2026-02-27 08:08:50 [Info] [4656] CResourceMonitor::run Enter
2026-02-27 08:08:50 [Info] [4656] CIpcMsgHandlerMgr::run Enter
2026-02-27 08:08:50 [Info] [4656] Report thread
2026-02-27 08:08:50 [Info] [4656] Monitor thread
2026-02-27 08:08:50 [Info] [4656] Loader thread
2026-02-27 08:08:50 [Info] [4656] PythonEngineImpl Init...
2026-02-27 08:08:50 [Info] [4656] yundun connected
2026-02-27 08:08:51 [Info] [4656] recvmsg: HELLO
2026-02-27 08:08:51 [Info] [4656] recvmsg: WORK
2026-02-27 08:08:51 [Info] [4656] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 08:08:51 [Info] [4656] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 08:08:51 [Info] [4656] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 08:08:51 [Info] [4656] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 08:08:51 [Info] [4656] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-27 08:08:51 [Info] [4656] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-27 08:08:51 [Info] [4656] log fd cnt is [250], real fd cnt is [281]
2026-02-27 08:08:52 [Info] [4656] log memory size is 20480KB, real memory size is 14568KB
2026-02-27 08:08:52 [Info] [4656] item: --windows-vul-clean
2026-02-27 08:08:52 [Info] [4656] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-02-27 08:08:52 [Info] [4656] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-02-27 08:08:52 [Info] [4656] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 08:08:53 [Info] [4656] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 08:08:53 [Info] [4656] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0
2026-02-27 08:08:53 [Info] [4656] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5
2026-02-27 08:08:53 [Info] [4656] Prepare stage1: --windows-vul-clean
2026-02-27 08:08:53 [Info] [4656] Prepare stage2
2026-02-27 08:08:53 [Info] [4656] stage3: --windows-vul-clean
2026-02-27 08:08:53 [Info] [4656] Loader after check
2026-02-27 08:08:54 [Info] [4656] Enter reuse wait state.
2026-02-27 08:08:58 [Info] [4656] recvmsg: EXIT
2026-02-27 08:08:58 [Info] [4656] Recv Exit Msg, Exit...
2026-02-27 09:13:52 [Info] [4788] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-27 09:13:52 [Info] [4788] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap210951772154832 
2026-02-27 09:13:52 [Info] [4788] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-27 09:13:52 [Info] [4788] Resource monitor start
2026-02-27 09:13:52 [Info] [4788] ipc client init success
2026-02-27 09:13:52 [Info] [4788] Ipc init: 0
2026-02-27 09:13:52 [Info] [4788] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-27 09:13:52 [Info] [4788] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-27 09:13:52 [Info] [4788] start ipc thread id[2776]
2026-02-27 09:13:52 [Info] [4788] Connect Yundun ipc server return state is 0
2026-02-27 09:13:52 [Info] [4788] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-27 09:13:52 [Info] [4788] CResourceMonitor::run Enter
2026-02-27 09:13:52 [Info] [4788] CIpcMsgHandlerMgr::run Enter
2026-02-27 09:13:52 [Info] [4788] Report thread
2026-02-27 09:13:52 [Info] [4788] Monitor thread
2026-02-27 09:13:52 [Info] [4788] Loader thread
2026-02-27 09:13:52 [Info] [4788] PythonEngineImpl Init...
2026-02-27 09:13:52 [Info] [4788] yundun connected
2026-02-27 09:13:53 [Info] [4788] recvmsg: HELLO
2026-02-27 09:13:53 [Info] [4788] recvmsg: WORK
2026-02-27 09:13:53 [Info] [4788] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 09:13:53 [Info] [4788] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 09:13:53 [Info] [4788] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 09:13:53 [Info] [4788] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 09:13:53 [Info] [4788] log fd cnt is [250], real fd cnt is [286]
2026-02-27 09:13:53 [Info] [4788] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-27 09:13:53 [Info] [4788] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-27 09:13:54 [Info] [4788] log memory size is 20480KB, real memory size is 14560KB
2026-02-27 09:13:54 [Info] [4788] item: --windows-process-check
2026-02-27 09:13:54 [Info] [4788] cgroup name aegisRtap0
2026-02-27 09:13:54 [Info] [4788] try get sys version
2026-02-27 09:13:54 [Info] [4788] win sys info:2/10:0:3
2026-02-27 09:13:54 [Info] [4788] suit legal version, enable cpu control
2026-02-27 09:13:54 [Info] [4788] get AssignProcessToJobObject handle [00000478]
2026-02-27 09:13:54 [Info] [4788] Set setJobExtended.
2026-02-27 09:13:54 [Info] [4788] Set cpu [9%]
2026-02-27 09:13:54 [Info] [4788] Set cpu success
2026-02-27 09:13:54 [Info] [4788] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-02-27 09:13:54 [Info] [4788] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-02-27 09:13:54 [Info] [4788] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 09:13:55 [Info] [4788] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 09:13:55 [Info] [4788] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0
2026-02-27 09:13:55 [Info] [4788] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5
2026-02-27 09:13:56 [Info] [4788] Prepare stage1: --windows-process-check
2026-02-27 09:13:56 [Info] [4788] Prepare stage2
2026-02-27 09:14:07 [Info] [4788] log memory size is 30720KB, real memory size is 20492KB
2026-02-27 09:14:15 [Info] [4788] stage3: --windows-process-check
2026-02-27 09:14:15 [Info] [4788] Loader after check
2026-02-27 09:14:16 [Info] [4788] Enter reuse wait state.
2026-02-27 09:14:20 [Info] [4788] recvmsg: EXIT
2026-02-27 09:14:20 [Info] [4788] Recv Exit Msg, Exit...
2026-02-27 09:57:57 [Info] [3968] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-27 09:57:57 [Info] [3968] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap297321772157477 
2026-02-27 09:57:57 [Info] [3968] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-27 09:57:57 [Info] [3968] Resource monitor start
2026-02-27 09:57:57 [Info] [3968] ipc client init success
2026-02-27 09:57:57 [Info] [3968] Ipc init: 0
2026-02-27 09:57:57 [Info] [3968] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-27 09:57:57 [Info] [3968] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-27 09:57:57 [Info] [3968] start ipc thread id[4632]
2026-02-27 09:57:57 [Info] [3968] Connect Yundun ipc server return state is 0
2026-02-27 09:57:57 [Info] [3968] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-27 09:57:57 [Info] [3968] CResourceMonitor::run Enter
2026-02-27 09:57:57 [Info] [3968] CIpcMsgHandlerMgr::run Enter
2026-02-27 09:57:57 [Info] [3968] Report thread
2026-02-27 09:57:57 [Info] [3968] Monitor thread
2026-02-27 09:57:57 [Info] [3968] Loader thread
2026-02-27 09:57:57 [Info] [3968] PythonEngineImpl Init...
2026-02-27 09:57:57 [Info] [3968] yundun connected
2026-02-27 09:57:57 [Info] [3968] recvmsg: HELLO
2026-02-27 09:57:57 [Info] [3968] recvmsg: WORK
2026-02-27 09:57:57 [Info] [3968] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 09:57:57 [Info] [3968] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 09:57:57 [Info] [3968] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 09:57:58 [Info] [3968] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 09:57:58 [Info] [3968] log fd cnt is [250], real fd cnt is [282]
2026-02-27 09:57:58 [Info] [3968] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-27 09:57:58 [Info] [3968] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-27 09:57:59 [Info] [3968] log memory size is 20480KB, real memory size is 14500KB
2026-02-27 09:57:59 [Info] [3968] item: --sca
2026-02-27 09:57:59 [Info] [3968] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-02-27 09:57:59 [Info] [3968] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-02-27 09:57:59 [Info] [3968] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca.py
2026-02-27 09:57:59 [Info] [3968] start do http get request for update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca.py
2026-02-27 09:57:59 [Info] [3968] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca.py.md5
2026-02-27 09:57:59 [Info] [3968] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca.py.md5
2026-02-27 09:57:59 [Info] [3968] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca.py.md5, http code : 200, curl ret : 0
2026-02-27 09:57:59 [Info] [3968] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca.py, http code : 200, curl ret : 0
2026-02-27 09:57:59 [Info] [3968] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca.py
2026-02-27 09:57:59 [Info] [3968] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py
2026-02-27 09:58:00 [Info] [3968] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_utils.py
2026-02-27 09:58:00 [Info] [3968] start do http get request for update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_utils.py
2026-02-27 09:58:00 [Info] [3968] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_utils.py.md5
2026-02-27 09:58:00 [Info] [3968] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_utils.py.md5
2026-02-27 09:58:00 [Info] [3968] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_utils.py.md5, http code : 200, curl ret : 0
2026-02-27 09:58:00 [Info] [3968] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_utils.py, http code : 200, curl ret : 0
2026-02-27 09:58:00 [Info] [3968] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca_utils.py
2026-02-27 09:58:00 [Info] [3968] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_common_proc.py
2026-02-27 09:58:00 [Info] [3968] start do http get request for update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_common_proc.py
2026-02-27 09:58:00 [Info] [3968] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_common_proc.py.md5
2026-02-27 09:58:00 [Info] [3968] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_common_proc.py.md5
2026-02-27 09:58:00 [Info] [3968] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_common_proc.py.md5, http code : 200, curl ret : 0
2026-02-27 09:58:00 [Info] [3968] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_common_proc.py, http code : 200, curl ret : 0
2026-02-27 09:58:00 [Info] [3968] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca_common_proc.py
2026-02-27 09:58:00 [Info] [3968] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_java_proc.py
2026-02-27 09:58:00 [Info] [3968] start do http get request for update.aegis.aliyun.com/rtap_file/official/release/win32/plugin/sca_java_proc.py
2026-02-27 09:58:01 [Info] [3968] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_java_proc.py.md5
2026-02-27 09:58:01 [Info] [3968] start do http get request for aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_java_proc.py.md5
2026-02-27 09:58:01 [Info] [3968] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_java_proc.py.md5, http code : 200, curl ret : 0
2026-02-27 09:58:01 [Info] [3968] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/sca_java_proc.py, http code : 200, curl ret : 0
2026-02-27 09:58:01 [Info] [3968] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca_java_proc.py
2026-02-27 09:58:01 [Info] [3968] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py
2026-02-27 09:58:01 [Info] [3968] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py
2026-02-27 09:58:01 [Info] [3968] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py
2026-02-27 09:58:01 [Info] [3968] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py
2026-02-27 09:58:01 [Info] [3968] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py
2026-02-27 09:58:01 [Info] [3968] Download redirect files success.
2026-02-27 09:58:01 [Info] [3968] Prepare stage1: --sca
2026-02-27 09:58:01 [Info] [3968] Prepare stage2
2026-02-27 09:58:02 [Warn] [3968] high cpu, cpu is 15
2026-02-27 09:58:02 [Info] [3968] try get sys version
2026-02-27 09:58:02 [Info] [3968] win sys info:2/10:0:3
2026-02-27 09:58:02 [Info] [3968] suit legal version, enable cpu control
2026-02-27 09:58:02 [Warn] [3968] High CPU Warning: 15
2026-02-27 09:58:02 [Warn] [3968] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:random.py line: 40 in func: <module>
File:sca_utils.py line: 18 in func: <module>
File:sca.py line: 44 in func: <module>
2026-02-27 09:58:03 [Info] [3968] log memory size is 30720KB, real memory size is 31116KB
2026-02-27 09:58:07 [Info] [3968] log memory size is 40960KB, real memory size is 33028KB
2026-02-27 09:58:52 [Info] [3968] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-02-27 09:59:04 [Info] [3968] log fd cnt is [300], real fd cnt is [376]
2026-02-27 09:59:12 [Warn] [3968] high cpu, cpu is 23
2026-02-27 09:59:12 [Warn] [3968] High CPU Warning: 23
2026-02-27 09:59:12 [Warn] [3968] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-02-27 09:59:15 [Info] [3968] stage3: --sca
2026-02-27 09:59:15 [Info] [3968] Loader after check
2026-02-27 09:59:16 [Info] [3968] Enter reuse wait state.
2026-02-27 09:59:21 [Info] [3968] recvmsg: EXIT
2026-02-27 09:59:21 [Info] [3968] Recv Exit Msg, Exit...
2026-02-27 10:33:07 [Info] [3804] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-27 10:33:07 [Info] [3804] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap38351772159581 
2026-02-27 10:33:07 [Info] [3804] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-27 10:33:07 [Info] [3804] Resource monitor start
2026-02-27 10:33:07 [Info] [3804] ipc client init success
2026-02-27 10:33:07 [Info] [3804] Ipc init: 0
2026-02-27 10:33:07 [Info] [3804] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-27 10:33:07 [Info] [3804] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-27 10:33:07 [Info] [3804] CResourceMonitor::run Enter
2026-02-27 10:33:07 [Info] [3804] CIpcMsgHandlerMgr::run Enter
2026-02-27 10:33:07 [Info] [3804] start ipc thread id[2908]
2026-02-27 10:33:07 [Info] [3804] Connect Yundun ipc server return state is 0
2026-02-27 10:33:07 [Info] [3804] yundun connected
2026-02-27 10:33:08 [Info] [3804] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-27 10:33:08 [Info] [3804] Report thread
2026-02-27 10:33:08 [Info] [3804] Monitor thread
2026-02-27 10:33:08 [Info] [3804] Loader thread
2026-02-27 10:33:08 [Info] [3804] PythonEngineImpl Init...
2026-02-27 10:33:08 [Info] [3804] recvmsg: HELLO
2026-02-27 10:33:08 [Info] [3804] recvmsg: WORK
2026-02-27 10:33:08 [Info] [3804] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 10:33:08 [Info] [3804] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 10:33:08 [Info] [3804] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 10:33:08 [Info] [3804] log fd cnt is [250], real fd cnt is [282]
2026-02-27 10:33:08 [Info] [3804] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 10:33:09 [Info] [3804] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-27 10:33:09 [Info] [3804] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-27 10:33:09 [Info] [3804] log memory size is 20480KB, real memory size is 14668KB
2026-02-27 10:33:10 [Info] [3804] item: --windows-sysinfoext-check
2026-02-27 10:33:10 [Info] [3804] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-27 10:33:10 [Info] [3804] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-27 10:33:10 [Info] [3804] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 10:33:10 [Info] [3804] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 10:33:10 [Info] [3804] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-02-27 10:33:10 [Info] [3804] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-27 10:33:10 [Info] [3804] Prepare stage1: --windows-sysinfoext-check
2026-02-27 10:33:10 [Info] [3804] Prepare stage2
2026-02-27 10:33:13 [Info] [3804] log memory size is 30720KB, real memory size is 22808KB
2026-02-27 10:33:14 [Info] [3804] stage3: --windows-sysinfoext-check
2026-02-27 10:33:14 [Info] [3804] Loader after check
2026-02-27 10:33:14 [Warn] [3804] high cpu, cpu is 17
2026-02-27 10:33:14 [Info] [3804] try get sys version
2026-02-27 10:33:14 [Info] [3804] win sys info:2/10:0:3
2026-02-27 10:33:14 [Info] [3804] suit legal version, enable cpu control
2026-02-27 10:33:14 [Warn] [3804] High CPU Warning: 17
2026-02-27 10:33:14 [Warn] [3804] resource monitor exp type: High CPU Warning, script runing: 0
2026-02-27 10:33:15 [Info] [3804] Enter reuse wait state.
2026-02-27 10:33:19 [Info] [3804] recvmsg: EXIT
2026-02-27 10:33:19 [Info] [3804] Recv Exit Msg, Exit...
2026-02-27 10:35:16 [Info] [5040] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-27 10:35:16 [Info] [5040] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap42761772159716 
2026-02-27 10:35:16 [Info] [5040] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-27 10:35:16 [Info] [5040] Resource monitor start
2026-02-27 10:35:16 [Info] [5040] ipc client init success
2026-02-27 10:35:16 [Info] [5040] Ipc init: 0
2026-02-27 10:35:16 [Info] [5040] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-27 10:35:16 [Info] [5040] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-27 10:35:16 [Info] [5040] start ipc thread id[4296]
2026-02-27 10:35:16 [Info] [5040] Connect Yundun ipc server return state is 0
2026-02-27 10:35:16 [Info] [5040] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-27 10:35:16 [Info] [5040] CResourceMonitor::run Enter
2026-02-27 10:35:16 [Info] [5040] CIpcMsgHandlerMgr::run Enter
2026-02-27 10:35:16 [Info] [5040] Report thread
2026-02-27 10:35:16 [Info] [5040] Monitor thread
2026-02-27 10:35:16 [Info] [5040] Loader thread
2026-02-27 10:35:16 [Info] [5040] PythonEngineImpl Init...
2026-02-27 10:35:16 [Info] [5040] yundun connected
2026-02-27 10:35:16 [Info] [5040] recvmsg: HELLO
2026-02-27 10:35:16 [Info] [5040] recvmsg: WORK
2026-02-27 10:35:17 [Info] [5040] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 10:35:17 [Info] [5040] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 10:35:17 [Info] [5040] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 10:35:17 [Info] [5040] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 10:35:17 [Info] [5040] log fd cnt is [250], real fd cnt is [282]
2026-02-27 10:35:17 [Info] [5040] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-27 10:35:17 [Info] [5040] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-27 10:35:18 [Info] [5040] log memory size is 20480KB, real memory size is 14500KB
2026-02-27 10:35:18 [Info] [5040] item: --windows-schedule-task-check
2026-02-27 10:35:18 [Info] [5040] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-02-27 10:35:18 [Info] [5040] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-02-27 10:35:18 [Info] [5040] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 10:35:18 [Info] [5040] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 10:35:18 [Info] [5040] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0
2026-02-27 10:35:18 [Info] [5040] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5
2026-02-27 10:35:19 [Info] [5040] Prepare stage1: --windows-schedule-task-check
2026-02-27 10:35:19 [Info] [5040] Prepare stage2
2026-02-27 10:35:22 [Info] [5040] log memory size is 30720KB, real memory size is 23224KB
2026-02-27 10:35:25 [Info] [1756] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-27 10:35:25 [Info] [1756] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap43051772159725 
2026-02-27 10:35:25 [Info] [1756] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-27 10:35:25 [Info] [1756] Resource monitor start
2026-02-27 10:35:25 [Info] [1756] ipc client init success
2026-02-27 10:35:25 [Info] [1756] Ipc init: 0
2026-02-27 10:35:25 [Info] [1756] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-27 10:35:25 [Info] [1756] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-27 10:35:25 [Info] [1756] start ipc thread id[2076]
2026-02-27 10:35:25 [Info] [1756] Connect Yundun ipc server return state is 0
2026-02-27 10:35:25 [Info] [1756] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-27 10:35:25 [Info] [1756] CResourceMonitor::run Enter
2026-02-27 10:35:25 [Info] [1756] CIpcMsgHandlerMgr::run Enter
2026-02-27 10:35:25 [Info] [1756] Report thread
2026-02-27 10:35:25 [Info] [1756] Monitor thread
2026-02-27 10:35:25 [Info] [1756] Loader thread
2026-02-27 10:35:25 [Info] [1756] PythonEngineImpl Init...
2026-02-27 10:35:25 [Info] [1756] yundun connected
2026-02-27 10:35:26 [Info] [1756] recvmsg: HELLO
2026-02-27 10:35:26 [Info] [1756] recvmsg: WORK
2026-02-27 10:35:26 [Info] [1756] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 10:35:26 [Info] [1756] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 10:35:26 [Info] [1756] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 10:35:26 [Info] [1756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 10:35:26 [Info] [1756] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-27 10:35:26 [Info] [1756] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-27 10:35:26 [Info] [1756] log fd cnt is [250], real fd cnt is [281]
2026-02-27 10:35:27 [Info] [1756] log memory size is 20480KB, real memory size is 14564KB
2026-02-27 10:35:27 [Info] [1756] item: --windows-registry-check
2026-02-27 10:35:27 [Info] [1756] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-02-27 10:35:27 [Info] [1756] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-02-27 10:35:27 [Info] [1756] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 10:35:27 [Info] [1756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 10:35:27 [Info] [1756] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0
2026-02-27 10:35:27 [Info] [1756] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5
2026-02-27 10:35:28 [Info] [1756] Prepare stage1: --windows-registry-check
2026-02-27 10:35:28 [Info] [1756] Prepare stage2
2026-02-27 10:35:42 [Info] [2464] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-27 10:35:42 [Info] [2464] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap43611772159742 
2026-02-27 10:35:42 [Info] [2464] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-27 10:35:42 [Info] [2464] Resource monitor start
2026-02-27 10:35:42 [Info] [2464] ipc client init success
2026-02-27 10:35:42 [Info] [2464] Ipc init: 0
2026-02-27 10:35:42 [Info] [2464] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-27 10:35:42 [Info] [2464] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-27 10:35:42 [Info] [2464] start ipc thread id[820]
2026-02-27 10:35:42 [Info] [2464] Connect Yundun ipc server return state is 0
2026-02-27 10:35:42 [Info] [2464] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-27 10:35:42 [Info] [2464] CResourceMonitor::run Enter
2026-02-27 10:35:42 [Info] [2464] CIpcMsgHandlerMgr::run Enter
2026-02-27 10:35:42 [Info] [2464] Report thread
2026-02-27 10:35:42 [Info] [2464] Monitor thread
2026-02-27 10:35:42 [Info] [2464] Loader thread
2026-02-27 10:35:42 [Info] [2464] PythonEngineImpl Init...
2026-02-27 10:35:42 [Info] [2464] yundun connected
2026-02-27 10:35:43 [Info] [2464] recvmsg: HELLO
2026-02-27 10:35:43 [Info] [2464] recvmsg: WORK
2026-02-27 10:35:43 [Info] [2464] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 10:35:43 [Info] [2464] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 10:35:43 [Info] [2464] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 10:35:43 [Info] [2464] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 10:35:43 [Info] [2464] log fd cnt is [250], real fd cnt is [282]
2026-02-27 10:35:43 [Info] [2464] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-27 10:35:43 [Info] [2464] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-27 10:35:44 [Info] [2464] log memory size is 20480KB, real memory size is 14548KB
2026-02-27 10:35:45 [Info] [2464] item: --windows-driver-version-check
2026-02-27 10:35:45 [Info] [2464] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-02-27 10:35:45 [Info] [2464] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-02-27 10:35:45 [Info] [2464] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 10:35:45 [Info] [2464] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 10:35:45 [Info] [2464] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0
2026-02-27 10:35:45 [Info] [2464] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5
2026-02-27 10:35:45 [Info] [2464] Prepare stage1: --windows-driver-version-check
2026-02-27 10:35:45 [Info] [2464] Prepare stage2
2026-02-27 10:35:45 [Info] [2464] stage3: --windows-driver-version-check
2026-02-27 10:35:45 [Info] [2464] Loader after check
2026-02-27 10:35:46 [Info] [2464] Enter reuse wait state.
2026-02-27 10:35:50 [Info] [2464] recvmsg: EXIT
2026-02-27 10:35:50 [Info] [2464] Recv Exit Msg, Exit...
2026-02-27 10:35:50 [Info] [5040] stage3: --windows-schedule-task-check
2026-02-27 10:35:50 [Info] [5040] Loader after check
2026-02-27 10:35:51 [Info] [5040] Enter reuse wait state.
2026-02-27 10:35:55 [Info] [5040] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-02-27 10:35:55 [Info] [1756] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-02-27 10:35:56 [Info] [5040] recvmsg: EXIT
2026-02-27 10:35:56 [Info] [5040] Recv Exit Msg, Exit...
2026-02-27 10:35:57 [Info] [1756] stage3: --windows-registry-check
2026-02-27 10:35:57 [Info] [1756] Loader after check
2026-02-27 10:35:58 [Info] [1756] Enter reuse wait state.
2026-02-27 10:36:02 [Info] [1756] recvmsg: EXIT
2026-02-27 10:36:02 [Info] [1756] Recv Exit Msg, Exit...
2026-02-27 11:03:22 [Info] [4488] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-27 11:03:22 [Info] [4488] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap97811772161402 
2026-02-27 11:03:22 [Info] [4488] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-27 11:03:22 [Info] [4488] Resource monitor start
2026-02-27 11:03:22 [Info] [4488] ipc client init success
2026-02-27 11:03:22 [Info] [4488] Ipc init: 0
2026-02-27 11:03:22 [Info] [4488] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-27 11:03:22 [Info] [4488] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-27 11:03:22 [Info] [4488] start ipc thread id[2524]
2026-02-27 11:03:22 [Info] [4488] Connect Yundun ipc server return state is 0
2026-02-27 11:03:22 [Info] [4488] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-27 11:03:22 [Info] [4488] CResourceMonitor::run Enter
2026-02-27 11:03:22 [Info] [4488] CIpcMsgHandlerMgr::run Enter
2026-02-27 11:03:22 [Info] [4488] Report thread
2026-02-27 11:03:22 [Info] [4488] Monitor thread
2026-02-27 11:03:22 [Info] [4488] Loader thread
2026-02-27 11:03:22 [Info] [4488] PythonEngineImpl Init...
2026-02-27 11:03:22 [Info] [4488] yundun connected
2026-02-27 11:03:23 [Info] [4488] recvmsg: HELLO
2026-02-27 11:03:23 [Info] [4488] recvmsg: WORK
2026-02-27 11:03:23 [Info] [4488] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 11:03:23 [Info] [4488] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 11:03:23 [Info] [4488] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 11:03:23 [Info] [4488] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 11:03:23 [Info] [4488] log fd cnt is [250], real fd cnt is [282]
2026-02-27 11:03:23 [Info] [4488] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-27 11:03:23 [Info] [4488] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-27 11:03:24 [Info] [4488] log memory size is 20480KB, real memory size is 14564KB
2026-02-27 11:03:25 [Info] [4488] item: --tcp-connect-check
2026-02-27 11:03:25 [Info] [4488] cgroup name aegisRtap0
2026-02-27 11:03:25 [Info] [4488] try get sys version
2026-02-27 11:03:25 [Info] [4488] win sys info:2/10:0:3
2026-02-27 11:03:25 [Info] [4488] suit legal version, enable cpu control
2026-02-27 11:03:25 [Info] [4488] get AssignProcessToJobObject handle [00000478]
2026-02-27 11:03:25 [Info] [4488] Set setJobExtended.
2026-02-27 11:03:25 [Info] [4488] Set cpu [9%]
2026-02-27 11:03:25 [Info] [4488] Set cpu success
2026-02-27 11:03:25 [Info] [4488] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-02-27 11:03:25 [Info] [4488] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-02-27 11:03:25 [Info] [4488] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 11:03:25 [Info] [4488] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 11:03:25 [Info] [4488] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0
2026-02-27 11:03:25 [Info] [4488] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5
2026-02-27 11:03:25 [Info] [4488] Prepare stage1: --tcp-connect-check
2026-02-27 11:03:25 [Info] [4488] Prepare stage2
2026-02-27 11:03:28 [Info] [4488] stage3: --tcp-connect-check
2026-02-27 11:03:28 [Info] [4488] Loader after check
2026-02-27 11:03:29 [Info] [4488] Enter reuse wait state.
2026-02-27 11:03:34 [Info] [4488] recvmsg: EXIT
2026-02-27 11:03:34 [Info] [4488] Recv Exit Msg, Exit...
2026-02-27 11:12:34 [Info] [544] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-27 11:12:34 [Info] [544] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap115841772161954 
2026-02-27 11:12:34 [Info] [544] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-27 11:12:34 [Info] [544] Resource monitor start
2026-02-27 11:12:34 [Info] [544] ipc client init success
2026-02-27 11:12:34 [Info] [544] Ipc init: 0
2026-02-27 11:12:34 [Info] [544] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-27 11:12:34 [Info] [544] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-27 11:12:34 [Info] [544] start ipc thread id[3140]
2026-02-27 11:12:34 [Info] [544] Connect Yundun ipc server return state is 0
2026-02-27 11:12:34 [Info] [544] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-27 11:12:34 [Info] [544] CResourceMonitor::run Enter
2026-02-27 11:12:34 [Info] [544] CIpcMsgHandlerMgr::run Enter
2026-02-27 11:12:34 [Info] [544] Report thread
2026-02-27 11:12:34 [Info] [544] Monitor thread
2026-02-27 11:12:34 [Info] [544] Loader thread
2026-02-27 11:12:34 [Info] [544] PythonEngineImpl Init...
2026-02-27 11:12:34 [Info] [544] yundun connected
2026-02-27 11:12:34 [Info] [544] recvmsg: HELLO
2026-02-27 11:12:34 [Info] [544] recvmsg: WORK
2026-02-27 11:12:34 [Info] [544] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 11:12:34 [Info] [544] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 11:12:34 [Info] [544] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 11:12:35 [Info] [544] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 11:12:35 [Info] [544] log fd cnt is [250], real fd cnt is [282]
2026-02-27 11:12:35 [Info] [544] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-27 11:12:35 [Info] [544] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-27 11:12:36 [Info] [544] log memory size is 20480KB, real memory size is 14552KB
2026-02-27 11:12:36 [Info] [544] item: --windows-autorun-item-check
2026-02-27 11:12:36 [Info] [544] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-02-27 11:12:36 [Info] [544] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-02-27 11:12:36 [Info] [544] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 11:12:36 [Info] [544] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 11:12:36 [Info] [544] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0
2026-02-27 11:12:36 [Info] [544] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5
2026-02-27 11:12:36 [Info] [544] Prepare stage1: --windows-autorun-item-check
2026-02-27 11:12:36 [Info] [544] Prepare stage2
2026-02-27 11:12:40 [Info] [544] log memory size is 30720KB, real memory size is 22264KB
2026-02-27 11:12:46 [Info] [544] stage3: --windows-autorun-item-check
2026-02-27 11:12:46 [Info] [544] Loader after check
2026-02-27 11:12:47 [Info] [544] Enter reuse wait state.
2026-02-27 11:12:50 [Info] [544] recvmsg: EXIT
2026-02-27 11:12:50 [Info] [544] Recv Exit Msg, Exit...
2026-02-27 15:01:06 [Info] [708] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-27 15:01:06 [Info] [708] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap235901772175665 
2026-02-27 15:01:06 [Info] [708] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-27 15:01:06 [Info] [708] Resource monitor start
2026-02-27 15:01:06 [Info] [708] ipc client init success
2026-02-27 15:01:06 [Info] [708] Ipc init: 0
2026-02-27 15:01:06 [Info] [708] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-27 15:01:06 [Info] [708] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-27 15:01:06 [Info] [708] start ipc thread id[4664]
2026-02-27 15:01:06 [Info] [708] Connect Yundun ipc server return state is 0
2026-02-27 15:01:06 [Info] [708] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-27 15:01:06 [Info] [708] CResourceMonitor::run Enter
2026-02-27 15:01:06 [Info] [708] CIpcMsgHandlerMgr::run Enter
2026-02-27 15:01:06 [Info] [708] yundun connected
2026-02-27 15:01:06 [Info] [708] Report thread
2026-02-27 15:01:06 [Info] [708] Monitor thread
2026-02-27 15:01:06 [Info] [708] Loader thread
2026-02-27 15:01:06 [Info] [708] PythonEngineImpl Init...
2026-02-27 15:01:07 [Info] [708] recvmsg: HELLO
2026-02-27 15:01:07 [Info] [708] recvmsg: WORK
2026-02-27 15:01:08 [Info] [708] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-02-27 15:01:08 [Info] [708] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 15:01:08 [Info] [708] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 15:01:08 [Info] [708] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 15:01:08 [Info] [708] log fd cnt is [250], real fd cnt is [264]
2026-02-27 15:01:08 [Info] [708] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 15:01:09 [Info] [708] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-27 15:01:09 [Info] [708] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-27 15:01:09 [Info] [708] log memory size is 20480KB, real memory size is 14328KB
2026-02-27 15:01:11 [Info] [708] item: --amsi_clean
2026-02-27 15:01:11 [Info] [708] cgroup name aegisRtap0
2026-02-27 15:01:11 [Info] [708] try get sys version
2026-02-27 15:01:11 [Info] [708] win sys info:2/10:0:3
2026-02-27 15:01:11 [Info] [708] suit legal version, enable cpu control
2026-02-27 15:01:11 [Info] [708] get AssignProcessToJobObject handle [00000478]
2026-02-27 15:01:11 [Info] [708] Set setJobExtended.
2026-02-27 15:01:11 [Info] [708] Set cpu [9%]
2026-02-27 15:01:11 [Info] [708] Set cpu success
2026-02-27 15:01:11 [Info] [708] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/amsi_clean.py.md5
2026-02-27 15:01:11 [Info] [708] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/amsi_clean.py.md5
2026-02-27 15:01:11 [Info] [708] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 15:01:11 [Info] [708] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 15:01:11 [Info] [708] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/plugin/amsi_clean.py.md5, http code : 200, curl ret : 0
2026-02-27 15:01:11 [Info] [708] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/plugin/amsi_clean.py.md5
2026-02-27 15:01:11 [Info] [708] Prepare stage1: --amsi_clean
2026-02-27 15:01:11 [Info] [708] Prepare stage2
2026-02-27 15:01:11 [Info] [708] stage3: --amsi_clean
2026-02-27 15:01:11 [Info] [708] Loader after check
2026-02-27 15:01:12 [Info] [708] Enter reuse wait state.
2026-02-27 15:01:18 [Info] [708] recvmsg: EXIT
2026-02-27 15:01:18 [Info] [708] Recv Exit Msg, Exit...
2026-02-27 16:02:36 [Info] [3716] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-27 16:02:36 [Info] [3716] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap28301772179342 
2026-02-27 16:02:36 [Info] [3716] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-27 16:02:36 [Info] [3716] Resource monitor start
2026-02-27 16:02:36 [Info] [3716] ipc client init success
2026-02-27 16:02:36 [Info] [3716] Ipc init: 0
2026-02-27 16:02:36 [Info] [3716] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-27 16:02:36 [Info] [3716] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-27 16:02:41 [Info] [3716] start ipc thread id[972]
2026-02-27 16:02:41 [Info] [3716] Connect Yundun ipc server return state is 0
2026-02-27 16:02:41 [Info] [3716] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-27 16:02:41 [Info] [3716] CResourceMonitor::run Enter
2026-02-27 16:02:41 [Info] [3716] CIpcMsgHandlerMgr::run Enter
2026-02-27 16:02:42 [Info] [3716] yundun connected
2026-02-27 16:02:42 [Info] [3716] Report thread
2026-02-27 16:02:42 [Info] [3716] Monitor thread
2026-02-27 16:02:42 [Info] [3716] Loader thread
2026-02-27 16:02:42 [Info] [3716] PythonEngineImpl Init...
2026-02-27 16:02:42 [Info] [3716] log fd cnt is [250], real fd cnt is [261]
2026-02-27 16:02:42 [Info] [3716] recvmsg: HELLO
2026-02-27 16:02:42 [Info] [3716] recvmsg: WORK
2026-02-27 16:02:42 [Info] [3716] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 16:02:42 [Info] [3716] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 16:02:42 [Info] [3716] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 16:02:43 [Info] [3716] log memory size is 20480KB, real memory size is 13404KB
2026-02-27 16:02:43 [Info] [3716] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 16:02:44 [Info] [3716] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-27 16:02:44 [Info] [3716] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-27 16:02:45 [Info] [3716] item: --windows-sysinfoext-check
2026-02-27 16:02:45 [Info] [3716] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-27 16:02:45 [Info] [3716] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-27 16:02:45 [Info] [3716] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 16:02:46 [Info] [3716] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 16:02:46 [Info] [3716] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-02-27 16:02:46 [Info] [3716] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-27 16:02:46 [Info] [3716] Prepare stage1: --windows-sysinfoext-check
2026-02-27 16:02:46 [Info] [3716] Prepare stage2
2026-02-27 16:02:47 [Info] [3716] log memory size is 30720KB, real memory size is 22748KB
2026-02-27 16:02:48 [Info] [3716] stage3: --windows-sysinfoext-check
2026-02-27 16:02:48 [Info] [3716] Loader after check
2026-02-27 16:02:48 [Warn] [3716] high cpu, cpu is 18
2026-02-27 16:02:48 [Info] [3716] try get sys version
2026-02-27 16:02:48 [Info] [3716] win sys info:2/10:0:3
2026-02-27 16:02:48 [Info] [3716] suit legal version, enable cpu control
2026-02-27 16:02:48 [Warn] [3716] High CPU Warning: 18
2026-02-27 16:02:48 [Warn] [3716] resource monitor exp type: High CPU Warning, script runing: 0
2026-02-27 16:02:49 [Info] [3716] Enter reuse wait state.
2026-02-27 16:02:52 [Info] [3716] recvmsg: EXIT
2026-02-27 16:02:52 [Info] [3716] Recv Exit Msg, Exit...
2026-02-27 21:05:05 [Info] [1588] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-27 21:05:05 [Info] [1588] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap293751772197505 
2026-02-27 21:05:05 [Info] [1588] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-27 21:05:05 [Info] [1588] Resource monitor start
2026-02-27 21:05:05 [Info] [1588] ipc client init success
2026-02-27 21:05:05 [Info] [1588] Ipc init: 0
2026-02-27 21:05:05 [Info] [1588] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-27 21:05:05 [Info] [1588] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-27 21:05:05 [Info] [1588] start ipc thread id[2912]
2026-02-27 21:05:05 [Info] [1588] Connect Yundun ipc server return state is 0
2026-02-27 21:05:05 [Info] [1588] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-27 21:05:05 [Info] [1588] CResourceMonitor::run Enter
2026-02-27 21:05:05 [Info] [1588] CIpcMsgHandlerMgr::run Enter
2026-02-27 21:05:05 [Info] [1588] yundun connected
2026-02-27 21:05:05 [Info] [1588] Report thread
2026-02-27 21:05:05 [Info] [1588] Monitor thread
2026-02-27 21:05:05 [Info] [1588] Loader thread
2026-02-27 21:05:05 [Info] [1588] PythonEngineImpl Init...
2026-02-27 21:05:06 [Info] [1588] recvmsg: HELLO
2026-02-27 21:05:07 [Info] [1588] log fd cnt is [250], real fd cnt is [263]
2026-02-27 21:05:07 [Info] [1588] recvmsg: WORK
2026-02-27 21:05:07 [Info] [1588] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 21:05:07 [Info] [1588] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 21:05:07 [Info] [1588] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 21:05:08 [Info] [1588] log memory size is 20480KB, real memory size is 13436KB
2026-02-27 21:05:09 [Info] [1588] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 21:05:09 [Info] [1588] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-27 21:05:09 [Info] [1588] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-27 21:05:14 [Info] [1588] item: --secnet_rasp_agent
2026-02-27 21:05:14 [Info] [1588] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-02-27 21:05:14 [Info] [1588] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-02-27 21:05:14 [Info] [1588] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-02-27 21:05:15 [Info] [1588] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-02-27 21:05:15 [Info] [1588] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-02-27 21:05:16 [Info] [1588] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-02-27 21:05:16 [Info] [1588] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-02-27 21:05:16 [Info] [1588] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-02-27 21:05:16 [Info] [1588] Download redirect files success.
2026-02-27 21:05:16 [Info] [1588] Prepare stage1: --secnet_rasp_agent
2026-02-27 21:05:16 [Info] [1588] Prepare stage2
2026-02-27 21:05:17 [Info] [1588] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-02-27 21:05:17 [Info] [1588] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-02-27 21:05:17 [Info] [1588] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 21:05:17 [Info] [1588] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 21:05:18 [Info] [1588] log memory size is 30720KB, real memory size is 21188KB
2026-02-27 21:05:18 [Info] [1588] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-02-27 21:05:18 [Info] [1588] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-02-27 21:05:18 [Info] [1588] stage3: --secnet_rasp_agent
2026-02-27 21:05:18 [Info] [1588] Loader after check
2026-02-27 21:05:19 [Info] [1588] Enter reuse wait state.
2026-02-27 21:05:21 [Info] [1588] recvmsg: EXIT
2026-02-27 21:05:21 [Info] [1588] Recv Exit Msg, Exit...
2026-02-27 21:31:51 [Info] [3960] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-02-27 21:31:51 [Info] [3960] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap18221772199102 
2026-02-27 21:31:51 [Info] [3960] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-02-27 21:31:51 [Info] [3960] Resource monitor start
2026-02-27 21:31:51 [Info] [3960] ipc client init success
2026-02-27 21:31:51 [Info] [3960] Ipc init: 0
2026-02-27 21:31:51 [Info] [3960] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-02-27 21:31:51 [Info] [3960] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-02-27 21:31:51 [Info] [3960] start ipc thread id[2216]
2026-02-27 21:31:51 [Info] [3960] Connect Yundun ipc server return state is 0
2026-02-27 21:31:51 [Info] [3960] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-02-27 21:31:51 [Info] [3960] CResourceMonitor::run Enter
2026-02-27 21:31:51 [Info] [3960] CIpcMsgHandlerMgr::run Enter
2026-02-27 21:31:51 [Info] [3960] yundun connected
2026-02-27 21:31:51 [Info] [3960] Report thread
2026-02-27 21:31:51 [Info] [3960] Monitor thread
2026-02-27 21:31:51 [Info] [3960] Loader thread
2026-02-27 21:31:51 [Info] [3960] PythonEngineImpl Init...
2026-02-27 21:31:52 [Info] [3960] recvmsg: HELLO
2026-02-27 21:31:52 [Info] [3960] recvmsg: WORK
2026-02-27 21:31:53 [Info] [3960] log fd cnt is [250], real fd cnt is [263]
2026-02-27 21:31:53 [Info] [3960] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 21:31:53 [Info] [3960] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-02-27 21:31:53 [Info] [3960] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 21:31:53 [Info] [3960] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 21:31:53 [Info] [3960] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-02-27 21:31:53 [Info] [3960] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-02-27 21:31:54 [Info] [3960] log memory size is 20480KB, real memory size is 14360KB
2026-02-27 21:31:55 [Info] [3960] item: --windows-sysinfoext-check
2026-02-27 21:31:55 [Info] [3960] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-27 21:31:55 [Info] [3960] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-27 21:31:55 [Info] [3960] start post buffer update.aegis.aliyun.com/file_policy/file
2026-02-27 21:31:55 [Info] [3960] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-02-27 21:31:55 [Info] [3960] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-02-27 21:31:55 [Info] [3960] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-02-27 21:31:55 [Info] [3960] Prepare stage1: --windows-sysinfoext-check
2026-02-27 21:31:55 [Info] [3960] Prepare stage2
2026-02-27 21:31:57 [Info] [3960] stage3: --windows-sysinfoext-check
2026-02-27 21:31:57 [Info] [3960] Loader after check
2026-02-27 21:31:58 [Info] [3960] log memory size is 30720KB, real memory size is 22872KB
2026-02-27 21:31:58 [Info] [3960] Enter reuse wait state.
2026-02-27 21:32:02 [Info] [3960] recvmsg: EXIT
2026-02-27 21:32:02 [Info] [3960] Recv Exit Msg, Exit...
2026-03-06 01:36:19 [Info] [1892] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-06 01:36:19 [Info] [1892] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap58541772732158 
2026-03-06 01:36:19 [Info] [1892] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-06 01:36:19 [Info] [1892] Resource monitor start
2026-03-06 01:36:19 [Info] [1892] ipc client init success
2026-03-06 01:36:19 [Info] [1892] Ipc init: 0
2026-03-06 01:36:19 [Info] [1892] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-06 01:36:19 [Info] [1892] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-06 01:36:19 [Info] [1892] CResourceMonitor::run Enter
2026-03-06 01:36:19 [Info] [1892] CIpcMsgHandlerMgr::run Enter
2026-03-06 01:36:19 [Info] [1892] start ipc thread id[2464]
2026-03-06 01:36:19 [Info] [1892] Connect Yundun ipc server return state is 0
2026-03-06 01:36:20 [Info] [1892] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-06 01:36:20 [Info] [1892] yundun connected
2026-03-06 01:36:20 [Info] [1892] Report thread
2026-03-06 01:36:20 [Info] [1892] Monitor thread
2026-03-06 01:36:20 [Info] [1892] Loader thread
2026-03-06 01:36:20 [Info] [1892] PythonEngineImpl Init...
2026-03-06 01:36:20 [Info] [1892] recvmsg: HELLO
2026-03-06 01:36:20 [Info] [1892] recvmsg: WORK
2026-03-06 01:36:20 [Info] [1892] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 01:36:20 [Info] [1892] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 01:36:20 [Info] [1892] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 01:36:20 [Info] [1892] log fd cnt is [250], real fd cnt is [282]
2026-03-06 01:36:20 [Info] [1892] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 01:36:20 [Info] [1892] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-06 01:36:20 [Info] [1892] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-06 01:36:21 [Info] [1892] log memory size is 20480KB, real memory size is 14544KB
2026-03-06 01:36:22 [Info] [1892] item: --windows-sysinfoext-check
2026-03-06 01:36:22 [Info] [1892] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-06 01:36:22 [Info] [1892] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-06 01:36:22 [Info] [1892] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 01:36:22 [Info] [1892] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 01:36:22 [Info] [1892] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-06 01:36:22 [Info] [1892] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-06 01:36:22 [Info] [1892] Prepare stage1: --windows-sysinfoext-check
2026-03-06 01:36:22 [Info] [1892] Prepare stage2
2026-03-06 01:36:25 [Info] [1892] stage3: --windows-sysinfoext-check
2026-03-06 01:36:25 [Info] [1892] Loader after check
2026-03-06 01:36:25 [Info] [1892] log memory size is 30720KB, real memory size is 22908KB
2026-03-06 01:36:26 [Info] [1892] Enter reuse wait state.
2026-03-06 01:36:31 [Info] [1892] recvmsg: EXIT
2026-03-06 01:36:31 [Info] [1892] Recv Exit Msg, Exit...
2026-03-06 07:05:12 [Info] [2708] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-06 07:05:12 [Info] [2708] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap48001772751904 
2026-03-06 07:05:12 [Info] [2708] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-06 07:05:17 [Info] [2708] Resource monitor start
2026-03-06 07:05:17 [Info] [2708] ipc client init success
2026-03-06 07:05:17 [Info] [2708] Ipc init: 0
2026-03-06 07:05:17 [Info] [2708] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-06 07:05:17 [Info] [2708] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-06 07:05:21 [Info] [2708] start ipc thread id[2808]
2026-03-06 07:05:21 [Info] [2708] Connect Yundun ipc server return state is 0
2026-03-06 07:05:21 [Info] [2708] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-06 07:05:21 [Info] [2708] CResourceMonitor::run Enter
2026-03-06 07:05:21 [Info] [2708] CIpcMsgHandlerMgr::run Enter
2026-03-06 07:05:21 [Info] [2708] Report thread
2026-03-06 07:05:21 [Info] [2708] Monitor thread
2026-03-06 07:05:21 [Info] [2708] Loader thread
2026-03-06 07:05:21 [Info] [2708] PythonEngineImpl Init...
2026-03-06 07:05:22 [Info] [2708] yundun connected
2026-03-06 07:05:22 [Info] [2708] log fd cnt is [250], real fd cnt is [261]
2026-03-06 07:05:22 [Info] [2708] recvmsg: HELLO
2026-03-06 07:05:22 [Info] [2708] recvmsg: WORK
2026-03-06 07:05:22 [Info] [2708] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 07:05:22 [Info] [2708] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 07:05:22 [Info] [2708] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 07:05:23 [Info] [2708] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 07:05:23 [Info] [2708] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-06 07:05:23 [Info] [2708] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-06 07:05:23 [Info] [2708] log memory size is 20480KB, real memory size is 14320KB
2026-03-06 07:05:24 [Info] [2708] item: --windows-sysinfoext-check
2026-03-06 07:05:24 [Info] [2708] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-06 07:05:24 [Info] [2708] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-06 07:05:24 [Info] [2708] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 07:05:24 [Info] [2708] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 07:05:24 [Info] [2708] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-06 07:05:24 [Info] [2708] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-06 07:05:24 [Info] [2708] Prepare stage1: --windows-sysinfoext-check
2026-03-06 07:05:24 [Info] [2708] Prepare stage2
2026-03-06 07:05:26 [Info] [2708] stage3: --windows-sysinfoext-check
2026-03-06 07:05:26 [Info] [2708] Loader after check
2026-03-06 07:05:26 [Warn] [2708] high cpu, cpu is 13
2026-03-06 07:05:26 [Info] [2708] try get sys version
2026-03-06 07:05:26 [Info] [2708] win sys info:2/10:0:3
2026-03-06 07:05:26 [Info] [2708] suit legal version, enable cpu control
2026-03-06 07:05:26 [Warn] [2708] High CPU Warning: 13
2026-03-06 07:05:26 [Warn] [2708] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-06 07:05:27 [Info] [2708] Enter reuse wait state.
2026-03-06 07:05:27 [Info] [2708] log memory size is 30720KB, real memory size is 22952KB
2026-03-06 07:05:32 [Info] [2708] recvmsg: EXIT
2026-03-06 07:05:32 [Info] [2708] Recv Exit Msg, Exit...
2026-03-06 07:55:52 [Info] [1956] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-06 07:55:52 [Info] [1956] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap147511772754951 
2026-03-06 07:55:52 [Info] [1956] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-06 07:55:52 [Info] [1956] Resource monitor start
2026-03-06 07:55:52 [Info] [1956] ipc client init success
2026-03-06 07:55:52 [Info] [1956] Ipc init: 0
2026-03-06 07:55:52 [Info] [1956] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-06 07:55:52 [Info] [1956] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-06 07:55:52 [Info] [1956] start ipc thread id[2464]
2026-03-06 07:55:52 [Info] [1956] Connect Yundun ipc server return state is 0
2026-03-06 07:55:52 [Info] [1956] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-06 07:55:52 [Info] [1956] CResourceMonitor::run Enter
2026-03-06 07:55:52 [Info] [1956] CIpcMsgHandlerMgr::run Enter
2026-03-06 07:55:52 [Info] [1956] Report thread
2026-03-06 07:55:52 [Info] [1956] Monitor thread
2026-03-06 07:55:52 [Info] [1956] Loader thread
2026-03-06 07:55:52 [Info] [1956] PythonEngineImpl Init...
2026-03-06 07:55:52 [Info] [1956] yundun connected
2026-03-06 07:55:52 [Info] [1956] recvmsg: HELLO
2026-03-06 07:55:53 [Info] [1956] recvmsg: WORK
2026-03-06 07:55:53 [Info] [1956] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 07:55:53 [Info] [1956] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 07:55:53 [Info] [1956] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 07:55:53 [Info] [1956] log fd cnt is [250], real fd cnt is [264]
2026-03-06 07:55:53 [Info] [1956] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 07:55:53 [Info] [1956] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-06 07:55:53 [Info] [1956] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-06 07:55:54 [Info] [1956] log memory size is 20480KB, real memory size is 14464KB
2026-03-06 07:55:54 [Info] [1956] item: --windows-vul-clean
2026-03-06 07:55:54 [Info] [1956] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-06 07:55:54 [Info] [1956] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-06 07:55:54 [Info] [1956] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 07:55:54 [Info] [1956] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 07:55:55 [Info] [1956] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0
2026-03-06 07:55:55 [Info] [1956] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5
2026-03-06 07:55:55 [Info] [1956] Prepare stage1: --windows-vul-clean
2026-03-06 07:55:55 [Info] [1956] Prepare stage2
2026-03-06 07:55:55 [Info] [1956] stage3: --windows-vul-clean
2026-03-06 07:55:55 [Info] [1956] Loader after check
2026-03-06 07:55:56 [Info] [1956] Enter reuse wait state.
2026-03-06 07:55:59 [Info] [1956] recvmsg: EXIT
2026-03-06 07:55:59 [Info] [1956] Recv Exit Msg, Exit...
2026-03-06 09:00:14 [Info] [2464] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-06 09:00:14 [Info] [2464] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap273661772758814 
2026-03-06 09:00:14 [Info] [2464] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-06 09:00:14 [Info] [2464] Resource monitor start
2026-03-06 09:00:14 [Info] [2464] ipc client init success
2026-03-06 09:00:14 [Info] [2464] Ipc init: 0
2026-03-06 09:00:14 [Info] [2464] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-06 09:00:14 [Info] [2464] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-06 09:00:14 [Info] [2464] start ipc thread id[4544]
2026-03-06 09:00:14 [Info] [2464] Connect Yundun ipc server return state is 0
2026-03-06 09:00:14 [Info] [2464] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-06 09:00:14 [Info] [2464] CResourceMonitor::run Enter
2026-03-06 09:00:14 [Info] [2464] CIpcMsgHandlerMgr::run Enter
2026-03-06 09:00:14 [Info] [2464] Report thread
2026-03-06 09:00:14 [Info] [2464] Monitor thread
2026-03-06 09:00:14 [Info] [2464] Loader thread
2026-03-06 09:00:14 [Info] [2464] PythonEngineImpl Init...
2026-03-06 09:00:14 [Info] [2464] yundun connected
2026-03-06 09:00:15 [Info] [2464] recvmsg: HELLO
2026-03-06 09:00:15 [Info] [2464] log fd cnt is [250], real fd cnt is [263]
2026-03-06 09:00:15 [Info] [2464] recvmsg: WORK
2026-03-06 09:00:15 [Info] [2464] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 09:00:15 [Info] [2464] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 09:00:15 [Info] [2464] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 09:00:15 [Info] [2464] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 09:00:16 [Info] [2464] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-06 09:00:16 [Info] [2464] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-06 09:00:16 [Info] [2464] log memory size is 20480KB, real memory size is 14268KB
2026-03-06 09:00:17 [Info] [2464] item: --windows-process-check
2026-03-06 09:00:17 [Info] [2464] cgroup name aegisRtap0
2026-03-06 09:00:17 [Info] [2464] try get sys version
2026-03-06 09:00:17 [Info] [2464] win sys info:2/10:0:3
2026-03-06 09:00:17 [Info] [2464] suit legal version, enable cpu control
2026-03-06 09:00:17 [Info] [2464] get AssignProcessToJobObject handle [00000478]
2026-03-06 09:00:17 [Info] [2464] Set setJobExtended.
2026-03-06 09:00:17 [Info] [2464] Set cpu [9%]
2026-03-06 09:00:17 [Info] [2464] Set cpu success
2026-03-06 09:00:17 [Info] [2464] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-06 09:00:17 [Info] [2464] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-06 09:00:17 [Info] [2464] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 09:00:17 [Info] [2464] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 09:00:17 [Info] [2464] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0
2026-03-06 09:00:17 [Info] [2464] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5
2026-03-06 09:00:17 [Info] [2464] Prepare stage1: --windows-process-check
2026-03-06 09:00:17 [Info] [2464] Prepare stage2
2026-03-06 09:00:36 [Info] [2464] stage3: --windows-process-check
2026-03-06 09:00:36 [Info] [2464] Loader after check
2026-03-06 09:00:37 [Info] [2464] Enter reuse wait state.
2026-03-06 09:00:42 [Info] [2464] recvmsg: EXIT
2026-03-06 09:00:42 [Info] [2464] Recv Exit Msg, Exit...
2026-03-06 10:35:03 [Info] [3124] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-06 10:35:03 [Info] [3124] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap131761772764503 
2026-03-06 10:35:03 [Info] [3124] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-06 10:35:03 [Info] [3124] Resource monitor start
2026-03-06 10:35:03 [Info] [3124] ipc client init success
2026-03-06 10:35:03 [Info] [3124] Ipc init: 0
2026-03-06 10:35:03 [Info] [3124] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-06 10:35:03 [Info] [3124] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-06 10:35:03 [Info] [3124] start ipc thread id[1916]
2026-03-06 10:35:03 [Info] [3124] Connect Yundun ipc server return state is 0
2026-03-06 10:35:03 [Info] [3124] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-06 10:35:03 [Info] [3124] CIpcMsgHandlerMgr::run Enter
2026-03-06 10:35:03 [Info] [3124] CResourceMonitor::run Enter
2026-03-06 10:35:03 [Info] [3124] Report thread
2026-03-06 10:35:03 [Info] [3124] Monitor thread
2026-03-06 10:35:03 [Info] [3124] Loader thread
2026-03-06 10:35:03 [Info] [3124] PythonEngineImpl Init...
2026-03-06 10:35:03 [Info] [3124] yundun connected
2026-03-06 10:35:03 [Info] [3124] recvmsg: HELLO
2026-03-06 10:35:03 [Info] [3124] recvmsg: WORK
2026-03-06 10:35:03 [Info] [3124] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 10:35:03 [Info] [3124] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 10:35:03 [Info] [3124] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 10:35:04 [Info] [3124] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 10:35:04 [Info] [3124] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-06 10:35:04 [Info] [3124] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-06 10:35:04 [Info] [3124] log fd cnt is [250], real fd cnt is [281]
2026-03-06 10:35:05 [Info] [3124] log memory size is 20480KB, real memory size is 14508KB
2026-03-06 10:35:05 [Info] [3124] item: --windows-driver-version-check
2026-03-06 10:35:05 [Info] [3124] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-06 10:35:05 [Info] [3124] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-06 10:35:05 [Info] [3124] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 10:35:05 [Info] [3124] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 10:35:05 [Info] [3124] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0
2026-03-06 10:35:05 [Info] [3124] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5
2026-03-06 10:35:06 [Info] [3124] Prepare stage1: --windows-driver-version-check
2026-03-06 10:35:06 [Info] [3124] Prepare stage2
2026-03-06 10:35:06 [Info] [3124] stage3: --windows-driver-version-check
2026-03-06 10:35:06 [Info] [3124] Loader after check
2026-03-06 10:35:07 [Info] [3124] Enter reuse wait state.
2026-03-06 10:35:09 [Info] [3124] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-06 10:35:10 [Info] [3124] recvmsg: EXIT
2026-03-06 10:35:10 [Info] [3124] Recv Exit Msg, Exit...
2026-03-06 10:47:48 [Info] [3256] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-06 10:47:48 [Info] [3256] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap156741772765268 
2026-03-06 10:47:48 [Info] [3256] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-06 10:47:48 [Info] [3256] Resource monitor start
2026-03-06 10:47:48 [Info] [3256] ipc client init success
2026-03-06 10:47:48 [Info] [3256] Ipc init: 0
2026-03-06 10:47:48 [Info] [3256] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-06 10:47:48 [Info] [3256] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-06 10:47:48 [Info] [3256] start ipc thread id[4352]
2026-03-06 10:47:48 [Info] [3256] Connect Yundun ipc server return state is 0
2026-03-06 10:47:48 [Info] [3256] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-06 10:47:48 [Info] [3256] CResourceMonitor::run Enter
2026-03-06 10:47:48 [Info] [3256] CIpcMsgHandlerMgr::run Enter
2026-03-06 10:47:48 [Info] [3256] Report thread
2026-03-06 10:47:48 [Info] [3256] Monitor thread
2026-03-06 10:47:48 [Info] [3256] Loader thread
2026-03-06 10:47:48 [Info] [3256] PythonEngineImpl Init...
2026-03-06 10:47:48 [Info] [3256] yundun connected
2026-03-06 10:47:49 [Info] [3256] recvmsg: HELLO
2026-03-06 10:47:49 [Info] [3256] recvmsg: WORK
2026-03-06 10:47:49 [Info] [3256] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 10:47:49 [Info] [3256] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 10:47:49 [Info] [3256] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 10:47:49 [Info] [3256] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 10:47:49 [Info] [3256] log fd cnt is [250], real fd cnt is [282]
2026-03-06 10:47:49 [Info] [3256] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-06 10:47:49 [Info] [3256] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-06 10:47:50 [Info] [3256] log memory size is 20480KB, real memory size is 14556KB
2026-03-06 10:47:50 [Info] [3256] item: --windows-registry-check
2026-03-06 10:47:50 [Info] [3256] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-06 10:47:50 [Info] [3256] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-06 10:47:50 [Info] [3256] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 10:47:51 [Info] [3256] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 10:47:51 [Info] [3256] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0
2026-03-06 10:47:51 [Info] [3256] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5
2026-03-06 10:47:51 [Info] [3256] Prepare stage1: --windows-registry-check
2026-03-06 10:47:51 [Info] [3256] Prepare stage2
2026-03-06 10:48:19 [Info] [3256] stage3: --windows-registry-check
2026-03-06 10:48:19 [Info] [3256] Loader after check
2026-03-06 10:48:20 [Info] [3256] Enter reuse wait state.
2026-03-06 10:48:24 [Info] [3256] recvmsg: EXIT
2026-03-06 10:48:24 [Info] [3256] Recv Exit Msg, Exit...
2026-03-06 10:48:36 [Info] [4672] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-06 10:48:36 [Info] [4672] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap158301772765316 
2026-03-06 10:48:36 [Info] [4672] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-06 10:48:36 [Info] [4672] Resource monitor start
2026-03-06 10:48:36 [Info] [4672] ipc client init success
2026-03-06 10:48:36 [Info] [4672] Ipc init: 0
2026-03-06 10:48:36 [Info] [4672] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-06 10:48:36 [Info] [4672] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-06 10:48:36 [Info] [4672] start ipc thread id[4256]
2026-03-06 10:48:36 [Info] [4672] Connect Yundun ipc server return state is 0
2026-03-06 10:48:36 [Info] [4672] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-06 10:48:36 [Info] [4672] CResourceMonitor::run Enter
2026-03-06 10:48:36 [Info] [4672] CIpcMsgHandlerMgr::run Enter
2026-03-06 10:48:36 [Info] [4672] Report thread
2026-03-06 10:48:36 [Info] [4672] Monitor thread
2026-03-06 10:48:36 [Info] [4672] Loader thread
2026-03-06 10:48:36 [Info] [4672] PythonEngineImpl Init...
2026-03-06 10:48:36 [Info] [4672] yundun connected
2026-03-06 10:48:37 [Info] [4672] recvmsg: HELLO
2026-03-06 10:48:37 [Info] [4672] recvmsg: WORK
2026-03-06 10:48:37 [Info] [4672] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 10:48:37 [Info] [4672] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 10:48:37 [Info] [4672] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 10:48:37 [Info] [4672] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 10:48:37 [Warn] [4672] high cpu, cpu is 13
2026-03-06 10:48:37 [Info] [4672] try get sys version
2026-03-06 10:48:37 [Info] [4672] win sys info:2/10:0:3
2026-03-06 10:48:37 [Info] [4672] suit legal version, enable cpu control
2026-03-06 10:48:37 [Warn] [4672] High CPU Warning: 13
2026-03-06 10:48:37 [Warn] [4672] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-06 10:48:37 [Info] [4672] log fd cnt is [250], real fd cnt is [282]
2026-03-06 10:48:37 [Info] [4672] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-06 10:48:37 [Info] [4672] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-06 10:48:38 [Info] [4672] log memory size is 20480KB, real memory size is 14576KB
2026-03-06 10:48:38 [Info] [4672] item: --windows-schedule-task-check
2026-03-06 10:48:38 [Info] [4672] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-06 10:48:38 [Info] [4672] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-06 10:48:38 [Info] [4672] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 10:48:38 [Info] [4672] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 10:48:38 [Info] [4672] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0
2026-03-06 10:48:38 [Info] [4672] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5
2026-03-06 10:48:39 [Info] [4672] Prepare stage1: --windows-schedule-task-check
2026-03-06 10:48:39 [Info] [4672] Prepare stage2
2026-03-06 10:48:42 [Info] [4672] log memory size is 30720KB, real memory size is 23224KB
2026-03-06 10:49:09 [Info] [4672] stage3: --windows-schedule-task-check
2026-03-06 10:49:09 [Info] [4672] Loader after check
2026-03-06 10:49:10 [Info] [4672] Enter reuse wait state.
2026-03-06 10:49:12 [Info] [4672] recvmsg: EXIT
2026-03-06 10:49:12 [Info] [4672] Recv Exit Msg, Exit...
2026-03-06 11:16:04 [Info] [4488] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-06 11:16:04 [Info] [4488] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap212121772766964 
2026-03-06 11:16:04 [Info] [4488] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-06 11:16:04 [Info] [4488] Resource monitor start
2026-03-06 11:16:04 [Info] [4488] ipc client init success
2026-03-06 11:16:04 [Info] [4488] Ipc init: 0
2026-03-06 11:16:04 [Info] [4488] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-06 11:16:04 [Info] [4488] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-06 11:16:04 [Info] [4488] start ipc thread id[3176]
2026-03-06 11:16:04 [Info] [4488] Connect Yundun ipc server return state is 0
2026-03-06 11:16:04 [Info] [4488] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-06 11:16:04 [Info] [4488] CResourceMonitor::run Enter
2026-03-06 11:16:04 [Info] [4488] CIpcMsgHandlerMgr::run Enter
2026-03-06 11:16:04 [Info] [4488] Report thread
2026-03-06 11:16:04 [Info] [4488] Monitor thread
2026-03-06 11:16:04 [Info] [4488] Loader thread
2026-03-06 11:16:04 [Info] [4488] PythonEngineImpl Init...
2026-03-06 11:16:04 [Info] [4488] yundun connected
2026-03-06 11:16:05 [Info] [4488] recvmsg: HELLO
2026-03-06 11:16:05 [Info] [4488] recvmsg: WORK
2026-03-06 11:16:05 [Info] [4488] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 11:16:05 [Info] [4488] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 11:16:05 [Info] [4488] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 11:16:05 [Info] [4488] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 11:16:05 [Info] [4488] log fd cnt is [250], real fd cnt is [282]
2026-03-06 11:16:05 [Info] [4488] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-06 11:16:05 [Info] [4488] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-06 11:16:06 [Info] [4488] log memory size is 20480KB, real memory size is 14492KB
2026-03-06 11:16:06 [Info] [4488] item: --windows-autorun-item-check
2026-03-06 11:16:06 [Info] [4488] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-06 11:16:06 [Info] [4488] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-06 11:16:06 [Info] [4488] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 11:16:07 [Info] [4488] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 11:16:07 [Info] [4488] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0
2026-03-06 11:16:07 [Info] [4488] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5
2026-03-06 11:16:07 [Info] [4488] Prepare stage1: --windows-autorun-item-check
2026-03-06 11:16:07 [Info] [4488] Prepare stage2
2026-03-06 11:16:09 [Info] [4488] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-06 11:16:10 [Info] [4488] log memory size is 30720KB, real memory size is 22244KB
2026-03-06 11:16:17 [Info] [4488] stage3: --windows-autorun-item-check
2026-03-06 11:16:17 [Info] [4488] Loader after check
2026-03-06 11:16:18 [Info] [4488] Enter reuse wait state.
2026-03-06 11:16:20 [Info] [4488] recvmsg: EXIT
2026-03-06 11:16:20 [Info] [4488] Recv Exit Msg, Exit...
2026-03-06 11:42:07 [Info] [4584] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-06 11:42:07 [Info] [4584] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap263161772768527 
2026-03-06 11:42:07 [Info] [4584] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-06 11:42:07 [Info] [4584] Resource monitor start
2026-03-06 11:42:07 [Info] [4584] ipc client init success
2026-03-06 11:42:07 [Info] [4584] Ipc init: 0
2026-03-06 11:42:07 [Info] [4584] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-06 11:42:07 [Info] [4584] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-06 11:42:07 [Info] [4584] start ipc thread id[1016]
2026-03-06 11:42:07 [Info] [4584] Connect Yundun ipc server return state is 0
2026-03-06 11:42:07 [Info] [4584] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-06 11:42:07 [Info] [4584] CResourceMonitor::run Enter
2026-03-06 11:42:07 [Info] [4584] CIpcMsgHandlerMgr::run Enter
2026-03-06 11:42:07 [Info] [4584] Report thread
2026-03-06 11:42:07 [Info] [4584] Monitor thread
2026-03-06 11:42:07 [Info] [4584] Loader thread
2026-03-06 11:42:07 [Info] [4584] PythonEngineImpl Init...
2026-03-06 11:42:07 [Info] [4584] yundun connected
2026-03-06 11:42:08 [Info] [4584] recvmsg: HELLO
2026-03-06 11:42:08 [Info] [4584] recvmsg: WORK
2026-03-06 11:42:08 [Info] [4584] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 11:42:08 [Info] [4584] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 11:42:08 [Info] [4584] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 11:42:08 [Info] [4584] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 11:42:08 [Info] [4584] log fd cnt is [250], real fd cnt is [282]
2026-03-06 11:42:09 [Info] [4584] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-06 11:42:09 [Info] [4584] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-06 11:42:09 [Info] [4584] log memory size is 20480KB, real memory size is 14564KB
2026-03-06 11:42:10 [Info] [4584] item: --tcp-connect-check
2026-03-06 11:42:10 [Info] [4584] cgroup name aegisRtap0
2026-03-06 11:42:10 [Info] [4584] try get sys version
2026-03-06 11:42:10 [Info] [4584] win sys info:2/10:0:3
2026-03-06 11:42:10 [Info] [4584] suit legal version, enable cpu control
2026-03-06 11:42:10 [Info] [4584] get AssignProcessToJobObject handle [00000478]
2026-03-06 11:42:10 [Info] [4584] Set setJobExtended.
2026-03-06 11:42:10 [Info] [4584] Set cpu [9%]
2026-03-06 11:42:10 [Info] [4584] Set cpu success
2026-03-06 11:42:10 [Info] [4584] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-06 11:42:10 [Info] [4584] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-06 11:42:10 [Info] [4584] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 11:42:10 [Info] [4584] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 11:42:10 [Info] [4584] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0
2026-03-06 11:42:10 [Info] [4584] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5
2026-03-06 11:42:10 [Info] [4584] Prepare stage1: --tcp-connect-check
2026-03-06 11:42:10 [Info] [4584] Prepare stage2
2026-03-06 11:42:14 [Info] [4584] stage3: --tcp-connect-check
2026-03-06 11:42:14 [Info] [4584] Loader after check
2026-03-06 11:42:15 [Info] [4584] Enter reuse wait state.
2026-03-06 11:42:19 [Info] [4584] recvmsg: EXIT
2026-03-06 11:42:19 [Info] [4584] Recv Exit Msg, Exit...
2026-03-06 12:35:36 [Info] [3588] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-06 12:35:36 [Info] [3588] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap40011772771728 
2026-03-06 12:35:36 [Info] [3588] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-06 12:35:40 [Info] [3588] Resource monitor start
2026-03-06 12:35:40 [Info] [3588] ipc client init success
2026-03-06 12:35:40 [Info] [3588] Ipc init: 0
2026-03-06 12:35:40 [Info] [3588] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-06 12:35:40 [Info] [3588] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-06 12:35:45 [Info] [3588] CIpcMsgHandlerMgr::run Enter
2026-03-06 12:35:45 [Info] [3588] CResourceMonitor::run Enter
2026-03-06 12:35:45 [Info] [3588] start ipc thread id[1212]
2026-03-06 12:35:45 [Info] [3588] Connect Yundun ipc server return state is 0
2026-03-06 12:35:45 [Info] [3588] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-06 12:35:46 [Info] [3588] log fd cnt is [250], real fd cnt is [243]
2026-03-06 12:35:48 [Info] [3588] yundun connected
2026-03-06 12:35:48 [Info] [3588] Report thread
2026-03-06 12:35:48 [Info] [3588] Monitor thread
2026-03-06 12:35:48 [Info] [3588] Loader thread
2026-03-06 12:35:48 [Info] [3588] PythonEngineImpl Init...
2026-03-06 12:35:48 [Info] [3588] recvmsg: HELLO
2026-03-06 12:35:48 [Info] [3588] recvmsg: WORK
2026-03-06 12:35:48 [Info] [3588] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 12:35:48 [Info] [3588] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 12:35:48 [Info] [3588] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 12:35:49 [Info] [3588] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 12:35:49 [Info] [3588] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-06 12:35:49 [Info] [3588] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-06 12:35:50 [Info] [3588] item: --windows-sysinfoext-check
2026-03-06 12:35:50 [Info] [3588] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-06 12:35:50 [Info] [3588] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-06 12:35:50 [Info] [3588] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 12:35:50 [Info] [3588] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 12:35:50 [Info] [3588] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-06 12:35:50 [Info] [3588] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-06 12:35:50 [Info] [3588] Prepare stage1: --windows-sysinfoext-check
2026-03-06 12:35:50 [Info] [3588] Prepare stage2
2026-03-06 12:35:51 [Info] [3588] log memory size is 20480KB, real memory size is 22696KB
2026-03-06 12:35:55 [Info] [3588] log memory size is 30720KB, real memory size is 22696KB
2026-03-06 12:35:55 [Info] [3588] stage3: --windows-sysinfoext-check
2026-03-06 12:35:55 [Info] [3588] Loader after check
2026-03-06 12:35:56 [Warn] [3588] high cpu, cpu is 12
2026-03-06 12:35:56 [Info] [3588] try get sys version
2026-03-06 12:35:56 [Info] [3588] win sys info:2/10:0:3
2026-03-06 12:35:56 [Info] [3588] suit legal version, enable cpu control
2026-03-06 12:35:56 [Warn] [3588] High CPU Warning: 12
2026-03-06 12:35:56 [Warn] [3588] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-06 12:35:56 [Info] [3588] Enter reuse wait state.
2026-03-06 12:36:01 [Info] [3588] recvmsg: EXIT
2026-03-06 12:36:01 [Info] [3588] Recv Exit Msg, Exit...
2026-03-06 12:43:52 [Info] [4836] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-06 12:43:52 [Info] [4836] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap56471772772232 
2026-03-06 12:43:52 [Info] [4836] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-06 12:43:52 [Info] [4836] Resource monitor start
2026-03-06 12:43:52 [Info] [4836] ipc client init success
2026-03-06 12:43:52 [Info] [4836] Ipc init: 0
2026-03-06 12:43:52 [Info] [4836] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-06 12:43:52 [Info] [4836] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-06 12:43:52 [Info] [4836] start ipc thread id[4840]
2026-03-06 12:43:52 [Info] [4836] Connect Yundun ipc server return state is 0
2026-03-06 12:43:52 [Info] [4836] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-06 12:43:52 [Info] [4836] CResourceMonitor::run Enter
2026-03-06 12:43:52 [Info] [4836] CIpcMsgHandlerMgr::run Enter
2026-03-06 12:43:52 [Info] [4836] Report thread
2026-03-06 12:43:52 [Info] [4836] Monitor thread
2026-03-06 12:43:52 [Info] [4836] Loader thread
2026-03-06 12:43:52 [Info] [4836] PythonEngineImpl Init...
2026-03-06 12:43:53 [Info] [4836] yundun connected
2026-03-06 12:43:53 [Info] [4836] recvmsg: HELLO
2026-03-06 12:43:53 [Info] [4836] recvmsg: WORK
2026-03-06 12:43:53 [Info] [4836] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 12:43:53 [Info] [4836] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 12:43:53 [Info] [4836] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 12:43:53 [Info] [4836] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 12:43:54 [Info] [4836] log fd cnt is [250], real fd cnt is [282]
2026-03-06 12:43:54 [Info] [4836] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-06 12:43:54 [Info] [4836] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-06 12:43:55 [Info] [4836] log memory size is 20480KB, real memory size is 14492KB
2026-03-06 12:43:55 [Info] [4836] item: --sca
2026-03-06 12:43:55 [Info] [4836] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-06 12:43:55 [Info] [4836] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-06 12:43:55 [Info] [4836] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py
2026-03-06 12:43:55 [Info] [4836] start do http get request for update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py
2026-03-06 12:43:55 [Info] [4836] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py.md5
2026-03-06 12:43:55 [Info] [4836] start do http get request for aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py.md5
2026-03-06 12:43:56 [Info] [4836] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py.md5, http code : 200, curl ret : 0
2026-03-06 12:43:56 [Info] [4836] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py, http code : 200, curl ret : 0
2026-03-06 12:43:56 [Info] [4836] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca.py
2026-03-06 12:43:56 [Info] [4836] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py
2026-03-06 12:43:56 [Info] [4836] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py
2026-03-06 12:43:56 [Info] [4836] start do http get request for update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py
2026-03-06 12:43:56 [Info] [4836] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py.md5
2026-03-06 12:43:56 [Info] [4836] start do http get request for aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py.md5
2026-03-06 12:43:56 [Info] [4836] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py.md5, http code : 200, curl ret : 0
2026-03-06 12:43:56 [Info] [4836] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py, http code : 200, curl ret : 0
2026-03-06 12:43:56 [Info] [4836] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca_utils.py
2026-03-06 12:43:56 [Info] [4836] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py
2026-03-06 12:43:56 [Info] [4836] start do http get request for update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py
2026-03-06 12:43:57 [Info] [4836] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py.md5
2026-03-06 12:43:57 [Info] [4836] start do http get request for aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py.md5
2026-03-06 12:43:57 [Info] [4836] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py.md5, http code : 200, curl ret : 0
2026-03-06 12:43:57 [Info] [4836] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py, http code : 200, curl ret : 0
2026-03-06 12:43:57 [Info] [4836] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca_common_proc.py
2026-03-06 12:43:57 [Info] [4836] start DownLoadBuffer update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py
2026-03-06 12:43:57 [Info] [4836] start do http get request for update.aegis.aliyun.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py
2026-03-06 12:43:57 [Info] [4836] start DownLoadBuffer aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py.md5
2026-03-06 12:43:57 [Info] [4836] start do http get request for aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py.md5
2026-03-06 12:43:58 [Info] [4836] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py.md5, http code : 200, curl ret : 0
2026-03-06 12:43:58 [Info] [4836] http request success : https://aegis.alicdn.com/rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py, http code : 200, curl ret : 0
2026-03-06 12:43:58 [Info] [4836] DownLoadFile ok C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/plugin/sca_java_proc.py
2026-03-06 12:43:58 [Info] [4836] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py
2026-03-06 12:43:58 [Info] [4836] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py
2026-03-06 12:43:58 [Info] [4836] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py
2026-03-06 12:43:58 [Info] [4836] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py
2026-03-06 12:43:58 [Info] [4836] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py
2026-03-06 12:43:58 [Info] [4836] Download redirect files success.
2026-03-06 12:43:58 [Info] [4836] Prepare stage1: --sca
2026-03-06 12:43:58 [Info] [4836] Prepare stage2
2026-03-06 12:43:59 [Info] [4836] log memory size is 30720KB, real memory size is 24348KB
2026-03-06 12:44:00 [Warn] [4836] high cpu, cpu is 27
2026-03-06 12:44:00 [Info] [4836] try get sys version
2026-03-06 12:44:00 [Info] [4836] win sys info:2/10:0:3
2026-03-06 12:44:00 [Info] [4836] suit legal version, enable cpu control
2026-03-06 12:44:00 [Warn] [4836] High CPU Warning: 27
2026-03-06 12:44:00 [Warn] [4836] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:sca.py line: 197 in func: init_analyzer
File:sca.py line: 390 in func: start
2026-03-06 12:44:03 [Info] [4836] log memory size is 40960KB, real memory size is 32256KB
2026-03-06 12:44:34 [Warn] [4836] high cpu, cpu is 24
2026-03-06 12:44:34 [Warn] [4836] High CPU Warning: 24
2026-03-06 12:44:35 [Warn] [4836] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-03-06 12:44:35 [Info] [4836] stage3: --sca
2026-03-06 12:44:35 [Info] [4836] Loader after check
2026-03-06 12:44:36 [Info] [4836] Enter reuse wait state.
2026-03-06 12:44:41 [Info] [4836] recvmsg: EXIT
2026-03-06 12:44:41 [Info] [4836] Recv Exit Msg, Exit...
2026-03-06 18:04:59 [Info] [780] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-06 18:04:59 [Info] [780] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap30001772791490 
2026-03-06 18:04:59 [Info] [780] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-06 18:04:59 [Info] [780] Resource monitor start
2026-03-06 18:04:59 [Info] [780] ipc client init success
2026-03-06 18:04:59 [Info] [780] Ipc init: 0
2026-03-06 18:04:59 [Info] [780] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-06 18:04:59 [Info] [780] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-06 18:04:59 [Info] [780] start ipc thread id[3804]
2026-03-06 18:04:59 [Info] [780] Connect Yundun ipc server return state is 0
2026-03-06 18:04:59 [Info] [780] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-06 18:05:08 [Info] [780] Loader thread
2026-03-06 18:05:08 [Info] [780] PythonEngineImpl Init...
2026-03-06 18:05:08 [Info] [780] Monitor thread
2026-03-06 18:05:08 [Info] [780] Report thread
2026-03-06 18:05:08 [Info] [780] yundun connected
2026-03-06 18:05:08 [Info] [780] CIpcMsgHandlerMgr::run Enter
2026-03-06 18:05:08 [Info] [780] CResourceMonitor::run Enter
2026-03-06 18:05:08 [Info] [780] recvmsg: HELLO
2026-03-06 18:05:08 [Info] [780] recvmsg: WORK
2026-03-06 18:05:08 [Info] [780] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 18:05:08 [Info] [780] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 18:05:08 [Info] [780] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 18:05:09 [Info] [780] log fd cnt is [250], real fd cnt is [264]
2026-03-06 18:05:10 [Info] [780] log memory size is 20480KB, real memory size is 13064KB
2026-03-06 18:05:11 [Info] [780] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 18:05:11 [Info] [780] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-06 18:05:11 [Info] [780] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-06 18:05:12 [Info] [780] item: --windows-sysinfoext-check
2026-03-06 18:05:12 [Info] [780] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-06 18:05:12 [Info] [780] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-06 18:05:12 [Info] [780] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 18:05:13 [Info] [780] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 18:05:13 [Info] [780] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-06 18:05:13 [Info] [780] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-06 18:05:13 [Info] [780] Prepare stage1: --windows-sysinfoext-check
2026-03-06 18:05:13 [Info] [780] Prepare stage2
2026-03-06 18:05:13 [Warn] [780] high cpu, cpu is 12
2026-03-06 18:05:13 [Info] [780] try get sys version
2026-03-06 18:05:13 [Info] [780] win sys info:2/10:0:3
2026-03-06 18:05:13 [Info] [780] suit legal version, enable cpu control
2026-03-06 18:05:13 [Warn] [780] High CPU Warning: 12
2026-03-06 18:05:13 [Warn] [780] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:__init__.py line: 28 in func: __WrapDispatch
File:__init__.py line: 96 in func: Dispatch
File:__init__.py line: 483 in func: _get_good_single_object_
File:__init__.py line: 494 in func: _get_good_object_
File:util.py line: 84 in func: next
File:wmi.py line: 491 in func: __init__
File:wmi.py line: 781 in func: __init__
File:wmi.py line: 1156 in func: _cached_classes
File:wmi.py line: 1145 in func: __getattr__
File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion
File:windows-sysinfoext-check.py line: 168 in func: check
File:windows-sysinfoext-check.py line: 143 in func: main
File:windows-sysinfoext-check.py line: 200 in func: start
2026-03-06 18:05:14 [Info] [780] log memory size is 30720KB, real memory size is 22728KB
2026-03-06 18:05:15 [Info] [780] stage3: --windows-sysinfoext-check
2026-03-06 18:05:15 [Info] [780] Loader after check
2026-03-06 18:05:15 [Warn] [780] high cpu, cpu is 13
2026-03-06 18:05:15 [Warn] [780] High CPU Warning: 13
2026-03-06 18:05:16 [Info] [780] Enter reuse wait state.
2026-03-06 18:05:16 [Info] [780] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-06 18:05:20 [Info] [780] recvmsg: EXIT
2026-03-06 18:05:20 [Info] [780] Recv Exit Msg, Exit...
2026-03-06 18:14:07 [Info] [2756] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-06 18:14:07 [Info] [2756] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap48191772792047 
2026-03-06 18:14:07 [Info] [2756] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-06 18:14:07 [Info] [2756] Resource monitor start
2026-03-06 18:14:07 [Info] [2756] ipc client init success
2026-03-06 18:14:07 [Info] [2756] Ipc init: 0
2026-03-06 18:14:07 [Info] [2756] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-06 18:14:07 [Info] [2756] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-06 18:14:07 [Info] [2756] start ipc thread id[4768]
2026-03-06 18:14:07 [Info] [2756] Connect Yundun ipc server return state is 0
2026-03-06 18:14:07 [Info] [2756] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-06 18:14:07 [Info] [2756] CResourceMonitor::run Enter
2026-03-06 18:14:07 [Info] [2756] CIpcMsgHandlerMgr::run Enter
2026-03-06 18:14:07 [Info] [2756] Report thread
2026-03-06 18:14:07 [Info] [2756] Monitor thread
2026-03-06 18:14:07 [Info] [2756] Loader thread
2026-03-06 18:14:07 [Info] [2756] PythonEngineImpl Init...
2026-03-06 18:14:07 [Info] [2756] yundun connected
2026-03-06 18:14:08 [Info] [2756] recvmsg: HELLO
2026-03-06 18:14:08 [Info] [2756] recvmsg: WORK
2026-03-06 18:14:08 [Info] [2756] log fd cnt is [250], real fd cnt is [263]
2026-03-06 18:14:09 [Info] [2756] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 18:14:09 [Info] [2756] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 18:14:09 [Info] [2756] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 18:14:09 [Info] [2756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 18:14:09 [Info] [2756] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-06 18:14:09 [Info] [2756] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-06 18:14:10 [Info] [2756] log memory size is 20480KB, real memory size is 14412KB
2026-03-06 18:14:12 [Info] [2756] item: --windows-vul-check
2026-03-06 18:14:12 [Info] [2756] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-06 18:14:12 [Info] [2756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-06 18:14:12 [Info] [2756] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py
2026-03-06 18:14:12 [Info] [2756] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-03-06 18:14:12 [Info] [2756] Download redirect files success.
2026-03-06 18:14:12 [Info] [2756] Prepare stage1: --windows-vul-check
2026-03-06 18:14:12 [Info] [2756] Prepare stage2
2026-03-06 18:14:12 [Info] [2756] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat
2026-03-06 18:14:12 [Info] [2756] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat
2026-03-06 18:14:12 [Info] [2756] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 18:14:12 [Info] [2756] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 18:14:12 [Info] [2756] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5
2026-03-06 18:14:12 [Info] [2756] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5
2026-03-06 18:14:13 [Info] [2756] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0
2026-03-06 18:14:13 [Info] [2756] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0
2026-03-06 18:14:13 [Info] [2756] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat
2026-03-06 18:14:13 [Info] [2756] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat
2026-03-06 18:14:13 [Warn] [2756] high cpu, cpu is 18
2026-03-06 18:14:13 [Info] [2756] try get sys version
2026-03-06 18:14:13 [Info] [2756] win sys info:2/10:0:3
2026-03-06 18:14:13 [Info] [2756] suit legal version, enable cpu control
2026-03-06 18:14:13 [Warn] [2756] High CPU Warning: 18
2026-03-06 18:14:13 [Warn] [2756] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:<string> line: 2 in func: __init__
File:windows-vul-check.py line: 519 in func: load_kb_install_status
File:windows-vul-check.py line: 991 in func: start
2026-03-06 18:14:13 [Info] [2756] stage3: --windows-vul-check
2026-03-06 18:14:13 [Info] [2756] Loader after check
2026-03-06 18:14:14 [Info] [2756] log memory size is 30720KB, real memory size is 23200KB
2026-03-06 18:14:15 [Info] [2756] Enter reuse wait state.
2026-03-06 18:14:19 [Info] [2756] recvmsg: EXIT
2026-03-06 18:14:19 [Info] [2756] Recv Exit Msg, Exit...
2026-03-06 19:23:59 [Info] [1144] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-06 19:23:59 [Info] [1144] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap185081772796239 
2026-03-06 19:23:59 [Info] [1144] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-06 19:23:59 [Info] [1144] Resource monitor start
2026-03-06 19:23:59 [Info] [1144] ipc client init success
2026-03-06 19:23:59 [Info] [1144] Ipc init: 0
2026-03-06 19:23:59 [Info] [1144] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-06 19:23:59 [Info] [1144] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-06 19:23:59 [Info] [1144] start ipc thread id[2788]
2026-03-06 19:23:59 [Info] [1144] Connect Yundun ipc server return state is 0
2026-03-06 19:23:59 [Info] [1144] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-06 19:23:59 [Info] [1144] CResourceMonitor::run Enter
2026-03-06 19:23:59 [Info] [1144] CIpcMsgHandlerMgr::run Enter
2026-03-06 19:23:59 [Info] [1144] Report thread
2026-03-06 19:23:59 [Info] [1144] Monitor thread
2026-03-06 19:23:59 [Info] [1144] Loader thread
2026-03-06 19:23:59 [Info] [1144] PythonEngineImpl Init...
2026-03-06 19:23:59 [Info] [1144] yundun connected
2026-03-06 19:23:59 [Info] [1144] recvmsg: HELLO
2026-03-06 19:23:59 [Info] [1144] recvmsg: WORK
2026-03-06 19:24:00 [Info] [1144] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 19:24:00 [Info] [1144] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 19:24:00 [Info] [1144] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 19:24:00 [Info] [1144] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 19:24:00 [Info] [1144] log fd cnt is [250], real fd cnt is [282]
2026-03-06 19:24:00 [Info] [1144] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-06 19:24:00 [Info] [1144] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-06 19:24:01 [Info] [1144] log memory size is 20480KB, real memory size is 14496KB
2026-03-06 19:24:01 [Info] [1144] item: --secnet_rasp_agent
2026-03-06 19:24:01 [Info] [1144] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-06 19:24:01 [Info] [1144] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-06 19:24:01 [Info] [1144] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-03-06 19:24:01 [Info] [1144] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-03-06 19:24:01 [Info] [1144] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-03-06 19:24:01 [Info] [1144] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-03-06 19:24:01 [Info] [1144] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-03-06 19:24:02 [Info] [1144] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-03-06 19:24:02 [Info] [1144] Download redirect files success.
2026-03-06 19:24:02 [Info] [1144] Prepare stage1: --secnet_rasp_agent
2026-03-06 19:24:02 [Info] [1144] Prepare stage2
2026-03-06 19:24:02 [Info] [1144] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-06 19:24:02 [Info] [1144] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-06 19:24:02 [Info] [1144] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 19:24:02 [Info] [1144] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 19:24:03 [Info] [1144] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-03-06 19:24:03 [Info] [1144] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-06 19:24:03 [Info] [1144] stage3: --secnet_rasp_agent
2026-03-06 19:24:03 [Info] [1144] Loader after check
2026-03-06 19:24:04 [Info] [1144] Enter reuse wait state.
2026-03-06 19:24:05 [Info] [1144] log memory size is 30720KB, real memory size is 21172KB
2026-03-06 19:24:07 [Info] [1144] recvmsg: EXIT
2026-03-06 19:24:07 [Info] [1144] Recv Exit Msg, Exit...
2026-03-06 23:33:51 [Info] [3060] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-06 23:33:51 [Info] [3060] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap19071772811224 
2026-03-06 23:33:51 [Info] [3060] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-06 23:33:51 [Info] [3060] Resource monitor start
2026-03-06 23:33:51 [Info] [3060] ipc client init success
2026-03-06 23:33:51 [Info] [3060] Ipc init: 0
2026-03-06 23:33:51 [Info] [3060] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-06 23:33:51 [Info] [3060] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-06 23:33:51 [Info] [3060] start ipc thread id[4940]
2026-03-06 23:33:51 [Info] [3060] Connect Yundun ipc server return state is 0
2026-03-06 23:33:51 [Info] [3060] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-06 23:33:51 [Info] [3060] CResourceMonitor::run Enter
2026-03-06 23:33:51 [Info] [3060] CIpcMsgHandlerMgr::run Enter
2026-03-06 23:33:51 [Info] [3060] Report thread
2026-03-06 23:33:51 [Info] [3060] Monitor thread
2026-03-06 23:33:51 [Info] [3060] Loader thread
2026-03-06 23:33:51 [Info] [3060] PythonEngineImpl Init...
2026-03-06 23:33:58 [Info] [3060] yundun connected
2026-03-06 23:33:58 [Info] [3060] recvmsg: HELLO
2026-03-06 23:33:58 [Info] [3060] recvmsg: WORK
2026-03-06 23:33:58 [Info] [3060] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 23:33:58 [Info] [3060] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-06 23:33:58 [Info] [3060] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 23:34:00 [Info] [3060] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-06 23:34:00 [Info] [3060] log fd cnt is [250], real fd cnt is [264]
2026-03-06 23:34:02 [Info] [3060] log memory size is 20480KB, real memory size is 13312KB
2026-03-06 23:34:02 [Info] [3060] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 23:34:02 [Info] [3060] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-06 23:34:02 [Info] [3060] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-06 23:34:03 [Info] [3060] item: --windows-sysinfoext-check
2026-03-06 23:34:03 [Info] [3060] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-06 23:34:03 [Info] [3060] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-06 23:34:03 [Info] [3060] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-06 23:34:03 [Info] [3060] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-06 23:34:04 [Info] [3060] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-06 23:34:04 [Info] [3060] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-06 23:34:04 [Info] [3060] Prepare stage1: --windows-sysinfoext-check
2026-03-06 23:34:04 [Info] [3060] Prepare stage2
2026-03-06 23:34:05 [Warn] [3060] high cpu, cpu is 15
2026-03-06 23:34:05 [Info] [3060] try get sys version
2026-03-06 23:34:05 [Info] [3060] win sys info:2/10:0:3
2026-03-06 23:34:05 [Info] [3060] suit legal version, enable cpu control
2026-03-06 23:34:05 [Warn] [3060] High CPU Warning: 15
2026-03-06 23:34:05 [Warn] [3060] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:dynamic.py line: 287 in func: _ApplyTypes_
File:<COMObject winmgmts:> line: 3 in func: Get
File:wmi.py line: 1156 in func: _cached_classes
File:wmi.py line: 1145 in func: __getattr__
File:windows-sysinfoext-check.py line: 50 in func: GetSysCpuInfo
File:windows-sysinfoext-check.py line: 174 in func: check
File:windows-sysinfoext-check.py line: 143 in func: main
File:windows-sysinfoext-check.py line: 200 in func: start
2026-03-06 23:34:06 [Info] [3060] log memory size is 30720KB, real memory size is 22716KB
2026-03-06 23:34:07 [Info] [3060] stage3: --windows-sysinfoext-check
2026-03-06 23:34:07 [Info] [3060] Loader after check
2026-03-06 23:34:08 [Info] [3060] Enter reuse wait state.
2026-03-06 23:34:12 [Info] [3060] recvmsg: EXIT
2026-03-06 23:34:12 [Info] [3060] Recv Exit Msg, Exit...
2026-03-13 03:42:33 [Info] [2596] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-13 03:42:33 [Info] [2596] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap67621773344532 
2026-03-13 03:42:33 [Info] [2596] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-13 03:42:33 [Info] [2596] Resource monitor start
2026-03-13 03:42:33 [Info] [2596] ipc client init success
2026-03-13 03:42:33 [Info] [2596] Ipc init: 0
2026-03-13 03:42:33 [Info] [2596] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-13 03:42:33 [Info] [2596] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-13 03:42:33 [Info] [2596] start ipc thread id[4456]
2026-03-13 03:42:33 [Info] [2596] Connect Yundun ipc server return state is 0
2026-03-13 03:42:33 [Info] [2596] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-13 03:42:34 [Info] [2596] CResourceMonitor::run Enter
2026-03-13 03:42:34 [Info] [2596] CIpcMsgHandlerMgr::run Enter
2026-03-13 03:42:34 [Info] [2596] yundun connected
2026-03-13 03:42:34 [Info] [2596] Report thread
2026-03-13 03:42:34 [Info] [2596] Monitor thread
2026-03-13 03:42:34 [Info] [2596] Loader thread
2026-03-13 03:42:34 [Info] [2596] PythonEngineImpl Init...
2026-03-13 03:42:34 [Info] [2596] recvmsg: HELLO
2026-03-13 03:42:34 [Info] [2596] recvmsg: WORK
2026-03-13 03:42:35 [Info] [2596] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 03:42:35 [Info] [2596] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 03:42:35 [Info] [2596] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 03:42:36 [Info] [2596] log fd cnt is [250], real fd cnt is [264]
2026-03-13 03:42:36 [Info] [2596] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 03:42:36 [Info] [2596] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-13 03:42:36 [Info] [2596] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-13 03:42:37 [Info] [2596] log memory size is 20480KB, real memory size is 14496KB
2026-03-13 03:42:37 [Info] [2596] item: --windows-sysinfoext-check
2026-03-13 03:42:37 [Info] [2596] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-13 03:42:37 [Info] [2596] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-13 03:42:37 [Info] [2596] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 03:42:37 [Info] [2596] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 03:42:37 [Info] [2596] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-13 03:42:37 [Info] [2596] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-13 03:42:38 [Info] [2596] Prepare stage1: --windows-sysinfoext-check
2026-03-13 03:42:38 [Info] [2596] Prepare stage2
2026-03-13 03:42:39 [Info] [2596] stage3: --windows-sysinfoext-check
2026-03-13 03:42:39 [Info] [2596] Loader after check
2026-03-13 03:42:40 [Warn] [2596] high cpu, cpu is 13
2026-03-13 03:42:40 [Info] [2596] try get sys version
2026-03-13 03:42:40 [Info] [2596] win sys info:2/10:0:3
2026-03-13 03:42:40 [Info] [2596] suit legal version, enable cpu control
2026-03-13 03:42:40 [Warn] [2596] High CPU Warning: 13
2026-03-13 03:42:40 [Warn] [2596] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-13 03:42:40 [Info] [2596] Enter reuse wait state.
2026-03-13 03:42:41 [Info] [2596] log memory size is 30720KB, real memory size is 22924KB
2026-03-13 03:42:45 [Info] [2596] recvmsg: EXIT
2026-03-13 03:42:45 [Info] [2596] Recv Exit Msg, Exit...
2026-03-13 07:53:41 [Info] [3412] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-13 07:53:41 [Info] [3412] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap232681773359621 
2026-03-13 07:53:41 [Info] [3412] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-13 07:53:41 [Info] [3412] Resource monitor start
2026-03-13 07:53:41 [Info] [3412] ipc client init success
2026-03-13 07:53:41 [Info] [3412] Ipc init: 0
2026-03-13 07:53:41 [Info] [3412] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-13 07:53:41 [Info] [3412] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-13 07:53:41 [Info] [3412] start ipc thread id[2336]
2026-03-13 07:53:41 [Info] [3412] Connect Yundun ipc server return state is 0
2026-03-13 07:53:41 [Info] [3412] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-13 07:53:41 [Info] [3412] CResourceMonitor::run Enter
2026-03-13 07:53:41 [Info] [3412] CIpcMsgHandlerMgr::run Enter
2026-03-13 07:53:41 [Info] [3412] Report thread
2026-03-13 07:53:41 [Info] [3412] Monitor thread
2026-03-13 07:53:41 [Info] [3412] Loader thread
2026-03-13 07:53:41 [Info] [3412] PythonEngineImpl Init...
2026-03-13 07:53:41 [Info] [3412] yundun connected
2026-03-13 07:53:41 [Info] [3412] recvmsg: HELLO
2026-03-13 07:53:41 [Info] [3412] recvmsg: WORK
2026-03-13 07:53:41 [Info] [3412] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 07:53:41 [Info] [3412] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 07:53:41 [Info] [3412] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 07:53:41 [Info] [3412] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 07:53:42 [Info] [3412] log fd cnt is [250], real fd cnt is [282]
2026-03-13 07:53:42 [Info] [3412] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-13 07:53:42 [Info] [3412] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-13 07:53:43 [Info] [3412] log memory size is 20480KB, real memory size is 14560KB
2026-03-13 07:53:43 [Info] [3412] item: --windows-vul-clean
2026-03-13 07:53:43 [Info] [3412] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-13 07:53:43 [Info] [3412] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5
2026-03-13 07:53:43 [Info] [3412] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 07:53:43 [Info] [3412] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 07:53:43 [Info] [3412] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0
2026-03-13 07:53:43 [Info] [3412] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5
2026-03-13 07:53:43 [Info] [3412] Prepare stage1: --windows-vul-clean
2026-03-13 07:53:43 [Info] [3412] Prepare stage2
2026-03-13 07:53:43 [Info] [3412] stage3: --windows-vul-clean
2026-03-13 07:53:43 [Info] [3412] Loader after check
2026-03-13 07:53:44 [Info] [3412] Enter reuse wait state.
2026-03-13 07:53:48 [Info] [3412] recvmsg: EXIT
2026-03-13 07:53:48 [Info] [3412] Recv Exit Msg, Exit...
2026-03-13 09:07:24 [Info] [5068] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-13 09:07:24 [Info] [5068] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap49441773364044 
2026-03-13 09:07:24 [Info] [5068] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-13 09:07:24 [Info] [5068] Resource monitor start
2026-03-13 09:07:24 [Info] [5068] ipc client init success
2026-03-13 09:07:24 [Info] [5068] Ipc init: 0
2026-03-13 09:07:24 [Info] [5068] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-13 09:07:24 [Info] [5068] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-13 09:07:24 [Info] [5068] start ipc thread id[3596]
2026-03-13 09:07:24 [Info] [5068] Connect Yundun ipc server return state is 0
2026-03-13 09:07:24 [Info] [5068] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-13 09:07:24 [Info] [5068] CResourceMonitor::run Enter
2026-03-13 09:07:24 [Info] [5068] CIpcMsgHandlerMgr::run Enter
2026-03-13 09:07:24 [Info] [5068] Report thread
2026-03-13 09:07:24 [Info] [5068] Monitor thread
2026-03-13 09:07:24 [Info] [5068] Loader thread
2026-03-13 09:07:24 [Info] [5068] PythonEngineImpl Init...
2026-03-13 09:07:24 [Info] [5068] yundun connected
2026-03-13 09:07:24 [Info] [5068] recvmsg: HELLO
2026-03-13 09:07:24 [Info] [5068] recvmsg: WORK
2026-03-13 09:07:24 [Info] [5068] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 09:07:24 [Info] [5068] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 09:07:24 [Info] [5068] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 09:07:25 [Info] [5068] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 09:07:25 [Info] [5068] log fd cnt is [250], real fd cnt is [282]
2026-03-13 09:07:25 [Info] [5068] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-13 09:07:25 [Info] [5068] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-13 09:07:26 [Info] [5068] log memory size is 20480KB, real memory size is 14480KB
2026-03-13 09:07:26 [Info] [5068] item: --windows-process-check
2026-03-13 09:07:26 [Info] [5068] cgroup name aegisRtap0
2026-03-13 09:07:26 [Info] [5068] try get sys version
2026-03-13 09:07:26 [Info] [5068] win sys info:2/10:0:3
2026-03-13 09:07:26 [Info] [5068] suit legal version, enable cpu control
2026-03-13 09:07:26 [Info] [5068] get AssignProcessToJobObject handle [00000478]
2026-03-13 09:07:26 [Info] [5068] Set setJobExtended.
2026-03-13 09:07:26 [Info] [5068] Set cpu [9%]
2026-03-13 09:07:26 [Info] [5068] Set cpu success
2026-03-13 09:07:26 [Info] [5068] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-13 09:07:26 [Info] [5068] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5
2026-03-13 09:07:26 [Info] [5068] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 09:07:26 [Info] [5068] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 09:07:26 [Info] [5068] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0
2026-03-13 09:07:26 [Info] [5068] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5
2026-03-13 09:07:26 [Info] [5068] Prepare stage1: --windows-process-check
2026-03-13 09:07:26 [Info] [5068] Prepare stage2
2026-03-13 09:07:32 [Info] [5068] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-13 09:07:45 [Info] [5068] stage3: --windows-process-check
2026-03-13 09:07:45 [Info] [5068] Loader after check
2026-03-13 09:07:46 [Info] [5068] Enter reuse wait state.
2026-03-13 09:07:51 [Info] [5068] recvmsg: EXIT
2026-03-13 09:07:51 [Info] [5068] Recv Exit Msg, Exit...
2026-03-13 09:11:55 [Info] [1076] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-13 09:11:55 [Info] [1076] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap57961773364305 
2026-03-13 09:11:55 [Info] [1076] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-13 09:12:00 [Info] [1076] Resource monitor start
2026-03-13 09:12:00 [Info] [1076] ipc client init success
2026-03-13 09:12:00 [Info] [1076] Ipc init: 0
2026-03-13 09:12:00 [Info] [1076] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-13 09:12:00 [Info] [1076] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-13 09:12:05 [Info] [1076] CIpcMsgHandlerMgr::run Enter
2026-03-13 09:12:05 [Info] [1076] CResourceMonitor::run Enter
2026-03-13 09:12:05 [Info] [1076] start ipc thread id[4792]
2026-03-13 09:12:05 [Info] [1076] Connect Yundun ipc server return state is 0
2026-03-13 09:12:05 [Info] [1076] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-13 09:12:06 [Info] [1076] log fd cnt is [250], real fd cnt is [243]
2026-03-13 09:12:08 [Info] [1076] yundun connected
2026-03-13 09:12:08 [Info] [1076] Report thread
2026-03-13 09:12:08 [Info] [1076] Monitor thread
2026-03-13 09:12:08 [Info] [1076] Loader thread
2026-03-13 09:12:08 [Info] [1076] PythonEngineImpl Init...
2026-03-13 09:12:09 [Info] [1076] recvmsg: HELLO
2026-03-13 09:12:09 [Info] [1076] recvmsg: WORK
2026-03-13 09:12:09 [Info] [1076] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 09:12:09 [Info] [1076] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 09:12:09 [Info] [1076] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 09:12:09 [Info] [1076] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 09:12:09 [Info] [1076] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-13 09:12:09 [Info] [1076] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-13 09:12:10 [Info] [1076] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-13 09:12:11 [Info] [1076] log memory size is 20480KB, real memory size is 14536KB
2026-03-13 09:12:11 [Info] [1076] item: --windows-sysinfoext-check
2026-03-13 09:12:11 [Info] [1076] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-13 09:12:11 [Info] [1076] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-13 09:12:11 [Info] [1076] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 09:12:11 [Info] [1076] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 09:12:11 [Info] [1076] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-13 09:12:11 [Info] [1076] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-13 09:12:11 [Info] [1076] Prepare stage1: --windows-sysinfoext-check
2026-03-13 09:12:11 [Info] [1076] Prepare stage2
2026-03-13 09:12:12 [Warn] [1076] high cpu, cpu is 23
2026-03-13 09:12:12 [Info] [1076] try get sys version
2026-03-13 09:12:12 [Info] [1076] win sys info:2/10:0:3
2026-03-13 09:12:12 [Info] [1076] suit legal version, enable cpu control
2026-03-13 09:12:12 [Warn] [1076] High CPU Warning: 23
2026-03-13 09:12:12 [Warn] [1076] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:<string> line: 12 in func: __init__
File:wmi.py line: 1145 in func: __getattr__
File:wmi.py line: 783 in func: __init__
File:wmi.py line: 1156 in func: _cached_classes
File:wmi.py line: 1145 in func: __getattr__
File:windows-sysinfoext-check.py line: 25 in func: GetSysOsVersion
File:windows-sysinfoext-check.py line: 168 in func: check
File:windows-sysinfoext-check.py line: 143 in func: main
File:windows-sysinfoext-check.py line: 200 in func: start
2026-03-13 09:12:14 [Info] [1076] stage3: --windows-sysinfoext-check
2026-03-13 09:12:14 [Info] [1076] Loader after check
2026-03-13 09:12:15 [Info] [1076] log memory size is 30720KB, real memory size is 22868KB
2026-03-13 09:12:15 [Info] [1076] Enter reuse wait state.
2026-03-13 09:12:20 [Info] [1076] recvmsg: EXIT
2026-03-13 09:12:20 [Info] [1076] Recv Exit Msg, Exit...
2026-03-13 10:44:19 [Info] [4388] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-13 10:44:19 [Info] [4388] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap239301773369858 
2026-03-13 10:44:19 [Info] [4388] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-13 10:44:19 [Info] [4388] Resource monitor start
2026-03-13 10:44:19 [Info] [4388] ipc client init success
2026-03-13 10:44:19 [Info] [4388] Ipc init: 0
2026-03-13 10:44:19 [Info] [4388] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-13 10:44:19 [Info] [4388] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-13 10:44:19 [Info] [4388] CResourceMonitor::run Enter
2026-03-13 10:44:19 [Info] [4388] CIpcMsgHandlerMgr::run Enter
2026-03-13 10:44:19 [Info] [4388] start ipc thread id[4224]
2026-03-13 10:44:19 [Info] [4388] Connect Yundun ipc server return state is 0
2026-03-13 10:44:19 [Info] [4388] yundun connected
2026-03-13 10:44:19 [Info] [4388] recvmsg: HELLO
2026-03-13 10:44:19 [Info] [4388] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-13 10:44:19 [Info] [4388] Report thread
2026-03-13 10:44:19 [Info] [4388] Monitor thread
2026-03-13 10:44:19 [Info] [4388] Loader thread
2026-03-13 10:44:19 [Info] [4388] PythonEngineImpl Init...
2026-03-13 10:44:19 [Info] [4388] recvmsg: WORK
2026-03-13 10:44:20 [Info] [4388] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 10:44:20 [Info] [4388] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 10:44:20 [Info] [4388] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 10:44:20 [Warn] [4388] high cpu, cpu is 17
2026-03-13 10:44:20 [Info] [4388] try get sys version
2026-03-13 10:44:20 [Info] [4388] win sys info:2/10:0:3
2026-03-13 10:44:20 [Info] [4388] suit legal version, enable cpu control
2026-03-13 10:44:20 [Warn] [4388] High CPU Warning: 17
2026-03-13 10:44:20 [Warn] [4388] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-13 10:44:20 [Info] [4388] log fd cnt is [250], real fd cnt is [283]
2026-03-13 10:44:20 [Info] [4388] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 10:44:20 [Info] [4388] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-13 10:44:20 [Info] [4388] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-13 10:44:21 [Info] [4388] log memory size is 20480KB, real memory size is 14652KB
2026-03-13 10:44:22 [Info] [4388] item: --windows-schedule-task-check
2026-03-13 10:44:22 [Info] [4388] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-13 10:44:22 [Info] [4388] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5
2026-03-13 10:44:22 [Info] [4388] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 10:44:22 [Info] [4388] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 10:44:22 [Info] [4388] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0
2026-03-13 10:44:22 [Info] [4388] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5
2026-03-13 10:44:22 [Info] [4388] Prepare stage1: --windows-schedule-task-check
2026-03-13 10:44:22 [Info] [4388] Prepare stage2
2026-03-13 10:44:25 [Info] [4388] log memory size is 30720KB, real memory size is 23244KB
2026-03-13 10:44:33 [Info] [4388] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-13 10:44:55 [Info] [4388] stage3: --windows-schedule-task-check
2026-03-13 10:44:55 [Info] [4388] Loader after check
2026-03-13 10:44:56 [Info] [4388] Enter reuse wait state.
2026-03-13 10:45:00 [Info] [4388] recvmsg: HELLO
2026-03-13 10:45:01 [Info] [4388] recvmsg: HELLO
2026-03-13 10:45:01 [Info] [4388] recvmsg: WORK
2026-03-13 10:45:01 [Info] [4388] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 10:45:01 [Info] [4388] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 10:45:01 [Info] [4388] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 10:45:01 [Info] [4388] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 10:45:01 [Info] [4388] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-13 10:45:01 [Info] [4388] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-13 10:45:02 [Info] [4388] item: --windows-driver-version-check
2026-03-13 10:45:02 [Info] [4388] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-13 10:45:02 [Info] [4388] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5
2026-03-13 10:45:02 [Info] [4388] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 10:45:03 [Info] [4388] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 10:45:03 [Info] [4388] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0
2026-03-13 10:45:03 [Info] [4388] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5
2026-03-13 10:45:03 [Info] [4388] Prepare stage1: --windows-driver-version-check
2026-03-13 10:45:03 [Info] [4388] Prepare stage2
2026-03-13 10:45:03 [Info] [4388] stage3: --windows-driver-version-check
2026-03-13 10:45:03 [Info] [4388] Loader after check
2026-03-13 10:45:04 [Info] [4388] Enter reuse wait state.
2026-03-13 10:45:08 [Info] [4388] recvmsg: EXIT
2026-03-13 10:45:08 [Info] [4388] Recv Exit Msg, Exit...
2026-03-13 10:46:40 [Info] [4840] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-13 10:46:40 [Info] [4840] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap243941773370000 
2026-03-13 10:46:40 [Info] [4840] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-13 10:46:40 [Info] [4840] Resource monitor start
2026-03-13 10:46:40 [Info] [4840] ipc client init success
2026-03-13 10:46:40 [Info] [4840] Ipc init: 0
2026-03-13 10:46:40 [Info] [4840] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-13 10:46:40 [Info] [4840] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-13 10:46:40 [Info] [4840] start ipc thread id[1892]
2026-03-13 10:46:40 [Info] [4840] Connect Yundun ipc server return state is 0
2026-03-13 10:46:40 [Info] [4840] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-13 10:46:40 [Info] [4840] CResourceMonitor::run Enter
2026-03-13 10:46:40 [Info] [4840] CIpcMsgHandlerMgr::run Enter
2026-03-13 10:46:40 [Info] [4840] Report thread
2026-03-13 10:46:40 [Info] [4840] Monitor thread
2026-03-13 10:46:40 [Info] [4840] Loader thread
2026-03-13 10:46:40 [Info] [4840] PythonEngineImpl Init...
2026-03-13 10:46:40 [Info] [4840] yundun connected
2026-03-13 10:46:41 [Info] [4840] recvmsg: HELLO
2026-03-13 10:46:41 [Info] [4840] recvmsg: WORK
2026-03-13 10:46:41 [Info] [4840] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 10:46:41 [Info] [4840] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 10:46:41 [Info] [4840] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 10:46:41 [Info] [4840] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 10:46:41 [Info] [4840] log fd cnt is [250], real fd cnt is [282]
2026-03-13 10:46:41 [Info] [4840] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-13 10:46:41 [Info] [4840] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-13 10:46:42 [Info] [4840] log memory size is 20480KB, real memory size is 14504KB
2026-03-13 10:46:42 [Info] [4840] item: --windows-registry-check
2026-03-13 10:46:42 [Info] [4840] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-13 10:46:42 [Info] [4840] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5
2026-03-13 10:46:42 [Info] [4840] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 10:46:43 [Info] [4840] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 10:46:43 [Info] [4840] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0
2026-03-13 10:46:43 [Info] [4840] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5
2026-03-13 10:46:43 [Info] [4840] Prepare stage1: --windows-registry-check
2026-03-13 10:46:43 [Info] [4840] Prepare stage2
2026-03-13 10:46:45 [Info] [4840] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-13 10:47:15 [Info] [4840] stage3: --windows-registry-check
2026-03-13 10:47:15 [Info] [4840] Loader after check
2026-03-13 10:47:16 [Info] [4840] Enter reuse wait state.
2026-03-13 10:47:20 [Info] [4840] recvmsg: EXIT
2026-03-13 10:47:20 [Info] [4840] Recv Exit Msg, Exit...
2026-03-13 11:11:39 [Info] [788] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-13 11:11:39 [Info] [788] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap292891773371499 
2026-03-13 11:11:39 [Info] [788] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-13 11:11:39 [Info] [788] Resource monitor start
2026-03-13 11:11:39 [Info] [788] ipc client init success
2026-03-13 11:11:39 [Info] [788] Ipc init: 0
2026-03-13 11:11:39 [Info] [788] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-13 11:11:39 [Info] [788] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-13 11:11:39 [Info] [788] start ipc thread id[3876]
2026-03-13 11:11:39 [Info] [788] Connect Yundun ipc server return state is 0
2026-03-13 11:11:39 [Info] [788] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-13 11:11:39 [Info] [788] CResourceMonitor::run Enter
2026-03-13 11:11:39 [Info] [788] CIpcMsgHandlerMgr::run Enter
2026-03-13 11:11:39 [Info] [788] Report thread
2026-03-13 11:11:39 [Info] [788] Monitor thread
2026-03-13 11:11:39 [Info] [788] Loader thread
2026-03-13 11:11:39 [Info] [788] PythonEngineImpl Init...
2026-03-13 11:11:39 [Info] [788] yundun connected
2026-03-13 11:11:40 [Info] [788] recvmsg: HELLO
2026-03-13 11:11:40 [Info] [788] recvmsg: WORK
2026-03-13 11:11:40 [Info] [788] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 11:11:40 [Info] [788] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 11:11:40 [Info] [788] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 11:11:40 [Info] [788] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 11:11:40 [Info] [788] log fd cnt is [250], real fd cnt is [282]
2026-03-13 11:11:40 [Info] [788] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-13 11:11:40 [Info] [788] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-13 11:11:41 [Info] [788] log memory size is 20480KB, real memory size is 14500KB
2026-03-13 11:11:41 [Info] [788] item: --windows-autorun-item-check
2026-03-13 11:11:41 [Info] [788] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-13 11:11:41 [Info] [788] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5
2026-03-13 11:11:41 [Info] [788] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 11:11:42 [Info] [788] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 11:11:42 [Info] [788] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0
2026-03-13 11:11:42 [Info] [788] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5
2026-03-13 11:11:42 [Info] [788] Prepare stage1: --windows-autorun-item-check
2026-03-13 11:11:42 [Info] [788] Prepare stage2
2026-03-13 11:11:42 [Warn] [788] high cpu, cpu is 12
2026-03-13 11:11:42 [Info] [788] try get sys version
2026-03-13 11:11:42 [Info] [788] win sys info:2/10:0:3
2026-03-13 11:11:42 [Info] [788] suit legal version, enable cpu control
2026-03-13 11:11:42 [Warn] [788] High CPU Warning: 12
2026-03-13 11:11:42 [Warn] [788] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
File:_pswindows.py line: 17 in func: <module>
File:__init__.py line: 141 in func: <module>
File:windows-autorun-item-check.py line: 21 in func: <module>
2026-03-13 11:11:45 [Info] [788] log memory size is 30720KB, real memory size is 22272KB
2026-03-13 11:11:52 [Info] [788] stage3: --windows-autorun-item-check
2026-03-13 11:11:52 [Info] [788] Loader after check
2026-03-13 11:11:53 [Info] [788] Enter reuse wait state.
2026-03-13 11:11:55 [Info] [788] recvmsg: EXIT
2026-03-13 11:11:55 [Info] [788] Recv Exit Msg, Exit...
2026-03-13 11:17:29 [Info] [1940] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-13 11:17:29 [Info] [1940] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap304321773371849 
2026-03-13 11:17:29 [Info] [1940] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-13 11:17:29 [Info] [1940] Resource monitor start
2026-03-13 11:17:29 [Info] [1940] ipc client init success
2026-03-13 11:17:29 [Info] [1940] Ipc init: 0
2026-03-13 11:17:29 [Info] [1940] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-13 11:17:29 [Info] [1940] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-13 11:17:29 [Info] [1940] start ipc thread id[3132]
2026-03-13 11:17:29 [Info] [1940] Connect Yundun ipc server return state is 0
2026-03-13 11:17:29 [Info] [1940] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-13 11:17:29 [Info] [1940] CResourceMonitor::run Enter
2026-03-13 11:17:29 [Info] [1940] CIpcMsgHandlerMgr::run Enter
2026-03-13 11:17:29 [Info] [1940] Report thread
2026-03-13 11:17:29 [Info] [1940] Monitor thread
2026-03-13 11:17:29 [Info] [1940] Loader thread
2026-03-13 11:17:29 [Info] [1940] PythonEngineImpl Init...
2026-03-13 11:17:29 [Info] [1940] yundun connected
2026-03-13 11:17:30 [Info] [1940] recvmsg: HELLO
2026-03-13 11:17:30 [Info] [1940] recvmsg: WORK
2026-03-13 11:17:30 [Info] [1940] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 11:17:30 [Info] [1940] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 11:17:30 [Info] [1940] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 11:17:30 [Info] [1940] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 11:17:30 [Info] [1940] log fd cnt is [250], real fd cnt is [282]
2026-03-13 11:17:30 [Info] [1940] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-13 11:17:30 [Info] [1940] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-13 11:17:31 [Info] [1940] log memory size is 20480KB, real memory size is 14504KB
2026-03-13 11:17:32 [Info] [1940] item: --sca
2026-03-13 11:17:32 [Info] [1940] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-13 11:17:32 [Info] [1940] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-13 11:17:32 [Info] [1940] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py
2026-03-13 11:17:32 [Info] [1940] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py
2026-03-13 11:17:32 [Info] [1940] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py
2026-03-13 11:17:32 [Info] [1940] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py
2026-03-13 11:17:32 [Info] [1940] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py
2026-03-13 11:17:32 [Info] [1940] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py
2026-03-13 11:17:32 [Info] [1940] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py
2026-03-13 11:17:32 [Info] [1940] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py
2026-03-13 11:17:32 [Info] [1940] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py
2026-03-13 11:17:32 [Info] [1940] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py
2026-03-13 11:17:32 [Info] [1940] Download redirect files success.
2026-03-13 11:17:32 [Info] [1940] Prepare stage1: --sca
2026-03-13 11:17:32 [Info] [1940] Prepare stage2
2026-03-13 11:17:36 [Info] [1940] log memory size is 30720KB, real memory size is 32260KB
2026-03-13 11:17:40 [Info] [1940] log memory size is 40960KB, real memory size is 32732KB
2026-03-13 11:17:46 [Info] [1940] recvmsg: T_MSG_IPC_NETWORK_NOTIFY
2026-03-13 11:18:09 [Warn] [1940] high cpu, cpu is 26
2026-03-13 11:18:09 [Info] [1940] try get sys version
2026-03-13 11:18:09 [Info] [1940] win sys info:2/10:0:3
2026-03-13 11:18:09 [Info] [1940] suit legal version, enable cpu control
2026-03-13 11:18:09 [Warn] [1940] High CPU Warning: 26
2026-03-13 11:18:10 [Warn] [1940] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1
script trace back: 
2026-03-13 11:18:10 [Info] [1940] stage3: --sca
2026-03-13 11:18:10 [Info] [1940] Loader after check
2026-03-13 11:18:11 [Info] [1940] Enter reuse wait state.
2026-03-13 11:18:13 [Info] [1940] recvmsg: EXIT
2026-03-13 11:18:13 [Info] [1940] Recv Exit Msg, Exit...
2026-03-13 11:42:29 [Info] [1620] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-13 11:42:29 [Info] [1620] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap25621773373349 
2026-03-13 11:42:29 [Info] [1620] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-13 11:42:29 [Info] [1620] Resource monitor start
2026-03-13 11:42:29 [Info] [1620] ipc client init success
2026-03-13 11:42:29 [Info] [1620] Ipc init: 0
2026-03-13 11:42:29 [Info] [1620] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-13 11:42:29 [Info] [1620] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-13 11:42:29 [Info] [1620] start ipc thread id[3944]
2026-03-13 11:42:29 [Info] [1620] Connect Yundun ipc server return state is 0
2026-03-13 11:42:29 [Info] [1620] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-13 11:42:29 [Info] [1620] CResourceMonitor::run Enter
2026-03-13 11:42:29 [Info] [1620] CIpcMsgHandlerMgr::run Enter
2026-03-13 11:42:29 [Info] [1620] Report thread
2026-03-13 11:42:29 [Info] [1620] Monitor thread
2026-03-13 11:42:29 [Info] [1620] Loader thread
2026-03-13 11:42:29 [Info] [1620] PythonEngineImpl Init...
2026-03-13 11:42:29 [Info] [1620] yundun connected
2026-03-13 11:42:29 [Info] [1620] recvmsg: HELLO
2026-03-13 11:42:29 [Info] [1620] recvmsg: WORK
2026-03-13 11:42:29 [Info] [1620] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 11:42:29 [Info] [1620] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 11:42:29 [Info] [1620] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 11:42:30 [Info] [1620] log fd cnt is [250], real fd cnt is [282]
2026-03-13 11:42:30 [Info] [1620] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 11:42:30 [Info] [1620] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-13 11:42:30 [Info] [1620] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-13 11:42:31 [Info] [1620] log memory size is 20480KB, real memory size is 14500KB
2026-03-13 11:42:31 [Info] [1620] item: --tcp-connect-check
2026-03-13 11:42:31 [Info] [1620] cgroup name aegisRtap0
2026-03-13 11:42:31 [Info] [1620] try get sys version
2026-03-13 11:42:31 [Info] [1620] win sys info:2/10:0:3
2026-03-13 11:42:31 [Info] [1620] suit legal version, enable cpu control
2026-03-13 11:42:31 [Info] [1620] get AssignProcessToJobObject handle [00000478]
2026-03-13 11:42:31 [Info] [1620] Set setJobExtended.
2026-03-13 11:42:31 [Info] [1620] Set cpu [9%]
2026-03-13 11:42:31 [Info] [1620] Set cpu success
2026-03-13 11:42:31 [Info] [1620] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-13 11:42:31 [Info] [1620] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5
2026-03-13 11:42:31 [Info] [1620] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 11:42:31 [Info] [1620] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 11:42:31 [Info] [1620] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0
2026-03-13 11:42:31 [Info] [1620] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5
2026-03-13 11:42:32 [Info] [1620] Prepare stage1: --tcp-connect-check
2026-03-13 11:42:32 [Info] [1620] Prepare stage2
2026-03-13 11:42:36 [Info] [1620] stage3: --tcp-connect-check
2026-03-13 11:42:36 [Info] [1620] Loader after check
2026-03-13 11:42:37 [Info] [1620] Enter reuse wait state.
2026-03-13 11:42:40 [Info] [1620] recvmsg: EXIT
2026-03-13 11:42:40 [Info] [1620] Recv Exit Msg, Exit...
2026-03-13 14:42:54 [Info] [4396] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-13 14:42:54 [Info] [4396] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap50761773384153 
2026-03-13 14:42:54 [Info] [4396] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-13 14:42:54 [Info] [4396] Resource monitor start
2026-03-13 14:42:54 [Info] [4396] ipc client init success
2026-03-13 14:42:54 [Info] [4396] Ipc init: 0
2026-03-13 14:42:54 [Info] [4396] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-13 14:42:54 [Info] [4396] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-13 14:42:54 [Info] [4396] start ipc thread id[2112]
2026-03-13 14:42:54 [Info] [4396] Connect Yundun ipc server return state is 0
2026-03-13 14:42:54 [Info] [4396] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-13 14:42:54 [Info] [4396] CResourceMonitor::run Enter
2026-03-13 14:42:54 [Info] [4396] CIpcMsgHandlerMgr::run Enter
2026-03-13 14:42:54 [Info] [4396] yundun connected
2026-03-13 14:42:54 [Info] [4396] Report thread
2026-03-13 14:42:54 [Info] [4396] Monitor thread
2026-03-13 14:42:54 [Info] [4396] Loader thread
2026-03-13 14:42:54 [Info] [4396] PythonEngineImpl Init...
2026-03-13 14:42:54 [Info] [4396] recvmsg: HELLO
2026-03-13 14:42:54 [Info] [4396] recvmsg: WORK
2026-03-13 14:42:54 [Info] [4396] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 14:42:54 [Info] [4396] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 14:42:54 [Info] [4396] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 14:42:56 [Info] [4396] log fd cnt is [250], real fd cnt is [279]
2026-03-13 14:42:56 [Info] [4396] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 14:42:56 [Info] [4396] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-13 14:42:56 [Info] [4396] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-13 14:42:57 [Info] [4396] log memory size is 20480KB, real memory size is 14504KB
2026-03-13 14:42:57 [Info] [4396] item: --windows-sysinfoext-check
2026-03-13 14:42:57 [Info] [4396] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-13 14:42:57 [Info] [4396] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-13 14:42:57 [Info] [4396] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 14:42:57 [Info] [4396] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 14:42:57 [Info] [4396] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-13 14:42:57 [Info] [4396] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-13 14:42:58 [Info] [4396] Prepare stage1: --windows-sysinfoext-check
2026-03-13 14:42:58 [Info] [4396] Prepare stage2
2026-03-13 14:43:00 [Info] [4396] stage3: --windows-sysinfoext-check
2026-03-13 14:43:00 [Info] [4396] Loader after check
2026-03-13 14:43:01 [Info] [4396] log memory size is 30720KB, real memory size is 22872KB
2026-03-13 14:43:01 [Info] [4396] Enter reuse wait state.
2026-03-13 14:43:05 [Info] [4396] recvmsg: EXIT
2026-03-13 14:43:05 [Info] [4396] Recv Exit Msg, Exit...
2026-03-13 20:12:55 [Info] [4948] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-13 20:12:55 [Info] [4948] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap41981773403953 
2026-03-13 20:12:55 [Info] [4948] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-13 20:12:55 [Info] [4948] Resource monitor start
2026-03-13 20:12:55 [Info] [4948] ipc client init success
2026-03-13 20:12:55 [Info] [4948] Ipc init: 0
2026-03-13 20:12:55 [Info] [4948] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-13 20:12:55 [Info] [4948] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-13 20:12:55 [Info] [4948] CResourceMonitor::run Enter
2026-03-13 20:12:55 [Info] [4948] CIpcMsgHandlerMgr::run Enter
2026-03-13 20:12:55 [Info] [4948] start ipc thread id[2856]
2026-03-13 20:12:55 [Info] [4948] Connect Yundun ipc server return state is 0
2026-03-13 20:12:55 [Info] [4948] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-13 20:12:55 [Info] [4948] yundun connected
2026-03-13 20:12:55 [Info] [4948] Report thread
2026-03-13 20:12:55 [Info] [4948] Monitor thread
2026-03-13 20:12:55 [Info] [4948] Loader thread
2026-03-13 20:12:55 [Info] [4948] PythonEngineImpl Init...
2026-03-13 20:12:55 [Info] [4948] recvmsg: HELLO
2026-03-13 20:12:55 [Info] [4948] recvmsg: WORK
2026-03-13 20:12:56 [Info] [4948] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 20:12:56 [Info] [4948] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 20:12:56 [Info] [4948] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 20:12:56 [Info] [4948] log fd cnt is [250], real fd cnt is [282]
2026-03-13 20:12:56 [Info] [4948] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 20:12:56 [Info] [4948] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-13 20:12:56 [Info] [4948] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-13 20:12:57 [Info] [4948] log memory size is 20480KB, real memory size is 14536KB
2026-03-13 20:12:57 [Info] [4948] item: --windows-sysinfoext-check
2026-03-13 20:12:57 [Info] [4948] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-13 20:12:57 [Info] [4948] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-13 20:12:57 [Info] [4948] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 20:12:57 [Info] [4948] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 20:12:58 [Info] [4948] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0
2026-03-13 20:12:58 [Info] [4948] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5
2026-03-13 20:12:58 [Info] [4948] Prepare stage1: --windows-sysinfoext-check
2026-03-13 20:12:58 [Info] [4948] Prepare stage2
2026-03-13 20:13:01 [Info] [4948] log memory size is 30720KB, real memory size is 22764KB
2026-03-13 20:13:01 [Info] [4948] stage3: --windows-sysinfoext-check
2026-03-13 20:13:01 [Info] [4948] Loader after check
2026-03-13 20:13:02 [Warn] [4948] high cpu, cpu is 21
2026-03-13 20:13:02 [Info] [4948] try get sys version
2026-03-13 20:13:02 [Info] [4948] win sys info:2/10:0:3
2026-03-13 20:13:02 [Info] [4948] suit legal version, enable cpu control
2026-03-13 20:13:02 [Warn] [4948] High CPU Warning: 21
2026-03-13 20:13:02 [Warn] [4948] resource monitor exp type: High CPU Warning, script runing: 0
2026-03-13 20:13:02 [Info] [4948] Enter reuse wait state.
2026-03-13 20:13:06 [Info] [4948] recvmsg: EXIT
2026-03-13 20:13:06 [Info] [4948] Recv Exit Msg, Exit...
2026-03-13 21:03:00 [Info] [4520] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37====================
2026-03-13 21:03:00 [Info] [4520] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap140801773406979 
2026-03-13 21:03:00 [Info] [4520] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis
2026-03-13 21:03:00 [Info] [4520] Resource monitor start
2026-03-13 21:03:00 [Info] [4520] ipc client init success
2026-03-13 21:03:00 [Info] [4520] Ipc init: 0
2026-03-13 21:03:00 [Info] [4520] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl
2026-03-13 21:03:00 [Info] [4520] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll
2026-03-13 21:03:00 [Info] [4520] start ipc thread id[3592]
2026-03-13 21:03:00 [Info] [4520] Connect Yundun ipc server return state is 0
2026-03-13 21:03:00 [Info] [4520] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll
2026-03-13 21:03:00 [Info] [4520] CResourceMonitor::run Enter
2026-03-13 21:03:00 [Info] [4520] CIpcMsgHandlerMgr::run Enter
2026-03-13 21:03:00 [Info] [4520] yundun connected
2026-03-13 21:03:00 [Info] [4520] Report thread
2026-03-13 21:03:00 [Info] [4520] Monitor thread
2026-03-13 21:03:00 [Info] [4520] Loader thread
2026-03-13 21:03:00 [Info] [4520] PythonEngineImpl Init...
2026-03-13 21:03:00 [Info] [4520] recvmsg: HELLO
2026-03-13 21:03:00 [Info] [4520] recvmsg: WORK
2026-03-13 21:03:00 [Info] [4520] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 21:03:00 [Info] [4520] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5
2026-03-13 21:03:00 [Info] [4520] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 21:03:00 [Info] [4520] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 21:03:01 [Info] [4520] log fd cnt is [250], real fd cnt is [282]
2026-03-13 21:03:01 [Info] [4520] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0
2026-03-13 21:03:01 [Info] [4520] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5
2026-03-13 21:03:02 [Info] [4520] log memory size is 20480KB, real memory size is 14508KB
2026-03-13 21:03:02 [Info] [4520] item: --secnet_rasp_agent
2026-03-13 21:03:02 [Info] [4520] start post buffer update.aegis.aliyun.com/file_policy/rtap_files
2026-03-13 21:03:02 [Info] [4520] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0
2026-03-13 21:03:02 [Info] [4520] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py
2026-03-13 21:03:03 [Info] [4520] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py
2026-03-13 21:03:03 [Info] [4520] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py
2026-03-13 21:03:04 [Info] [4520] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py
2026-03-13 21:03:04 [Info] [4520] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py
2026-03-13 21:03:05 [Info] [4520] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py
2026-03-13 21:03:05 [Info] [4520] Download redirect files success.
2026-03-13 21:03:05 [Info] [4520] Prepare stage1: --secnet_rasp_agent
2026-03-13 21:03:05 [Info] [4520] Prepare stage2
2026-03-13 21:03:07 [Info] [4520] log memory size is 30720KB, real memory size is 20704KB
2026-03-13 21:03:09 [Info] [4520] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-13 21:03:09 [Info] [4520] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-13 21:03:09 [Info] [4520] start post buffer update.aegis.aliyun.com/file_policy/file
2026-03-13 21:03:09 [Info] [4520] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0
2026-03-13 21:03:09 [Info] [4520] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0
2026-03-13 21:03:09 [Info] [4520] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update
2026-03-13 21:03:09 [Info] [4520] stage3: --secnet_rasp_agent
2026-03-13 21:03:09 [Info] [4520] Loader after check
2026-03-13 21:03:10 [Info] [4520] Enter reuse wait state.
2026-03-13 21:03:15 [Info] [4520] recvmsg: EXIT
2026-03-13 21:03:15 [Info] [4520] Recv Exit Msg, Exit...