403WebShell

403Webshell
Server IP : 123.56.80.60 / Your IP : 216.73.216.78
Web Server : Apache/2.4.54 (Win32) OpenSSL/1.1.1s PHP/7.4.33 mod_fcgid/2.3.10-dev
System : Windows NT iZhx3sob14hnz7Z 10.0 build 14393 (Windows Server 2016) i586
User : SYSTEM ( 0)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF
Directory : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/data/rtap/log/
Upload File :
[ Back ]
Current File : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/data/rtap/log/data.4
2026-02-26 12:35:43 [Info] [4156] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-26 12:35:43 [Info] [4156] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap78741772080543 
2026-02-26 12:35:43 [Info] [4156] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-26 12:35:43 [Info] [4156] Resource monitor start
2026-02-26 12:35:43 [Info] [4156] ipc client init success
2026-02-26 12:35:43 [Info] [4156] Ipc init: 0
2026-02-26 12:35:43 [Info] [4156] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-26 12:35:43 [Info] [4156] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-26 12:35:43 [Info] [4156] start ipc thread id[1380]
2026-02-26 12:35:43 [Info] [4156] Connect Yundun ipc server return state is 0
2026-02-26 12:35:43 [Info] [4156] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-26 12:35:43 [Info] [4156] CResourceMonitor::run Enter
2026-02-26 12:35:43 [Info] [4156] CIpcMsgHandlerMgr::run Enter
2026-02-26 12:35:43 [Info] [4156] Report thread
2026-02-26 12:35:43 [Info] [4156] Monitor thread
2026-02-26 12:35:43 [Info] [4156] Loader thread
2026-02-26 12:35:43 [Info] [4156] PythonEngineImpl Init...
2026-02-26 12:35:49 [Info] [4156] yundun connected
2026-02-26 12:35:50 [Info] [4156] recvmsg: HELLO
2026-02-26 12:35:50 [Info] [4156] recvmsg: WORK
2026-02-26 12:35:50 [Info] [4156] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-26 12:35:50 [Info] [4156] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-26 12:35:50 [Info] [4156] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-26 12:35:52 [Info] [4156] log fd cnt is [250], real fd cnt is [264]
2026-02-26 12:35:58 [Info] [4156] log memory size is 20480KB, real memory size is 13328KB
2026-02-26 12:36:02 [Warn] [4156] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-02-26 12:36:08 [Info] [4156] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-02-26 12:36:12 [Warn] [4156] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-02-26 12:36:12 [Info] [4156] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-26 12:36:12 [Info] [4156] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-26 12:36:12 [Info] [4156] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-26 12:36:13 [Info] [4156] item: --windows-sysinfoext-check
2026-02-26 12:36:13 [Info] [4156] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-26 12:36:13 [Info] [4156] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-26 12:36:13 [Info] [4156] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-26 12:36:14 [Info] [4156] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-26 12:36:14 [Info] [4156] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-02-26 12:36:14 [Info] [4156] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-26 12:36:14 [Info] [4156] Prepare stage1: --windows-sysinfoext-check
2026-02-26 12:36:14 [Info] [4156] Prepare stage2
2026-02-26 12:36:14 [Info] [4156] log memory size is 30720KB, real memory size is 22432KB
2026-02-26 12:36:17 [Info] [4156] stage3: --windows-sysinfoext-check
2026-02-26 12:36:17 [Info] [4156] Loader after check
2026-02-26 12:36:17 [Warn] [4156] high cpu, cpu is 12
2026-02-26 12:36:17 [Info] [4156] try get sys version
2026-02-26 12:36:17 [Info] [4156] win sys info:2/10:0:3
2026-02-26 12:36:17 [Info] [4156] suit legal version, enable cpu control
2026-02-26 12:36:17 [Warn] [4156] High CPU Warning: 12
2026-02-26 12:36:17 [Warn] [4156] resource monitor exp type: High CPU Warning, script runing: 0
2026-02-26 12:36:18 [Info] [4156] Enter reuse wait state.
2026-02-26 12:36:20 [Info] [4156] recvmsg: EXIT
2026-02-26 12:36:20 [Info] [4156] Recv Exit Msg, Exit...
2026-02-26 15:01:06 [Info] [2388] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-26 15:01:06 [Info] [2388] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap35921772089266 
2026-02-26 15:01:06 [Info] [2388] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-26 15:01:06 [Info] [2388] Resource monitor start
2026-02-26 15:01:06 [Info] [2388] ipc client init success
2026-02-26 15:01:06 [Info] [2388] Ipc init: 0
2026-02-26 15:01:06 [Info] [2388] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-26 15:01:06 [Info] [2388] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-26 15:01:06 [Info] [2388] start ipc thread id[3224]
2026-02-26 15:01:06 [Info] [2388] Connect Yundun ipc server return state is 0
2026-02-26 15:01:06 [Info] [2388] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-26 15:01:06 [Info] [2388] CResourceMonitor::run Enter
2026-02-26 15:01:06 [Info] [2388] CIpcMsgHandlerMgr::run Enter
2026-02-26 15:01:06 [Info] [2388] Report thread
2026-02-26 15:01:06 [Info] [2388] Monitor thread
2026-02-26 15:01:06 [Info] [2388] Loader thread
2026-02-26 15:01:06 [Info] [2388] PythonEngineImpl Init...
2026-02-26 15:01:06 [Info] [2388] yundun connected
2026-02-26 15:01:07 [Info] [2388] recvmsg: HELLO
2026-02-26 15:01:07 [Info] [2388] recvmsg: WORK
2026-02-26 15:01:07 [Info] [2388] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-26 15:01:07 [Info] [2388] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-26 15:01:07 [Info] [2388] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-26 15:01:07 [Info] [2388] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-26 15:01:07 [Info] [2388] log fd cnt is [250], real fd cnt is [286]
2026-02-26 15:01:08 [Info] [2388] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-26 15:01:08 [Info] [2388] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-26 15:01:08 [Info] [2388] log memory size is 20480KB, real memory size is 14512KB
2026-02-26 15:01:09 [Info] [2388] item: --amsi_clean
2026-02-26 15:01:09 [Info] [2388] cgroup name aegisRtap0
2026-02-26 15:01:09 [Info] [2388] try get sys version
2026-02-26 15:01:09 [Info] [2388] win sys info:2/10:0:3
2026-02-26 15:01:09 [Info] [2388] suit legal version, enable cpu control
2026-02-26 15:01:09 [Info] [2388] get AssignProcessToJobObject handle [00000478]
2026-02-26 15:01:09 [Info] [2388] Set setJobExtended.
2026-02-26 15:01:09 [Info] [2388] Set cpu [9%]
2026-02-26 15:01:09 [Info] [2388] Set cpu success
2026-02-26 15:01:09 [Info] [2388] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/amsi_clean.py.md5
2026-02-26 15:01:09 [Info] [2388] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/amsi_clean.py.md5
2026-02-26 15:01:09 [Info] [2388] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-26 15:01:09 [Info] [2388] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-26 15:01:09 [Info] [2388] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/plugin/amsi_clean.py.md5, http code : 200, curl ret : 0
2026-02-26 15:01:09 [Info] [2388] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/plugin/amsi_clean.py.md5
2026-02-26 15:01:09 [Info] [2388] Prepare stage1: --amsi_clean
2026-02-26 15:01:09 [Info] [2388] Prepare stage2
2026-02-26 15:01:10 [Info] [2388] stage3: --amsi_clean
2026-02-26 15:01:10 [Info] [2388] Loader after check
2026-02-26 15:01:11 [Info] [2388] Enter reuse wait state.
2026-02-26 15:01:14 [Info] [2388] recvmsg: EXIT
2026-02-26 15:01:14 [Info] [2388] Recv Exit Msg, Exit...
2026-02-26 18:05:03 [Info] [3708] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-26 18:05:03 [Info] [3708] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap67971772100282 
2026-02-26 18:05:03 [Info] [3708] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-26 18:05:03 [Info] [3708] Resource monitor start
2026-02-26 18:05:03 [Info] [3708] ipc client init success
2026-02-26 18:05:03 [Info] [3708] Ipc init: 0
2026-02-26 18:05:03 [Info] [3708] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-26 18:05:03 [Info] [3708] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-26 18:05:03 [Info] [3708] CResourceMonitor::run Enter
2026-02-26 18:05:03 [Info] [3708] CIpcMsgHandlerMgr::run Enter
2026-02-26 18:05:03 [Info] [3708] start ipc thread id[4944]
2026-02-26 18:05:03 [Info] [3708] Connect Yundun ipc server return state is 0
2026-02-26 18:05:03 [Info] [3708] yundun connected
2026-02-26 18:05:03 [Info] [3708] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-26 18:05:03 [Info] [3708] Report thread
2026-02-26 18:05:03 [Info] [3708] Monitor thread
2026-02-26 18:05:03 [Info] [3708] Loader thread
2026-02-26 18:05:04 [Info] [3708] PythonEngineImpl Init...
2026-02-26 18:05:04 [Info] [3708] recvmsg: HELLO
2026-02-26 18:05:04 [Info] [3708] recvmsg: WORK
2026-02-26 18:05:04 [Info] [3708] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-26 18:05:04 [Info] [3708] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-26 18:05:04 [Info] [3708] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-26 18:05:04 [Info] [3708] log fd cnt is [250], real fd cnt is [283]
2026-02-26 18:05:05 [Info] [3708] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-26 18:05:05 [Info] [3708] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-26 18:05:05 [Info] [3708] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-26 18:05:05 [Info] [3708] log memory size is 20480KB, real memory size is 14620KB
2026-02-26 18:05:06 [Info] [3708] item: --windows-sysinfoext-check
2026-02-26 18:05:06 [Info] [3708] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-26 18:05:06 [Info] [3708] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-26 18:05:06 [Info] [3708] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-26 18:05:06 [Info] [3708] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-26 18:05:06 [Info] [3708] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-02-26 18:05:06 [Info] [3708] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-26 18:05:07 [Info] [3708] Prepare stage1: --windows-sysinfoext-check
2026-02-26 18:05:07 [Info] [3708] Prepare stage2
2026-02-26 18:05:09 [Info] [3708] log memory size is 30720KB, real memory size is 22828KB
2026-02-26 18:05:10 [Info] [3708] stage3: --windows-sysinfoext-check
2026-02-26 18:05:10 [Info] [3708] Loader after check
2026-02-26 18:05:11 [Info] [3708] Enter reuse wait state.
2026-02-26 18:05:15 [Info] [3708] recvmsg: EXIT
2026-02-26 18:05:15 [Info] [3708] Recv Exit Msg, Exit...
2026-02-26 18:13:07 [Info] [4712] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-26 18:13:07 [Info] [4712] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap84461772100787 
2026-02-26 18:13:07 [Info] [4712] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-26 18:13:07 [Info] [4712] Resource monitor start
2026-02-26 18:13:07 [Info] [4712] ipc client init success
2026-02-26 18:13:07 [Info] [4712] Ipc init: 0
2026-02-26 18:13:07 [Info] [4712] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-26 18:13:07 [Info] [4712] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-26 18:13:07 [Info] [4712] start ipc thread id[1148]
2026-02-26 18:13:07 [Info] [4712] Connect Yundun ipc server return state is 0
2026-02-26 18:13:07 [Info] [4712] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-26 18:13:07 [Info] [4712] CResourceMonitor::run Enter
2026-02-26 18:13:07 [Info] [4712] CIpcMsgHandlerMgr::run Enter
2026-02-26 18:13:07 [Info] [4712] Report thread
2026-02-26 18:13:07 [Info] [4712] Monitor thread
2026-02-26 18:13:07 [Info] [4712] Loader thread
2026-02-26 18:13:07 [Info] [4712] PythonEngineImpl Init...
2026-02-26 18:13:07 [Info] [4712] yundun connected
2026-02-26 18:13:07 [Info] [4712] recvmsg: HELLO
2026-02-26 18:13:07 [Info] [4712] recvmsg: WORK
2026-02-26 18:13:07 [Info] [4712] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-26 18:13:07 [Info] [4712] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-26 18:13:07 [Info] [4712] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-26 18:13:08 [Info] [4712] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-26 18:13:08 [Info] [4712] log fd cnt is [250], real fd cnt is [286]
2026-02-26 18:13:08 [Info] [4712] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-26 18:13:08 [Info] [4712] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-26 18:13:09 [Info] [4712] log memory size is 20480KB, real memory size is 14524KB
2026-02-26 18:13:09 [Info] [4712] item: --windows-vul-check
2026-02-26 18:13:09 [Info] [4712] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-02-26 18:13:09 [Info] [4712] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-02-26 18:13:09 [Info] [4712] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py
2026-02-26 18:13:09 [Info] [4712] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-02-26 18:13:09 [Info] [4712] Download redirect files success.
2026-02-26 18:13:09 [Info] [4712] Prepare stage1: --windows-vul-check
2026-02-26 18:13:09 [Info] [4712] Prepare stage2
2026-02-26 18:13:10 [Info] [4712] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat
2026-02-26 18:13:10 [Info] [4712] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat
2026-02-26 18:13:10 [Info] [4712] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-26 18:13:10 [Info] [4712] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-26 18:13:10 [Info] [4712] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5
2026-02-26 18:13:10 [Info] [4712] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5
2026-02-26 18:13:11 [Info] [4712] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0
2026-02-26 18:13:11 [Info] [4712] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0
2026-02-26 18:13:11 [Info] [4712] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat
2026-02-26 18:13:11 [Info] [4712] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat
2026-02-26 18:13:11 [Info] [4712] stage3: --windows-vul-check
2026-02-26 18:13:11 [Info] [4712] Loader after check
2026-02-26 18:13:12 [Warn] [4712] high cpu, cpu is 12
2026-02-26 18:13:12 [Info] [4712] try get sys version
2026-02-26 18:13:12 [Info] [4712] win sys info:2/10:0:3
2026-02-26 18:13:12 [Info] [4712] suit legal version, enable cpu control
2026-02-26 18:13:12 [Warn] [4712] High CPU Warning: 12
2026-02-26 18:13:12 [Warn] [4712] resource monitor exp type: High CPU Warning, script runing: 0
2026-02-26 18:13:12 [Info] [4712] Enter reuse wait state.
2026-02-26 18:13:13 [Info] [4712] log memory size is 30720KB, real memory size is 23220KB
2026-02-26 18:13:14 [Info] [4712] recvmsg: EXIT
2026-02-26 18:13:14 [Info] [4712] Recv Exit Msg, Exit...
2026-02-26 19:50:09 [Info] [564] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-26 19:50:09 [Info] [564] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap274361772106602 
2026-02-26 19:50:09 [Info] [564] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-26 19:50:10 [Info] [564] Resource monitor start
2026-02-26 19:50:10 [Info] [564] ipc client init success
2026-02-26 19:50:10 [Info] [564] Ipc init: 0
2026-02-26 19:50:10 [Info] [564] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-26 19:50:13 [Info] [564] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-26 19:50:13 [Info] [564] CResourceMonitor::run Enter
2026-02-26 19:50:13 [Info] [564] CIpcMsgHandlerMgr::run Enter
2026-02-26 19:50:13 [Info] [564] start ipc thread id[2052]
2026-02-26 19:50:13 [Info] [564] Connect Yundun ipc server return state is 0
2026-02-26 19:50:14 [Info] [564] log fd cnt is [250], real fd cnt is [234]
2026-02-26 19:50:14 [Info] [564] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-26 19:50:14 [Info] [564] yundun connected
2026-02-26 19:50:14 [Info] [564] Report thread
2026-02-26 19:50:14 [Info] [564] Monitor thread
2026-02-26 19:50:15 [Info] [564] Loader thread
2026-02-26 19:50:15 [Info] [564] recvmsg: HELLO
2026-02-26 19:50:15 [Info] [564] recvmsg: WORK
2026-02-26 19:50:15 [Info] [564] PythonEngineImpl Init...
2026-02-26 19:50:15 [Info] [564] log memory size is 20480KB, real memory size is 10468KB
2026-02-26 19:50:19 [Info] [564] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-26 19:50:19 [Info] [564] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-26 19:50:19 [Info] [564] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-26 19:50:21 [Info] [564] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-26 19:50:22 [Info] [564] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-26 19:50:22 [Info] [564] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-26 19:50:31 [Info] [564] item: --secnet_rasp_agent
2026-02-26 19:50:31 [Info] [564] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-02-26 19:50:31 [Info] [564] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-02-26 19:50:31 [Info] [564] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-02-26 19:50:32 [Info] [564] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-02-26 19:50:32 [Info] [564] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-02-26 19:50:37 [Info] [564] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-02-26 19:50:37 [Info] [564] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-02-26 19:50:37 [Info] [564] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-02-26 19:50:37 [Info] [564] Download redirect files success.
2026-02-26 19:50:37 [Info] [564] Prepare stage1: --secnet_rasp_agent
2026-02-26 19:50:37 [Info] [564] Prepare stage2
2026-02-26 19:50:37 [Info] [564] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-02-26 19:50:46 [Info] [564] log memory size is 30720KB, real memory size is 20768KB
2026-02-26 19:51:02 [Info] [564] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-02-26 19:51:02 [Info] [564] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-02-26 19:51:02 [Info] [564] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-26 19:51:02 [Info] [564] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-26 19:51:03 [Info] [564] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-02-26 19:51:03 [Info] [564] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-02-26 19:51:03 [Info] [564] stage3: --secnet_rasp_agent
2026-02-26 19:51:03 [Info] [564] Loader after check
2026-02-26 19:51:04 [Info] [564] Enter reuse wait state.
2026-02-26 19:51:09 [Info] [564] recvmsg: EXIT
2026-02-26 19:51:09 [Info] [564] Recv Exit Msg, Exit...
2026-02-26 23:32:48 [Info] [2340] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-26 23:32:48 [Info] [2340] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap55441772119967 
2026-02-26 23:32:48 [Info] [2340] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-26 23:32:48 [Info] [2340] Resource monitor start
2026-02-26 23:32:48 [Info] [2340] ipc client init success
2026-02-26 23:32:48 [Info] [2340] Ipc init: 0
2026-02-26 23:32:48 [Info] [2340] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-26 23:32:48 [Info] [2340] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-26 23:32:48 [Info] [2340] start ipc thread id[4292]
2026-02-26 23:32:48 [Info] [2340] Connect Yundun ipc server return state is 0
2026-02-26 23:32:48 [Info] [2340] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-26 23:32:48 [Info] [2340] CResourceMonitor::run Enter
2026-02-26 23:32:48 [Info] [2340] CIpcMsgHandlerMgr::run Enter
2026-02-26 23:32:48 [Info] [2340] Report thread
2026-02-26 23:32:48 [Info] [2340] Monitor thread
2026-02-26 23:32:48 [Info] [2340] Loader thread
2026-02-26 23:32:48 [Info] [2340] PythonEngineImpl Init...
2026-02-26 23:32:54 [Info] [2340] yundun connected
2026-02-26 23:32:56 [Info] [2340] recvmsg: HELLO
2026-02-26 23:32:56 [Info] [2340] recvmsg: WORK
2026-02-26 23:32:57 [Info] [2340] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-26 23:32:57 [Info] [2340] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-26 23:32:57 [Info] [2340] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-26 23:32:58 [Info] [2340] log fd cnt is [250], real fd cnt is [264]
2026-02-26 23:32:59 [Info] [2340] log memory size is 20480KB, real memory size is 13296KB
2026-02-26 23:33:00 [Info] [2340] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-26 23:33:00 [Info] [2340] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-26 23:33:00 [Info] [2340] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-26 23:33:01 [Info] [2340] item: --windows-sysinfoext-check
2026-02-26 23:33:01 [Info] [2340] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-26 23:33:01 [Info] [2340] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-26 23:33:01 [Info] [2340] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-26 23:33:01 [Info] [2340] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-26 23:33:01 [Info] [2340] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-02-26 23:33:01 [Info] [2340] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-26 23:33:02 [Info] [2340] Prepare stage1: --windows-sysinfoext-check
2026-02-26 23:33:02 [Info] [2340] Prepare stage2
2026-02-26 23:33:03 [Info] [2340] log memory size is 30720KB, real memory size is 22716KB
2026-02-26 23:33:05 [Info] [2340] stage3: --windows-sysinfoext-check
2026-02-26 23:33:05 [Info] [2340] Loader after check
2026-02-26 23:33:06 [Info] [2340] Enter reuse wait state.
2026-02-26 23:33:08 [Info] [2340] recvmsg: EXIT
2026-02-26 23:33:08 [Info] [2340] Recv Exit Msg, Exit...
2026-03-05 03:36:58 [Info] [1356] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-05 03:36:58 [Info] [1356] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap95311772653009 
2026-03-05 03:36:58 [Info] [1356] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-05 03:36:58 [Info] [1356] Resource monitor start
2026-03-05 03:36:58 [Info] [1356] ipc client init success
2026-03-05 03:36:58 [Info] [1356] Ipc init: 0
2026-03-05 03:36:58 [Info] [1356] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-05 03:36:58 [Info] [1356] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-05 03:36:58 [Info] [1356] start ipc thread id[4184]
2026-03-05 03:36:58 [Info] [1356] Connect Yundun ipc server return state is 0
2026-03-05 03:36:58 [Info] [1356] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-05 03:36:58 [Info] [1356] CResourceMonitor::run Enter
2026-03-05 03:36:58 [Info] [1356] CIpcMsgHandlerMgr::run Enter
2026-03-05 03:36:58 [Info] [1356] Report thread
2026-03-05 03:36:58 [Info] [1356] Monitor thread
2026-03-05 03:36:58 [Info] [1356] Loader thread
2026-03-05 03:36:58 [Info] [1356] PythonEngineImpl Init...
2026-03-05 03:37:03 [Info] [1356] yundun connected
2026-03-05 03:37:04 [Info] [1356] recvmsg: HELLO
2026-03-05 03:37:04 [Info] [1356] recvmsg: WORK
2026-03-05 03:37:04 [Info] [1356] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 03:37:04 [Info] [1356] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 03:37:04 [Info] [1356] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 03:37:06 [Info] [1356] log fd cnt is [250], real fd cnt is [264]
2026-03-05 03:37:07 [Info] [1356] log memory size is 20480KB, real memory size is 12952KB
2026-03-05 03:37:09 [Info] [1356] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 03:37:09 [Info] [1356] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-05 03:37:09 [Info] [1356] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-05 03:37:10 [Info] [1356] item: --windows-sysinfoext-check
2026-03-05 03:37:10 [Info] [1356] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-05 03:37:10 [Info] [1356] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-05 03:37:10 [Info] [1356] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 03:37:10 [Info] [1356] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 03:37:10 [Info] [1356] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-05 03:37:10 [Info] [1356] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-05 03:37:10 [Info] [1356] Prepare stage1: --windows-sysinfoext-check
2026-03-05 03:37:10 [Info] [1356] Prepare stage2
2026-03-05 03:37:12 [Warn] [1356] high cpu, cpu is 14
2026-03-05 03:37:12 [Info] [1356] try get sys version
2026-03-05 03:37:12 [Info] [1356] win sys info:2/10:0:3
2026-03-05 03:37:12 [Info] [1356] suit legal version, enable cpu control
2026-03-05 03:37:12 [Warn] [1356] High CPU Warning: 14
2026-03-05 03:37:12 [Warn] [1356] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:util.py line: 84 in func: next
File:wmi.py line: 1009 in func: query
File:wmi.py line: 817 in func: query
File:windows-sysinfoext-check.py line: 50 in func: GetSysCpuInfo
File:windows-sysinfoext-check.py line: 174 in func: check
File:windows-sysinfoext-check.py line: 143 in func: main
File:windows-sysinfoext-check.py line: 200 in func: start
2026-03-05 03:37:12 [Info] [1356] stage3: --windows-sysinfoext-check
2026-03-05 03:37:12 [Info] [1356] Loader after check
2026-03-05 03:37:13 [Info] [1356] Enter reuse wait state.
2026-03-05 03:37:15 [Info] [1356] recvmsg: EXIT
2026-03-05 03:37:15 [Info] [1356] Recv Exit Msg, Exit...
2026-03-05 03:37:15 [Info] [1356] log memory size is 30720KB, real memory size is 22996KB
2026-03-05 05:04:58 [Info] [2976] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-05 05:04:58 [Info] [2976] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap268031772658298 
2026-03-05 05:04:58 [Info] [2976] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-05 05:04:58 [Info] [2976] Resource monitor start
2026-03-05 05:04:58 [Info] [2976] ipc client init success
2026-03-05 05:04:58 [Info] [2976] Ipc init: 0
2026-03-05 05:04:58 [Info] [2976] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-05 05:04:58 [Info] [2976] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-05 05:04:58 [Info] [2976] start ipc thread id[188]
2026-03-05 05:04:58 [Info] [2976] Connect Yundun ipc server return state is 0
2026-03-05 05:04:58 [Info] [2976] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-05 05:04:59 [Info] [2976] CResourceMonitor::run Enter
2026-03-05 05:04:59 [Info] [2976] CIpcMsgHandlerMgr::run Enter
2026-03-05 05:04:59 [Info] [2976] yundun connected
2026-03-05 05:04:59 [Info] [2976] Report thread
2026-03-05 05:04:59 [Info] [2976] Monitor thread
2026-03-05 05:04:59 [Info] [2976] Loader thread
2026-03-05 05:04:59 [Info] [2976] PythonEngineImpl Init...
2026-03-05 05:05:00 [Info] [2976] recvmsg: HELLO
2026-03-05 05:05:01 [Info] [2976] recvmsg: WORK
2026-03-05 05:05:01 [Info] [2976] log fd cnt is [250], real fd cnt is [263]
2026-03-05 05:05:01 [Info] [2976] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 05:05:01 [Info] [2976] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 05:05:01 [Info] [2976] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 05:05:02 [Info] [2976] log memory size is 20480KB, real memory size is 13408KB
2026-03-05 05:05:02 [Info] [2976] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 05:05:03 [Info] [2976] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-05 05:05:03 [Info] [2976] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-05 05:05:07 [Info] [2976] item: --sca
2026-03-05 05:05:07 [Info] [2976] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-05 05:05:08 [Info] [2976] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-05 05:05:08 [Info] [2976] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca.py
2026-03-05 05:05:08 [Info] [2976] start do http get request for update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca.py
2026-03-05 05:05:08 [Info] [2976] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca.py.md5
2026-03-05 05:05:08 [Info] [2976] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca.py.md5
2026-03-05 05:05:09 [Info] [2976] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca.py.md5, http code : 200, curl ret : 0
2026-03-05 05:05:09 [Info] [2976] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca.py, http code : 200, curl ret : 0
2026-03-05 05:05:09 [Info] [2976] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca.py
2026-03-05 05:05:09 [Info] [2976] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py
2026-03-05 05:05:09 [Info] [2976] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_utils.py
2026-03-05 05:05:09 [Info] [2976] start do http get request for update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_utils.py
2026-03-05 05:05:10 [Info] [2976] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_utils.py.md5
2026-03-05 05:05:10 [Info] [2976] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_utils.py.md5
2026-03-05 05:05:10 [Info] [2976] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_utils.py.md5, http code : 200, curl ret : 0
2026-03-05 05:05:10 [Info] [2976] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_utils.py, http code : 200, curl ret : 0
2026-03-05 05:05:10 [Info] [2976] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca_utils.py
2026-03-05 05:05:11 [Info] [2976] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_common_proc.py
2026-03-05 05:05:11 [Info] [2976] start do http get request for update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_common_proc.py
2026-03-05 05:05:11 [Info] [2976] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_common_proc.py.md5
2026-03-05 05:05:11 [Info] [2976] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_common_proc.py.md5
2026-03-05 05:05:11 [Info] [2976] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_common_proc.py.md5, http code : 200, curl ret : 0
2026-03-05 05:05:11 [Info] [2976] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_common_proc.py, http code : 200, curl ret : 0
2026-03-05 05:05:11 [Info] [2976] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca_common_proc.py
2026-03-05 05:05:12 [Info] [2976] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_java_proc.py
2026-03-05 05:05:12 [Info] [2976] start do http get request for update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_java_proc.py
2026-03-05 05:05:12 [Info] [2976] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_java_proc.py.md5
2026-03-05 05:05:12 [Info] [2976] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_java_proc.py.md5
2026-03-05 05:05:12 [Info] [2976] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_java_proc.py.md5, http code : 200, curl ret : 0
2026-03-05 05:05:12 [Info] [2976] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_java_proc.py, http code : 200, curl ret : 0
2026-03-05 05:05:13 [Info] [2976] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca_java_proc.py
2026-03-05 05:05:13 [Info] [2976] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py
2026-03-05 05:05:13 [Info] [2976] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py
2026-03-05 05:05:14 [Info] [2976] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py
2026-03-05 05:05:14 [Info] [2976] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py
2026-03-05 05:05:15 [Info] [2976] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py
2026-03-05 05:05:15 [Info] [2976] Download redirect files success.
2026-03-05 05:05:15 [Info] [2976] Prepare stage1: --sca
2026-03-05 05:05:15 [Info] [2976] Prepare stage2
2026-03-05 05:05:22 [Info] [2976] log memory size is 30720KB, real memory size is 24164KB
2026-03-05 05:05:31 [Warn] [2976] high cpu, cpu is 23
2026-03-05 05:05:31 [Info] [2976] try get sys version
2026-03-05 05:05:31 [Info] [2976] win sys info:2/10:0:3
2026-03-05 05:05:31 [Info] [2976] suit legal version, enable cpu control
2026-03-05 05:05:31 [Warn] [2976] High CPU Warning: 23
2026-03-05 05:05:31 [Warn] [2976] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:sca.py line: 197 in func: init_analyzer
File:sca.py line: 390 in func: start
2026-03-05 05:05:34 [Info] [2976] log memory size is 40960KB, real memory size is 32932KB
2026-03-05 05:05:42 [Info] [2976] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-05 05:06:09 [Info] [2976] log fd cnt is [300], real fd cnt is [375]
2026-03-05 05:06:28 [Info] [2976] stage3: --sca
2026-03-05 05:06:28 [Info] [2976] Loader after check
2026-03-05 05:06:29 [Info] [2976] Enter reuse wait state.
2026-03-05 05:06:30 [Info] [2976] recvmsg: EXIT
2026-03-05 05:06:30 [Info] [2976] Recv Exit Msg, Exit...
2026-03-05 07:56:56 [Info] [4724] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-05 07:56:56 [Info] [4724] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap277291772668616 
2026-03-05 07:56:56 [Info] [4724] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-05 07:56:56 [Info] [4724] Resource monitor start
2026-03-05 07:56:56 [Info] [4724] ipc client init success
2026-03-05 07:56:56 [Info] [4724] Ipc init: 0
2026-03-05 07:56:56 [Info] [4724] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-05 07:56:56 [Info] [4724] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-05 07:56:56 [Info] [4724] start ipc thread id[1828]
2026-03-05 07:56:56 [Info] [4724] Connect Yundun ipc server return state is 0
2026-03-05 07:56:56 [Info] [4724] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-05 07:56:56 [Info] [4724] CResourceMonitor::run Enter
2026-03-05 07:56:56 [Info] [4724] CIpcMsgHandlerMgr::run Enter
2026-03-05 07:56:56 [Info] [4724] Report thread
2026-03-05 07:56:56 [Info] [4724] Monitor thread
2026-03-05 07:56:56 [Info] [4724] Loader thread
2026-03-05 07:56:56 [Info] [4724] PythonEngineImpl Init...
2026-03-05 07:56:56 [Info] [4724] yundun connected
2026-03-05 07:56:57 [Info] [4724] recvmsg: HELLO
2026-03-05 07:56:57 [Info] [4724] recvmsg: WORK
2026-03-05 07:56:57 [Info] [4724] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 07:56:57 [Info] [4724] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 07:56:57 [Info] [4724] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 07:56:57 [Info] [4724] log fd cnt is [250], real fd cnt is [282]
2026-03-05 07:56:57 [Info] [4724] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 07:56:58 [Info] [4724] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-05 07:56:58 [Info] [4724] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-05 07:56:58 [Info] [4724] log memory size is 20480KB, real memory size is 14524KB
2026-03-05 07:56:59 [Info] [4724] item: --windows-vul-clean
2026-03-05 07:56:59 [Info] [4724] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-05 07:56:59 [Info] [4724] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-05 07:56:59 [Info] [4724] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 07:56:59 [Info] [4724] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 07:56:59 [Info] [4724] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0
2026-03-05 07:56:59 [Info] [4724] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5
2026-03-05 07:56:59 [Info] [4724] Prepare stage1: --windows-vul-clean
2026-03-05 07:56:59 [Info] [4724] Prepare stage2
2026-03-05 07:56:59 [Info] [4724] stage3: --windows-vul-clean
2026-03-05 07:56:59 [Info] [4724] Loader after check
2026-03-05 07:57:00 [Info] [4724] Enter reuse wait state.
2026-03-05 07:57:04 [Info] [4724] recvmsg: EXIT
2026-03-05 07:57:04 [Info] [4724] Recv Exit Msg, Exit...
2026-03-05 09:06:24 [Info] [3152] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-05 09:06:24 [Info] [3152] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap85491772672777 
2026-03-05 09:06:24 [Info] [3152] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-05 09:06:30 [Info] [3152] Resource monitor start
2026-03-05 09:06:30 [Info] [3152] ipc client init success
2026-03-05 09:06:30 [Info] [3152] Ipc init: 0
2026-03-05 09:06:30 [Info] [3152] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-05 09:06:33 [Info] [3152] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-05 09:06:33 [Info] [3152] start ipc thread id[2168]
2026-03-05 09:06:33 [Info] [3152] Connect Yundun ipc server return state is 0
2026-03-05 09:06:33 [Info] [3152] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-05 09:06:33 [Info] [3152] CResourceMonitor::run Enter
2026-03-05 09:06:33 [Info] [3152] CIpcMsgHandlerMgr::run Enter
2026-03-05 09:06:33 [Info] [3152] yundun connected
2026-03-05 09:06:33 [Info] [3152] Report thread
2026-03-05 09:06:33 [Info] [3152] Monitor thread
2026-03-05 09:06:33 [Info] [3152] Loader thread
2026-03-05 09:06:33 [Info] [3152] PythonEngineImpl Init...
2026-03-05 09:06:34 [Info] [3152] recvmsg: HELLO
2026-03-05 09:06:34 [Info] [3152] recvmsg: WORK
2026-03-05 09:06:34 [Info] [3152] log fd cnt is [250], real fd cnt is [263]
2026-03-05 09:06:34 [Info] [3152] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 09:06:34 [Info] [3152] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 09:06:34 [Info] [3152] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 09:06:35 [Info] [3152] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 09:06:35 [Info] [3152] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-05 09:06:35 [Info] [3152] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-05 09:06:35 [Info] [3152] log memory size is 20480KB, real memory size is 14580KB
2026-03-05 09:06:36 [Info] [3152] item: --windows-sysinfoext-check
2026-03-05 09:06:36 [Info] [3152] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-05 09:06:36 [Info] [3152] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-05 09:06:36 [Info] [3152] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 09:06:36 [Info] [3152] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 09:06:36 [Info] [3152] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-05 09:06:36 [Info] [3152] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-05 09:06:36 [Info] [3152] Prepare stage1: --windows-sysinfoext-check
2026-03-05 09:06:36 [Info] [3152] Prepare stage2
2026-03-05 09:06:38 [Info] [3152] stage3: --windows-sysinfoext-check
2026-03-05 09:06:38 [Info] [3152] Loader after check
2026-03-05 09:06:38 [Warn] [3152] high cpu, cpu is 16
2026-03-05 09:06:38 [Info] [3152] try get sys version
2026-03-05 09:06:38 [Info] [3152] win sys info:2/10:0:3
2026-03-05 09:06:38 [Info] [3152] suit legal version, enable cpu control
2026-03-05 09:06:38 [Warn] [3152] High CPU Warning: 16
2026-03-05 09:06:38 [Warn] [3152] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-05 09:06:39 [Info] [3152] Enter reuse wait state.
2026-03-05 09:06:39 [Info] [3152] log memory size is 30720KB, real memory size is 22972KB
2026-03-05 09:06:40 [Info] [3152] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-05 09:06:41 [Info] [3152] recvmsg: EXIT
2026-03-05 09:06:41 [Info] [3152] Recv Exit Msg, Exit...
2026-03-05 09:12:39 [Info] [4948] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-05 09:12:39 [Info] [4948] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap97961772673159 
2026-03-05 09:12:39 [Info] [4948] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-05 09:12:39 [Info] [4948] Resource monitor start
2026-03-05 09:12:39 [Info] [4948] ipc client init success
2026-03-05 09:12:39 [Info] [4948] Ipc init: 0
2026-03-05 09:12:39 [Info] [4948] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-05 09:12:39 [Info] [4948] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-05 09:12:39 [Info] [4948] start ipc thread id[4436]
2026-03-05 09:12:39 [Info] [4948] Connect Yundun ipc server return state is 0
2026-03-05 09:12:39 [Info] [4948] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-05 09:12:39 [Info] [4948] CResourceMonitor::run Enter
2026-03-05 09:12:39 [Info] [4948] CIpcMsgHandlerMgr::run Enter
2026-03-05 09:12:39 [Info] [4948] Report thread
2026-03-05 09:12:39 [Info] [4948] Monitor thread
2026-03-05 09:12:39 [Info] [4948] Loader thread
2026-03-05 09:12:39 [Info] [4948] PythonEngineImpl Init...
2026-03-05 09:12:39 [Info] [4948] yundun connected
2026-03-05 09:12:40 [Info] [4948] recvmsg: HELLO
2026-03-05 09:12:40 [Info] [4948] recvmsg: WORK
2026-03-05 09:12:40 [Info] [4948] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 09:12:40 [Info] [4948] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 09:12:40 [Info] [4948] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 09:12:40 [Info] [4948] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 09:12:40 [Info] [4948] log fd cnt is [250], real fd cnt is [282]
2026-03-05 09:12:41 [Info] [4948] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-05 09:12:41 [Info] [4948] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-05 09:12:41 [Info] [4948] log memory size is 20480KB, real memory size is 14516KB
2026-03-05 09:12:42 [Info] [4948] item: --windows-process-check
2026-03-05 09:12:42 [Info] [4948] cgroup name aegisRtap0
2026-03-05 09:12:42 [Info] [4948] try get sys version
2026-03-05 09:12:42 [Info] [4948] win sys info:2/10:0:3
2026-03-05 09:12:42 [Info] [4948] suit legal version, enable cpu control
2026-03-05 09:12:42 [Info] [4948] get AssignProcessToJobObject handle [00000478]
2026-03-05 09:12:42 [Info] [4948] Set setJobExtended.
2026-03-05 09:12:42 [Info] [4948] Set cpu [9%]
2026-03-05 09:12:42 [Info] [4948] Set cpu success
2026-03-05 09:12:42 [Info] [4948] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-05 09:12:42 [Info] [4948] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-05 09:12:42 [Info] [4948] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 09:12:42 [Info] [4948] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 09:12:42 [Info] [4948] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0
2026-03-05 09:12:42 [Info] [4948] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5
2026-03-05 09:12:42 [Info] [4948] Prepare stage1: --windows-process-check
2026-03-05 09:12:42 [Info] [4948] Prepare stage2
2026-03-05 09:13:00 [Info] [4948] stage3: --windows-process-check
2026-03-05 09:13:00 [Info] [4948] Loader after check
2026-03-05 09:13:01 [Info] [4948] Enter reuse wait state.
2026-03-05 09:13:03 [Info] [4948] recvmsg: EXIT
2026-03-05 09:13:03 [Info] [4948] Recv Exit Msg, Exit...
2026-03-05 10:33:46 [Info] [4360] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-05 10:33:46 [Info] [4360] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap256831772678024 
2026-03-05 10:33:46 [Info] [4360] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-05 10:33:46 [Info] [4360] Resource monitor start
2026-03-05 10:33:46 [Info] [4360] ipc client init success
2026-03-05 10:33:46 [Info] [4360] Ipc init: 0
2026-03-05 10:33:46 [Info] [4360] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-05 10:33:46 [Info] [4360] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-05 10:33:46 [Info] [4360] CResourceMonitor::run Enter
2026-03-05 10:33:46 [Info] [4360] CIpcMsgHandlerMgr::run Enter
2026-03-05 10:33:46 [Info] [4360] start ipc thread id[3872]
2026-03-05 10:33:46 [Info] [4360] Connect Yundun ipc server return state is 0
2026-03-05 10:33:46 [Info] [4360] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-05 10:33:46 [Info] [4360] yundun connected
2026-03-05 10:33:46 [Info] [4360] Report thread
2026-03-05 10:33:46 [Info] [4360] Monitor thread
2026-03-05 10:33:46 [Info] [4360] Loader thread
2026-03-05 10:33:46 [Info] [4360] PythonEngineImpl Init...
2026-03-05 10:33:46 [Info] [4360] recvmsg: HELLO
2026-03-05 10:33:46 [Info] [4360] recvmsg: WORK
2026-03-05 10:33:47 [Info] [4360] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 10:33:47 [Info] [4360] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 10:33:47 [Info] [4360] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 10:33:47 [Info] [4360] log fd cnt is [250], real fd cnt is [282]
2026-03-05 10:33:47 [Info] [4360] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 10:33:47 [Info] [4360] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-05 10:33:47 [Info] [4360] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-05 10:33:48 [Info] [4360] log memory size is 20480KB, real memory size is 14648KB
2026-03-05 10:33:48 [Info] [4360] item: --windows-registry-check
2026-03-05 10:33:48 [Info] [4360] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-05 10:33:48 [Info] [4360] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-05 10:33:48 [Info] [4360] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 10:33:48 [Info] [4360] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 10:33:49 [Info] [4360] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0
2026-03-05 10:33:49 [Info] [4360] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5
2026-03-05 10:33:49 [Info] [4360] Prepare stage1: --windows-registry-check
2026-03-05 10:33:49 [Info] [4360] Prepare stage2
2026-03-05 10:34:17 [Info] [4360] stage3: --windows-registry-check
2026-03-05 10:34:17 [Info] [4360] Loader after check
2026-03-05 10:34:18 [Info] [4360] Enter reuse wait state.
2026-03-05 10:34:21 [Info] [4360] recvmsg: EXIT
2026-03-05 10:34:21 [Info] [4360] Recv Exit Msg, Exit...
2026-03-05 10:35:26 [Info] [1060] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-05 10:35:26 [Info] [1060] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap260131772678125 
2026-03-05 10:35:26 [Info] [1060] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-05 10:35:26 [Info] [1060] Resource monitor start
2026-03-05 10:35:26 [Info] [1060] ipc client init success
2026-03-05 10:35:26 [Info] [1060] Ipc init: 0
2026-03-05 10:35:26 [Info] [1060] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-05 10:35:26 [Info] [1060] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-05 10:35:26 [Info] [1060] start ipc thread id[2608]
2026-03-05 10:35:26 [Info] [1060] Connect Yundun ipc server return state is 0
2026-03-05 10:35:26 [Info] [1060] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-05 10:35:26 [Info] [1060] CResourceMonitor::run Enter
2026-03-05 10:35:26 [Info] [1060] CIpcMsgHandlerMgr::run Enter
2026-03-05 10:35:26 [Info] [1060] yundun connected
2026-03-05 10:35:26 [Info] [1060] Report thread
2026-03-05 10:35:26 [Info] [1060] Monitor thread
2026-03-05 10:35:26 [Info] [1060] Loader thread
2026-03-05 10:35:26 [Info] [1060] PythonEngineImpl Init...
2026-03-05 10:35:27 [Info] [1060] recvmsg: HELLO
2026-03-05 10:35:27 [Info] [1060] recvmsg: WORK
2026-03-05 10:35:27 [Info] [1060] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 10:35:27 [Info] [1060] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 10:35:27 [Info] [1060] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 10:35:27 [Info] [1060] log fd cnt is [250], real fd cnt is [274]
2026-03-05 10:35:28 [Info] [1060] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 10:35:28 [Info] [1060] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-05 10:35:28 [Info] [1060] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-05 10:35:28 [Info] [1060] log memory size is 20480KB, real memory size is 14308KB
2026-03-05 10:35:30 [Info] [1060] item: --windows-driver-version-check
2026-03-05 10:35:30 [Info] [1060] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-05 10:35:30 [Info] [1060] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-05 10:35:30 [Info] [1060] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 10:35:30 [Info] [1060] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 10:35:30 [Info] [1060] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0
2026-03-05 10:35:30 [Info] [1060] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5
2026-03-05 10:35:31 [Info] [1060] Prepare stage1: --windows-driver-version-check
2026-03-05 10:35:31 [Info] [1060] Prepare stage2
2026-03-05 10:35:31 [Info] [1060] stage3: --windows-driver-version-check
2026-03-05 10:35:31 [Info] [1060] Loader after check
2026-03-05 10:35:32 [Info] [1060] Enter reuse wait state.
2026-03-05 10:35:35 [Info] [3376] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-05 10:35:35 [Info] [3376] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap260431772678134 
2026-03-05 10:35:35 [Info] [3376] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-05 10:35:35 [Info] [3376] Resource monitor start
2026-03-05 10:35:35 [Info] [3376] ipc client init success
2026-03-05 10:35:35 [Info] [3376] Ipc init: 0
2026-03-05 10:35:35 [Info] [3376] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-05 10:35:35 [Info] [3376] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-05 10:35:35 [Info] [3376] start ipc thread id[4948]
2026-03-05 10:35:35 [Info] [3376] Connect Yundun ipc server return state is 0
2026-03-05 10:35:35 [Info] [3376] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-05 10:35:35 [Info] [3376] CResourceMonitor::run Enter
2026-03-05 10:35:35 [Info] [3376] CIpcMsgHandlerMgr::run Enter
2026-03-05 10:35:35 [Info] [3376] Report thread
2026-03-05 10:35:35 [Info] [3376] Monitor thread
2026-03-05 10:35:35 [Info] [3376] Loader thread
2026-03-05 10:35:35 [Info] [3376] PythonEngineImpl Init...
2026-03-05 10:35:35 [Info] [3376] yundun connected
2026-03-05 10:35:35 [Info] [3376] recvmsg: HELLO
2026-03-05 10:35:35 [Info] [3376] recvmsg: WORK
2026-03-05 10:35:36 [Info] [3376] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 10:35:36 [Info] [3376] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 10:35:36 [Info] [3376] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 10:35:36 [Info] [3376] log fd cnt is [250], real fd cnt is [282]
2026-03-05 10:35:36 [Info] [3376] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 10:35:36 [Info] [3376] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-05 10:35:36 [Info] [3376] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-05 10:35:37 [Info] [3376] log memory size is 20480KB, real memory size is 14456KB
2026-03-05 10:35:37 [Info] [3376] item: --windows-schedule-task-check
2026-03-05 10:35:37 [Info] [3376] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-05 10:35:37 [Info] [3376] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-05 10:35:37 [Info] [3376] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 10:35:37 [Info] [3376] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 10:35:37 [Info] [3376] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0
2026-03-05 10:35:37 [Info] [3376] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5
2026-03-05 10:35:37 [Info] [3376] Prepare stage1: --windows-schedule-task-check
2026-03-05 10:35:37 [Info] [3376] Prepare stage2
2026-03-05 10:35:38 [Info] [1060] recvmsg: EXIT
2026-03-05 10:35:38 [Info] [1060] Recv Exit Msg, Exit...
2026-03-05 10:35:41 [Info] [3376] log memory size is 30720KB, real memory size is 23176KB
2026-03-05 10:35:42 [Info] [3376] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-05 10:36:08 [Info] [3376] stage3: --windows-schedule-task-check
2026-03-05 10:36:08 [Info] [3376] Loader after check
2026-03-05 10:36:09 [Info] [3376] Enter reuse wait state.
2026-03-05 10:36:13 [Info] [3376] recvmsg: EXIT
2026-03-05 10:36:13 [Info] [3376] Recv Exit Msg, Exit...
2026-03-05 11:02:48 [Info] [3124] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-05 11:02:48 [Info] [3124] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap313791772679768 
2026-03-05 11:02:48 [Info] [3124] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-05 11:02:48 [Info] [3124] Resource monitor start
2026-03-05 11:02:48 [Info] [3124] ipc client init success
2026-03-05 11:02:48 [Info] [3124] Ipc init: 0
2026-03-05 11:02:48 [Info] [3124] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-05 11:02:48 [Info] [3124] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-05 11:02:48 [Info] [3124] start ipc thread id[4664]
2026-03-05 11:02:48 [Info] [3124] Connect Yundun ipc server return state is 0
2026-03-05 11:02:48 [Info] [3124] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-05 11:02:48 [Info] [3124] CResourceMonitor::run Enter
2026-03-05 11:02:48 [Info] [3124] CIpcMsgHandlerMgr::run Enter
2026-03-05 11:02:48 [Info] [3124] Report thread
2026-03-05 11:02:48 [Info] [3124] Monitor thread
2026-03-05 11:02:48 [Info] [3124] Loader thread
2026-03-05 11:02:48 [Info] [3124] PythonEngineImpl Init...
2026-03-05 11:02:48 [Info] [3124] yundun connected
2026-03-05 11:02:49 [Info] [3124] recvmsg: HELLO
2026-03-05 11:02:49 [Info] [3124] recvmsg: WORK
2026-03-05 11:02:49 [Info] [3124] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 11:02:49 [Info] [3124] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 11:02:49 [Info] [3124] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 11:02:49 [Info] [3124] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 11:02:49 [Info] [3124] log fd cnt is [250], real fd cnt is [282]
2026-03-05 11:02:49 [Info] [3124] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-05 11:02:49 [Info] [3124] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-05 11:02:50 [Info] [3124] log memory size is 20480KB, real memory size is 14500KB
2026-03-05 11:02:51 [Info] [3124] item: --tcp-connect-check
2026-03-05 11:02:51 [Info] [3124] cgroup name aegisRtap0
2026-03-05 11:02:51 [Info] [3124] try get sys version
2026-03-05 11:02:51 [Info] [3124] win sys info:2/10:0:3
2026-03-05 11:02:51 [Info] [3124] suit legal version, enable cpu control
2026-03-05 11:02:51 [Info] [3124] get AssignProcessToJobObject handle [00000478]
2026-03-05 11:02:51 [Info] [3124] Set setJobExtended.
2026-03-05 11:02:51 [Info] [3124] Set cpu [9%]
2026-03-05 11:02:51 [Info] [3124] Set cpu success
2026-03-05 11:02:51 [Info] [3124] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-05 11:02:51 [Info] [3124] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-05 11:02:51 [Info] [3124] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 11:02:51 [Info] [3124] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 11:02:51 [Info] [3124] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0
2026-03-05 11:02:51 [Info] [3124] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5
2026-03-05 11:02:51 [Info] [3124] Prepare stage1: --tcp-connect-check
2026-03-05 11:02:51 [Info] [3124] Prepare stage2
2026-03-05 11:02:54 [Info] [3124] stage3: --tcp-connect-check
2026-03-05 11:02:54 [Info] [3124] Loader after check
2026-03-05 11:02:55 [Info] [3124] Enter reuse wait state.
2026-03-05 11:03:00 [Info] [3124] recvmsg: EXIT
2026-03-05 11:03:00 [Info] [3124] Recv Exit Msg, Exit...
2026-03-05 11:12:48 [Info] [852] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-05 11:12:48 [Info] [852] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap5701772680368 
2026-03-05 11:12:48 [Info] [852] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-05 11:12:48 [Info] [852] Resource monitor start
2026-03-05 11:12:48 [Info] [852] ipc client init success
2026-03-05 11:12:48 [Info] [852] Ipc init: 0
2026-03-05 11:12:48 [Info] [852] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-05 11:12:48 [Info] [852] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-05 11:12:48 [Info] [852] start ipc thread id[1796]
2026-03-05 11:12:48 [Info] [852] Connect Yundun ipc server return state is 0
2026-03-05 11:12:48 [Info] [852] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-05 11:12:48 [Info] [852] CResourceMonitor::run Enter
2026-03-05 11:12:48 [Info] [852] CIpcMsgHandlerMgr::run Enter
2026-03-05 11:12:48 [Info] [852] Report thread
2026-03-05 11:12:48 [Info] [852] Monitor thread
2026-03-05 11:12:48 [Info] [852] Loader thread
2026-03-05 11:12:48 [Info] [852] PythonEngineImpl Init...
2026-03-05 11:12:48 [Info] [852] yundun connected
2026-03-05 11:12:49 [Info] [852] recvmsg: HELLO
2026-03-05 11:12:49 [Info] [852] recvmsg: WORK
2026-03-05 11:12:49 [Info] [852] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 11:12:49 [Info] [852] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 11:12:49 [Info] [852] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 11:12:49 [Info] [852] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 11:12:49 [Info] [852] log fd cnt is [250], real fd cnt is [282]
2026-03-05 11:12:49 [Info] [852] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-05 11:12:49 [Info] [852] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-05 11:12:50 [Info] [852] log memory size is 20480KB, real memory size is 14496KB
2026-03-05 11:12:51 [Info] [852] item: --windows-autorun-item-check
2026-03-05 11:12:51 [Info] [852] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-05 11:12:51 [Info] [852] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-05 11:12:51 [Info] [852] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 11:12:51 [Info] [852] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 11:12:51 [Info] [852] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0
2026-03-05 11:12:51 [Info] [852] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5
2026-03-05 11:12:51 [Info] [852] Prepare stage1: --windows-autorun-item-check
2026-03-05 11:12:51 [Info] [852] Prepare stage2
2026-03-05 11:12:54 [Info] [852] log memory size is 30720KB, real memory size is 22300KB
2026-03-05 11:13:01 [Info] [852] stage3: --windows-autorun-item-check
2026-03-05 11:13:01 [Info] [852] Loader after check
2026-03-05 11:13:02 [Info] [852] Enter reuse wait state.
2026-03-05 11:13:04 [Info] [852] recvmsg: EXIT
2026-03-05 11:13:04 [Info] [852] Recv Exit Msg, Exit...
2026-03-05 14:36:24 [Info] [4500] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-05 14:36:24 [Info] [4500] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap76711772692577 
2026-03-05 14:36:24 [Info] [4500] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-05 14:36:24 [Info] [4500] Resource monitor start
2026-03-05 14:36:24 [Info] [4500] ipc client init success
2026-03-05 14:36:24 [Info] [4500] Ipc init: 0
2026-03-05 14:36:24 [Info] [4500] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-05 14:36:24 [Info] [4500] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-05 14:36:24 [Info] [4500] start ipc thread id[3936]
2026-03-05 14:36:24 [Info] [4500] Connect Yundun ipc server return state is 0
2026-03-05 14:36:24 [Info] [4500] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-05 14:36:24 [Info] [4500] CResourceMonitor::run Enter
2026-03-05 14:36:24 [Info] [4500] CIpcMsgHandlerMgr::run Enter
2026-03-05 14:36:24 [Info] [4500] Report thread
2026-03-05 14:36:24 [Info] [4500] Monitor thread
2026-03-05 14:36:24 [Info] [4500] Loader thread
2026-03-05 14:36:24 [Info] [4500] PythonEngineImpl Init...
2026-03-05 14:36:31 [Info] [4500] yundun connected
2026-03-05 14:36:32 [Info] [4500] recvmsg: HELLO
2026-03-05 14:36:32 [Info] [4500] recvmsg: WORK
2026-03-05 14:36:32 [Info] [4500] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 14:36:32 [Info] [4500] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 14:36:32 [Info] [4500] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 14:36:35 [Info] [4500] log fd cnt is [250], real fd cnt is [264]
2026-03-05 14:36:42 [Info] [4500] log memory size is 20480KB, real memory size is 13316KB
2026-03-05 14:36:48 [Warn] [4500] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-03-05 14:36:58 [Warn] [4500] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-03-05 14:36:58 [Info] [4500] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 14:36:58 [Info] [4500] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-05 14:36:58 [Info] [4500] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-05 14:36:59 [Info] [4500] item: --windows-sysinfoext-check
2026-03-05 14:36:59 [Info] [4500] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-05 14:36:59 [Info] [4500] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-05 14:36:59 [Info] [4500] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 14:36:59 [Info] [4500] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 14:36:59 [Info] [4500] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-05 14:36:59 [Info] [4500] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-05 14:37:00 [Info] [4500] Prepare stage1: --windows-sysinfoext-check
2026-03-05 14:37:00 [Info] [4500] Prepare stage2
2026-03-05 14:37:02 [Info] [4500] log memory size is 30720KB, real memory size is 22780KB
2026-03-05 14:37:03 [Info] [4500] stage3: --windows-sysinfoext-check
2026-03-05 14:37:03 [Info] [4500] Loader after check
2026-03-05 14:37:04 [Info] [4500] Enter reuse wait state.
2026-03-05 14:37:06 [Info] [4500] recvmsg: EXIT
2026-03-05 14:37:06 [Info] [4500] Recv Exit Msg, Exit...
2026-03-05 19:42:42 [Info] [4484] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-05 19:42:42 [Info] [4484] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap21731772710962 
2026-03-05 19:42:42 [Info] [4484] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-05 19:42:42 [Info] [4484] Resource monitor start
2026-03-05 19:42:42 [Info] [4484] ipc client init success
2026-03-05 19:42:42 [Info] [4484] Ipc init: 0
2026-03-05 19:42:42 [Info] [4484] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-05 19:42:42 [Info] [4484] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-05 19:42:42 [Info] [4484] start ipc thread id[4128]
2026-03-05 19:42:42 [Info] [4484] Connect Yundun ipc server return state is 0
2026-03-05 19:42:42 [Info] [4484] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-05 19:42:42 [Info] [4484] CResourceMonitor::run Enter
2026-03-05 19:42:42 [Info] [4484] CIpcMsgHandlerMgr::run Enter
2026-03-05 19:42:42 [Info] [4484] Report thread
2026-03-05 19:42:42 [Info] [4484] Monitor thread
2026-03-05 19:42:42 [Info] [4484] Loader thread
2026-03-05 19:42:42 [Info] [4484] PythonEngineImpl Init...
2026-03-05 19:42:42 [Info] [4484] yundun connected
2026-03-05 19:42:43 [Info] [4484] recvmsg: HELLO
2026-03-05 19:42:43 [Info] [4484] recvmsg: WORK
2026-03-05 19:42:43 [Info] [4484] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 19:42:43 [Info] [4484] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 19:42:43 [Info] [4484] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 19:42:43 [Info] [4484] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 19:42:43 [Info] [4484] log fd cnt is [250], real fd cnt is [282]
2026-03-05 19:42:43 [Info] [4484] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-05 19:42:43 [Info] [4484] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-05 19:42:44 [Info] [4484] log memory size is 20480KB, real memory size is 14500KB
2026-03-05 19:42:44 [Info] [4484] item: --secnet_rasp_agent
2026-03-05 19:42:44 [Info] [4484] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-05 19:42:45 [Info] [4484] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-05 19:42:45 [Info] [4484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-03-05 19:42:45 [Info] [4484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-03-05 19:42:45 [Info] [4484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-03-05 19:42:45 [Info] [4484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-03-05 19:42:45 [Info] [4484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-03-05 19:42:45 [Info] [4484] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-03-05 19:42:45 [Info] [4484] Download redirect files success.
2026-03-05 19:42:45 [Info] [4484] Prepare stage1: --secnet_rasp_agent
2026-03-05 19:42:45 [Info] [4484] Prepare stage2
2026-03-05 19:42:45 [Warn] [4484] high cpu, cpu is 13
2026-03-05 19:42:45 [Info] [4484] try get sys version
2026-03-05 19:42:45 [Info] [4484] win sys info:2/10:0:3
2026-03-05 19:42:45 [Info] [4484] suit legal version, enable cpu control
2026-03-05 19:42:45 [Warn] [4484] High CPU Warning: 13
2026-03-05 19:42:45 [Warn] [4484] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:subprocess.py line: 125 in func: _eintr_retry_call
File:subprocess.py line: 475 in func: communicate
File:subprocess.py line: 217 in func: check_output
File:secnet_rasp_agent_lib.py line: 55 in func: read_host_uuid
File:secnet_rasp_agent.py line: 218 in func: main
File:secnet_rasp_agent.py line: 240 in func: start
2026-03-05 19:42:45 [Info] [4484] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-05 19:42:45 [Info] [4484] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-05 19:42:45 [Info] [4484] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 19:42:46 [Info] [4484] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 19:42:46 [Info] [4484] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-03-05 19:42:46 [Info] [4484] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-05 19:42:46 [Info] [4484] stage3: --secnet_rasp_agent
2026-03-05 19:42:46 [Info] [4484] Loader after check
2026-03-05 19:42:47 [Info] [4484] Enter reuse wait state.
2026-03-05 19:42:49 [Info] [4484] log memory size is 30720KB, real memory size is 21096KB
2026-03-05 19:42:50 [Info] [4484] recvmsg: EXIT
2026-03-05 19:42:50 [Info] [4484] Recv Exit Msg, Exit...
2026-03-05 20:05:38 [Info] [3744] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-05 20:05:38 [Info] [3744] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap66471772712332 
2026-03-05 20:05:38 [Info] [3744] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-05 20:05:43 [Info] [3744] Resource monitor start
2026-03-05 20:05:43 [Info] [3744] ipc client init success
2026-03-05 20:05:43 [Info] [3744] Ipc init: 0
2026-03-05 20:05:43 [Info] [3744] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-05 20:05:43 [Info] [3744] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-05 20:05:48 [Info] [3744] start ipc thread id[1632]
2026-03-05 20:05:48 [Info] [3744] Connect Yundun ipc server return state is 0
2026-03-05 20:05:48 [Info] [3744] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-05 20:05:48 [Info] [3744] CResourceMonitor::run Enter
2026-03-05 20:05:48 [Info] [3744] CIpcMsgHandlerMgr::run Enter
2026-03-05 20:05:49 [Info] [3744] yundun connected
2026-03-05 20:05:49 [Info] [3744] Report thread
2026-03-05 20:05:49 [Info] [3744] Monitor thread
2026-03-05 20:05:49 [Info] [3744] Loader thread
2026-03-05 20:05:49 [Info] [3744] PythonEngineImpl Init...
2026-03-05 20:05:50 [Info] [3744] log fd cnt is [250], real fd cnt is [261]
2026-03-05 20:05:50 [Info] [3744] recvmsg: HELLO
2026-03-05 20:05:50 [Info] [3744] recvmsg: WORK
2026-03-05 20:05:50 [Info] [3744] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 20:05:50 [Info] [3744] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-05 20:05:50 [Info] [3744] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 20:05:51 [Info] [3744] log memory size is 20480KB, real memory size is 13404KB
2026-03-05 20:05:52 [Info] [3744] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 20:05:52 [Info] [3744] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-05 20:05:52 [Info] [3744] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-05 20:05:53 [Info] [3744] item: --windows-sysinfoext-check
2026-03-05 20:05:53 [Info] [3744] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-05 20:05:53 [Info] [3744] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-05 20:05:53 [Info] [3744] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-05 20:05:53 [Info] [3744] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-05 20:05:53 [Info] [3744] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-05 20:05:53 [Info] [3744] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-05 20:05:54 [Info] [3744] Prepare stage1: --windows-sysinfoext-check
2026-03-05 20:05:54 [Info] [3744] Prepare stage2
2026-03-05 20:05:54 [Warn] [3744] high cpu, cpu is 20
2026-03-05 20:05:54 [Info] [3744] try get sys version
2026-03-05 20:05:54 [Info] [3744] win sys info:2/10:0:3
2026-03-05 20:05:54 [Info] [3744] suit legal version, enable cpu control
2026-03-05 20:05:54 [Warn] [3744] High CPU Warning: 20
2026-03-05 20:05:55 [Warn] [3744] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-03-05 20:05:55 [Info] [3744] stage3: --windows-sysinfoext-check
2026-03-05 20:05:55 [Info] [3744] Loader after check
2026-03-05 20:05:56 [Info] [3744] log memory size is 30720KB, real memory size is 22876KB
2026-03-05 20:05:56 [Info] [3744] Enter reuse wait state.
2026-03-05 20:06:00 [Info] [3744] recvmsg: EXIT
2026-03-05 20:06:00 [Info] [3744] Recv Exit Msg, Exit...
2026-03-12 00:13:08 [Info] [4372] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-12 00:13:08 [Info] [4372] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap113231773245585 
2026-03-12 00:13:08 [Info] [4372] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-12 00:13:14 [Info] [4372] Resource monitor start
2026-03-12 00:13:14 [Info] [4372] ipc client init success
2026-03-12 00:13:14 [Info] [4372] Ipc init: 0
2026-03-12 00:13:14 [Info] [4372] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-12 00:13:20 [Info] [4372] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-12 00:13:20 [Info] [4372] start ipc thread id[4404]
2026-03-12 00:13:20 [Info] [4372] Connect Yundun ipc server return state is 0
2026-03-12 00:13:20 [Info] [4372] CIpcMsgHandlerMgr::run Enter
2026-03-12 00:13:20 [Info] [4372] CResourceMonitor::run Enter
2026-03-12 00:13:21 [Info] [4372] log fd cnt is [250], real fd cnt is [235]
2026-03-12 00:13:22 [Info] [4372] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-12 00:13:25 [Info] [4372] Monitor thread
2026-03-12 00:13:25 [Info] [4372] Report thread
2026-03-12 00:13:25 [Info] [4372] yundun connected
2026-03-12 00:13:25 [Info] [4372] recvmsg: HELLO
2026-03-12 00:13:25 [Info] [4372] recvmsg: WORK
2026-03-12 00:13:27 [Info] [4372] Loader thread
2026-03-12 00:13:27 [Info] [4372] PythonEngineImpl Init...
2026-03-12 00:13:28 [Info] [4372] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 00:13:28 [Info] [4372] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 00:13:28 [Info] [4372] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 00:13:30 [Info] [4372] log memory size is 20480KB, real memory size is 12916KB
2026-03-12 00:13:37 [Info] [4372] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 00:13:37 [Info] [4372] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-12 00:13:37 [Info] [4372] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-12 00:13:38 [Info] [4372] item: --windows-sysinfoext-check
2026-03-12 00:13:38 [Info] [4372] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-12 00:13:38 [Info] [4372] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-12 00:13:38 [Info] [4372] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 00:13:38 [Info] [4372] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 00:13:38 [Info] [4372] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-12 00:13:38 [Info] [4372] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-12 00:13:38 [Info] [4372] Prepare stage1: --windows-sysinfoext-check
2026-03-12 00:13:38 [Info] [4372] Prepare stage2
2026-03-12 00:13:39 [Warn] [4372] high cpu, cpu is 12
2026-03-12 00:13:39 [Info] [4372] try get sys version
2026-03-12 00:13:39 [Info] [4372] win sys info:2/10:0:3
2026-03-12 00:13:39 [Info] [4372] suit legal version, enable cpu control
2026-03-12 00:13:39 [Warn] [4372] High CPU Warning: 12
2026-03-12 00:13:40 [Warn] [4372] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:util.py line: 84 in func: next
File:wmi.py line: 1009 in func: query
File:wmi.py line: 817 in func: query
File:windows-sysinfoext-check.py line: 50 in func: GetSysCpuInfo
File:windows-sysinfoext-check.py line: 174 in func: check
File:windows-sysinfoext-check.py line: 143 in func: main
File:windows-sysinfoext-check.py line: 200 in func: start
2026-03-12 00:13:40 [Info] [4372] stage3: --windows-sysinfoext-check
2026-03-12 00:13:40 [Info] [4372] Loader after check
2026-03-12 00:13:41 [Info] [4372] Enter reuse wait state.
2026-03-12 00:13:43 [Info] [4372] log memory size is 30720KB, real memory size is 22940KB
2026-03-12 00:13:45 [Info] [4372] recvmsg: EXIT
2026-03-12 00:13:45 [Info] [4372] Recv Exit Msg, Exit...
2026-03-12 05:07:00 [Info] [4948] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-12 05:07:00 [Info] [4948] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap33751773263220 
2026-03-12 05:07:00 [Info] [4948] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-12 05:07:00 [Info] [4948] Resource monitor start
2026-03-12 05:07:00 [Info] [4948] ipc client init success
2026-03-12 05:07:00 [Info] [4948] Ipc init: 0
2026-03-12 05:07:00 [Info] [4948] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-12 05:07:00 [Info] [4948] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-12 05:07:00 [Info] [4948] start ipc thread id[4560]
2026-03-12 05:07:00 [Info] [4948] Connect Yundun ipc server return state is 0
2026-03-12 05:07:00 [Info] [4948] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-12 05:07:00 [Info] [4948] CResourceMonitor::run Enter
2026-03-12 05:07:00 [Info] [4948] CIpcMsgHandlerMgr::run Enter
2026-03-12 05:07:00 [Info] [4948] Report thread
2026-03-12 05:07:00 [Info] [4948] Monitor thread
2026-03-12 05:07:00 [Info] [4948] Loader thread
2026-03-12 05:07:00 [Info] [4948] PythonEngineImpl Init...
2026-03-12 05:07:00 [Info] [4948] yundun connected
2026-03-12 05:07:01 [Info] [4948] recvmsg: HELLO
2026-03-12 05:07:01 [Info] [4948] recvmsg: WORK
2026-03-12 05:07:01 [Info] [4948] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 05:07:01 [Info] [4948] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 05:07:01 [Info] [4948] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 05:07:01 [Info] [4948] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 05:07:01 [Info] [4948] log fd cnt is [250], real fd cnt is [282]
2026-03-12 05:07:01 [Info] [4948] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-12 05:07:01 [Info] [4948] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-12 05:07:02 [Info] [4948] log memory size is 20480KB, real memory size is 14504KB
2026-03-12 05:07:02 [Info] [4948] item: --sca
2026-03-12 05:07:02 [Info] [4948] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-12 05:07:03 [Info] [4948] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-12 05:07:03 [Info] [4948] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py
2026-03-12 05:07:03 [Info] [4948] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py
2026-03-12 05:07:03 [Info] [4948] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py
2026-03-12 05:07:03 [Info] [4948] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py
2026-03-12 05:07:03 [Info] [4948] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py
2026-03-12 05:07:03 [Info] [4948] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py
2026-03-12 05:07:03 [Info] [4948] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py
2026-03-12 05:07:03 [Info] [4948] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py
2026-03-12 05:07:03 [Info] [4948] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py
2026-03-12 05:07:03 [Info] [4948] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py
2026-03-12 05:07:03 [Info] [4948] Download redirect files success.
2026-03-12 05:07:03 [Info] [4948] Prepare stage1: --sca
2026-03-12 05:07:03 [Info] [4948] Prepare stage2
2026-03-12 05:07:03 [Warn] [4948] high cpu, cpu is 13
2026-03-12 05:07:03 [Info] [4948] try get sys version
2026-03-12 05:07:03 [Info] [4948] win sys info:2/10:0:3
2026-03-12 05:07:03 [Info] [4948] suit legal version, enable cpu control
2026-03-12 05:07:03 [Warn] [4948] High CPU Warning: 13
2026-03-12 05:07:03 [Warn] [4948] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:_pswindows.py line: 1016 in func: nice_set
File:_pswindows.py line: 716 in func: wrapper
File:__init__.py line: 837 in func: nice
File:sca.py line: 38 in func: <module>
2026-03-12 05:07:05 [Warn] [4948] high cpu, cpu is 23
2026-03-12 05:07:05 [Warn] [4948] High CPU Warning: 23
2026-03-12 05:07:06 [Info] [4948] log memory size is 30720KB, real memory size is 32256KB
2026-03-12 05:07:10 [Info] [4948] log memory size is 40960KB, real memory size is 32824KB
2026-03-12 05:07:25 [Info] [4948] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-12 05:07:40 [Info] [4948] stage3: --sca
2026-03-12 05:07:40 [Info] [4948] Loader after check
2026-03-12 05:07:41 [Info] [4948] Enter reuse wait state.
2026-03-12 05:07:44 [Info] [4948] recvmsg: EXIT
2026-03-12 05:07:44 [Info] [4948] Recv Exit Msg, Exit...
2026-03-12 05:42:47 [Info] [572] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-12 05:42:47 [Info] [572] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap103511773265356 
2026-03-12 05:42:47 [Info] [572] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-12 05:42:47 [Info] [572] Resource monitor start
2026-03-12 05:42:47 [Info] [572] ipc client init success
2026-03-12 05:42:47 [Info] [572] Ipc init: 0
2026-03-12 05:42:47 [Info] [572] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-12 05:42:47 [Info] [572] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-12 05:42:47 [Info] [572] start ipc thread id[2772]
2026-03-12 05:42:47 [Info] [572] Connect Yundun ipc server return state is 0
2026-03-12 05:42:47 [Info] [572] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-12 05:42:52 [Info] [572] Report thread
2026-03-12 05:42:52 [Info] [572] yundun connected
2026-03-12 05:42:52 [Info] [572] CIpcMsgHandlerMgr::run Enter
2026-03-12 05:42:52 [Info] [572] CResourceMonitor::run Enter
2026-03-12 05:42:52 [Info] [572] recvmsg: HELLO
2026-03-12 05:42:52 [Info] [572] recvmsg: WORK
2026-03-12 05:42:53 [Info] [572] log fd cnt is [250], real fd cnt is [249]
2026-03-12 05:42:54 [Info] [572] Loader thread
2026-03-12 05:42:54 [Info] [572] PythonEngineImpl Init...
2026-03-12 05:42:54 [Info] [572] Monitor thread
2026-03-12 05:42:54 [Info] [572] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 05:42:54 [Info] [572] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 05:42:54 [Info] [572] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 05:42:58 [Info] [572] log memory size is 20480KB, real memory size is 12928KB
2026-03-12 05:42:59 [Info] [572] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-12 05:43:00 [Info] [572] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 05:43:00 [Info] [572] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-12 05:43:00 [Info] [572] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-12 05:43:03 [Info] [572] item: --windows-sysinfoext-check
2026-03-12 05:43:03 [Info] [572] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-12 05:43:03 [Info] [572] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-12 05:43:03 [Info] [572] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 05:43:03 [Info] [572] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 05:43:03 [Info] [572] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-12 05:43:03 [Info] [572] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-12 05:43:03 [Info] [572] Prepare stage1: --windows-sysinfoext-check
2026-03-12 05:43:03 [Info] [572] Prepare stage2
2026-03-12 05:43:06 [Info] [572] log memory size is 30720KB, real memory size is 20484KB
2026-03-12 05:43:27 [Info] [572] stage3: --windows-sysinfoext-check
2026-03-12 05:43:27 [Info] [572] Loader after check
2026-03-12 05:43:28 [Info] [572] Enter reuse wait state.
2026-03-12 05:43:31 [Info] [572] recvmsg: EXIT
2026-03-12 05:43:31 [Info] [572] Recv Exit Msg, Exit...
2026-03-12 08:08:22 [Info] [4920] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-12 08:08:22 [Info] [4920] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap61431773274102 
2026-03-12 08:08:22 [Info] [4920] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-12 08:08:22 [Info] [4920] Resource monitor start
2026-03-12 08:08:22 [Info] [4920] ipc client init success
2026-03-12 08:08:22 [Info] [4920] Ipc init: 0
2026-03-12 08:08:22 [Info] [4920] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-12 08:08:22 [Info] [4920] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-12 08:08:22 [Info] [4920] start ipc thread id[4776]
2026-03-12 08:08:22 [Info] [4920] Connect Yundun ipc server return state is 0
2026-03-12 08:08:22 [Info] [4920] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-12 08:08:22 [Info] [4920] CResourceMonitor::run Enter
2026-03-12 08:08:22 [Info] [4920] CIpcMsgHandlerMgr::run Enter
2026-03-12 08:08:22 [Info] [4920] Report thread
2026-03-12 08:08:22 [Info] [4920] Monitor thread
2026-03-12 08:08:22 [Info] [4920] Loader thread
2026-03-12 08:08:22 [Info] [4920] PythonEngineImpl Init...
2026-03-12 08:08:22 [Info] [4920] yundun connected
2026-03-12 08:08:23 [Info] [4920] recvmsg: HELLO
2026-03-12 08:08:23 [Info] [4920] recvmsg: WORK
2026-03-12 08:08:23 [Info] [4920] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 08:08:23 [Info] [4920] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 08:08:23 [Info] [4920] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 08:08:23 [Info] [4920] log fd cnt is [250], real fd cnt is [282]
2026-03-12 08:08:23 [Info] [4920] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 08:08:24 [Info] [4920] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-12 08:08:24 [Info] [4920] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-12 08:08:24 [Info] [4920] log memory size is 20480KB, real memory size is 14472KB
2026-03-12 08:08:25 [Info] [4920] item: --windows-vul-clean
2026-03-12 08:08:25 [Info] [4920] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-12 08:08:25 [Info] [4920] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-12 08:08:25 [Info] [4920] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 08:08:25 [Info] [4920] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 08:08:25 [Info] [4920] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0
2026-03-12 08:08:25 [Info] [4920] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5
2026-03-12 08:08:25 [Info] [4920] Prepare stage1: --windows-vul-clean
2026-03-12 08:08:25 [Info] [4920] Prepare stage2
2026-03-12 08:08:25 [Info] [4920] stage3: --windows-vul-clean
2026-03-12 08:08:25 [Info] [4920] Loader after check
2026-03-12 08:08:26 [Info] [4920] Enter reuse wait state.
2026-03-12 08:08:30 [Info] [4920] recvmsg: EXIT
2026-03-12 08:08:30 [Info] [4920] Recv Exit Msg, Exit...
2026-03-12 08:56:21 [Info] [4496] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-12 08:56:21 [Info] [4496] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap155451773276981 
2026-03-12 08:56:21 [Info] [4496] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-12 08:56:21 [Info] [4496] Resource monitor start
2026-03-12 08:56:21 [Info] [4496] ipc client init success
2026-03-12 08:56:21 [Info] [4496] Ipc init: 0
2026-03-12 08:56:21 [Info] [4496] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-12 08:56:21 [Info] [4496] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-12 08:56:21 [Info] [4496] start ipc thread id[4248]
2026-03-12 08:56:21 [Info] [4496] Connect Yundun ipc server return state is 0
2026-03-12 08:56:21 [Info] [4496] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-12 08:56:21 [Info] [4496] CResourceMonitor::run Enter
2026-03-12 08:56:21 [Info] [4496] CIpcMsgHandlerMgr::run Enter
2026-03-12 08:56:21 [Info] [4496] Report thread
2026-03-12 08:56:21 [Info] [4496] Monitor thread
2026-03-12 08:56:21 [Info] [4496] Loader thread
2026-03-12 08:56:21 [Info] [4496] PythonEngineImpl Init...
2026-03-12 08:56:21 [Info] [4496] yundun connected
2026-03-12 08:56:21 [Info] [4496] recvmsg: HELLO
2026-03-12 08:56:21 [Info] [4496] recvmsg: WORK
2026-03-12 08:56:21 [Info] [4496] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 08:56:21 [Info] [4496] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 08:56:21 [Info] [4496] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 08:56:22 [Info] [4496] log fd cnt is [250], real fd cnt is [282]
2026-03-12 08:56:22 [Info] [4496] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 08:56:22 [Info] [4496] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-12 08:56:22 [Info] [4496] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-12 08:56:23 [Info] [4496] log memory size is 20480KB, real memory size is 14484KB
2026-03-12 08:56:23 [Info] [4496] item: --windows-process-check
2026-03-12 08:56:23 [Info] [4496] cgroup name aegisRtap0
2026-03-12 08:56:23 [Info] [4496] try get sys version
2026-03-12 08:56:23 [Info] [4496] win sys info:2/10:0:3
2026-03-12 08:56:23 [Info] [4496] suit legal version, enable cpu control
2026-03-12 08:56:23 [Info] [4496] get AssignProcessToJobObject handle [00000478]
2026-03-12 08:56:23 [Info] [4496] Set setJobExtended.
2026-03-12 08:56:23 [Info] [4496] Set cpu [9%]
2026-03-12 08:56:23 [Info] [4496] Set cpu success
2026-03-12 08:56:23 [Info] [4496] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-12 08:56:23 [Info] [4496] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-12 08:56:23 [Info] [4496] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 08:56:23 [Info] [4496] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 08:56:23 [Info] [4496] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0
2026-03-12 08:56:23 [Info] [4496] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5
2026-03-12 08:56:23 [Info] [4496] Prepare stage1: --windows-process-check
2026-03-12 08:56:23 [Info] [4496] Prepare stage2
2026-03-12 08:56:41 [Info] [4496] stage3: --windows-process-check
2026-03-12 08:56:41 [Info] [4496] Loader after check
2026-03-12 08:56:42 [Info] [4496] Enter reuse wait state.
2026-03-12 08:56:44 [Info] [4496] recvmsg: EXIT
2026-03-12 08:56:44 [Info] [4496] Recv Exit Msg, Exit...
2026-03-12 10:32:40 [Info] [2100] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-12 10:32:40 [Info] [2100] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap16491773282760 
2026-03-12 10:32:40 [Info] [2100] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-12 10:32:40 [Info] [2100] Resource monitor start
2026-03-12 10:32:40 [Info] [2100] ipc client init success
2026-03-12 10:32:40 [Info] [2100] Ipc init: 0
2026-03-12 10:32:40 [Info] [2100] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-12 10:32:40 [Info] [2100] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-12 10:32:40 [Info] [2100] start ipc thread id[4424]
2026-03-12 10:32:40 [Info] [2100] Connect Yundun ipc server return state is 0
2026-03-12 10:32:40 [Info] [2100] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-12 10:32:40 [Info] [2100] CResourceMonitor::run Enter
2026-03-12 10:32:40 [Info] [2100] CIpcMsgHandlerMgr::run Enter
2026-03-12 10:32:40 [Info] [2100] Report thread
2026-03-12 10:32:40 [Info] [2100] Monitor thread
2026-03-12 10:32:40 [Info] [2100] Loader thread
2026-03-12 10:32:40 [Info] [2100] PythonEngineImpl Init...
2026-03-12 10:32:40 [Info] [2100] yundun connected
2026-03-12 10:32:41 [Info] [2100] recvmsg: HELLO
2026-03-12 10:32:41 [Info] [2100] recvmsg: WORK
2026-03-12 10:32:41 [Info] [2100] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 10:32:41 [Info] [2100] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 10:32:41 [Info] [2100] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 10:32:41 [Info] [2100] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 10:32:41 [Warn] [2100] high cpu, cpu is 12
2026-03-12 10:32:41 [Info] [2100] try get sys version
2026-03-12 10:32:41 [Info] [2100] win sys info:2/10:0:3
2026-03-12 10:32:41 [Info] [2100] suit legal version, enable cpu control
2026-03-12 10:32:41 [Warn] [2100] High CPU Warning: 12
2026-03-12 10:32:41 [Warn] [2100] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-12 10:32:41 [Info] [2100] log fd cnt is [250], real fd cnt is [282]
2026-03-12 10:32:41 [Info] [2100] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-12 10:32:41 [Info] [2100] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-12 10:32:42 [Info] [2100] log memory size is 20480KB, real memory size is 14512KB
2026-03-12 10:32:42 [Info] [2100] item: --windows-registry-check
2026-03-12 10:32:42 [Info] [2100] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-12 10:32:42 [Info] [2100] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-12 10:32:42 [Info] [2100] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 10:32:43 [Info] [2100] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 10:32:43 [Info] [2100] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0
2026-03-12 10:32:43 [Info] [2100] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5
2026-03-12 10:32:43 [Info] [2100] Prepare stage1: --windows-registry-check
2026-03-12 10:32:43 [Info] [2100] Prepare stage2
2026-03-12 10:32:49 [Info] [2332] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-12 10:32:49 [Info] [2332] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap16781773282769 
2026-03-12 10:32:49 [Info] [2332] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-12 10:32:49 [Info] [2332] Resource monitor start
2026-03-12 10:32:49 [Info] [2332] ipc client init success
2026-03-12 10:32:49 [Info] [2332] Ipc init: 0
2026-03-12 10:32:49 [Info] [2332] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-12 10:32:49 [Info] [2332] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-12 10:32:49 [Info] [2332] start ipc thread id[4272]
2026-03-12 10:32:49 [Info] [2332] Connect Yundun ipc server return state is 0
2026-03-12 10:32:49 [Info] [2332] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-12 10:32:49 [Info] [2332] CResourceMonitor::run Enter
2026-03-12 10:32:49 [Info] [2332] CIpcMsgHandlerMgr::run Enter
2026-03-12 10:32:49 [Info] [2332] yundun connected
2026-03-12 10:32:49 [Info] [2332] Report thread
2026-03-12 10:32:49 [Info] [2332] Monitor thread
2026-03-12 10:32:49 [Info] [2332] Loader thread
2026-03-12 10:32:49 [Info] [2332] PythonEngineImpl Init...
2026-03-12 10:32:50 [Info] [2332] recvmsg: HELLO
2026-03-12 10:32:50 [Info] [2332] recvmsg: WORK
2026-03-12 10:32:50 [Info] [2332] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 10:32:50 [Info] [2332] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 10:32:50 [Info] [2332] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 10:32:50 [Info] [2332] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 10:32:50 [Info] [2332] log fd cnt is [250], real fd cnt is [282]
2026-03-12 10:32:50 [Info] [2332] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-12 10:32:50 [Info] [2332] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-12 10:32:51 [Info] [2332] log memory size is 20480KB, real memory size is 14520KB
2026-03-12 10:32:51 [Info] [2332] item: --windows-schedule-task-check
2026-03-12 10:32:51 [Info] [2332] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-12 10:32:51 [Info] [2332] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-12 10:32:51 [Info] [2332] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 10:32:52 [Info] [2332] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 10:32:52 [Info] [2332] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0
2026-03-12 10:32:52 [Info] [2332] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5
2026-03-12 10:32:52 [Info] [2332] Prepare stage1: --windows-schedule-task-check
2026-03-12 10:32:52 [Info] [2332] Prepare stage2
2026-03-12 10:32:52 [Warn] [2332] high cpu, cpu is 18
2026-03-12 10:32:52 [Info] [2332] try get sys version
2026-03-12 10:32:52 [Info] [2332] win sys info:2/10:0:3
2026-03-12 10:32:52 [Info] [2332] suit legal version, enable cpu control
2026-03-12 10:32:52 [Warn] [2332] High CPU Warning: 18
2026-03-12 10:32:53 [Warn] [2332] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:windows-schedule-task-check.py line: 382 in func: GetScheduleTaskByCom
File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks
File:windows-schedule-task-check.py line: 425 in func: check
File:windows-schedule-task-check.py line: 61 in func: main
File:windows-schedule-task-check.py line: 433 in func: start
2026-03-12 10:32:56 [Info] [2332] log memory size is 30720KB, real memory size is 23244KB
2026-03-12 10:32:57 [Info] [2100] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-12 10:32:57 [Info] [2332] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-12 10:33:12 [Info] [2100] stage3: --windows-registry-check
2026-03-12 10:33:12 [Info] [2100] Loader after check
2026-03-12 10:33:13 [Info] [2100] Enter reuse wait state.
2026-03-12 10:33:17 [Info] [2100] recvmsg: EXIT
2026-03-12 10:33:17 [Info] [2100] Recv Exit Msg, Exit...
2026-03-12 10:33:22 [Info] [2332] stage3: --windows-schedule-task-check
2026-03-12 10:33:22 [Info] [2332] Loader after check
2026-03-12 10:33:23 [Info] [2332] Enter reuse wait state.
2026-03-12 10:33:27 [Info] [2332] recvmsg: EXIT
2026-03-12 10:33:27 [Info] [2332] Recv Exit Msg, Exit...
2026-03-12 10:45:16 [Info] [1276] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-12 10:45:16 [Info] [1276] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap41181773283516 
2026-03-12 10:45:16 [Info] [1276] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-12 10:45:16 [Info] [1276] Resource monitor start
2026-03-12 10:45:16 [Info] [1276] ipc client init success
2026-03-12 10:45:16 [Info] [1276] Ipc init: 0
2026-03-12 10:45:16 [Info] [1276] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-12 10:45:16 [Info] [1276] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-12 10:45:16 [Info] [1276] start ipc thread id[4696]
2026-03-12 10:45:16 [Info] [1276] Connect Yundun ipc server return state is 0
2026-03-12 10:45:16 [Info] [1276] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-12 10:45:16 [Info] [1276] CResourceMonitor::run Enter
2026-03-12 10:45:16 [Info] [1276] CIpcMsgHandlerMgr::run Enter
2026-03-12 10:45:16 [Info] [1276] Report thread
2026-03-12 10:45:16 [Info] [1276] Monitor thread
2026-03-12 10:45:16 [Info] [1276] Loader thread
2026-03-12 10:45:16 [Info] [1276] PythonEngineImpl Init...
2026-03-12 10:45:16 [Info] [1276] yundun connected
2026-03-12 10:45:17 [Info] [1276] recvmsg: HELLO
2026-03-12 10:45:17 [Info] [1276] recvmsg: WORK
2026-03-12 10:45:17 [Info] [1276] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 10:45:17 [Info] [1276] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 10:45:17 [Info] [1276] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 10:45:17 [Info] [1276] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 10:45:17 [Info] [1276] log fd cnt is [250], real fd cnt is [282]
2026-03-12 10:45:17 [Info] [1276] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-12 10:45:17 [Info] [1276] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-12 10:45:18 [Info] [1276] log memory size is 20480KB, real memory size is 14508KB
2026-03-12 10:45:19 [Info] [1276] item: --windows-driver-version-check
2026-03-12 10:45:19 [Info] [1276] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-12 10:45:19 [Info] [1276] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-12 10:45:19 [Info] [1276] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 10:45:19 [Info] [1276] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 10:45:19 [Info] [1276] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0
2026-03-12 10:45:19 [Info] [1276] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5
2026-03-12 10:45:19 [Info] [1276] Prepare stage1: --windows-driver-version-check
2026-03-12 10:45:19 [Info] [1276] Prepare stage2
2026-03-12 10:45:19 [Info] [1276] stage3: --windows-driver-version-check
2026-03-12 10:45:19 [Info] [1276] Loader after check
2026-03-12 10:45:20 [Info] [1276] Enter reuse wait state.
2026-03-12 10:45:24 [Info] [1276] recvmsg: EXIT
2026-03-12 10:45:24 [Info] [1276] Recv Exit Msg, Exit...
2026-03-12 11:00:15 [Info] [3744] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-12 11:00:15 [Info] [3744] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap70531773284415 
2026-03-12 11:00:15 [Info] [3744] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-12 11:00:15 [Info] [3744] Resource monitor start
2026-03-12 11:00:15 [Info] [3744] ipc client init success
2026-03-12 11:00:15 [Info] [3744] Ipc init: 0
2026-03-12 11:00:15 [Info] [3744] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-12 11:00:15 [Info] [3744] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-12 11:00:15 [Info] [3744] start ipc thread id[4840]
2026-03-12 11:00:15 [Info] [3744] Connect Yundun ipc server return state is 0
2026-03-12 11:00:15 [Info] [3744] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-12 11:00:15 [Info] [3744] CResourceMonitor::run Enter
2026-03-12 11:00:15 [Info] [3744] CIpcMsgHandlerMgr::run Enter
2026-03-12 11:00:15 [Info] [3744] Report thread
2026-03-12 11:00:15 [Info] [3744] Monitor thread
2026-03-12 11:00:15 [Info] [3744] Loader thread
2026-03-12 11:00:15 [Info] [3744] PythonEngineImpl Init...
2026-03-12 11:00:15 [Info] [3744] yundun connected
2026-03-12 11:00:15 [Info] [3744] recvmsg: HELLO
2026-03-12 11:00:15 [Info] [3744] recvmsg: WORK
2026-03-12 11:00:15 [Info] [3744] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 11:00:15 [Info] [3744] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 11:00:15 [Info] [3744] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 11:00:16 [Info] [3744] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 11:00:16 [Info] [3744] log fd cnt is [250], real fd cnt is [286]
2026-03-12 11:00:16 [Info] [3744] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-12 11:00:16 [Info] [3744] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-12 11:00:17 [Info] [3744] log memory size is 20480KB, real memory size is 14496KB
2026-03-12 11:00:17 [Info] [3744] item: --tcp-connect-check
2026-03-12 11:00:17 [Info] [3744] cgroup name aegisRtap0
2026-03-12 11:00:17 [Info] [3744] try get sys version
2026-03-12 11:00:17 [Info] [3744] win sys info:2/10:0:3
2026-03-12 11:00:17 [Info] [3744] suit legal version, enable cpu control
2026-03-12 11:00:17 [Info] [3744] get AssignProcessToJobObject handle [00000478]
2026-03-12 11:00:17 [Info] [3744] Set setJobExtended.
2026-03-12 11:00:17 [Info] [3744] Set cpu [9%]
2026-03-12 11:00:17 [Info] [3744] Set cpu success
2026-03-12 11:00:17 [Info] [3744] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-12 11:00:17 [Info] [3744] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-12 11:00:17 [Info] [3744] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 11:00:17 [Info] [3744] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 11:00:17 [Info] [3744] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0
2026-03-12 11:00:17 [Info] [3744] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5
2026-03-12 11:00:18 [Info] [3744] Prepare stage1: --tcp-connect-check
2026-03-12 11:00:18 [Info] [3744] Prepare stage2
2026-03-12 11:00:21 [Info] [3744] stage3: --tcp-connect-check
2026-03-12 11:00:21 [Info] [3744] Loader after check
2026-03-12 11:00:22 [Info] [3744] Enter reuse wait state.
2026-03-12 11:00:26 [Info] [3744] recvmsg: EXIT
2026-03-12 11:00:26 [Info] [3744] Recv Exit Msg, Exit...
2026-03-12 11:13:05 [Info] [3876] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-12 11:13:05 [Info] [3876] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap95421773285177 
2026-03-12 11:13:05 [Info] [3876] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-12 11:13:05 [Info] [3876] Resource monitor start
2026-03-12 11:13:05 [Info] [3876] ipc client init success
2026-03-12 11:13:05 [Info] [3876] Ipc init: 0
2026-03-12 11:13:05 [Info] [3876] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-12 11:13:05 [Info] [3876] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-12 11:13:05 [Info] [3876] start ipc thread id[1396]
2026-03-12 11:13:05 [Info] [3876] Connect Yundun ipc server return state is 0
2026-03-12 11:13:05 [Info] [3876] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-12 11:13:10 [Info] [3876] CResourceMonitor::run Enter
2026-03-12 11:13:11 [Info] [3876] log fd cnt is [250], real fd cnt is [243]
2026-03-12 11:13:11 [Info] [3876] Loader thread
2026-03-12 11:13:11 [Info] [3876] PythonEngineImpl Init...
2026-03-12 11:13:11 [Info] [3876] Monitor thread
2026-03-12 11:13:11 [Info] [3876] Report thread
2026-03-12 11:13:11 [Info] [3876] yundun connected
2026-03-12 11:13:11 [Info] [3876] CIpcMsgHandlerMgr::run Enter
2026-03-12 11:13:11 [Info] [3876] recvmsg: HELLO
2026-03-12 11:13:11 [Info] [3876] recvmsg: WORK
2026-03-12 11:13:11 [Info] [3876] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 11:13:11 [Info] [3876] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 11:13:11 [Info] [3876] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 11:13:12 [Info] [3876] log memory size is 20480KB, real memory size is 12964KB
2026-03-12 11:13:18 [Info] [3876] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 11:13:18 [Info] [3876] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-12 11:13:18 [Info] [3876] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-12 11:13:19 [Info] [3876] item: --windows-sysinfoext-check
2026-03-12 11:13:19 [Info] [3876] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-12 11:13:19 [Info] [3876] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-12 11:13:19 [Info] [3876] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 11:13:19 [Info] [3876] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 11:13:20 [Info] [3876] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-12 11:13:20 [Info] [3876] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-12 11:13:20 [Info] [3876] Prepare stage1: --windows-sysinfoext-check
2026-03-12 11:13:20 [Info] [3876] Prepare stage2
2026-03-12 11:13:21 [Warn] [3876] high cpu, cpu is 15
2026-03-12 11:13:21 [Info] [3876] try get sys version
2026-03-12 11:13:21 [Info] [3876] win sys info:2/10:0:3
2026-03-12 11:13:21 [Info] [3876] suit legal version, enable cpu control
2026-03-12 11:13:21 [Warn] [3876] High CPU Warning: 15
2026-03-12 11:13:21 [Warn] [3876] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-03-12 11:13:22 [Info] [3876] stage3: --windows-sysinfoext-check
2026-03-12 11:13:22 [Info] [3876] Loader after check
2026-03-12 11:13:23 [Info] [3876] Enter reuse wait state.
2026-03-12 11:13:24 [Info] [3876] log memory size is 30720KB, real memory size is 22948KB
2026-03-12 11:13:25 [Info] [3876] recvmsg: EXIT
2026-03-12 11:13:25 [Info] [3876] Recv Exit Msg, Exit...
2026-03-12 11:16:06 [Info] [928] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-12 11:16:06 [Info] [928] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap101591773285366 
2026-03-12 11:16:06 [Info] [928] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-12 11:16:06 [Info] [928] Resource monitor start
2026-03-12 11:16:06 [Info] [928] ipc client init success
2026-03-12 11:16:06 [Info] [928] Ipc init: 0
2026-03-12 11:16:06 [Info] [928] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-12 11:16:06 [Info] [928] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-12 11:16:06 [Info] [928] start ipc thread id[2304]
2026-03-12 11:16:06 [Info] [928] Connect Yundun ipc server return state is 0
2026-03-12 11:16:06 [Info] [928] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-12 11:16:06 [Info] [928] CResourceMonitor::run Enter
2026-03-12 11:16:06 [Info] [928] CIpcMsgHandlerMgr::run Enter
2026-03-12 11:16:06 [Info] [928] Report thread
2026-03-12 11:16:06 [Info] [928] Monitor thread
2026-03-12 11:16:06 [Info] [928] Loader thread
2026-03-12 11:16:06 [Info] [928] PythonEngineImpl Init...
2026-03-12 11:16:06 [Info] [928] yundun connected
2026-03-12 11:16:07 [Info] [928] recvmsg: HELLO
2026-03-12 11:16:07 [Info] [928] recvmsg: WORK
2026-03-12 11:16:07 [Info] [928] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 11:16:07 [Info] [928] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 11:16:07 [Info] [928] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 11:16:07 [Info] [928] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 11:16:07 [Info] [928] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-12 11:16:07 [Info] [928] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-12 11:16:07 [Info] [928] log fd cnt is [250], real fd cnt is [281]
2026-03-12 11:16:08 [Info] [928] log memory size is 20480KB, real memory size is 14520KB
2026-03-12 11:16:08 [Info] [928] item: --windows-autorun-item-check
2026-03-12 11:16:08 [Info] [928] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-12 11:16:08 [Info] [928] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-12 11:16:08 [Info] [928] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 11:16:08 [Info] [928] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 11:16:08 [Info] [928] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0
2026-03-12 11:16:08 [Info] [928] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5
2026-03-12 11:16:09 [Info] [928] Prepare stage1: --windows-autorun-item-check
2026-03-12 11:16:09 [Info] [928] Prepare stage2
2026-03-12 11:16:09 [Warn] [928] high cpu, cpu is 12
2026-03-12 11:16:09 [Info] [928] try get sys version
2026-03-12 11:16:09 [Info] [928] win sys info:2/10:0:3
2026-03-12 11:16:09 [Info] [928] suit legal version, enable cpu control
2026-03-12 11:16:09 [Warn] [928] High CPU Warning: 12
2026-03-12 11:16:09 [Warn] [928] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:windows-autorun-item-check.py line: 220 in func: EnumRegKeyValue
File:windows-autorun-item-check.py line: 257 in func: GetAutoRunByReg
File:windows-autorun-item-check.py line: 500 in func: check
File:windows-autorun-item-check.py line: 80 in func: main
File:windows-autorun-item-check.py line: 534 in func: start
2026-03-12 11:16:12 [Info] [928] log memory size is 30720KB, real memory size is 22292KB
2026-03-12 11:16:19 [Info] [928] stage3: --windows-autorun-item-check
2026-03-12 11:16:19 [Info] [928] Loader after check
2026-03-12 11:16:19 [Info] [928] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-12 11:16:20 [Info] [928] Enter reuse wait state.
2026-03-12 11:16:22 [Info] [928] recvmsg: EXIT
2026-03-12 11:16:22 [Info] [928] Recv Exit Msg, Exit...
2026-03-12 16:43:44 [Info] [4716] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-12 16:43:44 [Info] [4716] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap87781773305012 
2026-03-12 16:43:44 [Info] [4716] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-12 16:43:44 [Info] [4716] Resource monitor start
2026-03-12 16:43:44 [Info] [4716] ipc client init success
2026-03-12 16:43:44 [Info] [4716] Ipc init: 0
2026-03-12 16:43:44 [Info] [4716] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-12 16:43:44 [Info] [4716] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-12 16:43:44 [Info] [4716] start ipc thread id[4908]
2026-03-12 16:43:44 [Info] [4716] Connect Yundun ipc server return state is 0
2026-03-12 16:43:44 [Info] [4716] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-12 16:43:44 [Info] [4716] CResourceMonitor::run Enter
2026-03-12 16:43:44 [Info] [4716] CIpcMsgHandlerMgr::run Enter
2026-03-12 16:43:44 [Info] [4716] yundun connected
2026-03-12 16:43:44 [Info] [4716] Report thread
2026-03-12 16:43:44 [Info] [4716] Monitor thread
2026-03-12 16:43:44 [Info] [4716] Loader thread
2026-03-12 16:43:44 [Info] [4716] PythonEngineImpl Init...
2026-03-12 16:43:46 [Info] [4716] recvmsg: HELLO
2026-03-12 16:43:46 [Info] [4716] log fd cnt is [250], real fd cnt is [263]
2026-03-12 16:43:47 [Info] [4716] recvmsg: WORK
2026-03-12 16:43:47 [Info] [4716] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 16:43:47 [Info] [4716] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 16:43:47 [Info] [4716] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 16:43:47 [Info] [4716] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 16:43:47 [Info] [4716] log memory size is 20480KB, real memory size is 14260KB
2026-03-12 16:43:48 [Info] [4716] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-12 16:43:48 [Info] [4716] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-12 16:43:49 [Info] [4716] item: --windows-sysinfoext-check
2026-03-12 16:43:49 [Info] [4716] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-12 16:43:49 [Info] [4716] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-12 16:43:49 [Info] [4716] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 16:43:49 [Info] [4716] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 16:43:49 [Info] [4716] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-12 16:43:49 [Info] [4716] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-12 16:43:49 [Info] [4716] Prepare stage1: --windows-sysinfoext-check
2026-03-12 16:43:49 [Info] [4716] Prepare stage2
2026-03-12 16:43:52 [Info] [4716] log memory size is 30720KB, real memory size is 22716KB
2026-03-12 16:43:53 [Info] [4716] stage3: --windows-sysinfoext-check
2026-03-12 16:43:53 [Info] [4716] Loader after check
2026-03-12 16:43:54 [Info] [4716] Enter reuse wait state.
2026-03-12 16:43:56 [Info] [4716] recvmsg: EXIT
2026-03-12 16:43:56 [Info] [4716] Recv Exit Msg, Exit...
2026-03-12 19:21:27 [Info] [1008] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-12 19:21:27 [Info] [1008] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap69491773314486 
2026-03-12 19:21:27 [Info] [1008] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-12 19:21:27 [Info] [1008] Resource monitor start
2026-03-12 19:21:27 [Info] [1008] ipc client init success
2026-03-12 19:21:27 [Info] [1008] Ipc init: 0
2026-03-12 19:21:27 [Info] [1008] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-12 19:21:27 [Info] [1008] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-12 19:21:27 [Info] [1008] start ipc thread id[1312]
2026-03-12 19:21:27 [Info] [1008] Connect Yundun ipc server return state is 0
2026-03-12 19:21:27 [Info] [1008] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-12 19:21:27 [Info] [1008] CResourceMonitor::run Enter
2026-03-12 19:21:27 [Info] [1008] CIpcMsgHandlerMgr::run Enter
2026-03-12 19:21:27 [Info] [1008] yundun connected
2026-03-12 19:21:27 [Info] [1008] Report thread
2026-03-12 19:21:27 [Info] [1008] Monitor thread
2026-03-12 19:21:27 [Info] [1008] Loader thread
2026-03-12 19:21:27 [Info] [1008] PythonEngineImpl Init...
2026-03-12 19:21:27 [Info] [1008] recvmsg: HELLO
2026-03-12 19:21:27 [Info] [1008] recvmsg: WORK
2026-03-12 19:21:27 [Info] [1008] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 19:21:27 [Info] [1008] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 19:21:27 [Info] [1008] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 19:21:27 [Info] [1008] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-12 19:21:28 [Info] [1008] log fd cnt is [250], real fd cnt is [282]
2026-03-12 19:21:28 [Info] [1008] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 19:21:28 [Info] [1008] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-12 19:21:28 [Info] [1008] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-12 19:21:29 [Info] [1008] log memory size is 20480KB, real memory size is 14512KB
2026-03-12 19:21:29 [Info] [1008] item: --secnet_rasp_agent
2026-03-12 19:21:29 [Info] [1008] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-12 19:21:29 [Info] [1008] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-12 19:21:29 [Info] [1008] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-03-12 19:21:29 [Info] [1008] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-03-12 19:21:29 [Info] [1008] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-03-12 19:21:29 [Info] [1008] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-03-12 19:21:29 [Info] [1008] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-03-12 19:21:29 [Info] [1008] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-03-12 19:21:29 [Info] [1008] Download redirect files success.
2026-03-12 19:21:29 [Info] [1008] Prepare stage1: --secnet_rasp_agent
2026-03-12 19:21:29 [Info] [1008] Prepare stage2
2026-03-12 19:21:31 [Info] [1008] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-12 19:21:31 [Info] [1008] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-12 19:21:31 [Info] [1008] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 19:21:31 [Info] [1008] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 19:21:31 [Info] [1008] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-03-12 19:21:31 [Info] [1008] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-12 19:21:31 [Info] [1008] stage3: --secnet_rasp_agent
2026-03-12 19:21:31 [Info] [1008] Loader after check
2026-03-12 19:21:32 [Info] [1008] Enter reuse wait state.
2026-03-12 19:21:33 [Info] [1008] log memory size is 30720KB, real memory size is 21060KB
2026-03-12 19:21:34 [Info] [1008] recvmsg: EXIT
2026-03-12 19:21:34 [Info] [1008] Recv Exit Msg, Exit...
2026-03-12 22:12:51 [Info] [4164] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-12 22:12:51 [Info] [4164] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap77251773324758 
2026-03-12 22:12:51 [Info] [4164] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-12 22:12:51 [Info] [4164] Resource monitor start
2026-03-12 22:12:51 [Info] [4164] ipc client init success
2026-03-12 22:12:51 [Info] [4164] Ipc init: 0
2026-03-12 22:12:51 [Info] [4164] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-12 22:12:51 [Info] [4164] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-12 22:12:51 [Info] [4164] start ipc thread id[4116]
2026-03-12 22:12:51 [Info] [4164] Connect Yundun ipc server return state is 0
2026-03-12 22:12:51 [Info] [4164] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-12 22:12:51 [Info] [4164] CResourceMonitor::run Enter
2026-03-12 22:12:51 [Info] [4164] CIpcMsgHandlerMgr::run Enter
2026-03-12 22:12:51 [Info] [4164] Report thread
2026-03-12 22:12:51 [Info] [4164] Monitor thread
2026-03-12 22:12:51 [Info] [4164] Loader thread
2026-03-12 22:12:51 [Info] [4164] PythonEngineImpl Init...
2026-03-12 22:12:51 [Info] [4164] yundun connected
2026-03-12 22:12:56 [Info] [4164] recvmsg: HELLO
2026-03-12 22:12:56 [Info] [4164] recvmsg: WORK
2026-03-12 22:12:56 [Info] [4164] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 22:12:56 [Info] [4164] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 22:12:56 [Info] [4164] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 22:12:57 [Info] [4164] log fd cnt is [250], real fd cnt is [264]
2026-03-12 22:12:58 [Info] [4164] log memory size is 20480KB, real memory size is 12928KB
2026-03-12 22:13:03 [Info] [748] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-12 22:13:03 [Info] [748] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap77831773324776 
2026-03-12 22:13:03 [Info] [748] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-12 22:13:03 [Info] [748] Resource monitor start
2026-03-12 22:13:03 [Info] [748] ipc client init success
2026-03-12 22:13:03 [Info] [748] Ipc init: 0
2026-03-12 22:13:03 [Info] [748] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-12 22:13:03 [Info] [748] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-12 22:13:03 [Info] [748] start ipc thread id[4372]
2026-03-12 22:13:03 [Info] [748] Connect Yundun ipc server return state is 0
2026-03-12 22:13:03 [Info] [748] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-12 22:13:07 [Info] [748] CResourceMonitor::run Enter
2026-03-12 22:13:07 [Info] [748] CIpcMsgHandlerMgr::run Enter
2026-03-12 22:13:07 [Info] [748] yundun connected
2026-03-12 22:13:07 [Info] [748] Report thread
2026-03-12 22:13:07 [Info] [748] Monitor thread
2026-03-12 22:13:07 [Info] [748] Loader thread
2026-03-12 22:13:07 [Info] [748] PythonEngineImpl Init...
2026-03-12 22:13:08 [Warn] [4164] http request fail : https://update-vpc.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-03-12 22:13:08 [Info] [748] recvmsg: HELLO
2026-03-12 22:13:09 [Info] [748] log fd cnt is [250], real fd cnt is [263]
2026-03-12 22:13:09 [Info] [748] recvmsg: WORK
2026-03-12 22:13:09 [Info] [748] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 22:13:09 [Info] [748] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-12 22:13:09 [Info] [748] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 22:13:09 [Info] [748] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 22:13:09 [Info] [748] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-12 22:13:09 [Info] [748] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-12 22:13:10 [Info] [748] log memory size is 20480KB, real memory size is 14496KB
2026-03-12 22:13:10 [Info] [748] item: --windows-vul-check
2026-03-12 22:13:10 [Info] [748] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-12 22:13:10 [Info] [748] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-12 22:13:10 [Info] [748] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py
2026-03-12 22:13:10 [Info] [748] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-03-12 22:13:10 [Info] [748] Download redirect files success.
2026-03-12 22:13:10 [Info] [748] Prepare stage1: --windows-vul-check
2026-03-12 22:13:10 [Info] [748] Prepare stage2
2026-03-12 22:13:11 [Info] [748] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat
2026-03-12 22:13:11 [Info] [748] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat
2026-03-12 22:13:11 [Info] [748] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 22:13:11 [Info] [748] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 22:13:11 [Info] [748] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5
2026-03-12 22:13:11 [Info] [748] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5
2026-03-12 22:13:12 [Info] [748] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0
2026-03-12 22:13:12 [Info] [748] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0
2026-03-12 22:13:12 [Info] [748] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat
2026-03-12 22:13:12 [Info] [748] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat
2026-03-12 22:13:12 [Info] [748] stage3: --windows-vul-check
2026-03-12 22:13:12 [Info] [748] Loader after check
2026-03-12 22:13:13 [Warn] [748] high cpu, cpu is 35
2026-03-12 22:13:13 [Info] [748] try get sys version
2026-03-12 22:13:13 [Info] [748] win sys info:2/10:0:3
2026-03-12 22:13:13 [Info] [748] suit legal version, enable cpu control
2026-03-12 22:13:13 [Warn] [748] High CPU Warning: 35
2026-03-12 22:13:13 [Warn] [748] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-12 22:13:13 [Info] [748] Enter reuse wait state.
2026-03-12 22:13:14 [Info] [748] log memory size is 30720KB, real memory size is 23268KB
2026-03-12 22:13:15 [Info] [748] recvmsg: EXIT
2026-03-12 22:13:15 [Info] [748] Recv Exit Msg, Exit...
2026-03-12 22:13:19 [Warn] [4164] http request fail : https://update-vpc-classic.aegis.aliyuncs.com/file_policy/file , http code : -1, curl ret : 28
2026-03-12 22:13:19 [Info] [4164] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 22:13:19 [Info] [4164] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-12 22:13:19 [Info] [4164] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-12 22:13:20 [Info] [4164] item: --windows-sysinfoext-check
2026-03-12 22:13:20 [Info] [4164] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-12 22:13:20 [Info] [4164] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-12 22:13:20 [Info] [4164] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-12 22:13:20 [Info] [4164] http request success : https://update-vpc-x.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-12 22:13:20 [Info] [4164] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-12 22:13:20 [Info] [4164] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-12 22:13:20 [Info] [4164] Prepare stage1: --windows-sysinfoext-check
2026-03-12 22:13:20 [Info] [4164] Prepare stage2
2026-03-12 22:13:21 [Warn] [4164] high cpu, cpu is 26
2026-03-12 22:13:21 [Info] [4164] try get sys version
2026-03-12 22:13:21 [Info] [4164] win sys info:2/10:0:3
2026-03-12 22:13:21 [Info] [4164] suit legal version, enable cpu control
2026-03-12 22:13:21 [Warn] [4164] High CPU Warning: 26
2026-03-12 22:13:21 [Warn] [4164] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-03-12 22:13:22 [Info] [4164] log memory size is 30720KB, real memory size is 22792KB
2026-03-12 22:13:25 [Info] [4164] stage3: --windows-sysinfoext-check
2026-03-12 22:13:25 [Info] [4164] Loader after check
2026-03-12 22:13:25 [Warn] [4164] high cpu, cpu is 14
2026-03-12 22:13:25 [Warn] [4164] High CPU Warning: 14
2026-03-12 22:13:26 [Info] [4164] Enter reuse wait state.
2026-03-12 22:13:29 [Info] [4164] recvmsg: EXIT
2026-03-12 22:13:29 [Info] [4164] Recv Exit Msg, Exit...
2026-03-19 04:18:46 [Info] [96] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-19 04:18:46 [Info] [96] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap28151773865110 
2026-03-19 04:18:46 [Info] [96] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-19 04:18:46 [Info] [96] Resource monitor start
2026-03-19 04:18:46 [Info] [96] ipc client init success
2026-03-19 04:18:46 [Info] [96] Ipc init: 0
2026-03-19 04:18:46 [Info] [96] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-19 04:18:46 [Info] [96] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-19 04:18:51 [Info] [96] CIpcMsgHandlerMgr::run Enter
2026-03-19 04:18:51 [Info] [96] CResourceMonitor::run Enter
2026-03-19 04:18:51 [Info] [96] start ipc thread id[4596]
2026-03-19 04:18:51 [Info] [96] Connect Yundun ipc server return state is 0
2026-03-19 04:18:51 [Info] [96] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-19 04:18:52 [Info] [96] log fd cnt is [250], real fd cnt is [243]
2026-03-19 04:18:55 [Info] [96] yundun connected
2026-03-19 04:18:55 [Info] [96] Report thread
2026-03-19 04:18:55 [Info] [96] Monitor thread
2026-03-19 04:18:55 [Info] [96] Loader thread
2026-03-19 04:18:55 [Info] [96] PythonEngineImpl Init...
2026-03-19 04:18:56 [Info] [96] recvmsg: HELLO
2026-03-19 04:18:56 [Info] [96] recvmsg: WORK
2026-03-19 04:18:56 [Info] [96] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 04:18:56 [Info] [96] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 04:18:56 [Info] [96] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 04:18:56 [Info] [96] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 04:18:57 [Info] [96] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-19 04:18:57 [Info] [96] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-19 04:18:57 [Info] [96] log memory size is 20480KB, real memory size is 14576KB
2026-03-19 04:18:58 [Info] [96] item: --windows-sysinfoext-check
2026-03-19 04:18:58 [Info] [96] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-19 04:18:58 [Info] [96] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-19 04:18:58 [Info] [96] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 04:18:58 [Info] [96] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 04:18:58 [Info] [96] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-19 04:18:58 [Info] [96] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-19 04:18:58 [Info] [96] Prepare stage1: --windows-sysinfoext-check
2026-03-19 04:18:58 [Info] [96] Prepare stage2
2026-03-19 04:19:00 [Info] [96] stage3: --windows-sysinfoext-check
2026-03-19 04:19:00 [Info] [96] Loader after check
2026-03-19 04:19:01 [Info] [96] log memory size is 30720KB, real memory size is 23104KB
2026-03-19 04:19:01 [Info] [96] Enter reuse wait state.
2026-03-19 04:19:03 [Info] [96] recvmsg: EXIT
2026-03-19 04:19:03 [Info] [96] Recv Exit Msg, Exit...
2026-03-19 05:03:38 [Info] [4648] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-19 05:03:38 [Info] [4648] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap116581773867818 
2026-03-19 05:03:38 [Info] [4648] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-19 05:03:38 [Info] [4648] Resource monitor start
2026-03-19 05:03:38 [Info] [4648] ipc client init success
2026-03-19 05:03:38 [Info] [4648] Ipc init: 0
2026-03-19 05:03:38 [Info] [4648] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-19 05:03:38 [Info] [4648] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-19 05:03:38 [Info] [4648] start ipc thread id[3400]
2026-03-19 05:03:38 [Info] [4648] Connect Yundun ipc server return state is 0
2026-03-19 05:03:38 [Info] [4648] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-19 05:03:38 [Info] [4648] CResourceMonitor::run Enter
2026-03-19 05:03:38 [Info] [4648] CIpcMsgHandlerMgr::run Enter
2026-03-19 05:03:38 [Info] [4648] Report thread
2026-03-19 05:03:38 [Info] [4648] Monitor thread
2026-03-19 05:03:38 [Info] [4648] Loader thread
2026-03-19 05:03:38 [Info] [4648] PythonEngineImpl Init...
2026-03-19 05:03:38 [Info] [4648] yundun connected
2026-03-19 05:03:38 [Info] [4648] recvmsg: HELLO
2026-03-19 05:03:38 [Info] [4648] recvmsg: WORK
2026-03-19 05:03:38 [Info] [4648] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 05:03:38 [Info] [4648] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 05:03:38 [Info] [4648] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 05:03:39 [Info] [4648] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 05:03:39 [Info] [4648] log fd cnt is [250], real fd cnt is [286]
2026-03-19 05:03:39 [Info] [4648] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-19 05:03:39 [Info] [4648] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-19 05:03:40 [Info] [4648] log memory size is 20480KB, real memory size is 14796KB
2026-03-19 05:03:40 [Info] [4648] item: --sca
2026-03-19 05:03:40 [Info] [4648] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-19 05:03:40 [Info] [4648] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-19 05:03:40 [Info] [4648] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py
2026-03-19 05:03:40 [Info] [4648] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py
2026-03-19 05:03:40 [Info] [4648] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py
2026-03-19 05:03:40 [Info] [4648] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py
2026-03-19 05:03:41 [Info] [4648] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py
2026-03-19 05:03:41 [Info] [4648] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_node_proc.py
2026-03-19 05:03:41 [Info] [4648] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py
2026-03-19 05:03:41 [Info] [4648] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_business_type.py
2026-03-19 05:03:41 [Info] [4648] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py
2026-03-19 05:03:41 [Info] [4648] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py
2026-03-19 05:03:41 [Info] [4648] Download redirect files success.
2026-03-19 05:03:41 [Info] [4648] Prepare stage1: --sca
2026-03-19 05:03:41 [Info] [4648] Prepare stage2
2026-03-19 05:03:43 [Warn] [4648] high cpu, cpu is 24
2026-03-19 05:03:43 [Info] [4648] try get sys version
2026-03-19 05:03:43 [Info] [4648] win sys info:2/10:0:3
2026-03-19 05:03:43 [Info] [4648] suit legal version, enable cpu control
2026-03-19 05:03:43 [Warn] [4648] High CPU Warning: 24
2026-03-19 05:03:43 [Warn] [4648] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-03-19 05:03:44 [Info] [4648] log memory size is 30720KB, real memory size is 32296KB
2026-03-19 05:03:48 [Info] [4648] log memory size is 40960KB, real memory size is 32924KB
2026-03-19 05:04:16 [Info] [4648] stage3: --sca
2026-03-19 05:04:16 [Info] [4648] Loader after check
2026-03-19 05:04:17 [Info] [4648] Enter reuse wait state.
2026-03-19 05:04:22 [Info] [4648] recvmsg: EXIT
2026-03-19 05:04:22 [Info] [4648] Recv Exit Msg, Exit...
2026-03-19 08:03:10 [Info] [1772] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-19 08:03:10 [Info] [1772] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap140671773878590 
2026-03-19 08:03:10 [Info] [1772] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-19 08:03:10 [Info] [1772] Resource monitor start
2026-03-19 08:03:10 [Info] [1772] ipc client init success
2026-03-19 08:03:10 [Info] [1772] Ipc init: 0
2026-03-19 08:03:10 [Info] [1772] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-19 08:03:10 [Info] [1772] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-19 08:03:10 [Info] [1772] start ipc thread id[5060]
2026-03-19 08:03:10 [Info] [1772] Connect Yundun ipc server return state is 0
2026-03-19 08:03:10 [Info] [1772] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-19 08:03:10 [Info] [1772] CResourceMonitor::run Enter
2026-03-19 08:03:10 [Info] [1772] CIpcMsgHandlerMgr::run Enter
2026-03-19 08:03:10 [Info] [1772] Report thread
2026-03-19 08:03:10 [Info] [1772] Monitor thread
2026-03-19 08:03:10 [Info] [1772] Loader thread
2026-03-19 08:03:10 [Info] [1772] PythonEngineImpl Init...
2026-03-19 08:03:10 [Info] [1772] yundun connected
2026-03-19 08:03:10 [Info] [1772] recvmsg: HELLO
2026-03-19 08:03:11 [Info] [1772] recvmsg: WORK
2026-03-19 08:03:11 [Info] [1772] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 08:03:11 [Info] [1772] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 08:03:11 [Info] [1772] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 08:03:11 [Info] [1772] log fd cnt is [250], real fd cnt is [282]
2026-03-19 08:03:11 [Info] [1772] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 08:03:11 [Info] [1772] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-19 08:03:11 [Info] [1772] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-19 08:03:12 [Info] [1772] log memory size is 20480KB, real memory size is 14784KB
2026-03-19 08:03:12 [Info] [1772] item: --windows-vul-clean
2026-03-19 08:03:12 [Info] [1772] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-19 08:03:12 [Info] [1772] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-19 08:03:12 [Info] [1772] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 08:03:12 [Info] [1772] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 08:03:12 [Info] [1772] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0
2026-03-19 08:03:12 [Info] [1772] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5
2026-03-19 08:03:13 [Info] [1772] Prepare stage1: --windows-vul-clean
2026-03-19 08:03:13 [Info] [1772] Prepare stage2
2026-03-19 08:03:13 [Info] [1772] stage3: --windows-vul-clean
2026-03-19 08:03:13 [Info] [1772] Loader after check
2026-03-19 08:03:14 [Info] [1772] Enter reuse wait state.
2026-03-19 08:03:18 [Info] [1772] recvmsg: EXIT
2026-03-19 08:03:18 [Info] [1772] Recv Exit Msg, Exit...
2026-03-19 08:52:01 [Info] [4832] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-19 08:52:01 [Info] [4832] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap236381773881521 
2026-03-19 08:52:01 [Info] [4832] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-19 08:52:01 [Info] [4832] Resource monitor start
2026-03-19 08:52:01 [Info] [4832] ipc client init success
2026-03-19 08:52:01 [Info] [4832] Ipc init: 0
2026-03-19 08:52:01 [Info] [4832] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-19 08:52:01 [Info] [4832] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-19 08:52:01 [Info] [4832] start ipc thread id[4892]
2026-03-19 08:52:01 [Info] [4832] Connect Yundun ipc server return state is 0
2026-03-19 08:52:01 [Info] [4832] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-19 08:52:01 [Info] [4832] CResourceMonitor::run Enter
2026-03-19 08:52:01 [Info] [4832] CIpcMsgHandlerMgr::run Enter
2026-03-19 08:52:01 [Info] [4832] yundun connected
2026-03-19 08:52:01 [Info] [4832] Report thread
2026-03-19 08:52:01 [Info] [4832] Monitor thread
2026-03-19 08:52:01 [Info] [4832] Loader thread
2026-03-19 08:52:01 [Info] [4832] PythonEngineImpl Init...
2026-03-19 08:52:02 [Info] [4832] recvmsg: HELLO
2026-03-19 08:52:02 [Info] [4832] recvmsg: WORK
2026-03-19 08:52:02 [Info] [4832] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 08:52:02 [Info] [4832] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 08:52:02 [Info] [4832] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 08:52:02 [Info] [4832] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 08:52:02 [Info] [4832] log fd cnt is [250], real fd cnt is [282]
2026-03-19 08:52:02 [Info] [4832] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-19 08:52:02 [Info] [4832] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-19 08:52:03 [Info] [4832] log memory size is 20480KB, real memory size is 14792KB
2026-03-19 08:52:03 [Info] [4832] item: --windows-process-check
2026-03-19 08:52:03 [Info] [4832] cgroup name aegisRtap0
2026-03-19 08:52:03 [Info] [4832] try get sys version
2026-03-19 08:52:03 [Info] [4832] win sys info:2/10:0:3
2026-03-19 08:52:03 [Info] [4832] suit legal version, enable cpu control
2026-03-19 08:52:03 [Info] [4832] get AssignProcessToJobObject handle [00000478]
2026-03-19 08:52:03 [Info] [4832] Set setJobExtended.
2026-03-19 08:52:03 [Info] [4832] Set cpu [9%]
2026-03-19 08:52:03 [Info] [4832] Set cpu success
2026-03-19 08:52:03 [Info] [4832] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-19 08:52:03 [Info] [4832] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-19 08:52:03 [Info] [4832] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 08:52:04 [Info] [4832] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 08:52:04 [Info] [4832] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0
2026-03-19 08:52:04 [Info] [4832] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5
2026-03-19 08:52:04 [Info] [4832] Prepare stage1: --windows-process-check
2026-03-19 08:52:04 [Info] [4832] Prepare stage2
2026-03-19 08:52:07 [Info] [4832] log memory size is 30720KB, real memory size is 20616KB
2026-03-19 08:52:22 [Info] [4832] stage3: --windows-process-check
2026-03-19 08:52:22 [Info] [4832] Loader after check
2026-03-19 08:52:23 [Info] [4832] Enter reuse wait state.
2026-03-19 08:52:25 [Info] [4832] recvmsg: EXIT
2026-03-19 08:52:25 [Info] [4832] Recv Exit Msg, Exit...
2026-03-19 09:47:18 [Info] [4996] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-19 09:47:18 [Info] [4996] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap16761773884830 
2026-03-19 09:47:18 [Info] [4996] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-19 09:47:18 [Info] [4996] Resource monitor start
2026-03-19 09:47:18 [Info] [4996] ipc client init success
2026-03-19 09:47:18 [Info] [4996] Ipc init: 0
2026-03-19 09:47:18 [Info] [4996] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-19 09:47:18 [Info] [4996] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-19 09:47:18 [Info] [4996] start ipc thread id[4472]
2026-03-19 09:47:18 [Info] [4996] Connect Yundun ipc server return state is 0
2026-03-19 09:47:18 [Info] [4996] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-19 09:47:18 [Info] [4996] CResourceMonitor::run Enter
2026-03-19 09:47:18 [Info] [4996] CIpcMsgHandlerMgr::run Enter
2026-03-19 09:47:18 [Info] [4996] Report thread
2026-03-19 09:47:18 [Info] [4996] Monitor thread
2026-03-19 09:47:18 [Info] [4996] Loader thread
2026-03-19 09:47:18 [Info] [4996] PythonEngineImpl Init...
2026-03-19 09:47:23 [Info] [4996] yundun connected
2026-03-19 09:47:23 [Info] [4996] recvmsg: HELLO
2026-03-19 09:47:23 [Info] [4996] recvmsg: WORK
2026-03-19 09:47:23 [Info] [4996] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 09:47:23 [Info] [4996] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 09:47:23 [Info] [4996] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 09:47:26 [Info] [4996] log fd cnt is [250], real fd cnt is [264]
2026-03-19 09:47:27 [Info] [4996] log memory size is 20480KB, real memory size is 13140KB
2026-03-19 09:47:32 [Info] [4996] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 09:47:32 [Info] [4996] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-19 09:47:32 [Info] [4996] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-19 09:47:33 [Info] [4996] item: --windows-sysinfoext-check
2026-03-19 09:47:33 [Info] [4996] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-19 09:47:33 [Info] [4996] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-19 09:47:33 [Info] [4996] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 09:47:34 [Info] [4996] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 09:47:34 [Info] [4996] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-19 09:47:34 [Info] [4996] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-19 09:47:34 [Info] [4996] Prepare stage1: --windows-sysinfoext-check
2026-03-19 09:47:34 [Info] [4996] Prepare stage2
2026-03-19 09:47:35 [Info] [4996] log memory size is 30720KB, real memory size is 22972KB
2026-03-19 09:47:36 [Info] [4996] stage3: --windows-sysinfoext-check
2026-03-19 09:47:36 [Info] [4996] Loader after check
2026-03-19 09:47:36 [Warn] [4996] high cpu, cpu is 12
2026-03-19 09:47:36 [Info] [4996] try get sys version
2026-03-19 09:47:36 [Info] [4996] win sys info:2/10:0:3
2026-03-19 09:47:36 [Info] [4996] suit legal version, enable cpu control
2026-03-19 09:47:36 [Warn] [4996] High CPU Warning: 12
2026-03-19 09:47:36 [Warn] [4996] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-19 09:47:37 [Info] [4996] Enter reuse wait state.
2026-03-19 09:47:39 [Info] [4996] recvmsg: EXIT
2026-03-19 09:47:39 [Info] [4996] Recv Exit Msg, Exit...
2026-03-19 10:32:05 [Info] [892] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-19 10:32:05 [Info] [892] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap104771773887525 
2026-03-19 10:32:05 [Info] [892] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-19 10:32:05 [Info] [892] Resource monitor start
2026-03-19 10:32:05 [Info] [892] ipc client init success
2026-03-19 10:32:05 [Info] [892] Ipc init: 0
2026-03-19 10:32:05 [Info] [892] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-19 10:32:05 [Info] [892] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-19 10:32:05 [Info] [892] start ipc thread id[1420]
2026-03-19 10:32:05 [Info] [892] Connect Yundun ipc server return state is 0
2026-03-19 10:32:05 [Info] [892] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-19 10:32:05 [Info] [892] CResourceMonitor::run Enter
2026-03-19 10:32:05 [Info] [892] CIpcMsgHandlerMgr::run Enter
2026-03-19 10:32:05 [Info] [892] Report thread
2026-03-19 10:32:05 [Info] [892] Monitor thread
2026-03-19 10:32:05 [Info] [892] Loader thread
2026-03-19 10:32:05 [Info] [892] PythonEngineImpl Init...
2026-03-19 10:32:05 [Info] [892] yundun connected
2026-03-19 10:32:06 [Info] [892] recvmsg: HELLO
2026-03-19 10:32:06 [Info] [892] recvmsg: WORK
2026-03-19 10:32:06 [Info] [892] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 10:32:06 [Info] [892] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 10:32:06 [Info] [892] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 10:32:06 [Info] [892] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 10:32:06 [Info] [892] log fd cnt is [250], real fd cnt is [286]
2026-03-19 10:32:07 [Info] [892] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-19 10:32:07 [Info] [892] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-19 10:32:07 [Info] [892] log memory size is 20480KB, real memory size is 14776KB
2026-03-19 10:32:08 [Info] [892] item: --windows-registry-check
2026-03-19 10:32:08 [Info] [892] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-19 10:32:08 [Info] [892] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-19 10:32:08 [Info] [892] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 10:32:08 [Info] [892] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 10:32:08 [Info] [892] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0
2026-03-19 10:32:08 [Info] [892] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5
2026-03-19 10:32:08 [Info] [892] Prepare stage1: --windows-registry-check
2026-03-19 10:32:08 [Info] [892] Prepare stage2
2026-03-19 10:32:25 [Info] [892] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-19 10:32:38 [Info] [892] stage3: --windows-registry-check
2026-03-19 10:32:38 [Info] [892] Loader after check
2026-03-19 10:32:39 [Info] [892] Enter reuse wait state.
2026-03-19 10:32:41 [Info] [892] recvmsg: EXIT
2026-03-19 10:32:41 [Info] [892] Recv Exit Msg, Exit...
2026-03-19 10:33:25 [Info] [2348] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-19 10:33:25 [Info] [2348] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap107381773887605 
2026-03-19 10:33:25 [Info] [2348] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-19 10:33:25 [Info] [2348] Resource monitor start
2026-03-19 10:33:25 [Info] [2348] ipc client init success
2026-03-19 10:33:25 [Info] [2348] Ipc init: 0
2026-03-19 10:33:25 [Info] [2348] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-19 10:33:25 [Info] [2348] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-19 10:33:25 [Info] [2348] start ipc thread id[4400]
2026-03-19 10:33:25 [Info] [2348] Connect Yundun ipc server return state is 0
2026-03-19 10:33:25 [Info] [2348] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-19 10:33:25 [Info] [2348] CResourceMonitor::run Enter
2026-03-19 10:33:25 [Info] [2348] CIpcMsgHandlerMgr::run Enter
2026-03-19 10:33:25 [Info] [2348] Report thread
2026-03-19 10:33:25 [Info] [2348] Monitor thread
2026-03-19 10:33:25 [Info] [2348] Loader thread
2026-03-19 10:33:25 [Info] [2348] PythonEngineImpl Init...
2026-03-19 10:33:25 [Info] [2348] yundun connected
2026-03-19 10:33:26 [Info] [2348] recvmsg: HELLO
2026-03-19 10:33:26 [Info] [2348] recvmsg: WORK
2026-03-19 10:33:26 [Info] [2348] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 10:33:26 [Info] [2348] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 10:33:26 [Info] [2348] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 10:33:26 [Info] [2348] log fd cnt is [250], real fd cnt is [282]
2026-03-19 10:33:26 [Info] [2348] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 10:33:27 [Info] [2348] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-19 10:33:27 [Info] [2348] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-19 10:33:27 [Info] [2348] log memory size is 20480KB, real memory size is 14784KB
2026-03-19 10:33:28 [Info] [2348] item: --windows-driver-version-check
2026-03-19 10:33:28 [Info] [2348] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-19 10:33:28 [Info] [2348] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-19 10:33:28 [Info] [2348] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 10:33:28 [Info] [2348] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 10:33:28 [Info] [2348] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0
2026-03-19 10:33:28 [Info] [2348] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5
2026-03-19 10:33:28 [Info] [2348] Prepare stage1: --windows-driver-version-check
2026-03-19 10:33:28 [Info] [2348] Prepare stage2
2026-03-19 10:33:28 [Info] [2348] stage3: --windows-driver-version-check
2026-03-19 10:33:28 [Info] [2348] Loader after check
2026-03-19 10:33:30 [Info] [2348] Enter reuse wait state.
2026-03-19 10:33:32 [Info] [2348] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-19 10:33:33 [Info] [2348] recvmsg: EXIT
2026-03-19 10:33:33 [Info] [2348] Recv Exit Msg, Exit...
2026-03-19 10:42:30 [Info] [1244] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-19 10:42:30 [Info] [1244] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap125181773888150 
2026-03-19 10:42:30 [Info] [1244] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-19 10:42:30 [Info] [1244] Resource monitor start
2026-03-19 10:42:30 [Info] [1244] ipc client init success
2026-03-19 10:42:30 [Info] [1244] Ipc init: 0
2026-03-19 10:42:30 [Info] [1244] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-19 10:42:30 [Info] [1244] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-19 10:42:30 [Info] [1244] start ipc thread id[1228]
2026-03-19 10:42:30 [Info] [1244] Connect Yundun ipc server return state is 0
2026-03-19 10:42:30 [Info] [1244] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-19 10:42:30 [Info] [1244] CResourceMonitor::run Enter
2026-03-19 10:42:30 [Info] [1244] CIpcMsgHandlerMgr::run Enter
2026-03-19 10:42:30 [Info] [1244] Report thread
2026-03-19 10:42:30 [Info] [1244] Monitor thread
2026-03-19 10:42:30 [Info] [1244] Loader thread
2026-03-19 10:42:30 [Info] [1244] PythonEngineImpl Init...
2026-03-19 10:42:30 [Info] [1244] yundun connected
2026-03-19 10:42:31 [Info] [1244] recvmsg: HELLO
2026-03-19 10:42:31 [Info] [1244] recvmsg: WORK
2026-03-19 10:42:31 [Info] [1244] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 10:42:31 [Info] [1244] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 10:42:31 [Info] [1244] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 10:42:31 [Info] [1244] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 10:42:31 [Info] [1244] log fd cnt is [250], real fd cnt is [282]
2026-03-19 10:42:31 [Info] [1244] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-19 10:42:31 [Info] [1244] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-19 10:42:32 [Info] [1244] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-19 10:42:32 [Info] [1244] log memory size is 20480KB, real memory size is 14788KB
2026-03-19 10:42:32 [Info] [1244] item: --windows-schedule-task-check
2026-03-19 10:42:32 [Info] [1244] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-19 10:42:32 [Info] [1244] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-19 10:42:32 [Info] [1244] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 10:42:32 [Info] [1244] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 10:42:33 [Info] [1244] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0
2026-03-19 10:42:33 [Info] [1244] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5
2026-03-19 10:42:33 [Info] [1244] Prepare stage1: --windows-schedule-task-check
2026-03-19 10:42:33 [Info] [1244] Prepare stage2
2026-03-19 10:42:33 [Warn] [1244] high cpu, cpu is 18
2026-03-19 10:42:33 [Info] [1244] try get sys version
2026-03-19 10:42:33 [Info] [1244] win sys info:2/10:0:3
2026-03-19 10:42:33 [Info] [1244] suit legal version, enable cpu control
2026-03-19 10:42:33 [Warn] [1244] High CPU Warning: 18
2026-03-19 10:42:33 [Warn] [1244] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:dynamic.py line: 516 in func: __getattr__
File:windows-schedule-task-check.py line: 377 in func: GetScheduleTaskByCom
File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks
File:windows-schedule-task-check.py line: 425 in func: check
File:windows-schedule-task-check.py line: 61 in func: main
File:windows-schedule-task-check.py line: 433 in func: start
2026-03-19 10:42:36 [Info] [1244] log memory size is 30720KB, real memory size is 23476KB
2026-03-19 10:43:03 [Info] [1244] stage3: --windows-schedule-task-check
2026-03-19 10:43:03 [Info] [1244] Loader after check
2026-03-19 10:43:04 [Info] [1244] Enter reuse wait state.
2026-03-19 10:43:06 [Info] [1244] recvmsg: EXIT
2026-03-19 10:43:06 [Info] [1244] Recv Exit Msg, Exit...
2026-03-19 11:16:00 [Info] [4608] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-19 11:16:00 [Info] [4608] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap190821773890160 
2026-03-19 11:16:00 [Info] [4608] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-19 11:16:00 [Info] [4608] Resource monitor start
2026-03-19 11:16:00 [Info] [4608] ipc client init success
2026-03-19 11:16:00 [Info] [4608] Ipc init: 0
2026-03-19 11:16:00 [Info] [4608] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-19 11:16:00 [Info] [4608] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-19 11:16:00 [Info] [4608] start ipc thread id[1420]
2026-03-19 11:16:00 [Info] [4608] Connect Yundun ipc server return state is 0
2026-03-19 11:16:00 [Info] [4608] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-19 11:16:00 [Info] [4608] CResourceMonitor::run Enter
2026-03-19 11:16:00 [Info] [4608] CIpcMsgHandlerMgr::run Enter
2026-03-19 11:16:00 [Info] [4608] Report thread
2026-03-19 11:16:00 [Info] [4608] Monitor thread
2026-03-19 11:16:00 [Info] [4608] Loader thread
2026-03-19 11:16:00 [Info] [4608] PythonEngineImpl Init...
2026-03-19 11:16:00 [Info] [4608] yundun connected
2026-03-19 11:16:01 [Info] [4608] recvmsg: HELLO
2026-03-19 11:16:01 [Info] [4608] recvmsg: WORK
2026-03-19 11:16:01 [Info] [4608] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 11:16:01 [Info] [4608] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 11:16:01 [Info] [4608] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 11:16:01 [Info] [4608] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 11:16:01 [Warn] [4608] high cpu, cpu is 12
2026-03-19 11:16:01 [Info] [4608] try get sys version
2026-03-19 11:16:01 [Info] [4608] win sys info:2/10:0:3
2026-03-19 11:16:01 [Info] [4608] suit legal version, enable cpu control
2026-03-19 11:16:01 [Warn] [4608] High CPU Warning: 12
2026-03-19 11:16:01 [Warn] [4608] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-19 11:16:01 [Info] [4608] log fd cnt is [250], real fd cnt is [282]
2026-03-19 11:16:01 [Info] [4608] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-19 11:16:01 [Info] [4608] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-19 11:16:02 [Info] [4608] log memory size is 20480KB, real memory size is 14724KB
2026-03-19 11:16:03 [Info] [4608] item: --windows-autorun-item-check
2026-03-19 11:16:03 [Info] [4608] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-19 11:16:03 [Info] [4608] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-19 11:16:03 [Info] [4608] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 11:16:03 [Info] [4608] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 11:16:03 [Info] [4608] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0
2026-03-19 11:16:03 [Info] [4608] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5
2026-03-19 11:16:03 [Info] [4608] Prepare stage1: --windows-autorun-item-check
2026-03-19 11:16:03 [Info] [4608] Prepare stage2
2026-03-19 11:16:06 [Info] [4608] log memory size is 30720KB, real memory size is 22496KB
2026-03-19 11:16:13 [Info] [4608] stage3: --windows-autorun-item-check
2026-03-19 11:16:13 [Info] [4608] Loader after check
2026-03-19 11:16:14 [Info] [4608] Enter reuse wait state.
2026-03-19 11:16:16 [Info] [4608] recvmsg: EXIT
2026-03-19 11:16:16 [Info] [4608] Recv Exit Msg, Exit...
2026-03-19 11:33:27 [Info] [3312] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-19 11:33:27 [Info] [3312] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap225011773891207 
2026-03-19 11:33:27 [Info] [3312] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-19 11:33:27 [Info] [3312] Resource monitor start
2026-03-19 11:33:27 [Info] [3312] ipc client init success
2026-03-19 11:33:27 [Info] [3312] Ipc init: 0
2026-03-19 11:33:27 [Info] [3312] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-19 11:33:27 [Info] [3312] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-19 11:33:27 [Info] [3312] start ipc thread id[3728]
2026-03-19 11:33:27 [Info] [3312] Connect Yundun ipc server return state is 0
2026-03-19 11:33:27 [Info] [3312] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-19 11:33:27 [Info] [3312] CResourceMonitor::run Enter
2026-03-19 11:33:27 [Info] [3312] CIpcMsgHandlerMgr::run Enter
2026-03-19 11:33:27 [Info] [3312] Report thread
2026-03-19 11:33:27 [Info] [3312] Monitor thread
2026-03-19 11:33:27 [Info] [3312] Loader thread
2026-03-19 11:33:27 [Info] [3312] PythonEngineImpl Init...
2026-03-19 11:33:27 [Info] [3312] yundun connected
2026-03-19 11:33:28 [Info] [3312] recvmsg: HELLO
2026-03-19 11:33:28 [Info] [3312] recvmsg: WORK
2026-03-19 11:33:28 [Info] [3312] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 11:33:28 [Info] [3312] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 11:33:28 [Info] [3312] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 11:33:28 [Info] [3312] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 11:33:28 [Info] [3312] log fd cnt is [250], real fd cnt is [282]
2026-03-19 11:33:28 [Info] [3312] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-19 11:33:28 [Info] [3312] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-19 11:33:28 [Info] [3312] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-19 11:33:29 [Info] [3312] log memory size is 20480KB, real memory size is 14792KB
2026-03-19 11:33:29 [Info] [3312] item: --tcp-connect-check
2026-03-19 11:33:29 [Info] [3312] cgroup name aegisRtap0
2026-03-19 11:33:29 [Info] [3312] try get sys version
2026-03-19 11:33:29 [Info] [3312] win sys info:2/10:0:3
2026-03-19 11:33:29 [Info] [3312] suit legal version, enable cpu control
2026-03-19 11:33:29 [Info] [3312] get AssignProcessToJobObject handle [00000478]
2026-03-19 11:33:29 [Info] [3312] Set setJobExtended.
2026-03-19 11:33:29 [Info] [3312] Set cpu [9%]
2026-03-19 11:33:29 [Info] [3312] Set cpu success
2026-03-19 11:33:29 [Info] [3312] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-19 11:33:29 [Info] [3312] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-19 11:33:29 [Info] [3312] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 11:33:30 [Info] [3312] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 11:33:30 [Info] [3312] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0
2026-03-19 11:33:30 [Info] [3312] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5
2026-03-19 11:33:30 [Info] [3312] Prepare stage1: --tcp-connect-check
2026-03-19 11:33:30 [Info] [3312] Prepare stage2
2026-03-19 11:33:33 [Info] [3312] stage3: --tcp-connect-check
2026-03-19 11:33:33 [Info] [3312] Loader after check
2026-03-19 11:33:34 [Info] [3312] Enter reuse wait state.
2026-03-19 11:33:39 [Info] [3312] recvmsg: EXIT
2026-03-19 11:33:39 [Info] [3312] Recv Exit Msg, Exit...
2026-03-19 15:16:01 [Info] [2720] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-19 15:16:01 [Info] [2720] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap5441773904552 
2026-03-19 15:16:01 [Info] [2720] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-19 15:16:01 [Info] [2720] Resource monitor start
2026-03-19 15:16:01 [Info] [2720] ipc client init success
2026-03-19 15:16:01 [Info] [2720] Ipc init: 0
2026-03-19 15:16:01 [Info] [2720] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-19 15:16:01 [Info] [2720] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-19 15:16:01 [Info] [2720] start ipc thread id[1524]
2026-03-19 15:16:01 [Info] [2720] Connect Yundun ipc server return state is 0
2026-03-19 15:16:01 [Info] [2720] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-19 15:16:01 [Info] [2720] CResourceMonitor::run Enter
2026-03-19 15:16:01 [Info] [2720] CIpcMsgHandlerMgr::run Enter
2026-03-19 15:16:01 [Info] [2720] Report thread
2026-03-19 15:16:01 [Info] [2720] Monitor thread
2026-03-19 15:16:01 [Info] [2720] Loader thread
2026-03-19 15:16:01 [Info] [2720] PythonEngineImpl Init...
2026-03-19 15:16:06 [Info] [2720] yundun connected
2026-03-19 15:16:07 [Info] [2720] recvmsg: HELLO
2026-03-19 15:16:07 [Info] [2720] recvmsg: WORK
2026-03-19 15:16:07 [Info] [2720] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 15:16:07 [Info] [2720] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-19 15:16:07 [Info] [2720] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 15:16:09 [Info] [2720] log fd cnt is [250], real fd cnt is [264]
2026-03-19 15:16:10 [Info] [2720] log memory size is 20480KB, real memory size is 13140KB
2026-03-19 15:16:14 [Info] [2720] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 15:16:15 [Info] [2720] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-19 15:16:15 [Info] [2720] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-19 15:16:16 [Info] [2720] item: --windows-sysinfoext-check
2026-03-19 15:16:16 [Info] [2720] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-19 15:16:16 [Info] [2720] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-19 15:16:16 [Info] [2720] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-19 15:16:16 [Info] [2720] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-19 15:16:16 [Info] [2720] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-19 15:16:16 [Info] [2720] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-19 15:16:16 [Info] [2720] Prepare stage1: --windows-sysinfoext-check
2026-03-19 15:16:16 [Info] [2720] Prepare stage2
2026-03-19 15:16:17 [Warn] [2720] high cpu, cpu is 17
2026-03-19 15:16:17 [Info] [2720] try get sys version
2026-03-19 15:16:17 [Info] [2720] win sys info:2/10:0:3
2026-03-19 15:16:17 [Info] [2720] suit legal version, enable cpu control
2026-03-19 15:16:17 [Warn] [2720] High CPU Warning: 17
2026-03-19 15:16:17 [Warn] [2720] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-03-19 15:16:18 [Info] [2720] stage3: --windows-sysinfoext-check
2026-03-19 15:16:18 [Info] [2720] Loader after check
2026-03-19 15:16:18 [Info] [2720] log memory size is 30720KB, real memory size is 23080KB
2026-03-19 15:16:19 [Info] [2720] Enter reuse wait state.
2026-03-19 15:16:22 [Info] [2720] recvmsg: EXIT
2026-03-19 15:16:22 [Info] [2720] Recv Exit Msg, Exit...
Youez - 2016 - github.com/yon3zu
LinuXploit