403WebShell

403Webshell
Server IP : 123.56.80.60 / Your IP : 216.73.216.78
Web Server : Apache/2.4.54 (Win32) OpenSSL/1.1.1s PHP/7.4.33 mod_fcgid/2.3.10-dev
System : Windows NT iZhx3sob14hnz7Z 10.0 build 14393 (Windows Server 2016) i586
User : SYSTEM ( 0)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF
Directory : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/data/rtap/log/
Upload File :
[ Back ]
Current File : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/data/rtap/log/data.3
2026-02-25 15:01:09 [Info] [2776] log memory size is 20480KB, real memory size is 14520KB
2026-02-25 15:01:09 [Info] [2776] item: --amsi_clean
2026-02-25 15:01:09 [Info] [2776] cgroup name aegisRtap0
2026-02-25 15:01:09 [Info] [2776] try get sys version
2026-02-25 15:01:09 [Info] [2776] win sys info:2/10:0:3
2026-02-25 15:01:09 [Info] [2776] suit legal version, enable cpu control
2026-02-25 15:01:09 [Info] [2776] get AssignProcessToJobObject handle [00000478]
2026-02-25 15:01:09 [Info] [2776] Set setJobExtended.
2026-02-25 15:01:09 [Info] [2776] Set cpu [9%]
2026-02-25 15:01:09 [Info] [2776] Set cpu success
2026-02-25 15:01:09 [Info] [2776] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/amsi_clean.py.md5
2026-02-25 15:01:09 [Info] [2776] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/amsi_clean.py.md5
2026-02-25 15:01:09 [Info] [2776] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-25 15:01:09 [Info] [2776] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-25 15:01:09 [Info] [2776] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/plugin/amsi_clean.py.md5, http code : 200, curl ret : 0
2026-02-25 15:01:09 [Info] [2776] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/plugin/amsi_clean.py.md5
2026-02-25 15:01:09 [Info] [2776] Prepare stage1: --amsi_clean
2026-02-25 15:01:09 [Info] [2776] Prepare stage2
2026-02-25 15:01:10 [Info] [2776] stage3: --amsi_clean
2026-02-25 15:01:10 [Info] [2776] Loader after check
2026-02-25 15:01:11 [Info] [2776] Enter reuse wait state.
2026-02-25 15:01:14 [Info] [2776] recvmsg: EXIT
2026-02-25 15:01:14 [Info] [2776] Recv Exit Msg, Exit...
2026-02-25 20:04:54 [Info] [3556] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-25 20:04:54 [Info] [3556] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap103201772021086 
2026-02-25 20:04:54 [Info] [3556] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-25 20:04:54 [Info] [3556] Resource monitor start
2026-02-25 20:04:54 [Info] [3556] ipc client init success
2026-02-25 20:04:54 [Info] [3556] Ipc init: 0
2026-02-25 20:04:54 [Info] [3556] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-25 20:04:54 [Info] [3556] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-25 20:04:54 [Info] [3556] start ipc thread id[832]
2026-02-25 20:04:54 [Info] [3556] Connect Yundun ipc server return state is 0
2026-02-25 20:04:54 [Info] [3556] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-25 20:04:54 [Info] [3556] CResourceMonitor::run Enter
2026-02-25 20:04:54 [Info] [3556] CIpcMsgHandlerMgr::run Enter
2026-02-25 20:04:54 [Info] [3556] Report thread
2026-02-25 20:04:54 [Info] [3556] Monitor thread
2026-02-25 20:04:54 [Info] [3556] Loader thread
2026-02-25 20:04:54 [Info] [3556] PythonEngineImpl Init...
2026-02-25 20:04:59 [Info] [3556] yundun connected
2026-02-25 20:05:01 [Info] [3556] recvmsg: HELLO
2026-02-25 20:05:01 [Info] [3556] recvmsg: WORK
2026-02-25 20:05:01 [Info] [3556] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-25 20:05:01 [Info] [3556] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-25 20:05:01 [Info] [3556] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-25 20:05:02 [Info] [3556] log fd cnt is [250], real fd cnt is [264]
2026-02-25 20:05:03 [Info] [3556] log memory size is 20480KB, real memory size is 12952KB
2026-02-25 20:05:06 [Info] [3556] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-25 20:05:07 [Info] [3556] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-25 20:05:07 [Info] [3556] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-25 20:05:08 [Info] [3556] item: --windows-sysinfoext-check
2026-02-25 20:05:08 [Info] [3556] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-25 20:05:08 [Info] [3556] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-25 20:05:08 [Info] [3556] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-25 20:05:08 [Info] [3556] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-25 20:05:08 [Info] [3556] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-02-25 20:05:08 [Info] [3556] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-25 20:05:08 [Info] [3556] Prepare stage1: --windows-sysinfoext-check
2026-02-25 20:05:08 [Info] [3556] Prepare stage2
2026-02-25 20:05:10 [Warn] [3556] high cpu, cpu is 13
2026-02-25 20:05:10 [Info] [3556] try get sys version
2026-02-25 20:05:10 [Info] [3556] win sys info:2/10:0:3
2026-02-25 20:05:10 [Info] [3556] suit legal version, enable cpu control
2026-02-25 20:05:10 [Warn] [3556] High CPU Warning: 13
2026-02-25 20:05:10 [Warn] [3556] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:dynamic.py line: 296 in func: _get_good_single_object_
File:dynamic.py line: 317 in func: _get_good_object_
File:dynamic.py line: 524 in func: __getattr__
File:wmi.py line: 492 in func: __init__
File:wmi.py line: 1009 in func: query
File:wmi.py line: 817 in func: query
File:windows-sysinfoext-check.py line: 227 in func: getSerialNumber
File:windows-sysinfoext-check.py line: 178 in func: check
File:windows-sysinfoext-check.py line: 143 in func: main
File:windows-sysinfoext-check.py line: 200 in func: start
2026-02-25 20:05:10 [Info] [3556] stage3: --windows-sysinfoext-check
2026-02-25 20:05:10 [Info] [3556] Loader after check
2026-02-25 20:05:11 [Info] [3556] log memory size is 30720KB, real memory size is 22884KB
2026-02-25 20:05:11 [Info] [3556] Enter reuse wait state.
2026-02-25 20:05:15 [Info] [3556] recvmsg: EXIT
2026-02-25 20:05:15 [Info] [3556] Recv Exit Msg, Exit...
2026-02-25 20:12:10 [Info] [1016] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-25 20:12:10 [Info] [1016] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap117701772021530 
2026-02-25 20:12:10 [Info] [1016] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-25 20:12:10 [Info] [1016] Resource monitor start
2026-02-25 20:12:10 [Info] [1016] ipc client init success
2026-02-25 20:12:10 [Info] [1016] Ipc init: 0
2026-02-25 20:12:10 [Info] [1016] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-25 20:12:10 [Info] [1016] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-25 20:12:10 [Info] [1016] start ipc thread id[4896]
2026-02-25 20:12:10 [Info] [1016] Connect Yundun ipc server return state is 0
2026-02-25 20:12:10 [Info] [1016] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-25 20:12:10 [Info] [1016] CResourceMonitor::run Enter
2026-02-25 20:12:10 [Info] [1016] CIpcMsgHandlerMgr::run Enter
2026-02-25 20:12:10 [Info] [1016] Report thread
2026-02-25 20:12:10 [Info] [1016] Monitor thread
2026-02-25 20:12:10 [Info] [1016] Loader thread
2026-02-25 20:12:10 [Info] [1016] PythonEngineImpl Init...
2026-02-25 20:12:10 [Info] [1016] yundun connected
2026-02-25 20:12:11 [Info] [1016] recvmsg: HELLO
2026-02-25 20:12:11 [Info] [1016] recvmsg: WORK
2026-02-25 20:12:11 [Info] [1016] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-25 20:12:11 [Info] [1016] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-25 20:12:11 [Info] [1016] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-25 20:12:11 [Info] [1016] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-25 20:12:11 [Info] [1016] log fd cnt is [250], real fd cnt is [282]
2026-02-25 20:12:11 [Info] [1016] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-25 20:12:11 [Info] [1016] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-25 20:12:12 [Info] [1016] log memory size is 20480KB, real memory size is 14500KB
2026-02-25 20:12:12 [Info] [1016] item: --secnet_rasp_agent
2026-02-25 20:12:12 [Info] [1016] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-02-25 20:12:12 [Info] [1016] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-02-25 20:12:12 [Info] [1016] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-02-25 20:12:12 [Info] [1016] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-02-25 20:12:13 [Info] [1016] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-02-25 20:12:13 [Info] [1016] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-02-25 20:12:13 [Info] [1016] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-02-25 20:12:13 [Info] [1016] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-02-25 20:12:13 [Info] [1016] Download redirect files success.
2026-02-25 20:12:13 [Info] [1016] Prepare stage1: --secnet_rasp_agent
2026-02-25 20:12:13 [Info] [1016] Prepare stage2
2026-02-25 20:12:13 [Info] [1016] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-02-25 20:12:13 [Info] [1016] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-02-25 20:12:13 [Info] [1016] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-25 20:12:13 [Info] [1016] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-25 20:12:14 [Info] [1016] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-02-25 20:12:14 [Info] [1016] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-02-25 20:12:14 [Info] [1016] stage3: --secnet_rasp_agent
2026-02-25 20:12:14 [Info] [1016] Loader after check
2026-02-25 20:12:15 [Info] [1016] Enter reuse wait state.
2026-02-25 20:12:16 [Info] [1016] log memory size is 30720KB, real memory size is 21064KB
2026-02-25 20:12:18 [Info] [1016] recvmsg: EXIT
2026-02-25 20:12:18 [Info] [1016] Recv Exit Msg, Exit...
2026-03-04 00:12:52 [Info] [2716] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-04 00:12:52 [Info] [2716] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap151041772554372 
2026-03-04 00:12:52 [Info] [2716] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-04 00:12:52 [Info] [2716] Resource monitor start
2026-03-04 00:12:52 [Info] [2716] ipc client init success
2026-03-04 00:12:52 [Info] [2716] Ipc init: 0
2026-03-04 00:12:52 [Info] [2716] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-04 00:12:52 [Info] [2716] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-04 00:12:52 [Info] [2716] start ipc thread id[464]
2026-03-04 00:12:52 [Info] [2716] Connect Yundun ipc server return state is 0
2026-03-04 00:12:52 [Info] [2716] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-04 00:12:52 [Info] [2716] CResourceMonitor::run Enter
2026-03-04 00:12:52 [Info] [2716] CIpcMsgHandlerMgr::run Enter
2026-03-04 00:12:52 [Info] [2716] yundun connected
2026-03-04 00:12:52 [Info] [2716] Report thread
2026-03-04 00:12:52 [Info] [2716] Monitor thread
2026-03-04 00:12:52 [Info] [2716] Loader thread
2026-03-04 00:12:52 [Info] [2716] PythonEngineImpl Init...
2026-03-04 00:13:02 [Info] [2716] recvmsg: HELLO
2026-03-04 00:13:02 [Info] [2716] recvmsg: WORK
2026-03-04 00:13:02 [Info] [2716] log fd cnt is [250], real fd cnt is [263]
2026-03-04 00:13:02 [Info] [2716] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 00:13:02 [Info] [2716] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 00:13:02 [Info] [2716] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 00:13:09 [Info] [2716] log memory size is 20480KB, real memory size is 13316KB
2026-03-04 00:13:12 [Warn] [2716] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-03-04 00:13:20 [Info] [2716] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-04 00:13:22 [Warn] [2716] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-03-04 00:13:22 [Info] [2716] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 00:13:22 [Info] [2716] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-04 00:13:22 [Info] [2716] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-04 00:13:24 [Info] [2716] item: --windows-sysinfoext-check
2026-03-04 00:13:24 [Info] [2716] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-04 00:13:24 [Info] [2716] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-04 00:13:24 [Info] [2716] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 00:13:24 [Info] [2716] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 00:13:24 [Info] [2716] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-04 00:13:24 [Info] [2716] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-04 00:13:24 [Info] [2716] Prepare stage1: --windows-sysinfoext-check
2026-03-04 00:13:24 [Info] [2716] Prepare stage2
2026-03-04 00:13:25 [Info] [2716] log memory size is 30720KB, real memory size is 22756KB
2026-03-04 00:13:26 [Info] [2716] stage3: --windows-sysinfoext-check
2026-03-04 00:13:26 [Info] [2716] Loader after check
2026-03-04 00:13:26 [Warn] [2716] high cpu, cpu is 13
2026-03-04 00:13:26 [Info] [2716] try get sys version
2026-03-04 00:13:26 [Info] [2716] win sys info:2/10:0:3
2026-03-04 00:13:26 [Info] [2716] suit legal version, enable cpu control
2026-03-04 00:13:26 [Warn] [2716] High CPU Warning: 13
2026-03-04 00:13:26 [Warn] [2716] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-04 00:13:27 [Info] [2716] Enter reuse wait state.
2026-03-04 00:13:30 [Info] [2716] recvmsg: EXIT
2026-03-04 00:13:30 [Info] [2716] Recv Exit Msg, Exit...
2026-03-04 04:22:19 [Info] [1356] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-04 04:22:19 [Info] [1356] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap312091772569338 
2026-03-04 04:22:19 [Info] [1356] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-04 04:22:19 [Info] [1356] Resource monitor start
2026-03-04 04:22:19 [Info] [1356] ipc client init success
2026-03-04 04:22:19 [Info] [1356] Ipc init: 0
2026-03-04 04:22:19 [Info] [1356] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-04 04:22:19 [Info] [1356] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-04 04:22:19 [Info] [1356] start ipc thread id[1476]
2026-03-04 04:22:19 [Info] [1356] Connect Yundun ipc server return state is 0
2026-03-04 04:22:19 [Info] [1356] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-04 04:22:19 [Info] [1356] CResourceMonitor::run Enter
2026-03-04 04:22:19 [Info] [1356] CIpcMsgHandlerMgr::run Enter
2026-03-04 04:22:19 [Info] [1356] Report thread
2026-03-04 04:22:19 [Info] [1356] Monitor thread
2026-03-04 04:22:19 [Info] [1356] Loader thread
2026-03-04 04:22:19 [Info] [1356] PythonEngineImpl Init...
2026-03-04 04:22:19 [Info] [1356] yundun connected
2026-03-04 04:22:19 [Info] [1356] recvmsg: HELLO
2026-03-04 04:22:19 [Info] [1356] recvmsg: WORK
2026-03-04 04:22:19 [Info] [1356] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 04:22:19 [Info] [1356] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 04:22:19 [Info] [1356] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 04:22:19 [Info] [1356] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 04:22:20 [Info] [1356] log fd cnt is [250], real fd cnt is [282]
2026-03-04 04:22:20 [Info] [1356] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-04 04:22:20 [Info] [1356] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-04 04:22:21 [Info] [1356] log memory size is 20480KB, real memory size is 14600KB
2026-03-04 04:22:21 [Info] [1356] item: --sca
2026-03-04 04:22:21 [Info] [1356] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-04 04:22:21 [Info] [1356] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-04 04:22:21 [Info] [1356] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py
2026-03-04 04:22:21 [Info] [1356] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py
2026-03-04 04:22:21 [Info] [1356] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py
2026-03-04 04:22:21 [Info] [1356] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py
2026-03-04 04:22:21 [Info] [1356] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py
2026-03-04 04:22:21 [Info] [1356] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py
2026-03-04 04:22:22 [Info] [1356] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py
2026-03-04 04:22:22 [Info] [1356] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py
2026-03-04 04:22:22 [Info] [1356] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py
2026-03-04 04:22:22 [Info] [1356] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py
2026-03-04 04:22:22 [Info] [1356] Download redirect files success.
2026-03-04 04:22:22 [Info] [1356] Prepare stage1: --sca
2026-03-04 04:22:22 [Info] [1356] Prepare stage2
2026-03-04 04:22:24 [Warn] [1356] high cpu, cpu is 26
2026-03-04 04:22:24 [Info] [1356] try get sys version
2026-03-04 04:22:24 [Info] [1356] win sys info:2/10:0:3
2026-03-04 04:22:24 [Info] [1356] suit legal version, enable cpu control
2026-03-04 04:22:24 [Warn] [1356] High CPU Warning: 26
2026-03-04 04:22:24 [Warn] [1356] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:sca.py line: 197 in func: init_analyzer
File:sca.py line: 390 in func: start
2026-03-04 04:22:25 [Info] [1356] log memory size is 30720KB, real memory size is 32144KB
2026-03-04 04:22:29 [Info] [1356] log memory size is 40960KB, real memory size is 32720KB
2026-03-04 04:22:58 [Info] [1356] stage3: --sca
2026-03-04 04:22:58 [Info] [1356] Loader after check
2026-03-04 04:22:59 [Info] [1356] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-04 04:22:59 [Info] [1356] Enter reuse wait state.
2026-03-04 04:23:02 [Info] [1356] recvmsg: EXIT
2026-03-04 04:23:02 [Info] [1356] Recv Exit Msg, Exit...
2026-03-04 05:41:01 [Info] [2120] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-04 05:41:01 [Info] [2120] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap138481772574056 
2026-03-04 05:41:01 [Info] [2120] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-04 05:41:01 [Info] [2120] Resource monitor start
2026-03-04 05:41:01 [Info] [2120] ipc client init success
2026-03-04 05:41:01 [Info] [2120] Ipc init: 0
2026-03-04 05:41:01 [Info] [2120] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-04 05:41:01 [Info] [2120] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-04 05:41:01 [Info] [2120] start ipc thread id[3288]
2026-03-04 05:41:01 [Info] [2120] Connect Yundun ipc server return state is 0
2026-03-04 05:41:01 [Info] [2120] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-04 05:41:01 [Info] [2120] CResourceMonitor::run Enter
2026-03-04 05:41:01 [Info] [2120] CIpcMsgHandlerMgr::run Enter
2026-03-04 05:41:01 [Info] [2120] Report thread
2026-03-04 05:41:01 [Info] [2120] Monitor thread
2026-03-04 05:41:01 [Info] [2120] Loader thread
2026-03-04 05:41:01 [Info] [2120] PythonEngineImpl Init...
2026-03-04 05:41:08 [Info] [2120] yundun connected
2026-03-04 05:41:11 [Info] [2120] recvmsg: HELLO
2026-03-04 05:41:11 [Info] [2120] recvmsg: WORK
2026-03-04 05:41:11 [Info] [2120] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-04 05:41:11 [Info] [2120] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 05:41:11 [Info] [2120] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 05:41:11 [Info] [2120] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 05:41:11 [Info] [2120] log fd cnt is [250], real fd cnt is [264]
2026-03-04 05:41:12 [Info] [2120] log memory size is 20480KB, real memory size is 13420KB
2026-03-04 05:41:13 [Info] [2120] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 05:41:13 [Info] [2120] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-04 05:41:13 [Info] [2120] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-04 05:41:14 [Info] [2120] item: --windows-sysinfoext-check
2026-03-04 05:41:14 [Info] [2120] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-04 05:41:14 [Info] [2120] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-04 05:41:14 [Info] [2120] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 05:41:14 [Info] [2120] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 05:41:14 [Info] [2120] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-04 05:41:14 [Info] [2120] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-04 05:41:14 [Info] [2120] Prepare stage1: --windows-sysinfoext-check
2026-03-04 05:41:14 [Info] [2120] Prepare stage2
2026-03-04 05:41:15 [Warn] [2120] high cpu, cpu is 15
2026-03-04 05:41:15 [Info] [2120] try get sys version
2026-03-04 05:41:15 [Info] [2120] win sys info:2/10:0:3
2026-03-04 05:41:15 [Info] [2120] suit legal version, enable cpu control
2026-03-04 05:41:15 [Warn] [2120] High CPU Warning: 15
2026-03-04 05:41:16 [Warn] [2120] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-03-04 05:41:16 [Info] [2120] stage3: --windows-sysinfoext-check
2026-03-04 05:41:16 [Info] [2120] Loader after check
2026-03-04 05:41:17 [Info] [2120] log memory size is 30720KB, real memory size is 22920KB
2026-03-04 05:41:17 [Info] [2120] Enter reuse wait state.
2026-03-04 05:41:22 [Info] [2120] recvmsg: EXIT
2026-03-04 05:41:22 [Info] [2120] Recv Exit Msg, Exit...
2026-03-04 07:55:30 [Info] [852] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-04 07:55:30 [Info] [852] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap74461772582130 
2026-03-04 07:55:30 [Info] [852] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-04 07:55:30 [Info] [852] Resource monitor start
2026-03-04 07:55:30 [Info] [852] ipc client init success
2026-03-04 07:55:30 [Info] [852] Ipc init: 0
2026-03-04 07:55:30 [Info] [852] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-04 07:55:30 [Info] [852] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-04 07:55:30 [Info] [852] start ipc thread id[3596]
2026-03-04 07:55:30 [Info] [852] Connect Yundun ipc server return state is 0
2026-03-04 07:55:30 [Info] [852] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-04 07:55:30 [Info] [852] CResourceMonitor::run Enter
2026-03-04 07:55:30 [Info] [852] CIpcMsgHandlerMgr::run Enter
2026-03-04 07:55:30 [Info] [852] Report thread
2026-03-04 07:55:30 [Info] [852] Monitor thread
2026-03-04 07:55:30 [Info] [852] Loader thread
2026-03-04 07:55:30 [Info] [852] PythonEngineImpl Init...
2026-03-04 07:55:30 [Info] [852] yundun connected
2026-03-04 07:55:31 [Info] [852] recvmsg: HELLO
2026-03-04 07:55:31 [Info] [852] recvmsg: WORK
2026-03-04 07:55:31 [Info] [852] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 07:55:31 [Info] [852] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 07:55:31 [Info] [852] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 07:55:31 [Info] [852] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 07:55:31 [Info] [852] log fd cnt is [250], real fd cnt is [282]
2026-03-04 07:55:31 [Info] [852] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-04 07:55:31 [Info] [852] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-04 07:55:32 [Info] [852] log memory size is 20480KB, real memory size is 14516KB
2026-03-04 07:55:32 [Info] [852] item: --windows-vul-clean
2026-03-04 07:55:32 [Info] [852] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-04 07:55:32 [Info] [852] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-04 07:55:32 [Info] [852] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 07:55:32 [Info] [852] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 07:55:32 [Info] [852] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0
2026-03-04 07:55:32 [Info] [852] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5
2026-03-04 07:55:32 [Info] [852] Prepare stage1: --windows-vul-clean
2026-03-04 07:55:32 [Info] [852] Prepare stage2
2026-03-04 07:55:33 [Info] [852] stage3: --windows-vul-clean
2026-03-04 07:55:33 [Info] [852] Loader after check
2026-03-04 07:55:34 [Info] [852] Enter reuse wait state.
2026-03-04 07:55:38 [Info] [852] recvmsg: EXIT
2026-03-04 07:55:38 [Info] [852] Recv Exit Msg, Exit...
2026-03-04 08:58:31 [Info] [3380] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-04 08:58:31 [Info] [3380] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap197931772585911 
2026-03-04 08:58:31 [Info] [3380] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-04 08:58:31 [Info] [3380] Resource monitor start
2026-03-04 08:58:31 [Info] [3380] ipc client init success
2026-03-04 08:58:31 [Info] [3380] Ipc init: 0
2026-03-04 08:58:31 [Info] [3380] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-04 08:58:31 [Info] [3380] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-04 08:58:31 [Info] [3380] start ipc thread id[4660]
2026-03-04 08:58:31 [Info] [3380] Connect Yundun ipc server return state is 0
2026-03-04 08:58:31 [Info] [3380] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-04 08:58:31 [Info] [3380] CResourceMonitor::run Enter
2026-03-04 08:58:31 [Info] [3380] CIpcMsgHandlerMgr::run Enter
2026-03-04 08:58:31 [Info] [3380] Report thread
2026-03-04 08:58:31 [Info] [3380] Monitor thread
2026-03-04 08:58:31 [Info] [3380] Loader thread
2026-03-04 08:58:31 [Info] [3380] PythonEngineImpl Init...
2026-03-04 08:58:31 [Info] [3380] yundun connected
2026-03-04 08:58:32 [Info] [3380] recvmsg: HELLO
2026-03-04 08:58:32 [Info] [3380] recvmsg: WORK
2026-03-04 08:58:32 [Info] [3380] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 08:58:32 [Info] [3380] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 08:58:32 [Info] [3380] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 08:58:32 [Info] [3380] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 08:58:32 [Warn] [3380] high cpu, cpu is 12
2026-03-04 08:58:32 [Info] [3380] try get sys version
2026-03-04 08:58:32 [Info] [3380] win sys info:2/10:0:3
2026-03-04 08:58:32 [Info] [3380] suit legal version, enable cpu control
2026-03-04 08:58:32 [Warn] [3380] High CPU Warning: 12
2026-03-04 08:58:32 [Warn] [3380] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-04 08:58:32 [Info] [3380] log fd cnt is [250], real fd cnt is [282]
2026-03-04 08:58:32 [Info] [3380] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-04 08:58:32 [Info] [3380] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-04 08:58:33 [Info] [3380] log memory size is 20480KB, real memory size is 14536KB
2026-03-04 08:58:33 [Info] [3380] item: --windows-process-check
2026-03-04 08:58:33 [Info] [3380] cgroup name aegisRtap0
2026-03-04 08:58:33 [Info] [3380] get AssignProcessToJobObject handle [00000478]
2026-03-04 08:58:33 [Info] [3380] Set setJobExtended.
2026-03-04 08:58:33 [Info] [3380] Set cpu [9%]
2026-03-04 08:58:33 [Info] [3380] Set cpu success
2026-03-04 08:58:33 [Info] [3380] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-04 08:58:33 [Info] [3380] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-04 08:58:33 [Info] [3380] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 08:58:33 [Info] [3380] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 08:58:33 [Info] [3380] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0
2026-03-04 08:58:33 [Info] [3380] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5
2026-03-04 08:58:34 [Info] [3380] Prepare stage1: --windows-process-check
2026-03-04 08:58:34 [Info] [3380] Prepare stage2
2026-03-04 08:58:52 [Info] [3380] stage3: --windows-process-check
2026-03-04 08:58:52 [Info] [3380] Loader after check
2026-03-04 08:58:53 [Info] [3380] Enter reuse wait state.
2026-03-04 08:58:55 [Info] [3380] recvmsg: EXIT
2026-03-04 08:58:55 [Info] [3380] Recv Exit Msg, Exit...
2026-03-04 10:35:10 [Info] [4848] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-04 10:35:10 [Info] [4848] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap59621772591710 
2026-03-04 10:35:10 [Info] [4848] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-04 10:35:10 [Info] [4848] Resource monitor start
2026-03-04 10:35:10 [Info] [4848] ipc client init success
2026-03-04 10:35:10 [Info] [4848] Ipc init: 0
2026-03-04 10:35:10 [Info] [4848] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-04 10:35:10 [Info] [4848] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-04 10:35:10 [Info] [4848] start ipc thread id[1528]
2026-03-04 10:35:10 [Info] [4848] Connect Yundun ipc server return state is 0
2026-03-04 10:35:10 [Info] [4848] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-04 10:35:10 [Info] [4848] CResourceMonitor::run Enter
2026-03-04 10:35:10 [Info] [4848] CIpcMsgHandlerMgr::run Enter
2026-03-04 10:35:10 [Info] [4848] Report thread
2026-03-04 10:35:10 [Info] [4848] Monitor thread
2026-03-04 10:35:10 [Info] [4848] Loader thread
2026-03-04 10:35:10 [Info] [4848] PythonEngineImpl Init...
2026-03-04 10:35:10 [Info] [4848] yundun connected
2026-03-04 10:35:11 [Info] [4848] recvmsg: HELLO
2026-03-04 10:35:11 [Info] [4848] recvmsg: WORK
2026-03-04 10:35:11 [Info] [4848] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 10:35:11 [Info] [4848] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 10:35:11 [Info] [4848] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 10:35:11 [Info] [4848] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 10:35:11 [Info] [4848] log fd cnt is [250], real fd cnt is [282]
2026-03-04 10:35:11 [Info] [4848] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-04 10:35:11 [Info] [4848] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-04 10:35:12 [Info] [4848] log memory size is 20480KB, real memory size is 14576KB
2026-03-04 10:35:12 [Info] [4848] item: --windows-schedule-task-check
2026-03-04 10:35:12 [Info] [4848] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-04 10:35:12 [Info] [4848] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-04 10:35:12 [Info] [4848] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 10:35:13 [Info] [4848] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 10:35:13 [Info] [4848] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0
2026-03-04 10:35:13 [Info] [4848] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5
2026-03-04 10:35:13 [Info] [4848] Prepare stage1: --windows-schedule-task-check
2026-03-04 10:35:13 [Info] [4848] Prepare stage2
2026-03-04 10:35:13 [Warn] [4848] high cpu, cpu is 17
2026-03-04 10:35:13 [Info] [4848] try get sys version
2026-03-04 10:35:13 [Info] [4848] win sys info:2/10:0:3
2026-03-04 10:35:13 [Info] [4848] suit legal version, enable cpu control
2026-03-04 10:35:13 [Warn] [4848] High CPU Warning: 17
2026-03-04 10:35:14 [Warn] [4848] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:windows-schedule-task-check.py line: 382 in func: GetScheduleTaskByCom
File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks
File:windows-schedule-task-check.py line: 425 in func: check
File:windows-schedule-task-check.py line: 61 in func: main
File:windows-schedule-task-check.py line: 433 in func: start
2026-03-04 10:35:17 [Info] [4848] log memory size is 30720KB, real memory size is 23288KB
2026-03-04 10:35:38 [Info] [4848] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-04 10:35:44 [Info] [4848] stage3: --windows-schedule-task-check
2026-03-04 10:35:44 [Info] [4848] Loader after check
2026-03-04 10:35:45 [Info] [4848] Enter reuse wait state.
2026-03-04 10:35:50 [Info] [4848] recvmsg: EXIT
2026-03-04 10:35:50 [Info] [4848] Recv Exit Msg, Exit...
2026-03-04 10:36:30 [Info] [2548] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-04 10:36:30 [Info] [2548] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap62241772591790 
2026-03-04 10:36:30 [Info] [2548] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-04 10:36:30 [Info] [2548] Resource monitor start
2026-03-04 10:36:30 [Info] [2548] ipc client init success
2026-03-04 10:36:30 [Info] [2548] Ipc init: 0
2026-03-04 10:36:30 [Info] [2548] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-04 10:36:30 [Info] [2548] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-04 10:36:30 [Info] [2548] start ipc thread id[2832]
2026-03-04 10:36:30 [Info] [2548] Connect Yundun ipc server return state is 0
2026-03-04 10:36:30 [Info] [2548] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-04 10:36:30 [Info] [2548] CResourceMonitor::run Enter
2026-03-04 10:36:30 [Info] [2548] CIpcMsgHandlerMgr::run Enter
2026-03-04 10:36:30 [Info] [2548] Report thread
2026-03-04 10:36:30 [Info] [2548] Monitor thread
2026-03-04 10:36:30 [Info] [2548] Loader thread
2026-03-04 10:36:30 [Info] [2548] PythonEngineImpl Init...
2026-03-04 10:36:30 [Info] [2548] yundun connected
2026-03-04 10:36:31 [Info] [2548] recvmsg: HELLO
2026-03-04 10:36:31 [Info] [2548] recvmsg: WORK
2026-03-04 10:36:31 [Info] [2548] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 10:36:31 [Info] [2548] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 10:36:31 [Info] [2548] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 10:36:31 [Info] [2548] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 10:36:31 [Info] [2548] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-04 10:36:31 [Info] [2548] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-04 10:36:31 [Info] [2548] log fd cnt is [250], real fd cnt is [281]
2026-03-04 10:36:32 [Info] [2548] log memory size is 20480KB, real memory size is 14608KB
2026-03-04 10:36:32 [Info] [2548] item: --windows-driver-version-check
2026-03-04 10:36:32 [Info] [2548] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-04 10:36:32 [Info] [2548] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-04 10:36:32 [Info] [2548] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 10:36:32 [Info] [2548] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 10:36:33 [Info] [2548] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0
2026-03-04 10:36:33 [Info] [2548] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5
2026-03-04 10:36:33 [Info] [2548] Prepare stage1: --windows-driver-version-check
2026-03-04 10:36:33 [Info] [2548] Prepare stage2
2026-03-04 10:36:33 [Info] [2548] stage3: --windows-driver-version-check
2026-03-04 10:36:33 [Info] [2548] Loader after check
2026-03-04 10:36:34 [Info] [2548] Enter reuse wait state.
2026-03-04 10:36:38 [Info] [2548] recvmsg: EXIT
2026-03-04 10:36:38 [Info] [2548] Recv Exit Msg, Exit...
2026-03-04 10:48:54 [Info] [4540] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-04 10:48:54 [Info] [4540] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap86531772592534 
2026-03-04 10:48:54 [Info] [4540] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-04 10:48:54 [Info] [4540] Resource monitor start
2026-03-04 10:48:54 [Info] [4540] ipc client init success
2026-03-04 10:48:54 [Info] [4540] Ipc init: 0
2026-03-04 10:48:54 [Info] [4540] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-04 10:48:54 [Info] [4540] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-04 10:48:54 [Info] [4540] start ipc thread id[4372]
2026-03-04 10:48:54 [Info] [4540] Connect Yundun ipc server return state is 0
2026-03-04 10:48:54 [Info] [4540] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-04 10:48:54 [Info] [4540] CResourceMonitor::run Enter
2026-03-04 10:48:54 [Info] [4540] CIpcMsgHandlerMgr::run Enter
2026-03-04 10:48:54 [Info] [4540] Report thread
2026-03-04 10:48:54 [Info] [4540] Monitor thread
2026-03-04 10:48:54 [Info] [4540] Loader thread
2026-03-04 10:48:54 [Info] [4540] PythonEngineImpl Init...
2026-03-04 10:48:54 [Info] [4540] yundun connected
2026-03-04 10:48:54 [Info] [4540] recvmsg: HELLO
2026-03-04 10:48:54 [Info] [4540] recvmsg: WORK
2026-03-04 10:48:54 [Info] [4540] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 10:48:54 [Info] [4540] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 10:48:54 [Info] [4540] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 10:48:55 [Info] [4540] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 10:48:55 [Info] [4540] log fd cnt is [250], real fd cnt is [282]
2026-03-04 10:48:55 [Info] [4540] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-04 10:48:55 [Info] [4540] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-04 10:48:55 [Info] [4540] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-04 10:48:56 [Info] [4540] log memory size is 20480KB, real memory size is 14532KB
2026-03-04 10:48:56 [Info] [4540] item: --windows-registry-check
2026-03-04 10:48:56 [Info] [4540] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-04 10:48:56 [Info] [4540] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-04 10:48:56 [Info] [4540] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 10:48:56 [Info] [4540] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 10:48:56 [Info] [4540] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0
2026-03-04 10:48:56 [Info] [4540] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5
2026-03-04 10:48:56 [Info] [4540] Prepare stage1: --windows-registry-check
2026-03-04 10:48:56 [Info] [4540] Prepare stage2
2026-03-04 10:49:25 [Info] [4540] stage3: --windows-registry-check
2026-03-04 10:49:25 [Info] [4540] Loader after check
2026-03-04 10:49:26 [Info] [4540] Enter reuse wait state.
2026-03-04 10:49:29 [Info] [4540] recvmsg: EXIT
2026-03-04 10:49:29 [Info] [4540] Recv Exit Msg, Exit...
2026-03-04 11:10:02 [Info] [4680] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-04 11:10:02 [Info] [4680] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap127641772593793 
2026-03-04 11:10:02 [Info] [4680] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-04 11:10:02 [Info] [4680] Resource monitor start
2026-03-04 11:10:02 [Info] [4680] ipc client init success
2026-03-04 11:10:02 [Info] [4680] Ipc init: 0
2026-03-04 11:10:02 [Info] [4680] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-04 11:10:02 [Info] [4680] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-04 11:10:02 [Info] [4680] start ipc thread id[4128]
2026-03-04 11:10:02 [Info] [4680] Connect Yundun ipc server return state is 0
2026-03-04 11:10:02 [Info] [4680] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-04 11:10:02 [Info] [4680] CResourceMonitor::run Enter
2026-03-04 11:10:02 [Info] [4680] CIpcMsgHandlerMgr::run Enter
2026-03-04 11:10:02 [Info] [4680] yundun connected
2026-03-04 11:10:02 [Info] [4680] Report thread
2026-03-04 11:10:02 [Info] [4680] Monitor thread
2026-03-04 11:10:02 [Info] [4680] Loader thread
2026-03-04 11:10:02 [Info] [4680] PythonEngineImpl Init...
2026-03-04 11:10:03 [Info] [4680] recvmsg: HELLO
2026-03-04 11:10:03 [Info] [4680] recvmsg: WORK
2026-03-04 11:10:03 [Info] [4680] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 11:10:03 [Info] [4680] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 11:10:03 [Info] [4680] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 11:10:03 [Info] [4680] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 11:10:03 [Info] [4680] log fd cnt is [250], real fd cnt is [282]
2026-03-04 11:10:04 [Info] [4680] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-04 11:10:04 [Info] [4680] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-04 11:10:04 [Info] [4680] log memory size is 20480KB, real memory size is 14524KB
2026-03-04 11:10:05 [Info] [4680] item: --windows-sysinfoext-check
2026-03-04 11:10:05 [Info] [4680] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-04 11:10:05 [Info] [4680] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-04 11:10:05 [Info] [4680] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 11:10:05 [Info] [4680] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 11:10:05 [Info] [4680] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-04 11:10:05 [Info] [4680] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-04 11:10:05 [Info] [4680] Prepare stage1: --windows-sysinfoext-check
2026-03-04 11:10:05 [Info] [4680] Prepare stage2
2026-03-04 11:10:07 [Info] [4680] stage3: --windows-sysinfoext-check
2026-03-04 11:10:07 [Info] [4680] Loader after check
2026-03-04 11:10:07 [Warn] [4680] high cpu, cpu is 14
2026-03-04 11:10:07 [Info] [4680] try get sys version
2026-03-04 11:10:07 [Info] [4680] win sys info:2/10:0:3
2026-03-04 11:10:07 [Info] [4680] suit legal version, enable cpu control
2026-03-04 11:10:07 [Warn] [4680] High CPU Warning: 14
2026-03-04 11:10:07 [Warn] [4680] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-04 11:10:08 [Info] [4680] Enter reuse wait state.
2026-03-04 11:10:08 [Info] [4680] log memory size is 30720KB, real memory size is 23012KB
2026-03-04 11:10:10 [Info] [4680] recvmsg: EXIT
2026-03-04 11:10:10 [Info] [4680] Recv Exit Msg, Exit...
2026-03-04 11:16:20 [Info] [2300] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-04 11:16:20 [Info] [2300] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap140281772594180 
2026-03-04 11:16:20 [Info] [2300] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-04 11:16:20 [Info] [2300] Resource monitor start
2026-03-04 11:16:20 [Info] [2300] ipc client init success
2026-03-04 11:16:20 [Info] [2300] Ipc init: 0
2026-03-04 11:16:20 [Info] [2300] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-04 11:16:20 [Info] [2300] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-04 11:16:20 [Info] [2300] start ipc thread id[1632]
2026-03-04 11:16:20 [Info] [2300] Connect Yundun ipc server return state is 0
2026-03-04 11:16:20 [Info] [2300] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-04 11:16:20 [Info] [2300] CResourceMonitor::run Enter
2026-03-04 11:16:20 [Info] [2300] CIpcMsgHandlerMgr::run Enter
2026-03-04 11:16:20 [Info] [2300] Report thread
2026-03-04 11:16:20 [Info] [2300] Monitor thread
2026-03-04 11:16:20 [Info] [2300] Loader thread
2026-03-04 11:16:20 [Info] [2300] PythonEngineImpl Init...
2026-03-04 11:16:20 [Info] [2300] yundun connected
2026-03-04 11:16:20 [Info] [2300] recvmsg: HELLO
2026-03-04 11:16:20 [Info] [2300] recvmsg: WORK
2026-03-04 11:16:20 [Info] [2300] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 11:16:20 [Info] [2300] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 11:16:20 [Info] [2300] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 11:16:21 [Info] [2300] log fd cnt is [250], real fd cnt is [274]
2026-03-04 11:16:22 [Info] [2300] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 11:16:22 [Info] [2300] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-04 11:16:22 [Info] [2300] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-04 11:16:22 [Info] [2300] log memory size is 20480KB, real memory size is 14312KB
2026-03-04 11:16:23 [Info] [2300] item: --windows-autorun-item-check
2026-03-04 11:16:23 [Info] [2300] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-04 11:16:23 [Info] [2300] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-04 11:16:23 [Info] [2300] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 11:16:23 [Info] [2300] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 11:16:23 [Info] [2300] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0
2026-03-04 11:16:23 [Info] [2300] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5
2026-03-04 11:16:23 [Info] [2300] Prepare stage1: --windows-autorun-item-check
2026-03-04 11:16:23 [Info] [2300] Prepare stage2
2026-03-04 11:16:26 [Info] [2300] log memory size is 30720KB, real memory size is 22304KB
2026-03-04 11:16:33 [Warn] [2300] high cpu, cpu is 15
2026-03-04 11:16:33 [Info] [2300] try get sys version
2026-03-04 11:16:33 [Info] [2300] win sys info:2/10:0:3
2026-03-04 11:16:33 [Info] [2300] suit legal version, enable cpu control
2026-03-04 11:16:33 [Warn] [2300] High CPU Warning: 15
2026-03-04 11:16:33 [Warn] [2300] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:windows-autorun-item-check.py line: 514 in func: check
File:windows-autorun-item-check.py line: 80 in func: main
File:windows-autorun-item-check.py line: 534 in func: start
2026-03-04 11:16:33 [Info] [2300] stage3: --windows-autorun-item-check
2026-03-04 11:16:33 [Info] [2300] Loader after check
2026-03-04 11:16:34 [Info] [2300] Enter reuse wait state.
2026-03-04 11:16:35 [Info] [2300] recvmsg: EXIT
2026-03-04 11:16:35 [Info] [2300] Recv Exit Msg, Exit...
2026-03-04 11:49:19 [Info] [864] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-04 11:49:19 [Info] [864] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap204911772596159 
2026-03-04 11:49:19 [Info] [864] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-04 11:49:19 [Info] [864] Resource monitor start
2026-03-04 11:49:19 [Info] [864] ipc client init success
2026-03-04 11:49:19 [Info] [864] Ipc init: 0
2026-03-04 11:49:19 [Info] [864] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-04 11:49:19 [Info] [864] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-04 11:49:19 [Info] [864] start ipc thread id[3932]
2026-03-04 11:49:19 [Info] [864] Connect Yundun ipc server return state is 0
2026-03-04 11:49:19 [Info] [864] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-04 11:49:19 [Info] [864] CResourceMonitor::run Enter
2026-03-04 11:49:19 [Info] [864] CIpcMsgHandlerMgr::run Enter
2026-03-04 11:49:19 [Info] [864] Report thread
2026-03-04 11:49:19 [Info] [864] Monitor thread
2026-03-04 11:49:19 [Info] [864] Loader thread
2026-03-04 11:49:19 [Info] [864] PythonEngineImpl Init...
2026-03-04 11:49:19 [Info] [864] yundun connected
2026-03-04 11:49:19 [Info] [864] recvmsg: HELLO
2026-03-04 11:49:19 [Info] [864] recvmsg: WORK
2026-03-04 11:49:19 [Info] [864] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 11:49:19 [Info] [864] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 11:49:19 [Info] [864] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 11:49:20 [Info] [864] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 11:49:20 [Info] [864] log fd cnt is [250], real fd cnt is [282]
2026-03-04 11:49:20 [Info] [864] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-04 11:49:20 [Info] [864] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-04 11:49:21 [Info] [864] log memory size is 20480KB, real memory size is 14596KB
2026-03-04 11:49:21 [Info] [864] item: --tcp-connect-check
2026-03-04 11:49:21 [Info] [864] cgroup name aegisRtap0
2026-03-04 11:49:21 [Info] [864] try get sys version
2026-03-04 11:49:21 [Info] [864] win sys info:2/10:0:3
2026-03-04 11:49:21 [Info] [864] suit legal version, enable cpu control
2026-03-04 11:49:21 [Info] [864] get AssignProcessToJobObject handle [00000478]
2026-03-04 11:49:21 [Info] [864] Set setJobExtended.
2026-03-04 11:49:21 [Info] [864] Set cpu [9%]
2026-03-04 11:49:21 [Info] [864] Set cpu success
2026-03-04 11:49:21 [Info] [864] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-04 11:49:21 [Info] [864] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-04 11:49:21 [Info] [864] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 11:49:21 [Info] [864] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 11:49:21 [Info] [864] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0
2026-03-04 11:49:21 [Info] [864] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5
2026-03-04 11:49:22 [Info] [864] Prepare stage1: --tcp-connect-check
2026-03-04 11:49:22 [Info] [864] Prepare stage2
2026-03-04 11:49:25 [Info] [864] stage3: --tcp-connect-check
2026-03-04 11:49:25 [Info] [864] Loader after check
2026-03-04 11:49:26 [Info] [864] Enter reuse wait state.
2026-03-04 11:49:31 [Info] [864] recvmsg: EXIT
2026-03-04 11:49:31 [Info] [864] Recv Exit Msg, Exit...
2026-03-04 16:38:15 [Info] [5088] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-04 16:38:15 [Info] [5088] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap115051772613476 
2026-03-04 16:38:15 [Info] [5088] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-04 16:38:15 [Info] [5088] Resource monitor start
2026-03-04 16:38:15 [Info] [5088] ipc client init success
2026-03-04 16:38:15 [Info] [5088] Ipc init: 0
2026-03-04 16:38:15 [Info] [5088] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-04 16:38:15 [Info] [5088] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-04 16:38:15 [Info] [5088] start ipc thread id[2636]
2026-03-04 16:38:15 [Info] [5088] Connect Yundun ipc server return state is 0
2026-03-04 16:38:15 [Info] [5088] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-04 16:38:15 [Info] [5088] CResourceMonitor::run Enter
2026-03-04 16:38:15 [Info] [5088] CIpcMsgHandlerMgr::run Enter
2026-03-04 16:38:15 [Info] [5088] Report thread
2026-03-04 16:38:15 [Info] [5088] Monitor thread
2026-03-04 16:38:15 [Info] [5088] Loader thread
2026-03-04 16:38:15 [Info] [5088] PythonEngineImpl Init...
2026-03-04 16:38:15 [Info] [5088] yundun connected
2026-03-04 16:38:16 [Info] [5088] recvmsg: HELLO
2026-03-04 16:38:16 [Info] [5088] log fd cnt is [250], real fd cnt is [263]
2026-03-04 16:38:16 [Info] [5088] recvmsg: WORK
2026-03-04 16:38:16 [Info] [5088] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 16:38:16 [Info] [5088] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 16:38:16 [Info] [5088] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 16:38:16 [Info] [5088] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 16:38:17 [Info] [5088] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-04 16:38:17 [Info] [5088] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-04 16:38:17 [Info] [5088] log memory size is 20480KB, real memory size is 14508KB
2026-03-04 16:38:18 [Info] [5088] item: --windows-sysinfoext-check
2026-03-04 16:38:18 [Info] [5088] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-04 16:38:18 [Info] [5088] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-04 16:38:18 [Info] [5088] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 16:38:18 [Info] [5088] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 16:38:18 [Info] [5088] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-04 16:38:18 [Info] [5088] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-04 16:38:18 [Info] [5088] Prepare stage1: --windows-sysinfoext-check
2026-03-04 16:38:18 [Info] [5088] Prepare stage2
2026-03-04 16:38:20 [Info] [5088] stage3: --windows-sysinfoext-check
2026-03-04 16:38:20 [Info] [5088] Loader after check
2026-03-04 16:38:20 [Warn] [5088] high cpu, cpu is 13
2026-03-04 16:38:20 [Info] [5088] try get sys version
2026-03-04 16:38:20 [Info] [5088] win sys info:2/10:0:3
2026-03-04 16:38:20 [Info] [5088] suit legal version, enable cpu control
2026-03-04 16:38:20 [Warn] [5088] High CPU Warning: 13
2026-03-04 16:38:20 [Warn] [5088] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-04 16:38:21 [Info] [5088] Enter reuse wait state.
2026-03-04 16:38:21 [Info] [5088] log memory size is 30720KB, real memory size is 22972KB
2026-03-04 16:38:22 [Info] [5088] recvmsg: EXIT
2026-03-04 16:38:22 [Info] [5088] Recv Exit Msg, Exit...
2026-03-04 19:41:19 [Info] [1356] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-04 19:41:19 [Info] [1356] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap146681772624479 
2026-03-04 19:41:19 [Info] [1356] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-04 19:41:19 [Info] [1356] Resource monitor start
2026-03-04 19:41:19 [Info] [1356] ipc client init success
2026-03-04 19:41:19 [Info] [1356] Ipc init: 0
2026-03-04 19:41:19 [Info] [1356] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-04 19:41:19 [Info] [1356] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-04 19:41:19 [Info] [1356] start ipc thread id[1480]
2026-03-04 19:41:19 [Info] [1356] Connect Yundun ipc server return state is 0
2026-03-04 19:41:19 [Info] [1356] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-04 19:41:19 [Info] [1356] CResourceMonitor::run Enter
2026-03-04 19:41:19 [Info] [1356] CIpcMsgHandlerMgr::run Enter
2026-03-04 19:41:19 [Info] [1356] Report thread
2026-03-04 19:41:19 [Info] [1356] Monitor thread
2026-03-04 19:41:19 [Info] [1356] Loader thread
2026-03-04 19:41:19 [Info] [1356] PythonEngineImpl Init...
2026-03-04 19:41:20 [Info] [1356] yundun connected
2026-03-04 19:41:20 [Info] [1356] recvmsg: HELLO
2026-03-04 19:41:20 [Info] [1356] recvmsg: WORK
2026-03-04 19:41:20 [Info] [1356] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 19:41:20 [Info] [1356] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 19:41:20 [Info] [1356] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 19:41:20 [Info] [1356] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 19:41:21 [Info] [1356] log fd cnt is [250], real fd cnt is [282]
2026-03-04 19:41:21 [Info] [1356] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-04 19:41:21 [Info] [1356] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-04 19:41:22 [Info] [1356] log memory size is 20480KB, real memory size is 14588KB
2026-03-04 19:41:22 [Info] [1356] item: --secnet_rasp_agent
2026-03-04 19:41:22 [Info] [1356] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-04 19:41:22 [Info] [1356] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-04 19:41:22 [Info] [1356] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-03-04 19:41:22 [Info] [1356] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-03-04 19:41:22 [Info] [1356] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-03-04 19:41:22 [Info] [1356] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-03-04 19:41:22 [Info] [1356] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-03-04 19:41:22 [Info] [1356] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-03-04 19:41:22 [Info] [1356] Download redirect files success.
2026-03-04 19:41:22 [Info] [1356] Prepare stage1: --secnet_rasp_agent
2026-03-04 19:41:22 [Info] [1356] Prepare stage2
2026-03-04 19:41:23 [Warn] [1356] high cpu, cpu is 12
2026-03-04 19:41:23 [Info] [1356] try get sys version
2026-03-04 19:41:23 [Info] [1356] win sys info:2/10:0:3
2026-03-04 19:41:23 [Info] [1356] suit legal version, enable cpu control
2026-03-04 19:41:23 [Warn] [1356] High CPU Warning: 12
2026-03-04 19:41:23 [Warn] [1356] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:subprocess.py line: 125 in func: _eintr_retry_call
File:subprocess.py line: 475 in func: communicate
File:subprocess.py line: 217 in func: check_output
File:secnet_rasp_agent_lib.py line: 55 in func: read_host_uuid
File:secnet_rasp_agent.py line: 218 in func: main
File:secnet_rasp_agent.py line: 240 in func: start
2026-03-04 19:41:23 [Info] [1356] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-04 19:41:23 [Info] [1356] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-04 19:41:23 [Info] [1356] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 19:41:23 [Info] [1356] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 19:41:23 [Info] [1356] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-03-04 19:41:23 [Info] [1356] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-04 19:41:23 [Info] [1356] stage3: --secnet_rasp_agent
2026-03-04 19:41:23 [Info] [1356] Loader after check
2026-03-04 19:41:24 [Info] [1356] Enter reuse wait state.
2026-03-04 19:41:26 [Info] [1356] log memory size is 30720KB, real memory size is 21168KB
2026-03-04 19:41:27 [Info] [1356] recvmsg: EXIT
2026-03-04 19:41:27 [Info] [1356] Recv Exit Msg, Exit...
2026-03-04 22:08:07 [Info] [5024] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-04 22:08:07 [Info] [5024] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap105751772633260 
2026-03-04 22:08:07 [Info] [5024] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-04 22:08:07 [Info] [5024] Resource monitor start
2026-03-04 22:08:07 [Info] [5024] ipc client init success
2026-03-04 22:08:07 [Info] [5024] Ipc init: 0
2026-03-04 22:08:07 [Info] [5024] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-04 22:08:07 [Info] [5024] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-04 22:08:07 [Info] [5024] start ipc thread id[2504]
2026-03-04 22:08:07 [Info] [5024] Connect Yundun ipc server return state is 0
2026-03-04 22:08:07 [Info] [5024] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-04 22:08:08 [Info] [5024] CResourceMonitor::run Enter
2026-03-04 22:08:08 [Info] [5024] CIpcMsgHandlerMgr::run Enter
2026-03-04 22:08:08 [Info] [5024] yundun connected
2026-03-04 22:08:08 [Info] [5024] Report thread
2026-03-04 22:08:08 [Info] [5024] Monitor thread
2026-03-04 22:08:08 [Info] [5024] Loader thread
2026-03-04 22:08:08 [Info] [5024] PythonEngineImpl Init...
2026-03-04 22:08:08 [Info] [5024] recvmsg: HELLO
2026-03-04 22:08:09 [Info] [5024] recvmsg: WORK
2026-03-04 22:08:09 [Info] [5024] log fd cnt is [250], real fd cnt is [263]
2026-03-04 22:08:09 [Info] [5024] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 22:08:09 [Info] [5024] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 22:08:09 [Info] [5024] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 22:08:10 [Info] [5024] log memory size is 20480KB, real memory size is 13352KB
2026-03-04 22:08:12 [Info] [5024] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 22:08:13 [Info] [3244] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-04 22:08:13 [Info] [3244] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap106761772633291 
2026-03-04 22:08:13 [Info] [3244] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-04 22:08:13 [Info] [3244] Resource monitor start
2026-03-04 22:08:13 [Info] [3244] ipc client init success
2026-03-04 22:08:13 [Info] [3244] Ipc init: 0
2026-03-04 22:08:13 [Info] [3244] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-04 22:08:13 [Info] [3244] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-04 22:08:13 [Info] [3244] start ipc thread id[4084]
2026-03-04 22:08:13 [Info] [3244] Connect Yundun ipc server return state is 0
2026-03-04 22:08:13 [Info] [3244] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-04 22:08:14 [Info] [3244] CResourceMonitor::run Enter
2026-03-04 22:08:14 [Info] [3244] CIpcMsgHandlerMgr::run Enter
2026-03-04 22:08:14 [Info] [3244] yundun connected
2026-03-04 22:08:14 [Info] [3244] Report thread
2026-03-04 22:08:14 [Info] [3244] Monitor thread
2026-03-04 22:08:14 [Info] [3244] Loader thread
2026-03-04 22:08:14 [Info] [3244] PythonEngineImpl Init...
2026-03-04 22:08:14 [Info] [5024] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-04 22:08:14 [Info] [5024] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-04 22:08:15 [Info] [3244] recvmsg: HELLO
2026-03-04 22:08:15 [Info] [3244] recvmsg: WORK
2026-03-04 22:08:15 [Info] [3244] log fd cnt is [250], real fd cnt is [263]
2026-03-04 22:08:16 [Info] [3244] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 22:08:16 [Info] [3244] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-04 22:08:16 [Info] [3244] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 22:08:17 [Info] [3244] log memory size is 20480KB, real memory size is 13412KB
2026-03-04 22:08:17 [Info] [3244] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 22:08:17 [Info] [3244] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-04 22:08:17 [Info] [3244] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-04 22:08:19 [Info] [5024] item: --windows-sysinfoext-check
2026-03-04 22:08:19 [Info] [5024] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-04 22:08:19 [Info] [5024] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-04 22:08:19 [Info] [5024] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 22:08:20 [Info] [5024] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 22:08:20 [Info] [5024] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-04 22:08:20 [Info] [5024] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-04 22:08:20 [Info] [5024] Prepare stage1: --windows-sysinfoext-check
2026-03-04 22:08:20 [Info] [5024] Prepare stage2
2026-03-04 22:08:21 [Info] [3244] item: --windows-vul-check
2026-03-04 22:08:21 [Info] [3244] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-04 22:08:21 [Info] [5024] log memory size is 30720KB, real memory size is 20604KB
2026-03-04 22:08:21 [Info] [3244] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-04 22:08:22 [Info] [3244] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py
2026-03-04 22:08:22 [Info] [3244] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-03-04 22:08:22 [Info] [3244] Download redirect files success.
2026-03-04 22:08:22 [Info] [3244] Prepare stage1: --windows-vul-check
2026-03-04 22:08:22 [Info] [3244] Prepare stage2
2026-03-04 22:08:24 [Info] [3244] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat
2026-03-04 22:08:24 [Info] [3244] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat
2026-03-04 22:08:24 [Info] [3244] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-04 22:08:24 [Info] [3244] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-04 22:08:24 [Info] [3244] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5
2026-03-04 22:08:24 [Info] [3244] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5
2026-03-04 22:08:25 [Info] [3244] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0
2026-03-04 22:08:25 [Info] [3244] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0
2026-03-04 22:08:25 [Info] [3244] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat
2026-03-04 22:08:25 [Info] [3244] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat
2026-03-04 22:08:26 [Info] [3244] log memory size is 30720KB, real memory size is 23636KB
2026-03-04 22:08:26 [Info] [3244] stage3: --windows-vul-check
2026-03-04 22:08:26 [Info] [3244] Loader after check
2026-03-04 22:08:27 [Info] [3244] Enter reuse wait state.
2026-03-04 22:08:28 [Info] [5024] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-04 22:08:28 [Info] [3244] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-04 22:08:32 [Info] [3244] recvmsg: EXIT
2026-03-04 22:08:32 [Info] [3244] Recv Exit Msg, Exit...
2026-03-04 22:08:52 [Info] [5024] stage3: --windows-sysinfoext-check
2026-03-04 22:08:52 [Info] [5024] Loader after check
2026-03-04 22:08:53 [Info] [5024] Enter reuse wait state.
2026-03-04 22:08:55 [Info] [5024] recvmsg: EXIT
2026-03-04 22:08:55 [Info] [5024] Recv Exit Msg, Exit...
2026-03-11 02:18:41 [Info] [3976] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-11 02:18:41 [Info] [3976] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap159011773166712 
2026-03-11 02:18:41 [Info] [3976] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-11 02:18:41 [Info] [3976] Resource monitor start
2026-03-11 02:18:41 [Info] [3976] ipc client init success
2026-03-11 02:18:41 [Info] [3976] Ipc init: 0
2026-03-11 02:18:41 [Info] [3976] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-11 02:18:41 [Info] [3976] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-11 02:18:41 [Info] [3976] start ipc thread id[3984]
2026-03-11 02:18:41 [Info] [3976] Connect Yundun ipc server return state is 0
2026-03-11 02:18:41 [Info] [3976] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-11 02:18:41 [Info] [3976] CResourceMonitor::run Enter
2026-03-11 02:18:41 [Info] [3976] CIpcMsgHandlerMgr::run Enter
2026-03-11 02:18:41 [Info] [3976] Report thread
2026-03-11 02:18:41 [Info] [3976] Monitor thread
2026-03-11 02:18:41 [Info] [3976] Loader thread
2026-03-11 02:18:41 [Info] [3976] PythonEngineImpl Init...
2026-03-11 02:18:46 [Info] [3976] yundun connected
2026-03-11 02:18:47 [Info] [3976] log fd cnt is [250], real fd cnt is [258]
2026-03-11 02:18:47 [Info] [3976] recvmsg: HELLO
2026-03-11 02:18:47 [Info] [3976] recvmsg: WORK
2026-03-11 02:18:48 [Info] [3976] log memory size is 20480KB, real memory size is 11044KB
2026-03-11 02:18:51 [Info] [3976] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 02:18:51 [Info] [3976] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 02:18:51 [Info] [3976] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 02:19:08 [Warn] [3976] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-03-11 02:19:18 [Warn] [3976] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-03-11 02:19:29 [Warn] [3976] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-03-11 02:19:29 [Info] [3976] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 02:19:29 [Info] [3976] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-11 02:19:29 [Info] [3976] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-11 02:19:30 [Info] [3976] item: --windows-sysinfoext-check
2026-03-11 02:19:30 [Info] [3976] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-11 02:19:30 [Info] [3976] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-11 02:19:30 [Info] [3976] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 02:19:30 [Info] [3976] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 02:19:30 [Info] [3976] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-11 02:19:30 [Info] [3976] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-11 02:19:30 [Info] [3976] Prepare stage1: --windows-sysinfoext-check
2026-03-11 02:19:30 [Info] [3976] Prepare stage2
2026-03-11 02:19:32 [Warn] [3976] high cpu, cpu is 17
2026-03-11 02:19:32 [Info] [3976] try get sys version
2026-03-11 02:19:32 [Info] [3976] win sys info:2/10:0:3
2026-03-11 02:19:32 [Info] [3976] suit legal version, enable cpu control
2026-03-11 02:19:32 [Warn] [3976] High CPU Warning: 17
2026-03-11 02:19:32 [Warn] [3976] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-03-11 02:19:32 [Info] [3976] stage3: --windows-sysinfoext-check
2026-03-11 02:19:32 [Info] [3976] Loader after check
2026-03-11 02:19:33 [Info] [3976] log memory size is 30720KB, real memory size is 22924KB
2026-03-11 02:19:33 [Info] [3976] Enter reuse wait state.
2026-03-11 02:19:35 [Info] [3976] recvmsg: EXIT
2026-03-11 02:19:35 [Info] [3976] Recv Exit Msg, Exit...
2026-03-11 07:46:36 [Info] [4656] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-11 07:46:36 [Info] [4656] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap145991773186382 
2026-03-11 07:46:36 [Info] [4656] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-11 07:46:36 [Info] [4656] Resource monitor start
2026-03-11 07:46:36 [Info] [4656] ipc client init success
2026-03-11 07:46:36 [Info] [4656] Ipc init: 0
2026-03-11 07:46:36 [Info] [4656] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-11 07:46:36 [Info] [4656] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-11 07:46:36 [Info] [4656] CResourceMonitor::run Enter
2026-03-11 07:46:36 [Info] [4656] CIpcMsgHandlerMgr::run Enter
2026-03-11 07:46:36 [Info] [4656] start ipc thread id[2328]
2026-03-11 07:46:36 [Info] [4656] Connect Yundun ipc server return state is 0
2026-03-11 07:46:37 [Info] [4656] yundun connected
2026-03-11 07:46:37 [Info] [4656] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-11 07:46:37 [Info] [4656] Report thread
2026-03-11 07:46:37 [Info] [4656] Monitor thread
2026-03-11 07:46:37 [Info] [4656] Loader thread
2026-03-11 07:46:37 [Info] [4656] PythonEngineImpl Init...
2026-03-11 07:46:37 [Info] [4656] recvmsg: HELLO
2026-03-11 07:46:37 [Info] [4656] recvmsg: WORK
2026-03-11 07:46:37 [Info] [4656] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 07:46:37 [Info] [4656] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 07:46:37 [Info] [4656] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 07:46:38 [Info] [4656] log fd cnt is [250], real fd cnt is [282]
2026-03-11 07:46:38 [Info] [4656] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 07:46:38 [Info] [4656] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-11 07:46:38 [Info] [4656] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-11 07:46:39 [Info] [4656] log memory size is 20480KB, real memory size is 14616KB
2026-03-11 07:46:39 [Info] [4656] item: --windows-sysinfoext-check
2026-03-11 07:46:39 [Info] [4656] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-11 07:46:39 [Info] [4656] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-11 07:46:39 [Info] [4656] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 07:46:39 [Info] [4656] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 07:46:39 [Info] [4656] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-11 07:46:39 [Info] [4656] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-11 07:46:39 [Info] [4656] Prepare stage1: --windows-sysinfoext-check
2026-03-11 07:46:39 [Info] [4656] Prepare stage2
2026-03-11 07:46:42 [Info] [4656] stage3: --windows-sysinfoext-check
2026-03-11 07:46:42 [Info] [4656] Loader after check
2026-03-11 07:46:43 [Info] [4656] log memory size is 30720KB, real memory size is 22920KB
2026-03-11 07:46:44 [Info] [4656] Enter reuse wait state.
2026-03-11 07:46:48 [Info] [4656] recvmsg: EXIT
2026-03-11 07:46:48 [Info] [4656] Recv Exit Msg, Exit...
2026-03-11 08:05:31 [Info] [4196] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-11 08:05:31 [Info] [4196] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap183511773187531 
2026-03-11 08:05:31 [Info] [4196] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-11 08:05:31 [Info] [4196] Resource monitor start
2026-03-11 08:05:31 [Info] [4196] ipc client init success
2026-03-11 08:05:31 [Info] [4196] Ipc init: 0
2026-03-11 08:05:31 [Info] [4196] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-11 08:05:31 [Info] [4196] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-11 08:05:31 [Info] [4196] start ipc thread id[336]
2026-03-11 08:05:31 [Info] [4196] Connect Yundun ipc server return state is 0
2026-03-11 08:05:31 [Info] [4196] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-11 08:05:31 [Info] [4196] CResourceMonitor::run Enter
2026-03-11 08:05:31 [Info] [4196] CIpcMsgHandlerMgr::run Enter
2026-03-11 08:05:31 [Info] [4196] Report thread
2026-03-11 08:05:31 [Info] [4196] Monitor thread
2026-03-11 08:05:31 [Info] [4196] Loader thread
2026-03-11 08:05:31 [Info] [4196] PythonEngineImpl Init...
2026-03-11 08:05:31 [Info] [4196] yundun connected
2026-03-11 08:05:31 [Info] [4196] recvmsg: HELLO
2026-03-11 08:05:31 [Info] [4196] recvmsg: WORK
2026-03-11 08:05:31 [Info] [4196] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 08:05:31 [Info] [4196] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 08:05:31 [Info] [4196] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 08:05:32 [Info] [4196] log fd cnt is [250], real fd cnt is [282]
2026-03-11 08:05:32 [Info] [4196] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 08:05:32 [Info] [4196] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-11 08:05:32 [Info] [4196] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-11 08:05:33 [Info] [4196] log memory size is 20480KB, real memory size is 14556KB
2026-03-11 08:05:33 [Info] [4196] item: --windows-vul-clean
2026-03-11 08:05:33 [Info] [4196] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-11 08:05:33 [Info] [4196] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-11 08:05:33 [Info] [4196] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 08:05:33 [Info] [4196] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 08:05:33 [Info] [4196] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0
2026-03-11 08:05:33 [Info] [4196] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5
2026-03-11 08:05:33 [Info] [4196] Prepare stage1: --windows-vul-clean
2026-03-11 08:05:33 [Info] [4196] Prepare stage2
2026-03-11 08:05:34 [Info] [4196] stage3: --windows-vul-clean
2026-03-11 08:05:34 [Info] [4196] Loader after check
2026-03-11 08:05:35 [Info] [4196] Enter reuse wait state.
2026-03-11 08:05:38 [Info] [4196] recvmsg: EXIT
2026-03-11 08:05:38 [Info] [4196] Recv Exit Msg, Exit...
2026-03-11 08:57:24 [Info] [3612] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-11 08:57:24 [Info] [3612] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap285171773190644 
2026-03-11 08:57:24 [Info] [3612] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-11 08:57:24 [Info] [3612] Resource monitor start
2026-03-11 08:57:24 [Info] [3612] ipc client init success
2026-03-11 08:57:24 [Info] [3612] Ipc init: 0
2026-03-11 08:57:24 [Info] [3612] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-11 08:57:24 [Info] [3612] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-11 08:57:24 [Info] [3612] start ipc thread id[92]
2026-03-11 08:57:24 [Info] [3612] Connect Yundun ipc server return state is 0
2026-03-11 08:57:24 [Info] [3612] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-11 08:57:24 [Info] [3612] CResourceMonitor::run Enter
2026-03-11 08:57:24 [Info] [3612] CIpcMsgHandlerMgr::run Enter
2026-03-11 08:57:24 [Info] [3612] Report thread
2026-03-11 08:57:24 [Info] [3612] Monitor thread
2026-03-11 08:57:24 [Info] [3612] Loader thread
2026-03-11 08:57:24 [Info] [3612] PythonEngineImpl Init...
2026-03-11 08:57:24 [Info] [3612] yundun connected
2026-03-11 08:57:24 [Info] [3612] recvmsg: HELLO
2026-03-11 08:57:24 [Info] [3612] recvmsg: WORK
2026-03-11 08:57:24 [Info] [3612] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 08:57:24 [Info] [3612] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 08:57:24 [Info] [3612] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 08:57:24 [Info] [3612] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 08:57:25 [Info] [3612] log fd cnt is [250], real fd cnt is [282]
2026-03-11 08:57:25 [Info] [3612] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-11 08:57:25 [Info] [3612] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-11 08:57:26 [Info] [3612] log memory size is 20480KB, real memory size is 14584KB
2026-03-11 08:57:26 [Info] [3612] item: --windows-process-check
2026-03-11 08:57:26 [Info] [3612] cgroup name aegisRtap0
2026-03-11 08:57:26 [Info] [3612] try get sys version
2026-03-11 08:57:26 [Info] [3612] win sys info:2/10:0:3
2026-03-11 08:57:26 [Info] [3612] suit legal version, enable cpu control
2026-03-11 08:57:26 [Info] [3612] get AssignProcessToJobObject handle [00000478]
2026-03-11 08:57:26 [Info] [3612] Set setJobExtended.
2026-03-11 08:57:26 [Info] [3612] Set cpu [9%]
2026-03-11 08:57:26 [Info] [3612] Set cpu success
2026-03-11 08:57:26 [Info] [3612] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-11 08:57:26 [Info] [3612] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-11 08:57:26 [Info] [3612] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 08:57:26 [Info] [3612] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 08:57:26 [Info] [3612] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0
2026-03-11 08:57:26 [Info] [3612] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5
2026-03-11 08:57:26 [Info] [3612] Prepare stage1: --windows-process-check
2026-03-11 08:57:26 [Info] [3612] Prepare stage2
2026-03-11 08:57:38 [Info] [3612] log memory size is 30720KB, real memory size is 20528KB
2026-03-11 08:57:44 [Info] [3612] stage3: --windows-process-check
2026-03-11 08:57:44 [Info] [3612] Loader after check
2026-03-11 08:57:45 [Info] [3612] Enter reuse wait state.
2026-03-11 08:57:47 [Info] [3612] recvmsg: EXIT
2026-03-11 08:57:47 [Info] [3612] Recv Exit Msg, Exit...
2026-03-11 10:35:28 [Info] [2236] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-11 10:35:28 [Info] [2236] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap149541773196525 
2026-03-11 10:35:28 [Info] [2236] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-11 10:35:28 [Info] [2236] Resource monitor start
2026-03-11 10:35:28 [Info] [2236] ipc client init success
2026-03-11 10:35:28 [Info] [2236] Ipc init: 0
2026-03-11 10:35:28 [Info] [2236] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-11 10:35:28 [Info] [2236] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-11 10:35:28 [Info] [2236] CResourceMonitor::run Enter
2026-03-11 10:35:28 [Info] [2236] CIpcMsgHandlerMgr::run Enter
2026-03-11 10:35:28 [Info] [2236] start ipc thread id[3120]
2026-03-11 10:35:28 [Info] [2236] Connect Yundun ipc server return state is 0
2026-03-11 10:35:28 [Info] [2236] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-11 10:35:28 [Info] [2236] yundun connected
2026-03-11 10:35:28 [Info] [2236] Report thread
2026-03-11 10:35:28 [Info] [2236] Monitor thread
2026-03-11 10:35:28 [Info] [2236] Loader thread
2026-03-11 10:35:28 [Info] [2236] PythonEngineImpl Init...
2026-03-11 10:35:28 [Info] [2236] recvmsg: HELLO
2026-03-11 10:35:28 [Info] [2236] recvmsg: WORK
2026-03-11 10:35:29 [Info] [2236] log fd cnt is [250], real fd cnt is [263]
2026-03-11 10:35:29 [Info] [2236] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 10:35:29 [Info] [2236] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 10:35:29 [Info] [2236] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 10:35:29 [Info] [2236] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 10:35:29 [Info] [2236] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-11 10:35:29 [Info] [2236] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-11 10:35:30 [Info] [2236] log memory size is 20480KB, real memory size is 14476KB
2026-03-11 10:35:31 [Info] [2236] item: --windows-driver-version-check
2026-03-11 10:35:31 [Info] [2236] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-11 10:35:31 [Info] [2236] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-11 10:35:31 [Info] [2236] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 10:35:31 [Info] [2236] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 10:35:31 [Info] [2236] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0
2026-03-11 10:35:31 [Info] [2236] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5
2026-03-11 10:35:31 [Info] [2236] Prepare stage1: --windows-driver-version-check
2026-03-11 10:35:31 [Info] [2236] Prepare stage2
2026-03-11 10:35:32 [Info] [2236] stage3: --windows-driver-version-check
2026-03-11 10:35:32 [Info] [2236] Loader after check
2026-03-11 10:35:33 [Info] [2236] Enter reuse wait state.
2026-03-11 10:35:35 [Info] [2236] recvmsg: EXIT
2026-03-11 10:35:35 [Info] [2236] Recv Exit Msg, Exit...
2026-03-11 10:44:09 [Info] [4436] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-11 10:44:09 [Info] [4436] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap166651773197049 
2026-03-11 10:44:09 [Info] [4436] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-11 10:44:09 [Info] [4436] Resource monitor start
2026-03-11 10:44:09 [Info] [4436] ipc client init success
2026-03-11 10:44:09 [Info] [4436] Ipc init: 0
2026-03-11 10:44:09 [Info] [4436] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-11 10:44:09 [Info] [4436] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-11 10:44:09 [Info] [4436] start ipc thread id[3976]
2026-03-11 10:44:09 [Info] [4436] Connect Yundun ipc server return state is 0
2026-03-11 10:44:09 [Info] [4436] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-11 10:44:09 [Info] [4436] CResourceMonitor::run Enter
2026-03-11 10:44:09 [Info] [4436] CIpcMsgHandlerMgr::run Enter
2026-03-11 10:44:09 [Info] [4436] Report thread
2026-03-11 10:44:09 [Info] [4436] Monitor thread
2026-03-11 10:44:09 [Info] [4436] Loader thread
2026-03-11 10:44:09 [Info] [4436] PythonEngineImpl Init...
2026-03-11 10:44:09 [Info] [4436] yundun connected
2026-03-11 10:44:09 [Info] [4436] recvmsg: HELLO
2026-03-11 10:44:10 [Info] [4436] recvmsg: WORK
2026-03-11 10:44:10 [Info] [4436] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 10:44:10 [Info] [4436] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 10:44:10 [Info] [4436] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 10:44:10 [Info] [4436] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 10:44:10 [Info] [4436] log fd cnt is [250], real fd cnt is [286]
2026-03-11 10:44:10 [Info] [4436] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-11 10:44:10 [Info] [4436] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-11 10:44:11 [Info] [4436] log memory size is 20480KB, real memory size is 14492KB
2026-03-11 10:44:11 [Info] [4436] item: --windows-registry-check
2026-03-11 10:44:11 [Info] [4436] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-11 10:44:11 [Info] [4436] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-11 10:44:11 [Info] [4436] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 10:44:11 [Info] [4436] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 10:44:12 [Info] [4436] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0
2026-03-11 10:44:12 [Info] [4436] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5
2026-03-11 10:44:12 [Info] [4436] Prepare stage1: --windows-registry-check
2026-03-11 10:44:12 [Info] [4436] Prepare stage2
2026-03-11 10:44:12 [Warn] [4436] high cpu, cpu is 12
2026-03-11 10:44:12 [Info] [4436] try get sys version
2026-03-11 10:44:12 [Info] [4436] win sys info:2/10:0:3
2026-03-11 10:44:12 [Info] [4436] suit legal version, enable cpu control
2026-03-11 10:44:12 [Warn] [4436] High CPU Warning: 12
2026-03-11 10:44:12 [Warn] [4436] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:windows-registry-check.py line: 648 in func: EnumRegKeyValue
File:windows-registry-check.py line: 761 in func: OnWork
File:windows-registry-check.py line: 792 in func: check
File:windows-registry-check.py line: 379 in func: main
File:windows-registry-check.py line: 803 in func: start
2026-03-11 10:44:14 [Info] [2996] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-11 10:44:14 [Info] [2996] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap166811773197054 
2026-03-11 10:44:14 [Info] [2996] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-11 10:44:14 [Info] [2996] Resource monitor start
2026-03-11 10:44:14 [Info] [2996] ipc client init success
2026-03-11 10:44:14 [Info] [2996] Ipc init: 0
2026-03-11 10:44:14 [Info] [2996] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-11 10:44:14 [Info] [2996] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-11 10:44:14 [Info] [2996] start ipc thread id[2788]
2026-03-11 10:44:14 [Info] [2996] Connect Yundun ipc server return state is 0
2026-03-11 10:44:14 [Info] [2996] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-11 10:44:14 [Info] [2996] CResourceMonitor::run Enter
2026-03-11 10:44:14 [Info] [2996] CIpcMsgHandlerMgr::run Enter
2026-03-11 10:44:14 [Info] [2996] Report thread
2026-03-11 10:44:14 [Info] [2996] Monitor thread
2026-03-11 10:44:14 [Info] [2996] Loader thread
2026-03-11 10:44:14 [Info] [2996] PythonEngineImpl Init...
2026-03-11 10:44:14 [Info] [2996] yundun connected
2026-03-11 10:44:15 [Info] [2996] recvmsg: HELLO
2026-03-11 10:44:15 [Info] [2996] recvmsg: WORK
2026-03-11 10:44:15 [Info] [2996] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 10:44:15 [Info] [2996] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 10:44:15 [Info] [2996] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 10:44:15 [Info] [2996] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 10:44:15 [Info] [2996] log fd cnt is [250], real fd cnt is [282]
2026-03-11 10:44:15 [Info] [2996] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-11 10:44:15 [Info] [2996] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-11 10:44:16 [Info] [2996] log memory size is 20480KB, real memory size is 14536KB
2026-03-11 10:44:16 [Info] [2996] item: --windows-schedule-task-check
2026-03-11 10:44:16 [Info] [2996] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-11 10:44:16 [Info] [2996] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-11 10:44:16 [Info] [2996] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 10:44:16 [Info] [2996] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 10:44:17 [Info] [2996] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0
2026-03-11 10:44:17 [Info] [2996] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5
2026-03-11 10:44:17 [Info] [2996] Prepare stage1: --windows-schedule-task-check
2026-03-11 10:44:17 [Info] [2996] Prepare stage2
2026-03-11 10:44:20 [Info] [2996] log memory size is 30720KB, real memory size is 23168KB
2026-03-11 10:44:41 [Info] [4436] stage3: --windows-registry-check
2026-03-11 10:44:41 [Info] [4436] Loader after check
2026-03-11 10:44:42 [Info] [4436] Enter reuse wait state.
2026-03-11 10:44:46 [Info] [4436] recvmsg: EXIT
2026-03-11 10:44:46 [Info] [4436] Recv Exit Msg, Exit...
2026-03-11 10:44:49 [Info] [2996] stage3: --windows-schedule-task-check
2026-03-11 10:44:49 [Info] [2996] Loader after check
2026-03-11 10:44:50 [Info] [2996] Enter reuse wait state.
2026-03-11 10:44:52 [Info] [2996] recvmsg: EXIT
2026-03-11 10:44:52 [Info] [2996] Recv Exit Msg, Exit...
2026-03-11 10:52:08 [Info] [3112] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-11 10:52:08 [Info] [3112] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap182291773197528 
2026-03-11 10:52:08 [Info] [3112] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-11 10:52:08 [Info] [3112] Resource monitor start
2026-03-11 10:52:08 [Info] [3112] ipc client init success
2026-03-11 10:52:08 [Info] [3112] Ipc init: 0
2026-03-11 10:52:08 [Info] [3112] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-11 10:52:08 [Info] [3112] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-11 10:52:08 [Info] [3112] start ipc thread id[4508]
2026-03-11 10:52:08 [Info] [3112] Connect Yundun ipc server return state is 0
2026-03-11 10:52:08 [Info] [3112] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-11 10:52:08 [Info] [3112] CResourceMonitor::run Enter
2026-03-11 10:52:08 [Info] [3112] CIpcMsgHandlerMgr::run Enter
2026-03-11 10:52:08 [Info] [3112] Report thread
2026-03-11 10:52:08 [Info] [3112] Monitor thread
2026-03-11 10:52:08 [Info] [3112] Loader thread
2026-03-11 10:52:08 [Info] [3112] PythonEngineImpl Init...
2026-03-11 10:52:08 [Info] [3112] yundun connected
2026-03-11 10:52:09 [Info] [3112] recvmsg: HELLO
2026-03-11 10:52:09 [Info] [3112] recvmsg: WORK
2026-03-11 10:52:09 [Info] [3112] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 10:52:09 [Info] [3112] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 10:52:09 [Info] [3112] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 10:52:09 [Info] [3112] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 10:52:09 [Info] [3112] log fd cnt is [250], real fd cnt is [282]
2026-03-11 10:52:09 [Info] [3112] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-11 10:52:09 [Info] [3112] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-11 10:52:10 [Info] [3112] log memory size is 20480KB, real memory size is 14496KB
2026-03-11 10:52:11 [Info] [3112] item: --sca
2026-03-11 10:52:11 [Info] [3112] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-11 10:52:11 [Info] [3112] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-11 10:52:11 [Info] [3112] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py
2026-03-11 10:52:11 [Info] [3112] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py
2026-03-11 10:52:11 [Info] [3112] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py
2026-03-11 10:52:11 [Info] [3112] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py
2026-03-11 10:52:11 [Info] [3112] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py
2026-03-11 10:52:11 [Info] [3112] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py
2026-03-11 10:52:11 [Info] [3112] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py
2026-03-11 10:52:11 [Info] [3112] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py
2026-03-11 10:52:11 [Info] [3112] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py
2026-03-11 10:52:11 [Info] [3112] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py
2026-03-11 10:52:11 [Info] [3112] Download redirect files success.
2026-03-11 10:52:11 [Info] [3112] Prepare stage1: --sca
2026-03-11 10:52:11 [Info] [3112] Prepare stage2
2026-03-11 10:52:13 [Warn] [3112] high cpu, cpu is 18
2026-03-11 10:52:13 [Info] [3112] try get sys version
2026-03-11 10:52:13 [Info] [3112] win sys info:2/10:0:3
2026-03-11 10:52:13 [Info] [3112] suit legal version, enable cpu control
2026-03-11 10:52:13 [Warn] [3112] High CPU Warning: 18
2026-03-11 10:52:13 [Warn] [3112] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:sca.py line: 197 in func: init_analyzer
File:sca.py line: 390 in func: start
2026-03-11 10:52:14 [Info] [3112] log memory size is 30720KB, real memory size is 32172KB
2026-03-11 10:52:19 [Info] [3112] log memory size is 40960KB, real memory size is 32752KB
2026-03-11 10:52:49 [Info] [3112] stage3: --sca
2026-03-11 10:52:49 [Info] [3112] Loader after check
2026-03-11 10:52:50 [Info] [3112] Enter reuse wait state.
2026-03-11 10:52:52 [Info] [3112] recvmsg: EXIT
2026-03-11 10:52:52 [Info] [3112] Recv Exit Msg, Exit...
2026-03-11 11:12:20 [Info] [1756] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-11 11:12:20 [Info] [1756] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap221871773198740 
2026-03-11 11:12:20 [Info] [1756] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-11 11:12:20 [Info] [1756] Resource monitor start
2026-03-11 11:12:20 [Info] [1756] ipc client init success
2026-03-11 11:12:20 [Info] [1756] Ipc init: 0
2026-03-11 11:12:20 [Info] [1756] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-11 11:12:20 [Info] [1756] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-11 11:12:20 [Info] [1756] start ipc thread id[2436]
2026-03-11 11:12:20 [Info] [1756] Connect Yundun ipc server return state is 0
2026-03-11 11:12:20 [Info] [1756] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-11 11:12:20 [Info] [1756] CResourceMonitor::run Enter
2026-03-11 11:12:20 [Info] [1756] CIpcMsgHandlerMgr::run Enter
2026-03-11 11:12:20 [Info] [1756] Report thread
2026-03-11 11:12:20 [Info] [1756] Monitor thread
2026-03-11 11:12:20 [Info] [1756] Loader thread
2026-03-11 11:12:20 [Info] [1756] PythonEngineImpl Init...
2026-03-11 11:12:20 [Info] [1756] yundun connected
2026-03-11 11:12:20 [Info] [1756] recvmsg: HELLO
2026-03-11 11:12:20 [Info] [1756] recvmsg: WORK
2026-03-11 11:12:20 [Info] [1756] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 11:12:20 [Info] [1756] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 11:12:20 [Info] [1756] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 11:12:21 [Info] [1756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 11:12:21 [Info] [1756] log fd cnt is [250], real fd cnt is [282]
2026-03-11 11:12:21 [Info] [1756] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-11 11:12:21 [Info] [1756] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-11 11:12:22 [Info] [1756] log memory size is 20480KB, real memory size is 14576KB
2026-03-11 11:12:22 [Info] [1756] item: --windows-autorun-item-check
2026-03-11 11:12:22 [Info] [1756] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-11 11:12:22 [Info] [1756] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-11 11:12:22 [Info] [1756] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 11:12:22 [Info] [1756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 11:12:22 [Info] [1756] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0
2026-03-11 11:12:22 [Info] [1756] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5
2026-03-11 11:12:22 [Info] [1756] Prepare stage1: --windows-autorun-item-check
2026-03-11 11:12:22 [Info] [1756] Prepare stage2
2026-03-11 11:12:23 [Warn] [1756] high cpu, cpu is 15
2026-03-11 11:12:23 [Info] [1756] try get sys version
2026-03-11 11:12:23 [Info] [1756] win sys info:2/10:0:3
2026-03-11 11:12:23 [Info] [1756] suit legal version, enable cpu control
2026-03-11 11:12:23 [Warn] [1756] High CPU Warning: 15
2026-03-11 11:12:23 [Warn] [1756] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:windows-autorun-item-check.py line: 220 in func: EnumRegKeyValue
File:windows-autorun-item-check.py line: 257 in func: GetAutoRunByReg
File:windows-autorun-item-check.py line: 500 in func: check
File:windows-autorun-item-check.py line: 80 in func: main
File:windows-autorun-item-check.py line: 534 in func: start
2026-03-11 11:12:26 [Info] [1756] log memory size is 30720KB, real memory size is 22276KB
2026-03-11 11:12:33 [Info] [1756] stage3: --windows-autorun-item-check
2026-03-11 11:12:33 [Info] [1756] Loader after check
2026-03-11 11:12:34 [Info] [1756] Enter reuse wait state.
2026-03-11 11:12:35 [Info] [1756] recvmsg: EXIT
2026-03-11 11:12:35 [Info] [1756] Recv Exit Msg, Exit...
2026-03-11 11:39:00 [Info] [4528] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-11 11:39:00 [Info] [4528] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap274121773200340 
2026-03-11 11:39:00 [Info] [4528] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-11 11:39:00 [Info] [4528] Resource monitor start
2026-03-11 11:39:00 [Info] [4528] ipc client init success
2026-03-11 11:39:00 [Info] [4528] Ipc init: 0
2026-03-11 11:39:00 [Info] [4528] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-11 11:39:00 [Info] [4528] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-11 11:39:00 [Info] [4528] start ipc thread id[5056]
2026-03-11 11:39:00 [Info] [4528] Connect Yundun ipc server return state is 0
2026-03-11 11:39:00 [Info] [4528] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-11 11:39:00 [Info] [4528] CResourceMonitor::run Enter
2026-03-11 11:39:00 [Info] [4528] CIpcMsgHandlerMgr::run Enter
2026-03-11 11:39:00 [Info] [4528] yundun connected
2026-03-11 11:39:00 [Info] [4528] Report thread
2026-03-11 11:39:00 [Info] [4528] Monitor thread
2026-03-11 11:39:00 [Info] [4528] Loader thread
2026-03-11 11:39:00 [Info] [4528] PythonEngineImpl Init...
2026-03-11 11:39:01 [Info] [4528] recvmsg: HELLO
2026-03-11 11:39:01 [Info] [4528] recvmsg: WORK
2026-03-11 11:39:01 [Info] [4528] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 11:39:01 [Info] [4528] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 11:39:01 [Info] [4528] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 11:39:01 [Info] [4528] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 11:39:01 [Info] [4528] log fd cnt is [250], real fd cnt is [282]
2026-03-11 11:39:02 [Info] [4528] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-11 11:39:02 [Info] [4528] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-11 11:39:02 [Info] [4528] log memory size is 20480KB, real memory size is 14484KB
2026-03-11 11:39:03 [Info] [4528] item: --tcp-connect-check
2026-03-11 11:39:03 [Info] [4528] cgroup name aegisRtap0
2026-03-11 11:39:03 [Info] [4528] try get sys version
2026-03-11 11:39:03 [Info] [4528] win sys info:2/10:0:3
2026-03-11 11:39:03 [Info] [4528] suit legal version, enable cpu control
2026-03-11 11:39:03 [Info] [4528] get AssignProcessToJobObject handle [00000478]
2026-03-11 11:39:03 [Info] [4528] Set setJobExtended.
2026-03-11 11:39:03 [Info] [4528] Set cpu [9%]
2026-03-11 11:39:03 [Info] [4528] Set cpu success
2026-03-11 11:39:03 [Info] [4528] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-11 11:39:03 [Info] [4528] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-11 11:39:03 [Info] [4528] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 11:39:03 [Info] [4528] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 11:39:03 [Info] [4528] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0
2026-03-11 11:39:03 [Info] [4528] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5
2026-03-11 11:39:04 [Info] [4528] Prepare stage1: --tcp-connect-check
2026-03-11 11:39:04 [Info] [4528] Prepare stage2
2026-03-11 11:39:07 [Info] [4528] stage3: --tcp-connect-check
2026-03-11 11:39:07 [Info] [4528] Loader after check
2026-03-11 11:39:08 [Info] [4528] Enter reuse wait state.
2026-03-11 11:39:12 [Info] [4528] recvmsg: EXIT
2026-03-11 11:39:12 [Info] [4528] Recv Exit Msg, Exit...
2026-03-11 13:17:15 [Info] [4372] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-11 13:17:15 [Info] [4372] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap138521773206222 
2026-03-11 13:17:15 [Info] [4372] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-11 13:17:15 [Info] [4372] Resource monitor start
2026-03-11 13:17:15 [Info] [4372] ipc client init success
2026-03-11 13:17:15 [Info] [4372] Ipc init: 0
2026-03-11 13:17:15 [Info] [4372] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-11 13:17:15 [Info] [4372] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-11 13:17:15 [Info] [4372] start ipc thread id[4228]
2026-03-11 13:17:15 [Info] [4372] Connect Yundun ipc server return state is 0
2026-03-11 13:17:15 [Info] [4372] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-11 13:17:15 [Info] [4372] CResourceMonitor::run Enter
2026-03-11 13:17:15 [Info] [4372] CIpcMsgHandlerMgr::run Enter
2026-03-11 13:17:15 [Info] [4372] Report thread
2026-03-11 13:17:15 [Info] [4372] Monitor thread
2026-03-11 13:17:15 [Info] [4372] Loader thread
2026-03-11 13:17:15 [Info] [4372] PythonEngineImpl Init...
2026-03-11 13:17:20 [Info] [4372] yundun connected
2026-03-11 13:17:20 [Info] [4372] recvmsg: HELLO
2026-03-11 13:17:20 [Info] [4372] recvmsg: WORK
2026-03-11 13:17:20 [Info] [4372] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 13:17:20 [Info] [4372] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 13:17:20 [Info] [4372] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 13:17:21 [Info] [4372] log fd cnt is [250], real fd cnt is [264]
2026-03-11 13:17:22 [Info] [4372] log memory size is 20480KB, real memory size is 12920KB
2026-03-11 13:17:31 [Warn] [4372] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-03-11 13:17:41 [Warn] [4372] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-03-11 13:17:51 [Warn] [4372] http request fail : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-03-11 13:17:51 [Info] [4372] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 13:17:51 [Info] [4372] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-11 13:17:51 [Info] [4372] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-11 13:17:52 [Info] [4372] item: --windows-sysinfoext-check
2026-03-11 13:17:52 [Info] [4372] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-11 13:17:52 [Info] [4372] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-11 13:17:52 [Info] [4372] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 13:17:53 [Info] [4372] http request success : https://update-vpc-internet.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 13:17:53 [Info] [4372] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-11 13:17:53 [Info] [4372] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-11 13:17:53 [Info] [4372] Prepare stage1: --windows-sysinfoext-check
2026-03-11 13:17:53 [Info] [4372] Prepare stage2
2026-03-11 13:17:54 [Info] [4372] log memory size is 30720KB, real memory size is 22772KB
2026-03-11 13:17:56 [Info] [4372] stage3: --windows-sysinfoext-check
2026-03-11 13:17:56 [Info] [4372] Loader after check
2026-03-11 13:17:57 [Info] [4372] Enter reuse wait state.
2026-03-11 13:18:00 [Info] [4372] recvmsg: EXIT
2026-03-11 13:18:00 [Info] [4372] Recv Exit Msg, Exit...
2026-03-11 18:44:58 [Info] [2172] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-11 18:44:58 [Info] [2172] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap125401773225889 
2026-03-11 18:44:58 [Info] [2172] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-11 18:44:58 [Info] [2172] Resource monitor start
2026-03-11 18:44:58 [Info] [2172] ipc client init success
2026-03-11 18:44:58 [Info] [2172] Ipc init: 0
2026-03-11 18:44:58 [Info] [2172] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-11 18:44:59 [Info] [2172] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-11 18:44:59 [Info] [2172] start ipc thread id[2548]
2026-03-11 18:44:59 [Info] [2172] Connect Yundun ipc server return state is 0
2026-03-11 18:44:59 [Info] [2172] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-11 18:45:04 [Info] [2172] CIpcMsgHandlerMgr::run Enter
2026-03-11 18:45:04 [Info] [2172] CResourceMonitor::run Enter
2026-03-11 18:45:05 [Info] [2172] log fd cnt is [250], real fd cnt is [243]
2026-03-11 18:45:06 [Info] [2172] Loader thread
2026-03-11 18:45:06 [Info] [2172] PythonEngineImpl Init...
2026-03-11 18:45:06 [Info] [2172] Monitor thread
2026-03-11 18:45:06 [Info] [2172] Report thread
2026-03-11 18:45:06 [Info] [2172] yundun connected
2026-03-11 18:45:06 [Info] [2172] recvmsg: HELLO
2026-03-11 18:45:06 [Info] [2172] recvmsg: WORK
2026-03-11 18:45:06 [Info] [2172] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 18:45:06 [Info] [2172] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 18:45:06 [Info] [2172] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 18:45:10 [Info] [2172] log memory size is 20480KB, real memory size is 12968KB
2026-03-11 18:45:13 [Info] [2172] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 18:45:13 [Info] [2172] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-11 18:45:13 [Info] [2172] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-11 18:45:15 [Info] [2172] item: --windows-sysinfoext-check
2026-03-11 18:45:15 [Info] [2172] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-11 18:45:15 [Info] [2172] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-11 18:45:15 [Info] [2172] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 18:45:15 [Info] [2172] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 18:45:15 [Info] [2172] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-11 18:45:15 [Info] [2172] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-11 18:45:15 [Info] [2172] Prepare stage1: --windows-sysinfoext-check
2026-03-11 18:45:15 [Info] [2172] Prepare stage2
2026-03-11 18:45:17 [Info] [2172] stage3: --windows-sysinfoext-check
2026-03-11 18:45:17 [Info] [2172] Loader after check
2026-03-11 18:45:17 [Warn] [2172] high cpu, cpu is 15
2026-03-11 18:45:17 [Info] [2172] try get sys version
2026-03-11 18:45:17 [Info] [2172] win sys info:2/10:0:3
2026-03-11 18:45:17 [Info] [2172] suit legal version, enable cpu control
2026-03-11 18:45:17 [Warn] [2172] High CPU Warning: 15
2026-03-11 18:45:17 [Warn] [2172] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-11 18:45:18 [Info] [2172] Enter reuse wait state.
2026-03-11 18:45:18 [Info] [2172] log memory size is 30720KB, real memory size is 23020KB
2026-03-11 18:45:19 [Info] [2172] recvmsg: EXIT
2026-03-11 18:45:19 [Info] [2172] Recv Exit Msg, Exit...
2026-03-11 20:56:41 [Info] [1832] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-11 20:56:41 [Info] [1832] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap56091773233801 
2026-03-11 20:56:41 [Info] [1832] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-11 20:56:41 [Info] [1832] Resource monitor start
2026-03-11 20:56:41 [Info] [1832] ipc client init success
2026-03-11 20:56:41 [Info] [1832] Ipc init: 0
2026-03-11 20:56:41 [Info] [1832] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-11 20:56:41 [Info] [1832] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-11 20:56:41 [Info] [1832] start ipc thread id[708]
2026-03-11 20:56:41 [Info] [1832] Connect Yundun ipc server return state is 0
2026-03-11 20:56:41 [Info] [1832] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-11 20:56:41 [Info] [1832] CResourceMonitor::run Enter
2026-03-11 20:56:41 [Info] [1832] CIpcMsgHandlerMgr::run Enter
2026-03-11 20:56:41 [Info] [1832] Report thread
2026-03-11 20:56:41 [Info] [1832] Monitor thread
2026-03-11 20:56:41 [Info] [1832] Loader thread
2026-03-11 20:56:41 [Info] [1832] PythonEngineImpl Init...
2026-03-11 20:56:41 [Info] [1832] yundun connected
2026-03-11 20:56:41 [Info] [1832] recvmsg: HELLO
2026-03-11 20:56:41 [Info] [1832] recvmsg: WORK
2026-03-11 20:56:42 [Info] [1832] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 20:56:42 [Info] [1832] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-11 20:56:42 [Info] [1832] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 20:56:42 [Info] [1832] log fd cnt is [250], real fd cnt is [282]
2026-03-11 20:56:42 [Info] [1832] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 20:56:42 [Info] [1832] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-11 20:56:42 [Info] [1832] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-11 20:56:43 [Info] [1832] log memory size is 20480KB, real memory size is 14496KB
2026-03-11 20:56:43 [Info] [1832] item: --secnet_rasp_agent
2026-03-11 20:56:43 [Info] [1832] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-11 20:56:43 [Info] [1832] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-11 20:56:43 [Info] [1832] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-03-11 20:56:43 [Info] [1832] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-03-11 20:56:43 [Info] [1832] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-03-11 20:56:43 [Info] [1832] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-03-11 20:56:43 [Info] [1832] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-03-11 20:56:43 [Info] [1832] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-03-11 20:56:43 [Info] [1832] Download redirect files success.
2026-03-11 20:56:43 [Info] [1832] Prepare stage1: --secnet_rasp_agent
2026-03-11 20:56:43 [Info] [1832] Prepare stage2
2026-03-11 20:56:44 [Info] [1832] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-11 20:56:44 [Info] [1832] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-11 20:56:44 [Info] [1832] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-11 20:56:44 [Info] [1832] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-11 20:56:45 [Info] [1832] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-03-11 20:56:45 [Info] [1832] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-11 20:56:45 [Info] [1832] stage3: --secnet_rasp_agent
2026-03-11 20:56:45 [Info] [1832] Loader after check
2026-03-11 20:56:46 [Info] [1832] Enter reuse wait state.
2026-03-11 20:56:47 [Info] [1832] log memory size is 30720KB, real memory size is 21076KB
2026-03-11 20:56:49 [Info] [1832] recvmsg: EXIT
2026-03-11 20:56:49 [Info] [1832] Recv Exit Msg, Exit...
2026-03-18 00:55:24 [Info] [3568] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-18 00:55:24 [Info] [3568] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap85221773766514 
2026-03-18 00:55:24 [Info] [3568] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-18 00:55:24 [Info] [3568] Resource monitor start
2026-03-18 00:55:24 [Info] [3568] ipc client init success
2026-03-18 00:55:24 [Info] [3568] Ipc init: 0
2026-03-18 00:55:24 [Info] [3568] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-18 00:55:24 [Info] [3568] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-18 00:55:24 [Info] [3568] start ipc thread id[4020]
2026-03-18 00:55:24 [Info] [3568] Connect Yundun ipc server return state is 0
2026-03-18 00:55:29 [Info] [3568] yundun connected
2026-03-18 00:55:29 [Info] [3568] CIpcMsgHandlerMgr::run Enter
2026-03-18 00:55:29 [Info] [3568] CResourceMonitor::run Enter
2026-03-18 00:55:29 [Info] [3568] recvmsg: HELLO
2026-03-18 00:55:29 [Info] [3568] recvmsg: WORK
2026-03-18 00:55:30 [Info] [3568] log fd cnt is [250], real fd cnt is [235]
2026-03-18 00:55:36 [Info] [3568] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-18 00:55:38 [Info] [3568] Report thread
2026-03-18 00:55:38 [Info] [3568] Monitor thread
2026-03-18 00:55:38 [Info] [3568] Loader thread
2026-03-18 00:55:38 [Info] [3568] PythonEngineImpl Init...
2026-03-18 00:55:38 [Info] [3568] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 00:55:38 [Info] [3568] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 00:55:38 [Info] [3568] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 00:55:39 [Info] [3568] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 00:55:39 [Info] [3568] log memory size is 20480KB, real memory size is 14508KB
2026-03-18 00:55:40 [Info] [3568] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-18 00:55:40 [Info] [3568] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-18 00:55:41 [Info] [3568] item: --windows-sysinfoext-check
2026-03-18 00:55:41 [Info] [3568] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-18 00:55:41 [Info] [3568] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-18 00:55:41 [Info] [3568] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 00:55:41 [Info] [3568] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 00:55:41 [Info] [3568] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-18 00:55:41 [Info] [3568] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-18 00:55:41 [Info] [3568] Prepare stage1: --windows-sysinfoext-check
2026-03-18 00:55:41 [Info] [3568] Prepare stage2
2026-03-18 00:55:43 [Info] [3568] stage3: --windows-sysinfoext-check
2026-03-18 00:55:43 [Info] [3568] Loader after check
2026-03-18 00:55:43 [Info] [3568] log memory size is 30720KB, real memory size is 23060KB
2026-03-18 00:55:44 [Info] [3568] Enter reuse wait state.
2026-03-18 00:55:45 [Info] [3568] recvmsg: EXIT
2026-03-18 00:55:45 [Info] [3568] Recv Exit Msg, Exit...
2026-03-18 06:22:43 [Info] [3956] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-18 06:22:43 [Info] [3956] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap70991773786147 
2026-03-18 06:22:43 [Info] [3956] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-18 06:22:43 [Info] [3956] Resource monitor start
2026-03-18 06:22:43 [Info] [3956] ipc client init success
2026-03-18 06:22:43 [Info] [3956] Ipc init: 0
2026-03-18 06:22:43 [Info] [3956] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-18 06:22:43 [Info] [3956] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-18 06:22:43 [Info] [3956] CResourceMonitor::run Enter
2026-03-18 06:22:43 [Info] [3956] CIpcMsgHandlerMgr::run Enter
2026-03-18 06:22:43 [Info] [3956] start ipc thread id[4344]
2026-03-18 06:22:43 [Info] [3956] Connect Yundun ipc server return state is 0
2026-03-18 06:22:44 [Info] [3956] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-18 06:22:44 [Info] [3956] yundun connected
2026-03-18 06:22:44 [Info] [3956] Report thread
2026-03-18 06:22:44 [Info] [3956] Monitor thread
2026-03-18 06:22:44 [Info] [3956] Loader thread
2026-03-18 06:22:44 [Info] [3956] PythonEngineImpl Init...
2026-03-18 06:22:44 [Info] [3956] recvmsg: HELLO
2026-03-18 06:22:44 [Info] [3956] recvmsg: WORK
2026-03-18 06:22:44 [Info] [3956] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 06:22:44 [Info] [3956] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 06:22:44 [Info] [3956] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 06:22:44 [Info] [3956] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 06:22:44 [Info] [3956] log fd cnt is [250], real fd cnt is [282]
2026-03-18 06:22:44 [Info] [3956] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-18 06:22:44 [Info] [3956] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-18 06:22:45 [Info] [3956] log memory size is 20480KB, real memory size is 14804KB
2026-03-18 06:22:46 [Info] [3956] item: --windows-sysinfoext-check
2026-03-18 06:22:46 [Info] [3956] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-18 06:22:46 [Info] [3956] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-18 06:22:46 [Info] [3956] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 06:22:46 [Info] [3956] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 06:22:46 [Info] [3956] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-18 06:22:46 [Info] [3956] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-18 06:22:47 [Info] [3956] Prepare stage1: --windows-sysinfoext-check
2026-03-18 06:22:47 [Info] [3956] Prepare stage2
2026-03-18 06:22:50 [Info] [3956] log memory size is 30720KB, real memory size is 22968KB
2026-03-18 06:22:51 [Info] [3956] stage3: --windows-sysinfoext-check
2026-03-18 06:22:51 [Info] [3956] Loader after check
2026-03-18 06:22:52 [Info] [3956] Enter reuse wait state.
2026-03-18 06:22:55 [Info] [3956] recvmsg: EXIT
2026-03-18 06:22:55 [Info] [3956] Recv Exit Msg, Exit...
2026-03-18 07:52:12 [Info] [4384] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-18 07:52:12 [Info] [4384] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap246841773791532 
2026-03-18 07:52:12 [Info] [4384] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-18 07:52:12 [Info] [4384] Resource monitor start
2026-03-18 07:52:12 [Info] [4384] ipc client init success
2026-03-18 07:52:12 [Info] [4384] Ipc init: 0
2026-03-18 07:52:12 [Info] [4384] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-18 07:52:12 [Info] [4384] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-18 07:52:12 [Info] [4384] start ipc thread id[2880]
2026-03-18 07:52:12 [Info] [4384] Connect Yundun ipc server return state is 0
2026-03-18 07:52:12 [Info] [4384] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-18 07:52:12 [Info] [4384] CResourceMonitor::run Enter
2026-03-18 07:52:12 [Info] [4384] CIpcMsgHandlerMgr::run Enter
2026-03-18 07:52:12 [Info] [4384] Report thread
2026-03-18 07:52:12 [Info] [4384] Monitor thread
2026-03-18 07:52:12 [Info] [4384] Loader thread
2026-03-18 07:52:12 [Info] [4384] PythonEngineImpl Init...
2026-03-18 07:52:12 [Info] [4384] yundun connected
2026-03-18 07:52:13 [Info] [4384] recvmsg: HELLO
2026-03-18 07:52:13 [Info] [4384] log fd cnt is [250], real fd cnt is [263]
2026-03-18 07:52:13 [Info] [4384] recvmsg: WORK
2026-03-18 07:52:13 [Info] [4384] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 07:52:13 [Info] [4384] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 07:52:13 [Info] [4384] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 07:52:14 [Info] [4384] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 07:52:14 [Info] [4384] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-18 07:52:14 [Info] [4384] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-18 07:52:14 [Info] [4384] log memory size is 20480KB, real memory size is 14788KB
2026-03-18 07:52:15 [Info] [4384] item: --windows-vul-clean
2026-03-18 07:52:15 [Info] [4384] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-18 07:52:15 [Info] [4384] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-18 07:52:15 [Info] [4384] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 07:52:15 [Info] [4384] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 07:52:15 [Info] [4384] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0
2026-03-18 07:52:15 [Info] [4384] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5
2026-03-18 07:52:15 [Info] [4384] Prepare stage1: --windows-vul-clean
2026-03-18 07:52:15 [Info] [4384] Prepare stage2
2026-03-18 07:52:15 [Info] [4384] stage3: --windows-vul-clean
2026-03-18 07:52:15 [Info] [4384] Loader after check
2026-03-18 07:52:16 [Info] [4384] Enter reuse wait state.
2026-03-18 07:52:20 [Info] [4384] recvmsg: EXIT
2026-03-18 07:52:20 [Info] [4384] Recv Exit Msg, Exit...
2026-03-18 08:53:06 [Info] [1152] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-18 08:53:06 [Info] [1152] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap38491773795186 
2026-03-18 08:53:06 [Info] [1152] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-18 08:53:06 [Info] [1152] Resource monitor start
2026-03-18 08:53:06 [Info] [1152] ipc client init success
2026-03-18 08:53:06 [Info] [1152] Ipc init: 0
2026-03-18 08:53:06 [Info] [1152] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-18 08:53:06 [Info] [1152] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-18 08:53:06 [Info] [1152] start ipc thread id[4612]
2026-03-18 08:53:06 [Info] [1152] Connect Yundun ipc server return state is 0
2026-03-18 08:53:06 [Info] [1152] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-18 08:53:06 [Info] [1152] CResourceMonitor::run Enter
2026-03-18 08:53:06 [Info] [1152] CIpcMsgHandlerMgr::run Enter
2026-03-18 08:53:06 [Info] [1152] Report thread
2026-03-18 08:53:06 [Info] [1152] Monitor thread
2026-03-18 08:53:06 [Info] [1152] Loader thread
2026-03-18 08:53:06 [Info] [1152] PythonEngineImpl Init...
2026-03-18 08:53:06 [Info] [1152] yundun connected
2026-03-18 08:53:06 [Info] [1152] recvmsg: HELLO
2026-03-18 08:53:06 [Info] [1152] recvmsg: WORK
2026-03-18 08:53:07 [Info] [1152] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 08:53:07 [Info] [1152] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 08:53:07 [Info] [1152] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 08:53:07 [Info] [1152] log fd cnt is [250], real fd cnt is [264]
2026-03-18 08:53:07 [Info] [1152] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 08:53:08 [Info] [1152] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-18 08:53:08 [Info] [1152] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-18 08:53:08 [Info] [1152] log memory size is 20480KB, real memory size is 14792KB
2026-03-18 08:53:09 [Info] [1152] item: --windows-process-check
2026-03-18 08:53:09 [Info] [1152] cgroup name aegisRtap0
2026-03-18 08:53:09 [Info] [1152] try get sys version
2026-03-18 08:53:09 [Info] [1152] win sys info:2/10:0:3
2026-03-18 08:53:09 [Info] [1152] suit legal version, enable cpu control
2026-03-18 08:53:09 [Info] [1152] get AssignProcessToJobObject handle [00000478]
2026-03-18 08:53:09 [Info] [1152] Set setJobExtended.
2026-03-18 08:53:09 [Info] [1152] Set cpu [9%]
2026-03-18 08:53:09 [Info] [1152] Set cpu success
2026-03-18 08:53:09 [Info] [1152] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-18 08:53:09 [Info] [1152] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-18 08:53:09 [Info] [1152] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 08:53:09 [Info] [1152] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 08:53:09 [Info] [1152] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0
2026-03-18 08:53:09 [Info] [1152] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5
2026-03-18 08:53:09 [Info] [1152] Prepare stage1: --windows-process-check
2026-03-18 08:53:09 [Info] [1152] Prepare stage2
2026-03-18 08:53:12 [Info] [1152] log memory size is 30720KB, real memory size is 20592KB
2026-03-18 08:53:26 [Info] [1152] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-18 08:53:27 [Info] [1152] stage3: --windows-process-check
2026-03-18 08:53:27 [Info] [1152] Loader after check
2026-03-18 08:53:28 [Info] [1152] Enter reuse wait state.
2026-03-18 08:53:34 [Info] [1152] recvmsg: EXIT
2026-03-18 08:53:34 [Info] [1152] Recv Exit Msg, Exit...
2026-03-18 09:37:09 [Info] [4904] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-18 09:37:09 [Info] [4904] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap124791773797829 
2026-03-18 09:37:09 [Info] [4904] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-18 09:37:09 [Info] [4904] Resource monitor start
2026-03-18 09:37:09 [Info] [4904] ipc client init success
2026-03-18 09:37:09 [Info] [4904] Ipc init: 0
2026-03-18 09:37:09 [Info] [4904] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-18 09:37:09 [Info] [4904] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-18 09:37:09 [Info] [4904] start ipc thread id[4472]
2026-03-18 09:37:09 [Info] [4904] Connect Yundun ipc server return state is 0
2026-03-18 09:37:09 [Info] [4904] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-18 09:37:09 [Info] [4904] CResourceMonitor::run Enter
2026-03-18 09:37:09 [Info] [4904] CIpcMsgHandlerMgr::run Enter
2026-03-18 09:37:09 [Info] [4904] yundun connected
2026-03-18 09:37:09 [Info] [4904] Report thread
2026-03-18 09:37:09 [Info] [4904] Monitor thread
2026-03-18 09:37:09 [Info] [4904] Loader thread
2026-03-18 09:37:09 [Info] [4904] PythonEngineImpl Init...
2026-03-18 09:37:10 [Info] [4904] recvmsg: HELLO
2026-03-18 09:37:10 [Info] [4904] recvmsg: WORK
2026-03-18 09:37:10 [Info] [4904] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 09:37:10 [Info] [4904] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 09:37:10 [Info] [4904] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 09:37:11 [Info] [4904] log fd cnt is [250], real fd cnt is [274]
2026-03-18 09:37:12 [Info] [4904] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 09:37:12 [Info] [4904] log memory size is 20480KB, real memory size is 14520KB
2026-03-18 09:37:12 [Info] [4904] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-18 09:37:12 [Info] [4904] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-18 09:37:15 [Info] [4904] item: --sca
2026-03-18 09:37:15 [Info] [4904] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-18 09:37:15 [Info] [4904] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-18 09:37:15 [Info] [4904] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py
2026-03-18 09:37:15 [Info] [4904] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py
2026-03-18 09:37:16 [Info] [4904] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py
2026-03-18 09:37:16 [Info] [4904] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py
2026-03-18 09:37:17 [Info] [4904] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py
2026-03-18 09:37:17 [Info] [4904] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_node_proc.py
2026-03-18 09:37:18 [Info] [4904] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py
2026-03-18 09:37:19 [Info] [4904] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_business_type.py
2026-03-18 09:37:19 [Info] [4904] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py
2026-03-18 09:37:20 [Info] [4904] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py
2026-03-18 09:37:20 [Info] [4904] Download redirect files success.
2026-03-18 09:37:20 [Info] [4904] Prepare stage1: --sca
2026-03-18 09:37:20 [Info] [4904] Prepare stage2
2026-03-18 09:37:26 [Info] [4904] log memory size is 30720KB, real memory size is 36216KB
2026-03-18 09:37:30 [Info] [4904] log memory size is 40960KB, real memory size is 36216KB
2026-03-18 09:38:02 [Info] [4904] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-18 09:38:17 [Info] [4904] log fd cnt is [300], real fd cnt is [363]
2026-03-18 09:39:03 [Info] [4904] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-18 09:39:17 [Info] [4904] log fd cnt is [350], real fd cnt is [373]
2026-03-18 09:40:10 [Info] [4904] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-18 09:40:17 [Info] [4904] log fd cnt is [400], real fd cnt is [383]
2026-03-18 09:41:11 [Info] [4904] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-18 09:42:16 [Info] [4904] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-18 09:43:09 [Warn] [4904] high cpu, cpu is 12
2026-03-18 09:43:09 [Info] [4904] try get sys version
2026-03-18 09:43:09 [Info] [4904] win sys info:2/10:0:3
2026-03-18 09:43:09 [Info] [4904] suit legal version, enable cpu control
2026-03-18 09:43:09 [Warn] [4904] High CPU Warning: 12
2026-03-18 09:43:09 [Warn] [4904] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:sca.py line: 188 in func: init_analyzer
File:sca.py line: 390 in func: start
2026-03-18 09:43:28 [Info] [4904] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-18 09:43:39 [Info] [4904] stage3: --sca
2026-03-18 09:43:39 [Info] [4904] Loader after check
2026-03-18 09:43:40 [Info] [4904] Enter reuse wait state.
2026-03-18 09:43:44 [Info] [4904] recvmsg: EXIT
2026-03-18 09:43:44 [Info] [4904] Recv Exit Msg, Exit...
2026-03-18 10:32:09 [Info] [4796] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-18 10:32:09 [Info] [4796] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap232561773801129 
2026-03-18 10:32:09 [Info] [4796] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-18 10:32:09 [Info] [4796] Resource monitor start
2026-03-18 10:32:09 [Info] [4796] ipc client init success
2026-03-18 10:32:09 [Info] [4796] Ipc init: 0
2026-03-18 10:32:09 [Info] [4796] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-18 10:32:09 [Info] [4796] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-18 10:32:09 [Info] [4796] start ipc thread id[4232]
2026-03-18 10:32:09 [Info] [4796] Connect Yundun ipc server return state is 0
2026-03-18 10:32:09 [Info] [4796] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-18 10:32:09 [Info] [4796] CResourceMonitor::run Enter
2026-03-18 10:32:09 [Info] [4796] CIpcMsgHandlerMgr::run Enter
2026-03-18 10:32:09 [Info] [4796] Report thread
2026-03-18 10:32:09 [Info] [4796] Monitor thread
2026-03-18 10:32:09 [Info] [4796] Loader thread
2026-03-18 10:32:09 [Info] [4796] PythonEngineImpl Init...
2026-03-18 10:32:09 [Info] [4796] yundun connected
2026-03-18 10:32:10 [Info] [4796] recvmsg: HELLO
2026-03-18 10:32:10 [Info] [4796] recvmsg: WORK
2026-03-18 10:32:10 [Info] [4796] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 10:32:10 [Info] [4796] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 10:32:10 [Info] [4796] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 10:32:10 [Info] [4796] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 10:32:10 [Info] [4796] log fd cnt is [250], real fd cnt is [282]
2026-03-18 10:32:10 [Info] [4796] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-18 10:32:10 [Info] [4796] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-18 10:32:11 [Info] [4796] log memory size is 20480KB, real memory size is 14808KB
2026-03-18 10:32:11 [Info] [4796] item: --windows-schedule-task-check
2026-03-18 10:32:11 [Info] [4796] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-18 10:32:11 [Info] [4796] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-18 10:32:11 [Info] [4796] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 10:32:12 [Info] [4796] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 10:32:12 [Info] [4796] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0
2026-03-18 10:32:12 [Info] [4796] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5
2026-03-18 10:32:12 [Info] [4796] Prepare stage1: --windows-schedule-task-check
2026-03-18 10:32:12 [Info] [4796] Prepare stage2
2026-03-18 10:32:12 [Warn] [4796] high cpu, cpu is 13
2026-03-18 10:32:12 [Info] [4796] try get sys version
2026-03-18 10:32:12 [Info] [4796] win sys info:2/10:0:3
2026-03-18 10:32:12 [Info] [4796] suit legal version, enable cpu control
2026-03-18 10:32:12 [Warn] [4796] High CPU Warning: 13
2026-03-18 10:32:12 [Warn] [4796] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:windows-schedule-task-check.py line: 382 in func: GetScheduleTaskByCom
File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks
File:windows-schedule-task-check.py line: 425 in func: check
File:windows-schedule-task-check.py line: 61 in func: main
File:windows-schedule-task-check.py line: 433 in func: start
2026-03-18 10:32:16 [Info] [4796] log memory size is 30720KB, real memory size is 23492KB
2026-03-18 10:32:49 [Info] [4796] stage3: --windows-schedule-task-check
2026-03-18 10:32:49 [Info] [4796] Loader after check
2026-03-18 10:32:49 [Info] [4796] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-18 10:32:50 [Info] [4796] Enter reuse wait state.
2026-03-18 10:32:53 [Info] [4796] recvmsg: EXIT
2026-03-18 10:32:53 [Info] [4796] Recv Exit Msg, Exit...
2026-03-18 10:34:22 [Info] [3088] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-18 10:34:22 [Info] [3088] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap236901773801262 
2026-03-18 10:34:22 [Info] [3088] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-18 10:34:22 [Info] [3088] Resource monitor start
2026-03-18 10:34:22 [Info] [3088] ipc client init success
2026-03-18 10:34:22 [Info] [3088] Ipc init: 0
2026-03-18 10:34:22 [Info] [3088] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-18 10:34:22 [Info] [3088] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-18 10:34:22 [Info] [3088] start ipc thread id[2316]
2026-03-18 10:34:22 [Info] [3088] Connect Yundun ipc server return state is 0
2026-03-18 10:34:22 [Info] [3088] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-18 10:34:22 [Info] [3088] CResourceMonitor::run Enter
2026-03-18 10:34:22 [Info] [3088] CIpcMsgHandlerMgr::run Enter
2026-03-18 10:34:22 [Info] [3088] Report thread
2026-03-18 10:34:22 [Info] [3088] Monitor thread
2026-03-18 10:34:22 [Info] [3088] Loader thread
2026-03-18 10:34:22 [Info] [3088] PythonEngineImpl Init...
2026-03-18 10:34:22 [Info] [3088] yundun connected
2026-03-18 10:34:22 [Info] [3088] recvmsg: HELLO
2026-03-18 10:34:22 [Info] [3088] recvmsg: WORK
2026-03-18 10:34:22 [Info] [3088] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 10:34:22 [Info] [3088] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 10:34:22 [Info] [3088] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 10:34:23 [Info] [3088] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 10:34:23 [Warn] [3088] high cpu, cpu is 14
2026-03-18 10:34:23 [Info] [3088] try get sys version
2026-03-18 10:34:23 [Info] [3088] win sys info:2/10:0:3
2026-03-18 10:34:23 [Info] [3088] suit legal version, enable cpu control
2026-03-18 10:34:23 [Warn] [3088] High CPU Warning: 14
2026-03-18 10:34:23 [Warn] [3088] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-18 10:34:23 [Info] [3088] log fd cnt is [250], real fd cnt is [282]
2026-03-18 10:34:23 [Info] [3088] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-18 10:34:23 [Info] [3088] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-18 10:34:24 [Info] [3088] log memory size is 20480KB, real memory size is 14800KB
2026-03-18 10:34:24 [Info] [3088] item: --windows-registry-check
2026-03-18 10:34:24 [Info] [3088] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-18 10:34:24 [Info] [3088] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-18 10:34:24 [Info] [3088] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 10:34:24 [Info] [3088] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 10:34:24 [Info] [3088] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0
2026-03-18 10:34:24 [Info] [3088] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5
2026-03-18 10:34:25 [Info] [3088] Prepare stage1: --windows-registry-check
2026-03-18 10:34:25 [Info] [3088] Prepare stage2
2026-03-18 10:34:39 [Info] [3208] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-18 10:34:39 [Info] [3208] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap237461773801279 
2026-03-18 10:34:39 [Info] [3208] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-18 10:34:39 [Info] [3208] Resource monitor start
2026-03-18 10:34:39 [Info] [3208] ipc client init success
2026-03-18 10:34:39 [Info] [3208] Ipc init: 0
2026-03-18 10:34:39 [Info] [3208] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-18 10:34:39 [Info] [3208] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-18 10:34:39 [Info] [3208] start ipc thread id[4440]
2026-03-18 10:34:39 [Info] [3208] Connect Yundun ipc server return state is 0
2026-03-18 10:34:39 [Info] [3208] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-18 10:34:39 [Info] [3208] CResourceMonitor::run Enter
2026-03-18 10:34:39 [Info] [3208] CIpcMsgHandlerMgr::run Enter
2026-03-18 10:34:39 [Info] [3208] Report thread
2026-03-18 10:34:39 [Info] [3208] Monitor thread
2026-03-18 10:34:39 [Info] [3208] Loader thread
2026-03-18 10:34:39 [Info] [3208] PythonEngineImpl Init...
2026-03-18 10:34:39 [Info] [3208] yundun connected
2026-03-18 10:34:40 [Info] [3208] recvmsg: HELLO
2026-03-18 10:34:40 [Info] [3208] recvmsg: WORK
2026-03-18 10:34:40 [Info] [3208] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 10:34:40 [Info] [3208] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 10:34:40 [Info] [3208] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 10:34:40 [Info] [3208] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 10:34:40 [Info] [3208] log fd cnt is [250], real fd cnt is [282]
2026-03-18 10:34:40 [Info] [3208] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-18 10:34:40 [Info] [3208] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-18 10:34:41 [Info] [3208] log memory size is 20480KB, real memory size is 14804KB
2026-03-18 10:34:41 [Info] [3208] item: --windows-driver-version-check
2026-03-18 10:34:41 [Info] [3208] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-18 10:34:41 [Info] [3208] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-18 10:34:41 [Info] [3208] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 10:34:41 [Info] [3208] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 10:34:42 [Info] [3208] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0
2026-03-18 10:34:42 [Info] [3208] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5
2026-03-18 10:34:42 [Info] [3208] Prepare stage1: --windows-driver-version-check
2026-03-18 10:34:42 [Info] [3208] Prepare stage2
2026-03-18 10:34:42 [Info] [3208] stage3: --windows-driver-version-check
2026-03-18 10:34:42 [Info] [3208] Loader after check
2026-03-18 10:34:43 [Info] [3208] Enter reuse wait state.
2026-03-18 10:34:47 [Info] [3208] recvmsg: EXIT
2026-03-18 10:34:47 [Info] [3208] Recv Exit Msg, Exit...
2026-03-18 10:34:54 [Info] [3088] stage3: --windows-registry-check
2026-03-18 10:34:54 [Info] [3088] Loader after check
2026-03-18 10:34:55 [Info] [3088] Enter reuse wait state.
2026-03-18 10:34:57 [Info] [3088] recvmsg: EXIT
2026-03-18 10:34:57 [Info] [3088] Recv Exit Msg, Exit...
2026-03-18 10:54:21 [Info] [4504] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-18 10:54:21 [Info] [4504] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap276061773802461 
2026-03-18 10:54:21 [Info] [4504] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-18 10:54:21 [Info] [4504] Resource monitor start
2026-03-18 10:54:21 [Info] [4504] ipc client init success
2026-03-18 10:54:21 [Info] [4504] Ipc init: 0
2026-03-18 10:54:21 [Info] [4504] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-18 10:54:21 [Info] [4504] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-18 10:54:21 [Info] [4504] start ipc thread id[4176]
2026-03-18 10:54:21 [Info] [4504] Connect Yundun ipc server return state is 0
2026-03-18 10:54:21 [Info] [4504] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-18 10:54:21 [Info] [4504] CResourceMonitor::run Enter
2026-03-18 10:54:21 [Info] [4504] CIpcMsgHandlerMgr::run Enter
2026-03-18 10:54:21 [Info] [4504] Report thread
2026-03-18 10:54:21 [Info] [4504] Monitor thread
2026-03-18 10:54:21 [Info] [4504] Loader thread
2026-03-18 10:54:21 [Info] [4504] PythonEngineImpl Init...
2026-03-18 10:54:21 [Info] [4504] yundun connected
2026-03-18 10:54:22 [Info] [4504] recvmsg: HELLO
2026-03-18 10:54:22 [Info] [4504] recvmsg: WORK
2026-03-18 10:54:22 [Info] [4504] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 10:54:22 [Info] [4504] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 10:54:22 [Info] [4504] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 10:54:22 [Info] [4504] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 10:54:22 [Info] [4504] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-18 10:54:22 [Info] [4504] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-18 10:54:22 [Info] [4504] log fd cnt is [250], real fd cnt is [281]
2026-03-18 10:54:23 [Info] [4504] log memory size is 20480KB, real memory size is 14812KB
2026-03-18 10:54:24 [Info] [4504] item: --tcp-connect-check
2026-03-18 10:54:24 [Info] [4504] cgroup name aegisRtap0
2026-03-18 10:54:24 [Info] [4504] try get sys version
2026-03-18 10:54:24 [Info] [4504] win sys info:2/10:0:3
2026-03-18 10:54:24 [Info] [4504] suit legal version, enable cpu control
2026-03-18 10:54:24 [Info] [4504] get AssignProcessToJobObject handle [00000478]
2026-03-18 10:54:24 [Info] [4504] Set setJobExtended.
2026-03-18 10:54:24 [Info] [4504] Set cpu [9%]
2026-03-18 10:54:24 [Info] [4504] Set cpu success
2026-03-18 10:54:24 [Info] [4504] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-18 10:54:24 [Info] [4504] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-18 10:54:24 [Info] [4504] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 10:54:24 [Info] [4504] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 10:54:24 [Info] [4504] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0
2026-03-18 10:54:24 [Info] [4504] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5
2026-03-18 10:54:24 [Info] [4504] Prepare stage1: --tcp-connect-check
2026-03-18 10:54:24 [Info] [4504] Prepare stage2
2026-03-18 10:54:28 [Info] [4504] stage3: --tcp-connect-check
2026-03-18 10:54:28 [Info] [4504] Loader after check
2026-03-18 10:54:29 [Info] [4504] Enter reuse wait state.
2026-03-18 10:54:33 [Info] [4504] recvmsg: EXIT
2026-03-18 10:54:33 [Info] [4504] Recv Exit Msg, Exit...
2026-03-18 11:15:42 [Info] [5060] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-18 11:15:42 [Info] [5060] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap317861773803741 
2026-03-18 11:15:42 [Info] [5060] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-18 11:15:42 [Info] [5060] Resource monitor start
2026-03-18 11:15:42 [Info] [5060] ipc client init success
2026-03-18 11:15:42 [Info] [5060] Ipc init: 0
2026-03-18 11:15:42 [Info] [5060] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-18 11:15:42 [Info] [5060] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-18 11:15:42 [Info] [5060] start ipc thread id[3944]
2026-03-18 11:15:42 [Info] [5060] Connect Yundun ipc server return state is 0
2026-03-18 11:15:42 [Info] [5060] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-18 11:15:42 [Info] [5060] CResourceMonitor::run Enter
2026-03-18 11:15:42 [Info] [5060] CIpcMsgHandlerMgr::run Enter
2026-03-18 11:15:42 [Info] [5060] Report thread
2026-03-18 11:15:42 [Info] [5060] Monitor thread
2026-03-18 11:15:42 [Info] [5060] Loader thread
2026-03-18 11:15:42 [Info] [5060] PythonEngineImpl Init...
2026-03-18 11:15:42 [Info] [5060] yundun connected
2026-03-18 11:15:42 [Info] [5060] recvmsg: HELLO
2026-03-18 11:15:42 [Info] [5060] recvmsg: WORK
2026-03-18 11:15:42 [Info] [5060] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 11:15:42 [Info] [5060] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 11:15:42 [Info] [5060] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 11:15:42 [Info] [5060] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 11:15:43 [Info] [5060] log fd cnt is [250], real fd cnt is [282]
2026-03-18 11:15:43 [Info] [5060] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-18 11:15:43 [Info] [5060] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-18 11:15:44 [Info] [5060] log memory size is 20480KB, real memory size is 14792KB
2026-03-18 11:15:44 [Info] [5060] item: --windows-autorun-item-check
2026-03-18 11:15:44 [Info] [5060] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-18 11:15:44 [Info] [5060] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-18 11:15:44 [Info] [5060] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 11:15:44 [Info] [5060] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 11:15:44 [Info] [5060] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0
2026-03-18 11:15:44 [Info] [5060] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5
2026-03-18 11:15:44 [Info] [5060] Prepare stage1: --windows-autorun-item-check
2026-03-18 11:15:44 [Info] [5060] Prepare stage2
2026-03-18 11:15:48 [Info] [5060] log memory size is 30720KB, real memory size is 22448KB
2026-03-18 11:15:54 [Info] [5060] stage3: --windows-autorun-item-check
2026-03-18 11:15:54 [Info] [5060] Loader after check
2026-03-18 11:15:55 [Info] [5060] Enter reuse wait state.
2026-03-18 11:15:57 [Info] [5060] recvmsg: EXIT
2026-03-18 11:15:57 [Info] [5060] Recv Exit Msg, Exit...
2026-03-18 11:52:36 [Info] [3952] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-18 11:52:36 [Info] [3952] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap61991773805940 
2026-03-18 11:52:36 [Info] [3952] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-18 11:52:36 [Info] [3952] Resource monitor start
2026-03-18 11:52:36 [Info] [3952] ipc client init success
2026-03-18 11:52:36 [Info] [3952] Ipc init: 0
2026-03-18 11:52:36 [Info] [3952] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-18 11:52:36 [Info] [3952] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-18 11:52:36 [Info] [3952] start ipc thread id[1824]
2026-03-18 11:52:36 [Info] [3952] Connect Yundun ipc server return state is 0
2026-03-18 11:52:36 [Info] [3952] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-18 11:52:41 [Info] [3952] Monitor thread
2026-03-18 11:52:41 [Info] [3952] Report thread
2026-03-18 11:52:41 [Info] [3952] yundun connected
2026-03-18 11:52:41 [Info] [3952] CIpcMsgHandlerMgr::run Enter
2026-03-18 11:52:41 [Info] [3952] CResourceMonitor::run Enter
2026-03-18 11:52:41 [Info] [3952] recvmsg: HELLO
2026-03-18 11:52:41 [Info] [3952] recvmsg: WORK
2026-03-18 11:52:41 [Info] [3952] Loader thread
2026-03-18 11:52:41 [Info] [3952] PythonEngineImpl Init...
2026-03-18 11:52:42 [Info] [3952] log fd cnt is [250], real fd cnt is [263]
2026-03-18 11:52:42 [Info] [3952] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 11:52:42 [Info] [3952] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 11:52:42 [Info] [3952] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 11:52:43 [Info] [3952] log memory size is 20480KB, real memory size is 13672KB
2026-03-18 11:52:43 [Info] [3952] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 11:52:43 [Info] [3952] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-18 11:52:43 [Info] [3952] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-18 11:52:44 [Info] [3952] item: --windows-sysinfoext-check
2026-03-18 11:52:44 [Info] [3952] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-18 11:52:44 [Info] [3952] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-18 11:52:44 [Info] [3952] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 11:52:44 [Info] [3952] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-18 11:52:44 [Info] [3952] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 11:52:45 [Info] [3952] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-18 11:52:45 [Info] [3952] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-18 11:52:45 [Info] [3952] Prepare stage1: --windows-sysinfoext-check
2026-03-18 11:52:45 [Info] [3952] Prepare stage2
2026-03-18 11:52:46 [Warn] [3952] high cpu, cpu is 13
2026-03-18 11:52:46 [Info] [3952] try get sys version
2026-03-18 11:52:46 [Info] [3952] win sys info:2/10:0:3
2026-03-18 11:52:46 [Info] [3952] suit legal version, enable cpu control
2026-03-18 11:52:46 [Warn] [3952] High CPU Warning: 13
2026-03-18 11:52:46 [Warn] [3952] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-03-18 11:52:47 [Info] [3952] stage3: --windows-sysinfoext-check
2026-03-18 11:52:47 [Info] [3952] Loader after check
2026-03-18 11:52:47 [Info] [3952] log memory size is 30720KB, real memory size is 23116KB
2026-03-18 11:52:48 [Info] [3952] Enter reuse wait state.
2026-03-18 11:52:52 [Info] [3952] recvmsg: EXIT
2026-03-18 11:52:52 [Info] [3952] Recv Exit Msg, Exit...
2026-03-18 17:22:15 [Info] [4232] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-18 17:22:15 [Info] [4232] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap52131773825707 
2026-03-18 17:22:15 [Info] [4232] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-18 17:22:15 [Info] [4232] Resource monitor start
2026-03-18 17:22:15 [Info] [4232] ipc client init success
2026-03-18 17:22:15 [Info] [4232] Ipc init: 0
2026-03-18 17:22:15 [Info] [4232] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-18 17:22:16 [Info] [4232] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-18 17:22:16 [Info] [4232] CResourceMonitor::run Enter
2026-03-18 17:22:16 [Info] [4232] CIpcMsgHandlerMgr::run Enter
2026-03-18 17:22:16 [Info] [4232] start ipc thread id[3924]
2026-03-18 17:22:16 [Info] [4232] Connect Yundun ipc server return state is 0
2026-03-18 17:22:16 [Info] [4232] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-18 17:22:16 [Info] [4232] yundun connected
2026-03-18 17:22:16 [Info] [4232] Report thread
2026-03-18 17:22:16 [Info] [4232] Monitor thread
2026-03-18 17:22:16 [Info] [4232] Loader thread
2026-03-18 17:22:16 [Info] [4232] PythonEngineImpl Init...
2026-03-18 17:22:16 [Info] [4232] recvmsg: HELLO
2026-03-18 17:22:16 [Info] [4232] recvmsg: WORK
2026-03-18 17:22:17 [Info] [4232] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 17:22:17 [Info] [4232] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 17:22:17 [Info] [4232] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 17:22:17 [Info] [4232] log fd cnt is [250], real fd cnt is [282]
2026-03-18 17:22:17 [Info] [4232] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 17:22:17 [Info] [4232] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-18 17:22:17 [Info] [4232] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-18 17:22:18 [Info] [4232] log memory size is 20480KB, real memory size is 14892KB
2026-03-18 17:22:18 [Info] [4232] item: --windows-sysinfoext-check
2026-03-18 17:22:18 [Info] [4232] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-18 17:22:18 [Info] [4232] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-18 17:22:18 [Info] [4232] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 17:22:18 [Info] [4232] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 17:22:19 [Info] [4232] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-18 17:22:19 [Info] [4232] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-18 17:22:19 [Info] [4232] Prepare stage1: --windows-sysinfoext-check
2026-03-18 17:22:19 [Info] [4232] Prepare stage2
2026-03-18 17:22:22 [Info] [4232] log memory size is 30720KB, real memory size is 23016KB
2026-03-18 17:22:24 [Info] [4232] stage3: --windows-sysinfoext-check
2026-03-18 17:22:24 [Info] [4232] Loader after check
2026-03-18 17:22:25 [Info] [4232] Enter reuse wait state.
2026-03-18 17:22:27 [Info] [4232] recvmsg: EXIT
2026-03-18 17:22:27 [Info] [4232] Recv Exit Msg, Exit...
2026-03-18 18:59:00 [Info] [2020] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-18 18:59:00 [Info] [2020] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap242611773831540 
2026-03-18 18:59:00 [Info] [2020] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-18 18:59:00 [Info] [2020] Resource monitor start
2026-03-18 18:59:00 [Info] [2020] ipc client init success
2026-03-18 18:59:00 [Info] [2020] Ipc init: 0
2026-03-18 18:59:00 [Info] [2020] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-18 18:59:00 [Info] [2020] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-18 18:59:00 [Info] [2020] start ipc thread id[3892]
2026-03-18 18:59:00 [Info] [2020] Connect Yundun ipc server return state is 0
2026-03-18 18:59:00 [Info] [2020] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-18 18:59:00 [Info] [2020] CResourceMonitor::run Enter
2026-03-18 18:59:00 [Info] [2020] CIpcMsgHandlerMgr::run Enter
2026-03-18 18:59:00 [Info] [2020] Report thread
2026-03-18 18:59:00 [Info] [2020] Monitor thread
2026-03-18 18:59:00 [Info] [2020] Loader thread
2026-03-18 18:59:00 [Info] [2020] PythonEngineImpl Init...
2026-03-18 18:59:00 [Info] [2020] yundun connected
2026-03-18 18:59:01 [Info] [2020] recvmsg: HELLO
2026-03-18 18:59:01 [Info] [2020] recvmsg: WORK
2026-03-18 18:59:01 [Info] [2020] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 18:59:01 [Info] [2020] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 18:59:01 [Info] [2020] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 18:59:01 [Info] [2020] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 18:59:01 [Warn] [2020] high cpu, cpu is 12
2026-03-18 18:59:01 [Info] [2020] try get sys version
2026-03-18 18:59:01 [Info] [2020] win sys info:2/10:0:3
2026-03-18 18:59:01 [Info] [2020] suit legal version, enable cpu control
2026-03-18 18:59:01 [Warn] [2020] High CPU Warning: 12
2026-03-18 18:59:01 [Warn] [2020] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-18 18:59:01 [Info] [2020] log fd cnt is [250], real fd cnt is [286]
2026-03-18 18:59:02 [Info] [2020] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-18 18:59:02 [Info] [2020] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-18 18:59:02 [Info] [2020] log memory size is 20480KB, real memory size is 14780KB
2026-03-18 18:59:03 [Info] [2020] item: --secnet_rasp_agent
2026-03-18 18:59:03 [Info] [2020] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-18 18:59:03 [Info] [2020] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-18 18:59:03 [Info] [2020] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-03-18 18:59:03 [Info] [2020] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-03-18 18:59:03 [Info] [2020] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-03-18 18:59:03 [Info] [2020] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-03-18 18:59:03 [Info] [2020] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-03-18 18:59:03 [Info] [2020] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-03-18 18:59:03 [Info] [2020] Download redirect files success.
2026-03-18 18:59:03 [Info] [2020] Prepare stage1: --secnet_rasp_agent
2026-03-18 18:59:03 [Info] [2020] Prepare stage2
2026-03-18 18:59:04 [Info] [2020] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-18 18:59:04 [Info] [2020] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-18 18:59:04 [Info] [2020] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 18:59:04 [Info] [2020] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 18:59:04 [Info] [2020] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-03-18 18:59:04 [Info] [2020] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-18 18:59:05 [Info] [2020] stage3: --secnet_rasp_agent
2026-03-18 18:59:05 [Info] [2020] Loader after check
2026-03-18 18:59:06 [Info] [2020] Enter reuse wait state.
2026-03-18 18:59:07 [Info] [2020] log memory size is 30720KB, real memory size is 21376KB
2026-03-18 18:59:08 [Info] [2020] recvmsg: EXIT
2026-03-18 18:59:08 [Info] [2020] Recv Exit Msg, Exit...
2026-03-18 22:50:08 [Info] [4332] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-18 22:50:08 [Info] [4332] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap39861773845400 
2026-03-18 22:50:08 [Info] [4332] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-18 22:50:08 [Info] [4332] Resource monitor start
2026-03-18 22:50:08 [Info] [4332] ipc client init success
2026-03-18 22:50:08 [Info] [4332] Ipc init: 0
2026-03-18 22:50:08 [Info] [4332] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-18 22:50:08 [Info] [4332] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-18 22:50:08 [Info] [4332] start ipc thread id[1828]
2026-03-18 22:50:08 [Info] [4332] Connect Yundun ipc server return state is 0
2026-03-18 22:50:08 [Info] [4332] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-18 22:50:08 [Info] [4332] CResourceMonitor::run Enter
2026-03-18 22:50:08 [Info] [4332] CIpcMsgHandlerMgr::run Enter
2026-03-18 22:50:08 [Info] [4332] yundun connected
2026-03-18 22:50:08 [Info] [4332] Report thread
2026-03-18 22:50:08 [Info] [4332] Monitor thread
2026-03-18 22:50:08 [Info] [4332] Loader thread
2026-03-18 22:50:08 [Info] [4332] PythonEngineImpl Init...
2026-03-18 22:50:15 [Info] [4332] log fd cnt is [250], real fd cnt is [261]
2026-03-18 22:50:15 [Info] [4332] recvmsg: HELLO
2026-03-18 22:50:15 [Info] [4332] recvmsg: WORK
2026-03-18 22:50:15 [Info] [4332] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 22:50:15 [Info] [4332] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 22:50:15 [Info] [4332] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 22:50:16 [Info] [4332] log memory size is 20480KB, real memory size is 13128KB
2026-03-18 22:50:21 [Info] [3876] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-18 22:50:21 [Info] [3876] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap40321773845414 
2026-03-18 22:50:21 [Info] [3876] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-18 22:50:21 [Info] [3876] Resource monitor start
2026-03-18 22:50:21 [Info] [3876] ipc client init success
2026-03-18 22:50:22 [Info] [4332] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 22:50:21 [Info] [3876] Ipc init: 0
2026-03-18 22:50:21 [Info] [3876] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-18 22:50:21 [Info] [3876] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-18 22:50:21 [Info] [3876] start ipc thread id[2344]
2026-03-18 22:50:21 [Info] [3876] Connect Yundun ipc server return state is 0
2026-03-18 22:50:21 [Info] [3876] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-18 22:50:21 [Info] [3876] CResourceMonitor::run Enter
2026-03-18 22:50:21 [Info] [3876] CIpcMsgHandlerMgr::run Enter
2026-03-18 22:50:21 [Info] [3876] yundun connected
2026-03-18 22:50:21 [Info] [3876] Report thread
2026-03-18 22:50:21 [Info] [3876] Monitor thread
2026-03-18 22:50:21 [Info] [3876] Loader thread
2026-03-18 22:50:21 [Info] [3876] PythonEngineImpl Init...
2026-03-18 22:50:22 [Info] [3876] recvmsg: HELLO
2026-03-18 22:50:22 [Info] [3876] recvmsg: WORK
2026-03-18 22:50:22 [Info] [4332] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-18 22:50:22 [Info] [4332] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-18 22:50:22 [Info] [3876] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 22:50:22 [Info] [3876] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-18 22:50:22 [Info] [3876] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 22:50:22 [Info] [3876] log fd cnt is [250], real fd cnt is [264]
2026-03-18 22:50:22 [Info] [3876] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 22:50:23 [Info] [3876] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-18 22:50:23 [Info] [3876] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-18 22:50:23 [Info] [3876] log memory size is 20480KB, real memory size is 14664KB
2026-03-18 22:50:23 [Info] [4332] item: --windows-sysinfoext-check
2026-03-18 22:50:23 [Info] [4332] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-18 22:50:23 [Info] [4332] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-18 22:50:23 [Info] [4332] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 22:50:23 [Info] [4332] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 22:50:24 [Info] [4332] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-18 22:50:24 [Info] [4332] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-18 22:50:24 [Info] [4332] Prepare stage1: --windows-sysinfoext-check
2026-03-18 22:50:24 [Info] [4332] Prepare stage2
2026-03-18 22:50:24 [Info] [3876] item: --windows-vul-check
2026-03-18 22:50:24 [Info] [3876] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-18 22:50:24 [Info] [3876] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-18 22:50:24 [Info] [3876] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py
2026-03-18 22:50:24 [Info] [3876] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-03-18 22:50:24 [Info] [3876] Download redirect files success.
2026-03-18 22:50:24 [Info] [3876] Prepare stage1: --windows-vul-check
2026-03-18 22:50:24 [Info] [3876] Prepare stage2
2026-03-18 22:50:24 [Warn] [3876] high cpu, cpu is 11
2026-03-18 22:50:24 [Info] [3876] try get sys version
2026-03-18 22:50:24 [Info] [3876] win sys info:2/10:0:3
2026-03-18 22:50:24 [Info] [3876] suit legal version, enable cpu control
2026-03-18 22:50:24 [Warn] [3876] High CPU Warning: 11
2026-03-18 22:50:24 [Warn] [3876] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:windows-vul-check.py line: 19 in func: <module>
2026-03-18 22:50:24 [Info] [4332] log memory size is 30720KB, real memory size is 22636KB
2026-03-18 22:50:25 [Info] [3876] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat
2026-03-18 22:50:25 [Info] [3876] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat
2026-03-18 22:50:25 [Info] [3876] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-18 22:50:25 [Info] [3876] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-18 22:50:25 [Info] [3876] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5
2026-03-18 22:50:25 [Info] [3876] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5
2026-03-18 22:50:25 [Info] [3876] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0
2026-03-18 22:50:25 [Info] [3876] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0
2026-03-18 22:50:25 [Info] [3876] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat
2026-03-18 22:50:25 [Info] [3876] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat
2026-03-18 22:50:26 [Info] [3876] stage3: --windows-vul-check
2026-03-18 22:50:26 [Info] [3876] Loader after check
2026-03-18 22:50:26 [Info] [4332] stage3: --windows-sysinfoext-check
2026-03-18 22:50:26 [Info] [4332] Loader after check
2026-03-18 22:50:27 [Info] [3876] Enter reuse wait state.
2026-03-18 22:50:27 [Info] [4332] Enter reuse wait state.
2026-03-18 22:50:27 [Info] [3876] log memory size is 30720KB, real memory size is 23432KB
2026-03-18 22:50:29 [Info] [4332] recvmsg: EXIT
2026-03-18 22:50:29 [Info] [4332] Recv Exit Msg, Exit...
2026-03-18 22:50:31 [Info] [3876] recvmsg: EXIT
2026-03-18 22:50:31 [Info] [3876] Recv Exit Msg, Exit...
Youez - 2016 - github.com/yon3zu
LinuXploit