] [2052] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap164561778204131 2026-05-08 09:35:31 [Info] [2052] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-08 09:35:31 [Info] [2052] Resource monitor start 2026-05-08 09:35:31 [Info] [2052] ipc client init success 2026-05-08 09:35:31 [Info] [2052] Ipc init: 0 2026-05-08 09:35:31 [Info] [2052] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-08 09:35:31 [Info] [2052] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-08 09:35:31 [Info] [2052] start ipc thread id[2068] 2026-05-08 09:35:31 [Info] [2052] Connect Yundun ipc server return state is 0 2026-05-08 09:35:31 [Info] [2052] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-08 09:35:31 [Info] [2052] CResourceMonitor::run Enter 2026-05-08 09:35:31 [Info] [2052] CIpcMsgHandlerMgr::run Enter 2026-05-08 09:35:31 [Info] [2052] Report thread 2026-05-08 09:35:31 [Info] [2052] Monitor thread 2026-05-08 09:35:31 [Info] [2052] Loader thread 2026-05-08 09:35:31 [Info] [2052] PythonEngineImpl Init... 2026-05-08 09:35:31 [Info] [2052] yundun connected 2026-05-08 09:35:32 [Info] [2052] recvmsg: HELLO 2026-05-08 09:35:32 [Info] [2052] recvmsg: WORK 2026-05-08 09:35:32 [Info] [2052] no use encode, return to old mode 2026-05-08 09:35:32 [Info] [2052] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 09:35:32 [Info] [2052] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 09:35:32 [Info] [2052] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 09:35:32 [Info] [2052] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 09:35:32 [Info] [2052] log fd cnt is [250], real fd cnt is [282] 2026-05-08 09:35:32 [Info] [2052] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-08 09:35:32 [Info] [2052] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-08 09:35:33 [Info] [2052] log memory size is 20480KB, real memory size is 14668KB 2026-05-08 09:35:33 [Info] [2052] item: --windows-sysinfoext-check 2026-05-08 09:35:33 [Info] [2052] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-08 09:35:33 [Info] [2052] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-08 09:35:33 [Info] [2052] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 09:35:34 [Info] [2052] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 09:35:34 [Info] [2052] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-08 09:35:34 [Info] [2052] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-08 09:35:34 [Info] [2052] Prepare stage1: --windows-sysinfoext-check 2026-05-08 09:35:34 [Info] [2052] Prepare stage2 2026-05-08 09:35:34 [Warn] [2052] high cpu, cpu is 15 2026-05-08 09:35:34 [Info] [2052] try get sys version 2026-05-08 09:35:34 [Info] [2052] win sys info:2/10:0:3 2026-05-08 09:35:34 [Info] [2052] suit legal version, enable cpu control 2026-05-08 09:35:34 [Warn] [2052] High CPU Warning: 15 2026-05-08 09:35:34 [Warn] [2052] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:<string> line: 12 in func: __init__ File:wmi.py line: 1145 in func: __getattr__ File:wmi.py line: 783 in func: __init__ File:wmi.py line: 1156 in func: _cached_classes File:wmi.py line: 1145 in func: __getattr__ File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion File:windows-sysinfoext-check.py line: 168 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-05-08 09:35:36 [Info] [2052] stage3: --windows-sysinfoext-check 2026-05-08 09:35:36 [Info] [2052] Loader after check 2026-05-08 09:35:36 [Warn] [2052] high cpu, cpu is 12 2026-05-08 09:35:36 [Warn] [2052] High CPU Warning: 12 2026-05-08 09:35:37 [Info] [2052] Enter reuse wait state. 2026-05-08 09:35:37 [Info] [2052] log memory size is 30720KB, real memory size is 23132KB 2026-05-08 09:35:39 [Info] [2052] recvmsg: EXIT 2026-05-08 09:35:39 [Info] [2052] Recv Exit Msg, Exit... 2026-05-08 10:24:11 [Info] [4868] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-08 10:24:11 [Info] [4868] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap259911778207051 2026-05-08 10:24:11 [Info] [4868] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-08 10:24:11 [Info] [4868] Resource monitor start 2026-05-08 10:24:11 [Info] [4868] ipc client init success 2026-05-08 10:24:11 [Info] [4868] Ipc init: 0 2026-05-08 10:24:11 [Info] [4868] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-08 10:24:11 [Info] [4868] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-08 10:24:11 [Info] [4868] start ipc thread id[788] 2026-05-08 10:24:11 [Info] [4868] Connect Yundun ipc server return state is 0 2026-05-08 10:24:11 [Info] [4868] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-08 10:24:11 [Info] [4868] CResourceMonitor::run Enter 2026-05-08 10:24:11 [Info] [4868] CIpcMsgHandlerMgr::run Enter 2026-05-08 10:24:11 [Info] [4868] Report thread 2026-05-08 10:24:11 [Info] [4868] Monitor thread 2026-05-08 10:24:11 [Info] [4868] Loader thread 2026-05-08 10:24:11 [Info] [4868] PythonEngineImpl Init... 2026-05-08 10:24:11 [Info] [4868] yundun connected 2026-05-08 10:24:11 [Info] [4868] recvmsg: HELLO 2026-05-08 10:24:11 [Info] [4868] recvmsg: WORK 2026-05-08 10:24:11 [Info] [4868] no use encode, return to old mode 2026-05-08 10:24:11 [Info] [4868] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 10:24:11 [Info] [4868] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 10:24:11 [Info] [4868] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 10:24:12 [Info] [4868] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 10:24:12 [Info] [4868] log fd cnt is [250], real fd cnt is [286] 2026-05-08 10:24:12 [Info] [4868] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-08 10:24:12 [Info] [4868] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-08 10:24:13 [Info] [4868] log memory size is 20480KB, real memory size is 14664KB 2026-05-08 10:24:13 [Info] [4868] item: --windows-schedule-task-check 2026-05-08 10:24:13 [Info] [4868] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-05-08 10:24:13 [Info] [4868] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-05-08 10:24:13 [Info] [4868] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 10:24:13 [Info] [4868] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 10:24:13 [Info] [4868] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-05-08 10:24:13 [Info] [4868] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-05-08 10:24:13 [Info] [4868] Prepare stage1: --windows-schedule-task-check 2026-05-08 10:24:13 [Info] [4868] Prepare stage2 2026-05-08 10:24:14 [Warn] [4868] high cpu, cpu is 19 2026-05-08 10:24:14 [Info] [4868] try get sys version 2026-05-08 10:24:14 [Info] [4868] win sys info:2/10:0:3 2026-05-08 10:24:14 [Info] [4868] suit legal version, enable cpu control 2026-05-08 10:24:14 [Warn] [4868] High CPU Warning: 19 2026-05-08 10:24:14 [Warn] [4868] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:<COMObject <unknown>> line: 2 in func: GetFolders File:windows-schedule-task-check.py line: 346 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 359 in func: _walk_tasks_internal File:windows-schedule-task-check.py line: 372 in func: GetScheduleTaskByCom File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks File:windows-schedule-task-check.py line: 425 in func: check File:windows-schedule-task-check.py line: 61 in func: main File:windows-schedule-task-check.py line: 433 in func: start 2026-05-08 10:24:16 [Info] [4680] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-08 10:24:16 [Info] [4680] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap260081778207056 2026-05-08 10:24:16 [Info] [4680] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-08 10:24:16 [Info] [4680] Resource monitor start 2026-05-08 10:24:16 [Info] [4680] ipc client init success 2026-05-08 10:24:16 [Info] [4680] Ipc init: 0 2026-05-08 10:24:16 [Info] [4680] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-08 10:24:16 [Info] [4680] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-08 10:24:16 [Info] [4680] start ipc thread id[5084] 2026-05-08 10:24:16 [Info] [4680] Connect Yundun ipc server return state is 0 2026-05-08 10:24:16 [Info] [4680] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-08 10:24:16 [Info] [4680] CResourceMonitor::run Enter 2026-05-08 10:24:16 [Info] [4680] CIpcMsgHandlerMgr::run Enter 2026-05-08 10:24:16 [Info] [4680] Report thread 2026-05-08 10:24:16 [Info] [4680] Monitor thread 2026-05-08 10:24:16 [Info] [4680] Loader thread 2026-05-08 10:24:16 [Info] [4680] PythonEngineImpl Init... 2026-05-08 10:24:16 [Info] [4680] yundun connected 2026-05-08 10:24:16 [Info] [4680] recvmsg: HELLO 2026-05-08 10:24:16 [Info] [4680] recvmsg: WORK 2026-05-08 10:24:16 [Info] [4680] no use encode, return to old mode 2026-05-08 10:24:17 [Info] [4680] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 10:24:17 [Info] [4680] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 10:24:17 [Info] [4680] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 10:24:17 [Info] [4680] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 10:24:17 [Info] [4868] log memory size is 30720KB, real memory size is 23392KB 2026-05-08 10:24:17 [Warn] [4680] high cpu, cpu is 13 2026-05-08 10:24:17 [Info] [4680] try get sys version 2026-05-08 10:24:17 [Info] [4680] win sys info:2/10:0:3 2026-05-08 10:24:17 [Info] [4680] suit legal version, enable cpu control 2026-05-08 10:24:17 [Warn] [4680] High CPU Warning: 13 2026-05-08 10:24:17 [Warn] [4680] resource monitor exp type: High CPU Warning, script runing: 0 2026-05-08 10:24:17 [Info] [4680] log fd cnt is [250], real fd cnt is [282] 2026-05-08 10:24:17 [Info] [4680] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-08 10:24:17 [Info] [4680] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-08 10:24:18 [Info] [4680] log memory size is 20480KB, real memory size is 14676KB 2026-05-08 10:24:18 [Info] [4680] item: --windows-registry-check 2026-05-08 10:24:18 [Info] [4680] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-05-08 10:24:18 [Info] [4680] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-05-08 10:24:18 [Info] [4680] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 10:24:18 [Info] [4680] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 10:24:18 [Info] [4680] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-05-08 10:24:18 [Info] [4680] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-05-08 10:24:19 [Info] [4680] Prepare stage1: --windows-registry-check 2026-05-08 10:24:19 [Info] [4680] Prepare stage2 2026-05-08 10:24:28 [Info] [4868] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-08 10:24:28 [Info] [4680] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-08 10:24:46 [Info] [4868] stage3: --windows-schedule-task-check 2026-05-08 10:24:46 [Info] [4868] Loader after check 2026-05-08 10:24:47 [Info] [4868] Enter reuse wait state. 2026-05-08 10:24:48 [Info] [4680] stage3: --windows-registry-check 2026-05-08 10:24:48 [Info] [4680] Loader after check 2026-05-08 10:24:49 [Info] [4680] Enter reuse wait state. 2026-05-08 10:24:52 [Info] [4868] recvmsg: EXIT 2026-05-08 10:24:52 [Info] [4868] Recv Exit Msg, Exit... 2026-05-08 10:24:54 [Info] [4680] recvmsg: EXIT 2026-05-08 10:24:54 [Info] [4680] Recv Exit Msg, Exit... 2026-05-08 10:25:38 [Info] [4016] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-08 10:25:38 [Info] [4016] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap262751778207138 2026-05-08 10:25:38 [Info] [4016] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-08 10:25:38 [Info] [4016] Resource monitor start 2026-05-08 10:25:38 [Info] [4016] ipc client init success 2026-05-08 10:25:38 [Info] [4016] Ipc init: 0 2026-05-08 10:25:38 [Info] [4016] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-08 10:25:38 [Info] [4016] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-08 10:25:38 [Info] [4016] start ipc thread id[2608] 2026-05-08 10:25:38 [Info] [4016] Connect Yundun ipc server return state is 0 2026-05-08 10:25:38 [Info] [4016] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-08 10:25:38 [Info] [4016] CResourceMonitor::run Enter 2026-05-08 10:25:38 [Info] [4016] CIpcMsgHandlerMgr::run Enter 2026-05-08 10:25:38 [Info] [4016] Report thread 2026-05-08 10:25:38 [Info] [4016] Monitor thread 2026-05-08 10:25:38 [Info] [4016] Loader thread 2026-05-08 10:25:38 [Info] [4016] PythonEngineImpl Init... 2026-05-08 10:25:38 [Info] [4016] yundun connected 2026-05-08 10:25:39 [Info] [4016] recvmsg: HELLO 2026-05-08 10:25:39 [Info] [4016] recvmsg: WORK 2026-05-08 10:25:39 [Info] [4016] no use encode, return to old mode 2026-05-08 10:25:39 [Info] [4016] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 10:25:39 [Info] [4016] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 10:25:39 [Info] [4016] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 10:25:39 [Info] [4016] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 10:25:39 [Info] [4016] log fd cnt is [250], real fd cnt is [282] 2026-05-08 10:25:39 [Info] [4016] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-08 10:25:39 [Info] [4016] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-08 10:25:40 [Info] [4016] log memory size is 20480KB, real memory size is 14680KB 2026-05-08 10:25:40 [Info] [4016] item: --windows-driver-version-check 2026-05-08 10:25:40 [Info] [4016] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-05-08 10:25:40 [Info] [4016] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-05-08 10:25:40 [Info] [4016] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 10:25:40 [Info] [4016] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 10:25:41 [Info] [4016] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-05-08 10:25:41 [Info] [4016] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-05-08 10:25:41 [Info] [4016] Prepare stage1: --windows-driver-version-check 2026-05-08 10:25:41 [Info] [4016] Prepare stage2 2026-05-08 10:25:41 [Info] [4016] stage3: --windows-driver-version-check 2026-05-08 10:25:41 [Info] [4016] Loader after check 2026-05-08 10:25:42 [Info] [4016] Enter reuse wait state. 2026-05-08 10:25:46 [Info] [4016] recvmsg: EXIT 2026-05-08 10:25:46 [Info] [4016] Recv Exit Msg, Exit... 2026-05-08 10:28:27 [Info] [4836] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-08 10:28:27 [Info] [4836] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap268241778207306 2026-05-08 10:28:27 [Info] [4836] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-08 10:28:27 [Info] [4836] Resource monitor start 2026-05-08 10:28:27 [Info] [4836] ipc client init success 2026-05-08 10:28:27 [Info] [4836] Ipc init: 0 2026-05-08 10:28:27 [Info] [4836] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-08 10:28:27 [Info] [4836] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-08 10:28:27 [Info] [4836] start ipc thread id[1424] 2026-05-08 10:28:27 [Info] [4836] Connect Yundun ipc server return state is 0 2026-05-08 10:28:27 [Info] [4836] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-08 10:28:27 [Info] [4836] CResourceMonitor::run Enter 2026-05-08 10:28:27 [Info] [4836] CIpcMsgHandlerMgr::run Enter 2026-05-08 10:28:27 [Info] [4836] Report thread 2026-05-08 10:28:27 [Info] [4836] Monitor thread 2026-05-08 10:28:27 [Info] [4836] Loader thread 2026-05-08 10:28:27 [Info] [4836] PythonEngineImpl Init... 2026-05-08 10:28:27 [Info] [4836] yundun connected 2026-05-08 10:28:27 [Info] [4836] recvmsg: HELLO 2026-05-08 10:28:27 [Info] [4836] recvmsg: WORK 2026-05-08 10:28:27 [Info] [4836] no use encode, return to old mode 2026-05-08 10:28:27 [Info] [4836] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 10:28:27 [Info] [4836] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 10:28:27 [Info] [4836] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 10:28:27 [Info] [4836] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 10:28:28 [Info] [4836] log fd cnt is [250], real fd cnt is [282] 2026-05-08 10:28:28 [Info] [4836] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-08 10:28:28 [Info] [4836] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-08 10:28:29 [Info] [4836] log memory size is 20480KB, real memory size is 14592KB 2026-05-08 10:28:29 [Info] [4836] item: --tcp-connect-check 2026-05-08 10:28:29 [Info] [4836] cgroup name aegisRtap0 2026-05-08 10:28:29 [Info] [4836] try get sys version 2026-05-08 10:28:29 [Info] [4836] win sys info:2/10:0:3 2026-05-08 10:28:29 [Info] [4836] suit legal version, enable cpu control 2026-05-08 10:28:29 [Info] [4836] get AssignProcessToJobObject handle [00000478] 2026-05-08 10:28:29 [Info] [4836] Set setJobExtended. 2026-05-08 10:28:29 [Info] [4836] Set cpu [9%] 2026-05-08 10:28:29 [Info] [4836] Set cpu success 2026-05-08 10:28:29 [Info] [4836] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-05-08 10:28:29 [Info] [4836] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-05-08 10:28:29 [Info] [4836] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 10:28:29 [Info] [4836] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 10:28:29 [Info] [4836] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-05-08 10:28:29 [Info] [4836] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-05-08 10:28:29 [Info] [4836] Prepare stage1: --tcp-connect-check 2026-05-08 10:28:29 [Info] [4836] Prepare stage2 2026-05-08 10:28:32 [Info] [4836] stage3: --tcp-connect-check 2026-05-08 10:28:32 [Info] [4836] Loader after check 2026-05-08 10:28:33 [Info] [4836] Enter reuse wait state. 2026-05-08 10:28:38 [Info] [4836] recvmsg: EXIT 2026-05-08 10:28:38 [Info] [4836] Recv Exit Msg, Exit... 2026-05-08 11:10:48 [Info] [1248] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-08 11:10:48 [Info] [1248] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap23571778209848 2026-05-08 11:10:48 [Info] [1248] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-08 11:10:48 [Info] [1248] Resource monitor start 2026-05-08 11:10:48 [Info] [1248] ipc client init success 2026-05-08 11:10:48 [Info] [1248] Ipc init: 0 2026-05-08 11:10:48 [Info] [1248] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-08 11:10:48 [Info] [1248] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-08 11:10:48 [Info] [1248] start ipc thread id[2456] 2026-05-08 11:10:48 [Info] [1248] Connect Yundun ipc server return state is 0 2026-05-08 11:10:48 [Info] [1248] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-08 11:10:48 [Info] [1248] CResourceMonitor::run Enter 2026-05-08 11:10:48 [Info] [1248] CIpcMsgHandlerMgr::run Enter 2026-05-08 11:10:48 [Info] [1248] Report thread 2026-05-08 11:10:48 [Info] [1248] Monitor thread 2026-05-08 11:10:48 [Info] [1248] Loader thread 2026-05-08 11:10:48 [Info] [1248] PythonEngineImpl Init... 2026-05-08 11:10:48 [Info] [1248] yundun connected 2026-05-08 11:10:48 [Info] [1248] recvmsg: HELLO 2026-05-08 11:10:48 [Info] [1248] recvmsg: WORK 2026-05-08 11:10:48 [Info] [1248] no use encode, return to old mode 2026-05-08 11:10:48 [Info] [1248] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 11:10:48 [Info] [1248] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 11:10:48 [Info] [1248] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 11:10:49 [Info] [1248] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 11:10:49 [Info] [1248] log fd cnt is [250], real fd cnt is [282] 2026-05-08 11:10:49 [Info] [1248] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-08 11:10:49 [Info] [1248] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-08 11:10:50 [Info] [1248] log memory size is 20480KB, real memory size is 14640KB 2026-05-08 11:10:50 [Info] [1248] item: --windows-autorun-item-check 2026-05-08 11:10:50 [Info] [1248] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-05-08 11:10:50 [Info] [1248] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-05-08 11:10:50 [Info] [1248] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 11:10:50 [Info] [1248] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 11:10:50 [Info] [1248] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-05-08 11:10:50 [Info] [1248] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-05-08 11:10:51 [Info] [1248] Prepare stage1: --windows-autorun-item-check 2026-05-08 11:10:51 [Info] [1248] Prepare stage2 2026-05-08 11:10:51 [Warn] [1248] high cpu, cpu is 16 2026-05-08 11:10:51 [Info] [1248] try get sys version 2026-05-08 11:10:51 [Info] [1248] win sys info:2/10:0:3 2026-05-08 11:10:51 [Info] [1248] suit legal version, enable cpu control 2026-05-08 11:10:51 [Warn] [1248] High CPU Warning: 16 2026-05-08 11:10:51 [Warn] [1248] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:__init__.py line: 950 in func: _open File:__init__.py line: 920 in func: __init__ File:__init__.py line: 1554 in func: basicConfig File:windows-autorun-item-check.py line: 529 in func: set_log_path File:windows-autorun-item-check.py line: 533 in func: start 2026-05-08 11:10:54 [Info] [1248] log memory size is 30720KB, real memory size is 22420KB 2026-05-08 11:11:01 [Info] [1248] stage3: --windows-autorun-item-check 2026-05-08 11:11:01 [Info] [1248] Loader after check 2026-05-08 11:11:02 [Info] [1248] Enter reuse wait state. 2026-05-08 11:11:03 [Info] [1248] recvmsg: EXIT 2026-05-08 11:11:03 [Info] [1248] Recv Exit Msg, Exit... 2026-05-08 15:03:23 [Info] [1228] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-08 15:03:23 [Info] [1228] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap151571778223802 2026-05-08 15:03:23 [Info] [1228] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-08 15:03:23 [Info] [1228] Resource monitor start 2026-05-08 15:03:23 [Info] [1228] ipc client init success 2026-05-08 15:03:23 [Info] [1228] Ipc init: 0 2026-05-08 15:03:23 [Info] [1228] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-08 15:03:23 [Info] [1228] CResourceMonitor::run Enter 2026-05-08 15:03:23 [Info] [1228] CIpcMsgHandlerMgr::run Enter 2026-05-08 15:03:24 [Info] [1228] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-08 15:03:24 [Info] [1228] start ipc thread id[3748] 2026-05-08 15:03:24 [Info] [1228] Connect Yundun ipc server return state is 0 2026-05-08 15:03:24 [Info] [1228] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-08 15:03:24 [Info] [1228] yundun connected 2026-05-08 15:03:24 [Info] [1228] Report thread 2026-05-08 15:03:24 [Info] [1228] Monitor thread 2026-05-08 15:03:24 [Info] [1228] Loader thread 2026-05-08 15:03:24 [Info] [1228] PythonEngineImpl Init... 2026-05-08 15:03:24 [Info] [1228] recvmsg: HELLO 2026-05-08 15:03:24 [Info] [1228] recvmsg: WORK 2026-05-08 15:03:24 [Info] [1228] no use encode, return to old mode 2026-05-08 15:03:24 [Info] [1228] log fd cnt is [250], real fd cnt is [262] 2026-05-08 15:03:25 [Info] [1228] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 15:03:25 [Info] [1228] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 15:03:25 [Info] [1228] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 15:03:25 [Info] [1228] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 15:03:25 [Info] [1228] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-08 15:03:25 [Info] [1228] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-08 15:03:25 [Info] [1228] log memory size is 20480KB, real memory size is 14728KB 2026-05-08 15:03:26 [Info] [1228] item: --windows-sysinfoext-check 2026-05-08 15:03:26 [Info] [1228] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-08 15:03:26 [Info] [1228] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-08 15:03:26 [Info] [1228] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 15:03:26 [Info] [1228] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 15:03:27 [Info] [1228] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-08 15:03:27 [Info] [1228] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-08 15:03:27 [Info] [1228] Prepare stage1: --windows-sysinfoext-check 2026-05-08 15:03:27 [Info] [1228] Prepare stage2 2026-05-08 15:03:28 [Warn] [1228] high cpu, cpu is 12 2026-05-08 15:03:28 [Info] [1228] try get sys version 2026-05-08 15:03:28 [Info] [1228] win sys info:2/10:0:3 2026-05-08 15:03:28 [Info] [1228] suit legal version, enable cpu control 2026-05-08 15:03:28 [Warn] [1228] High CPU Warning: 12 2026-05-08 15:03:29 [Warn] [1228] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-05-08 15:03:30 [Info] [1228] log memory size is 30720KB, real memory size is 23000KB 2026-05-08 15:03:31 [Info] [1228] stage3: --windows-sysinfoext-check 2026-05-08 15:03:31 [Info] [1228] Loader after check 2026-05-08 15:03:31 [Warn] [1228] high cpu, cpu is 15 2026-05-08 15:03:31 [Warn] [1228] High CPU Warning: 15 2026-05-08 15:03:32 [Info] [1228] Enter reuse wait state. 2026-05-08 15:03:35 [Info] [1228] recvmsg: EXIT 2026-05-08 15:03:35 [Info] [1228] Recv Exit Msg, Exit... 2026-05-08 18:04:35 [Info] [132] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-08 18:04:35 [Info] [132] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap178921778234674 2026-05-08 18:04:35 [Info] [132] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-08 18:04:35 [Info] [132] Resource monitor start 2026-05-08 18:04:35 [Info] [132] ipc client init success 2026-05-08 18:04:35 [Info] [132] Ipc init: 0 2026-05-08 18:04:35 [Info] [132] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-08 18:04:35 [Info] [132] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-08 18:04:35 [Info] [132] start ipc thread id[844] 2026-05-08 18:04:35 [Info] [132] Connect Yundun ipc server return state is 0 2026-05-08 18:04:35 [Info] [132] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-08 18:04:35 [Info] [132] CResourceMonitor::run Enter 2026-05-08 18:04:35 [Info] [132] CIpcMsgHandlerMgr::run Enter 2026-05-08 18:04:35 [Info] [132] yundun connected 2026-05-08 18:04:35 [Info] [132] Report thread 2026-05-08 18:04:35 [Info] [132] Monitor thread 2026-05-08 18:04:35 [Info] [132] Loader thread 2026-05-08 18:04:35 [Info] [132] PythonEngineImpl Init... 2026-05-08 18:04:35 [Info] [132] recvmsg: HELLO 2026-05-08 18:04:35 [Info] [132] recvmsg: WORK 2026-05-08 18:04:35 [Info] [132] no use encode, return to old mode 2026-05-08 18:04:36 [Info] [132] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 18:04:36 [Info] [132] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 18:04:36 [Info] [132] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 18:04:36 [Info] [132] log fd cnt is [250], real fd cnt is [274] 2026-05-08 18:04:37 [Info] [132] log memory size is 20480KB, real memory size is 13540KB 2026-05-08 18:04:37 [Info] [132] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 18:04:38 [Info] [132] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-08 18:04:38 [Info] [132] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-08 18:04:40 [Info] [132] item: --secnet_rasp_agent 2026-05-08 18:04:40 [Info] [132] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-05-08 18:04:40 [Info] [132] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-05-08 18:04:40 [Info] [132] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-05-08 18:04:41 [Info] [132] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-05-08 18:04:41 [Info] [132] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-05-08 18:04:41 [Info] [132] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-05-08 18:04:41 [Info] [132] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-05-08 18:04:42 [Info] [132] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-05-08 18:04:42 [Info] [132] Download redirect files success. 2026-05-08 18:04:42 [Info] [132] Prepare stage1: --secnet_rasp_agent 2026-05-08 18:04:42 [Info] [132] Prepare stage2 2026-05-08 18:04:42 [Info] [132] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-05-08 18:04:46 [Info] [132] log memory size is 30720KB, real memory size is 20864KB 2026-05-08 18:04:54 [Info] [132] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-05-08 18:04:54 [Info] [132] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-05-08 18:04:54 [Info] [132] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 18:04:54 [Info] [132] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 18:04:54 [Info] [132] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-05-08 18:04:54 [Info] [132] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-05-08 18:04:54 [Info] [132] stage3: --secnet_rasp_agent 2026-05-08 18:04:54 [Info] [132] Loader after check 2026-05-08 18:04:56 [Info] [132] Enter reuse wait state. 2026-05-08 18:04:58 [Info] [132] recvmsg: EXIT 2026-05-08 18:04:58 [Info] [132] Recv Exit Msg, Exit... 2026-05-08 20:32:27 [Info] [608] ====================Start AliSecCheck : 10_20, Dec 23 2025 12:35:13==================== 2026-05-08 20:32:27 [Info] [608] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheck\AliSecCheck.exe -t rtap -c Rtap141001778243547 2026-05-08 20:32:27 [Info] [608] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-05-08 20:32:27 [Info] [608] Resource monitor start 2026-05-08 20:32:27 [Info] [608] ipc client init success 2026-05-08 20:32:27 [Info] [608] Ipc init: 0 2026-05-08 20:32:27 [Info] [608] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-05-08 20:32:27 [Info] [608] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/rtap.dll 2026-05-08 20:32:27 [Info] [608] start ipc thread id[4904] 2026-05-08 20:32:27 [Info] [608] Connect Yundun ipc server return state is 0 2026-05-08 20:32:27 [Info] [608] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheck/PythonEngine.dll 2026-05-08 20:32:27 [Info] [608] CResourceMonitor::run Enter 2026-05-08 20:32:27 [Info] [608] CIpcMsgHandlerMgr::run Enter 2026-05-08 20:32:27 [Info] [608] Report thread 2026-05-08 20:32:27 [Info] [608] Monitor thread 2026-05-08 20:32:27 [Info] [608] Loader thread 2026-05-08 20:32:27 [Info] [608] PythonEngineImpl Init... 2026-05-08 20:32:27 [Info] [608] yundun connected 2026-05-08 20:32:28 [Info] [608] recvmsg: HELLO 2026-05-08 20:32:28 [Info] [608] recvmsg: WORK 2026-05-08 20:32:28 [Info] [608] no use encode, return to old mode 2026-05-08 20:32:28 [Info] [608] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 20:32:28 [Info] [608] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-05-08 20:32:28 [Info] [608] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 20:32:28 [Info] [608] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 20:32:28 [Info] [608] log fd cnt is [250], real fd cnt is [282] 2026-05-08 20:32:28 [Info] [608] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-05-08 20:32:28 [Info] [608] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-05-08 20:32:29 [Info] [608] log memory size is 20480KB, real memory size is 14680KB 2026-05-08 20:32:30 [Info] [608] item: --windows-sysinfoext-check 2026-05-08 20:32:30 [Info] [608] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-08 20:32:30 [Info] [608] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-08 20:32:30 [Info] [608] start post buffer update.aegis.aliyun.com/file_policy/file 2026-05-08 20:32:30 [Info] [608] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-05-08 20:32:30 [Info] [608] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-05-08 20:32:30 [Info] [608] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-05-08 20:32:30 [Info] [608] Prepare stage1: --windows-sysinfoext-check 2026-05-08 20:32:30 [Info] [608] Prepare stage2 2026-05-08 20:32:30 [Warn] [608] high cpu, cpu is 18 2026-05-08 20:32:30 [Info] [608] try get sys version 2026-05-08 20:32:30 [Info] [608] win sys info:2/10:0:3 2026-05-08 20:32:30 [Info] [608] suit legal version, enable cpu control 2026-05-08 20:32:30 [Warn] [608] High CPU Warning: 18 2026-05-08 20:32:30 [Warn] [608] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:__init__.py line: 87 in func: Moniker File:__init__.py line: 72 in func: GetObject File:wmi.py line: 1276 in func: connect File:windows-sysinfoext-check.py line: 50 in func: GetSysCpuInfo File:windows-sysinfoext-check.py line: 174 in func: check File:windows-sysinfoext-check.py line: 143 in func: main File:windows-sysinfoext-check.py line: 200 in func: start 2026-05-08 20:32:32 [Info] [608] stage3: --windows-sysinfoext-check 2026-05-08 20:32:32 [Info] [608] Loader after check 2026-05-08 20:32:33 [Warn] [608] high cpu, cpu is 15 2026-05-08 20:32:33 [Warn] [608] High CPU Warning: 15 2026-05-08 20:32:33 [Info] [608] Enter reuse wait state. 2026-05-08 20:32:34 [Info] [608] log memory size is 30720KB, real memory size is 23236KB 2026-05-08 20:32:35 [Info] [608] recvmsg: EXIT 2026-05-08 20:32:35 [Info] [608] Recv Exit Msg, Exit...