| Server IP : 123.56.80.60 / Your IP : 216.73.216.78 Web Server : Apache/2.4.54 (Win32) OpenSSL/1.1.1s PHP/7.4.33 mod_fcgid/2.3.10-dev System : Windows NT iZhx3sob14hnz7Z 10.0 build 14393 (Windows Server 2016) i586 User : SYSTEM ( 0) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/data/rtap/log/ |
Upload File : |
2026-03-01 11:17:16 [Info] [4512] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-01 11:17:16 [Info] [4512] start ipc thread id[2776] 2026-03-01 11:17:16 [Info] [4512] Connect Yundun ipc server return state is 0 2026-03-01 11:17:16 [Info] [4512] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-01 11:17:16 [Info] [4512] CResourceMonitor::run Enter 2026-03-01 11:17:16 [Info] [4512] CIpcMsgHandlerMgr::run Enter 2026-03-01 11:17:16 [Info] [4512] Report thread 2026-03-01 11:17:16 [Info] [4512] Monitor thread 2026-03-01 11:17:16 [Info] [4512] Loader thread 2026-03-01 11:17:16 [Info] [4512] PythonEngineImpl Init... 2026-03-01 11:17:16 [Info] [4512] yundun connected 2026-03-01 11:17:17 [Info] [4512] recvmsg: HELLO 2026-03-01 11:17:17 [Info] [4512] recvmsg: WORK 2026-03-01 11:17:17 [Info] [4512] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-01 11:17:17 [Info] [4512] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-01 11:17:17 [Info] [4512] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-01 11:17:17 [Info] [4512] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-01 11:17:17 [Info] [4512] log fd cnt is [250], real fd cnt is [282] 2026-03-01 11:17:17 [Info] [4512] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-01 11:17:17 [Info] [4512] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-01 11:17:18 [Info] [4512] log memory size is 20480KB, real memory size is 14532KB 2026-03-01 11:17:18 [Info] [4512] item: --windows-autorun-item-check 2026-03-01 11:17:18 [Info] [4512] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-01 11:17:18 [Info] [4512] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-01 11:17:18 [Info] [4512] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-01 11:17:19 [Info] [4512] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-01 11:17:19 [Info] [4512] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-03-01 11:17:19 [Info] [4512] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-03-01 11:17:19 [Info] [4512] Prepare stage1: --windows-autorun-item-check 2026-03-01 11:17:19 [Info] [4512] Prepare stage2 2026-03-01 11:17:22 [Info] [4512] log memory size is 30720KB, real memory size is 22328KB 2026-03-01 11:17:29 [Info] [4512] stage3: --windows-autorun-item-check 2026-03-01 11:17:29 [Info] [4512] Loader after check 2026-03-01 11:17:30 [Info] [4512] Enter reuse wait state. 2026-03-01 11:17:32 [Info] [4512] recvmsg: EXIT 2026-03-01 11:17:32 [Info] [4512] Recv Exit Msg, Exit... 2026-03-01 11:44:41 [Info] [4392] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-01 11:44:41 [Info] [4392] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap251131772336681 2026-03-01 11:44:41 [Info] [4392] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-01 11:44:41 [Info] [4392] Resource monitor start 2026-03-01 11:44:41 [Info] [4392] ipc client init success 2026-03-01 11:44:41 [Info] [4392] Ipc init: 0 2026-03-01 11:44:41 [Info] [4392] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-01 11:44:41 [Info] [4392] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-01 11:44:41 [Info] [4392] start ipc thread id[468] 2026-03-01 11:44:41 [Info] [4392] Connect Yundun ipc server return state is 0 2026-03-01 11:44:41 [Info] [4392] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-01 11:44:41 [Info] [4392] CResourceMonitor::run Enter 2026-03-01 11:44:41 [Info] [4392] CIpcMsgHandlerMgr::run Enter 2026-03-01 11:44:41 [Info] [4392] Report thread 2026-03-01 11:44:41 [Info] [4392] Monitor thread 2026-03-01 11:44:41 [Info] [4392] Loader thread 2026-03-01 11:44:41 [Info] [4392] PythonEngineImpl Init... 2026-03-01 11:44:41 [Info] [4392] yundun connected 2026-03-01 11:44:42 [Info] [4392] recvmsg: HELLO 2026-03-01 11:44:42 [Info] [4392] recvmsg: WORK 2026-03-01 11:44:42 [Info] [4392] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-01 11:44:42 [Info] [4392] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-01 11:44:42 [Info] [4392] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-01 11:44:42 [Info] [4392] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-01 11:44:42 [Info] [4392] log fd cnt is [250], real fd cnt is [282] 2026-03-01 11:44:42 [Info] [4392] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-01 11:44:42 [Info] [4392] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-01 11:44:43 [Info] [4392] log memory size is 20480KB, real memory size is 14512KB 2026-03-01 11:44:43 [Info] [4392] item: --tcp-connect-check 2026-03-01 11:44:43 [Info] [4392] cgroup name aegisRtap0 2026-03-01 11:44:43 [Info] [4392] try get sys version 2026-03-01 11:44:43 [Info] [4392] win sys info:2/10:0:3 2026-03-01 11:44:43 [Info] [4392] suit legal version, enable cpu control 2026-03-01 11:44:43 [Info] [4392] get AssignProcessToJobObject handle [00000478] 2026-03-01 11:44:43 [Info] [4392] Set setJobExtended. 2026-03-01 11:44:43 [Info] [4392] Set cpu [9%] 2026-03-01 11:44:43 [Info] [4392] Set cpu success 2026-03-01 11:44:43 [Info] [4392] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-01 11:44:43 [Info] [4392] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-01 11:44:43 [Info] [4392] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-01 11:44:43 [Info] [4392] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-01 11:44:44 [Info] [4392] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-03-01 11:44:44 [Info] [4392] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-03-01 11:44:44 [Info] [4392] Prepare stage1: --tcp-connect-check 2026-03-01 11:44:44 [Info] [4392] Prepare stage2 2026-03-01 11:44:46 [Info] [4392] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-01 11:44:48 [Info] [4392] stage3: --tcp-connect-check 2026-03-01 11:44:48 [Info] [4392] Loader after check 2026-03-01 11:44:49 [Info] [4392] Enter reuse wait state. 2026-03-01 11:44:53 [Info] [4392] recvmsg: EXIT 2026-03-01 11:44:53 [Info] [4392] Recv Exit Msg, Exit... 2026-03-01 11:59:14 [Info] [4340] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-01 11:59:14 [Info] [4340] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap279381772337546 2026-03-01 11:59:14 [Info] [4340] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-01 11:59:18 [Info] [4340] Resource monitor start 2026-03-01 11:59:18 [Info] [4340] ipc client init success 2026-03-01 11:59:18 [Info] [4340] Ipc init: 0 2026-03-01 11:59:18 [Info] [4340] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-01 11:59:18 [Info] [4340] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-01 11:59:23 [Info] [4340] start ipc thread id[3016] 2026-03-01 11:59:23 [Info] [4340] Connect Yundun ipc server return state is 0 2026-03-01 11:59:23 [Info] [4340] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-01 11:59:23 [Info] [4340] CResourceMonitor::run Enter 2026-03-01 11:59:23 [Info] [4340] CIpcMsgHandlerMgr::run Enter 2026-03-01 11:59:24 [Info] [4340] yundun connected 2026-03-01 11:59:24 [Info] [4340] Report thread 2026-03-01 11:59:24 [Info] [4340] Monitor thread 2026-03-01 11:59:24 [Info] [4340] Loader thread 2026-03-01 11:59:24 [Info] [4340] PythonEngineImpl Init... 2026-03-01 11:59:24 [Info] [4340] recvmsg: HELLO 2026-03-01 11:59:24 [Info] [4340] recvmsg: WORK 2026-03-01 11:59:24 [Info] [4340] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-01 11:59:24 [Info] [4340] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-01 11:59:24 [Info] [4340] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-01 11:59:24 [Info] [4340] log fd cnt is [250], real fd cnt is [264] 2026-03-01 11:59:24 [Info] [4340] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-01 11:59:25 [Info] [4340] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-01 11:59:25 [Info] [4340] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-01 11:59:25 [Info] [4340] log memory size is 20480KB, real memory size is 14508KB 2026-03-01 11:59:26 [Info] [4340] item: --windows-sysinfoext-check 2026-03-01 11:59:26 [Info] [4340] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-01 11:59:26 [Info] [4340] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-01 11:59:26 [Info] [4340] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-01 11:59:26 [Info] [4340] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-01 11:59:26 [Info] [4340] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-01 11:59:26 [Info] [4340] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-01 11:59:26 [Info] [4340] Prepare stage1: --windows-sysinfoext-check 2026-03-01 11:59:26 [Info] [4340] Prepare stage2 2026-03-01 11:59:29 [Info] [4340] log memory size is 30720KB, real memory size is 22728KB 2026-03-01 11:59:29 [Info] [4340] stage3: --windows-sysinfoext-check 2026-03-01 11:59:29 [Info] [4340] Loader after check 2026-03-01 11:59:30 [Warn] [4340] high cpu, cpu is 13 2026-03-01 11:59:30 [Info] [4340] try get sys version 2026-03-01 11:59:30 [Info] [4340] win sys info:2/10:0:3 2026-03-01 11:59:30 [Info] [4340] suit legal version, enable cpu control 2026-03-01 11:59:30 [Warn] [4340] High CPU Warning: 13 2026-03-01 11:59:30 [Warn] [4340] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-01 11:59:30 [Info] [4340] Enter reuse wait state. 2026-03-01 11:59:32 [Info] [4340] recvmsg: EXIT 2026-03-01 11:59:32 [Info] [4340] Recv Exit Msg, Exit... 2026-03-01 15:01:02 [Info] [4188] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-01 15:01:02 [Info] [4188] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap308171772348462 2026-03-01 15:01:02 [Info] [4188] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-01 15:01:02 [Info] [4188] Resource monitor start 2026-03-01 15:01:02 [Info] [4188] ipc client init success 2026-03-01 15:01:02 [Info] [4188] Ipc init: 0 2026-03-01 15:01:02 [Info] [4188] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-01 15:01:02 [Info] [4188] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-01 15:01:02 [Info] [4188] start ipc thread id[3616] 2026-03-01 15:01:02 [Info] [4188] Connect Yundun ipc server return state is 0 2026-03-01 15:01:02 [Info] [4188] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-01 15:01:02 [Info] [4188] CResourceMonitor::run Enter 2026-03-01 15:01:02 [Info] [4188] CIpcMsgHandlerMgr::run Enter 2026-03-01 15:01:02 [Info] [4188] Report thread 2026-03-01 15:01:02 [Info] [4188] Monitor thread 2026-03-01 15:01:02 [Info] [4188] Loader thread 2026-03-01 15:01:02 [Info] [4188] PythonEngineImpl Init... 2026-03-01 15:01:02 [Info] [4188] yundun connected 2026-03-01 15:01:03 [Info] [4188] recvmsg: HELLO 2026-03-01 15:01:03 [Info] [4188] recvmsg: WORK 2026-03-01 15:01:03 [Info] [4188] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-01 15:01:03 [Info] [4188] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-01 15:01:03 [Info] [4188] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-01 15:01:03 [Info] [4188] log fd cnt is [250], real fd cnt is [282] 2026-03-01 15:01:03 [Info] [4188] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-01 15:01:03 [Info] [4188] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-01 15:01:03 [Info] [4188] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-01 15:01:04 [Info] [4188] log memory size is 20480KB, real memory size is 14512KB 2026-03-01 15:01:05 [Info] [4188] item: --amsi_clean 2026-03-01 15:01:05 [Info] [4188] cgroup name aegisRtap0 2026-03-01 15:01:05 [Info] [4188] try get sys version 2026-03-01 15:01:05 [Info] [4188] win sys info:2/10:0:3 2026-03-01 15:01:05 [Info] [4188] suit legal version, enable cpu control 2026-03-01 15:01:05 [Info] [4188] get AssignProcessToJobObject handle [00000478] 2026-03-01 15:01:05 [Info] [4188] Set setJobExtended. 2026-03-01 15:01:05 [Info] [4188] Set cpu [9%] 2026-03-01 15:01:05 [Info] [4188] Set cpu success 2026-03-01 15:01:05 [Info] [4188] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/amsi_clean.py.md5 2026-03-01 15:01:05 [Info] [4188] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/amsi_clean.py.md5 2026-03-01 15:01:05 [Info] [4188] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-01 15:01:05 [Info] [4188] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-01 15:01:05 [Info] [4188] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/plugin/amsi_clean.py.md5, http code : 200, curl ret : 0 2026-03-01 15:01:05 [Info] [4188] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/plugin/amsi_clean.py.md5 2026-03-01 15:01:05 [Info] [4188] Prepare stage1: --amsi_clean 2026-03-01 15:01:05 [Info] [4188] Prepare stage2 2026-03-01 15:01:05 [Info] [4188] stage3: --amsi_clean 2026-03-01 15:01:05 [Info] [4188] Loader after check 2026-03-01 15:01:06 [Info] [4188] Enter reuse wait state. 2026-03-01 15:01:10 [Info] [4188] recvmsg: EXIT 2026-03-01 15:01:10 [Info] [4188] Recv Exit Msg, Exit... 2026-03-01 17:28:52 [Info] [3632] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-01 17:28:52 [Info] [3632] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap269391772357309 2026-03-01 17:28:52 [Info] [3632] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-01 17:28:52 [Info] [3632] Resource monitor start 2026-03-01 17:28:52 [Info] [3632] ipc client init success 2026-03-01 17:28:52 [Info] [3632] Ipc init: 0 2026-03-01 17:28:52 [Info] [3632] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-01 17:28:52 [Info] [3632] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-01 17:28:52 [Info] [3632] CResourceMonitor::run Enter 2026-03-01 17:28:52 [Info] [3632] CIpcMsgHandlerMgr::run Enter 2026-03-01 17:28:52 [Info] [3632] start ipc thread id[4712] 2026-03-01 17:28:52 [Info] [3632] Connect Yundun ipc server return state is 0 2026-03-01 17:28:52 [Info] [3632] yundun connected 2026-03-01 17:28:52 [Info] [3632] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-01 17:28:52 [Info] [3632] Report thread 2026-03-01 17:28:52 [Info] [3632] Monitor thread 2026-03-01 17:28:52 [Info] [3632] Loader thread 2026-03-01 17:28:52 [Info] [3632] PythonEngineImpl Init... 2026-03-01 17:28:53 [Info] [3632] recvmsg: HELLO 2026-03-01 17:28:53 [Info] [3632] recvmsg: WORK 2026-03-01 17:28:53 [Info] [3632] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-01 17:28:53 [Info] [3632] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-01 17:28:53 [Info] [3632] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-01 17:28:53 [Warn] [3632] high cpu, cpu is 11 2026-03-01 17:28:53 [Info] [3632] try get sys version 2026-03-01 17:28:53 [Info] [3632] win sys info:2/10:0:3 2026-03-01 17:28:53 [Info] [3632] suit legal version, enable cpu control 2026-03-01 17:28:53 [Warn] [3632] High CPU Warning: 11 2026-03-01 17:28:53 [Warn] [3632] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-01 17:28:53 [Info] [3632] log fd cnt is [250], real fd cnt is [282] 2026-03-01 17:28:53 [Info] [3632] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-01 17:28:53 [Info] [3632] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-01 17:28:53 [Info] [3632] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-01 17:28:54 [Info] [3632] log memory size is 20480KB, real memory size is 14572KB 2026-03-01 17:28:54 [Info] [3632] item: --windows-sysinfoext-check 2026-03-01 17:28:54 [Info] [3632] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-01 17:28:54 [Info] [3632] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-01 17:28:54 [Info] [3632] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-01 17:28:55 [Info] [3632] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-01 17:28:55 [Info] [3632] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-01 17:28:55 [Info] [3632] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-01 17:28:55 [Info] [3632] Prepare stage1: --windows-sysinfoext-check 2026-03-01 17:28:55 [Info] [3632] Prepare stage2 2026-03-01 17:28:58 [Info] [3632] log memory size is 30720KB, real memory size is 22768KB 2026-03-01 17:28:59 [Info] [3632] stage3: --windows-sysinfoext-check 2026-03-01 17:28:59 [Info] [3632] Loader after check 2026-03-01 17:28:59 [Warn] [3632] high cpu, cpu is 12 2026-03-01 17:28:59 [Warn] [3632] High CPU Warning: 12 2026-03-01 17:28:59 [Warn] [3632] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-01 17:29:00 [Info] [3632] Enter reuse wait state. 2026-03-01 17:29:03 [Info] [3632] recvmsg: EXIT 2026-03-01 17:29:03 [Info] [3632] Recv Exit Msg, Exit... 2026-03-01 19:39:36 [Info] [5084] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-01 19:39:36 [Info] [5084] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap198621772365176 2026-03-01 19:39:36 [Info] [5084] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-01 19:39:36 [Info] [5084] Resource monitor start 2026-03-01 19:39:36 [Info] [5084] ipc client init success 2026-03-01 19:39:36 [Info] [5084] Ipc init: 0 2026-03-01 19:39:36 [Info] [5084] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-01 19:39:36 [Info] [5084] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-01 19:39:36 [Info] [5084] start ipc thread id[4312] 2026-03-01 19:39:36 [Info] [5084] Connect Yundun ipc server return state is 0 2026-03-01 19:39:36 [Info] [5084] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-01 19:39:36 [Info] [5084] CResourceMonitor::run Enter 2026-03-01 19:39:36 [Info] [5084] CIpcMsgHandlerMgr::run Enter 2026-03-01 19:39:36 [Info] [5084] yundun connected 2026-03-01 19:39:36 [Info] [5084] Report thread 2026-03-01 19:39:36 [Info] [5084] Monitor thread 2026-03-01 19:39:36 [Info] [5084] Loader thread 2026-03-01 19:39:36 [Info] [5084] PythonEngineImpl Init... 2026-03-01 19:39:36 [Info] [5084] recvmsg: HELLO 2026-03-01 19:39:36 [Info] [5084] recvmsg: WORK 2026-03-01 19:39:36 [Info] [5084] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-01 19:39:36 [Info] [5084] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-01 19:39:36 [Info] [5084] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-01 19:39:37 [Info] [5084] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-01 19:39:37 [Info] [5084] log fd cnt is [250], real fd cnt is [282] 2026-03-01 19:39:37 [Info] [5084] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-01 19:39:37 [Info] [5084] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-01 19:39:38 [Info] [5084] log memory size is 20480KB, real memory size is 14512KB 2026-03-01 19:39:38 [Info] [5084] item: --secnet_rasp_agent 2026-03-01 19:39:38 [Info] [5084] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-01 19:39:38 [Info] [5084] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-01 19:39:38 [Info] [5084] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-03-01 19:39:38 [Info] [5084] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-01 19:39:38 [Info] [5084] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-03-01 19:39:38 [Info] [5084] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-03-01 19:39:38 [Info] [5084] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-03-01 19:39:38 [Info] [5084] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-03-01 19:39:38 [Info] [5084] Download redirect files success. 2026-03-01 19:39:38 [Info] [5084] Prepare stage1: --secnet_rasp_agent 2026-03-01 19:39:38 [Info] [5084] Prepare stage2 2026-03-01 19:39:39 [Info] [5084] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-01 19:39:39 [Info] [5084] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-01 19:39:39 [Info] [5084] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-01 19:39:40 [Info] [5084] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-01 19:39:40 [Info] [5084] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-03-01 19:39:40 [Info] [5084] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-01 19:39:40 [Info] [5084] stage3: --secnet_rasp_agent 2026-03-01 19:39:40 [Info] [5084] Loader after check 2026-03-01 19:39:41 [Info] [5084] Enter reuse wait state. 2026-03-01 19:39:42 [Info] [5084] log memory size is 30720KB, real memory size is 21084KB 2026-03-01 19:39:43 [Info] [5084] recvmsg: EXIT 2026-03-01 19:39:43 [Info] [5084] Recv Exit Msg, Exit... 2026-03-01 22:56:30 [Info] [2308] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-01 22:56:30 [Info] [2308] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap256471772376982 2026-03-01 22:56:30 [Info] [2308] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-01 22:56:34 [Info] [2308] Resource monitor start 2026-03-01 22:56:34 [Info] [2308] ipc client init success 2026-03-01 22:56:34 [Info] [2308] Ipc init: 0 2026-03-01 22:56:34 [Info] [2308] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-01 22:56:34 [Info] [2308] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-01 22:56:38 [Info] [2308] start ipc thread id[3992] 2026-03-01 22:56:38 [Info] [2308] Connect Yundun ipc server return state is 0 2026-03-01 22:56:38 [Info] [2308] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-01 22:56:38 [Info] [2308] CResourceMonitor::run Enter 2026-03-01 22:56:38 [Info] [2308] CIpcMsgHandlerMgr::run Enter 2026-03-01 22:56:40 [Info] [2308] Report thread 2026-03-01 22:56:40 [Info] [2308] Monitor thread 2026-03-01 22:56:40 [Info] [2308] Loader thread 2026-03-01 22:56:40 [Info] [2308] PythonEngineImpl Init... 2026-03-01 22:56:40 [Info] [2308] yundun connected 2026-03-01 22:56:40 [Info] [2308] log fd cnt is [250], real fd cnt is [261] 2026-03-01 22:56:40 [Info] [2308] recvmsg: HELLO 2026-03-01 22:56:40 [Info] [2308] recvmsg: WORK 2026-03-01 22:56:40 [Info] [2308] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-01 22:56:40 [Info] [2308] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-01 22:56:40 [Info] [2308] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-01 22:56:41 [Info] [2308] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-01 22:56:41 [Info] [2308] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-01 22:56:41 [Info] [2308] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-01 22:56:41 [Info] [2308] log memory size is 20480KB, real memory size is 14404KB 2026-03-01 22:56:42 [Info] [2308] item: --windows-sysinfoext-check 2026-03-01 22:56:42 [Info] [2308] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-01 22:56:42 [Info] [2308] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-01 22:56:42 [Info] [2308] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-01 22:56:42 [Info] [2308] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-01 22:56:42 [Info] [2308] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-01 22:56:42 [Info] [2308] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-01 22:56:42 [Info] [2308] Prepare stage1: --windows-sysinfoext-check 2026-03-01 22:56:42 [Info] [2308] Prepare stage2 2026-03-01 22:56:44 [Info] [2308] stage3: --windows-sysinfoext-check 2026-03-01 22:56:44 [Info] [2308] Loader after check 2026-03-01 22:56:44 [Warn] [2308] high cpu, cpu is 12 2026-03-01 22:56:44 [Info] [2308] try get sys version 2026-03-01 22:56:44 [Info] [2308] win sys info:2/10:0:3 2026-03-01 22:56:44 [Info] [2308] suit legal version, enable cpu control 2026-03-01 22:56:44 [Warn] [2308] High CPU Warning: 12 2026-03-01 22:56:44 [Warn] [2308] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-01 22:56:45 [Info] [2308] Enter reuse wait state. 2026-03-01 22:56:45 [Info] [2308] log memory size is 30720KB, real memory size is 22952KB 2026-03-01 22:56:50 [Info] [2308] recvmsg: EXIT 2026-03-01 22:56:50 [Info] [2308] Recv Exit Msg, Exit... 2026-03-08 03:03:15 [Info] [2952] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-08 03:03:15 [Info] [2952] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap301601772910185 2026-03-08 03:03:15 [Info] [2952] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-08 03:03:15 [Info] [2952] Resource monitor start 2026-03-08 03:03:15 [Info] [2952] ipc client init success 2026-03-08 03:03:15 [Info] [2952] Ipc init: 0 2026-03-08 03:03:15 [Info] [2952] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-08 03:03:15 [Info] [2952] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-08 03:03:15 [Info] [2952] start ipc thread id[3596] 2026-03-08 03:03:15 [Info] [2952] Connect Yundun ipc server return state is 0 2026-03-08 03:03:15 [Info] [2952] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-08 03:03:15 [Info] [2952] CResourceMonitor::run Enter 2026-03-08 03:03:15 [Info] [2952] CIpcMsgHandlerMgr::run Enter 2026-03-08 03:03:15 [Info] [2952] Report thread 2026-03-08 03:03:15 [Info] [2952] Monitor thread 2026-03-08 03:03:15 [Info] [2952] Loader thread 2026-03-08 03:03:15 [Info] [2952] PythonEngineImpl Init... 2026-03-08 03:03:21 [Info] [2952] yundun connected 2026-03-08 03:03:22 [Info] [2952] recvmsg: HELLO 2026-03-08 03:03:22 [Info] [2952] recvmsg: WORK 2026-03-08 03:03:22 [Info] [2952] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 03:03:22 [Info] [2952] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 03:03:22 [Info] [2952] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 03:03:23 [Info] [2952] log fd cnt is [250], real fd cnt is [264] 2026-03-08 03:03:24 [Info] [2952] log memory size is 20480KB, real memory size is 12940KB 2026-03-08 03:03:27 [Info] [2952] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-08 03:03:27 [Info] [2952] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 03:03:28 [Info] [2952] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-08 03:03:28 [Info] [2952] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-08 03:03:29 [Info] [2952] item: --windows-sysinfoext-check 2026-03-08 03:03:29 [Info] [2952] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-08 03:03:29 [Info] [2952] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-08 03:03:29 [Info] [2952] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 03:03:29 [Info] [2952] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 03:03:29 [Info] [2952] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-08 03:03:29 [Info] [2952] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-08 03:03:29 [Info] [2952] Prepare stage1: --windows-sysinfoext-check 2026-03-08 03:03:29 [Info] [2952] Prepare stage2 2026-03-08 03:03:32 [Info] [2952] log memory size is 30720KB, real memory size is 20616KB 2026-03-08 03:03:35 [Info] [2952] stage3: --windows-sysinfoext-check 2026-03-08 03:03:35 [Info] [2952] Loader after check 2026-03-08 03:03:36 [Info] [2952] Enter reuse wait state. 2026-03-08 03:03:40 [Info] [2952] recvmsg: EXIT 2026-03-08 03:03:40 [Info] [2952] Recv Exit Msg, Exit... 2026-03-08 07:57:16 [Info] [3380] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-08 07:57:16 [Info] [3380] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap222611772927835 2026-03-08 07:57:16 [Info] [3380] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-08 07:57:16 [Info] [3380] Resource monitor start 2026-03-08 07:57:16 [Info] [3380] ipc client init success 2026-03-08 07:57:16 [Info] [3380] Ipc init: 0 2026-03-08 07:57:16 [Info] [3380] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-08 07:57:16 [Info] [3380] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-08 07:57:16 [Info] [3380] CResourceMonitor::run Enter 2026-03-08 07:57:16 [Info] [3380] CIpcMsgHandlerMgr::run Enter 2026-03-08 07:57:16 [Info] [3380] start ipc thread id[3352] 2026-03-08 07:57:16 [Info] [3380] Connect Yundun ipc server return state is 0 2026-03-08 07:57:16 [Info] [3380] yundun connected 2026-03-08 07:57:16 [Info] [3380] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-08 07:57:16 [Info] [3380] Report thread 2026-03-08 07:57:16 [Info] [3380] Monitor thread 2026-03-08 07:57:16 [Info] [3380] Loader thread 2026-03-08 07:57:16 [Info] [3380] PythonEngineImpl Init... 2026-03-08 07:57:16 [Info] [3380] recvmsg: HELLO 2026-03-08 07:57:17 [Info] [3380] recvmsg: WORK 2026-03-08 07:57:17 [Info] [3380] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 07:57:17 [Info] [3380] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 07:57:17 [Info] [3380] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 07:57:17 [Info] [3380] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 07:57:17 [Info] [3380] log fd cnt is [250], real fd cnt is [286] 2026-03-08 07:57:17 [Info] [3380] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-08 07:57:17 [Info] [3380] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-08 07:57:18 [Info] [3380] log memory size is 20480KB, real memory size is 14628KB 2026-03-08 07:57:18 [Info] [3380] item: --windows-vul-clean 2026-03-08 07:57:18 [Info] [3380] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-08 07:57:18 [Info] [3380] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-08 07:57:18 [Info] [3380] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 07:57:19 [Info] [3380] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 07:57:19 [Info] [3380] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-03-08 07:57:19 [Info] [3380] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-03-08 07:57:19 [Info] [3380] Prepare stage1: --windows-vul-clean 2026-03-08 07:57:19 [Info] [3380] Prepare stage2 2026-03-08 07:57:19 [Info] [3380] stage3: --windows-vul-clean 2026-03-08 07:57:19 [Info] [3380] Loader after check 2026-03-08 07:57:20 [Info] [3380] Enter reuse wait state. 2026-03-08 07:57:23 [Info] [3380] recvmsg: EXIT 2026-03-08 07:57:23 [Info] [3380] Recv Exit Msg, Exit... 2026-03-08 08:32:22 [Info] [776] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-08 08:32:22 [Info] [776] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap291191772929935 2026-03-08 08:32:22 [Info] [776] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-08 08:32:22 [Info] [776] Resource monitor start 2026-03-08 08:32:22 [Info] [776] ipc client init success 2026-03-08 08:32:22 [Info] [776] Ipc init: 0 2026-03-08 08:32:22 [Info] [776] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-08 08:32:22 [Info] [776] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-08 08:32:22 [Info] [776] start ipc thread id[1212] 2026-03-08 08:32:22 [Info] [776] Connect Yundun ipc server return state is 0 2026-03-08 08:32:22 [Info] [776] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-08 08:32:22 [Info] [776] CResourceMonitor::run Enter 2026-03-08 08:32:22 [Info] [776] CIpcMsgHandlerMgr::run Enter 2026-03-08 08:32:27 [Info] [776] yundun connected 2026-03-08 08:32:27 [Info] [776] Report thread 2026-03-08 08:32:27 [Info] [776] Loader thread 2026-03-08 08:32:27 [Info] [776] PythonEngineImpl Init... 2026-03-08 08:32:27 [Info] [776] Monitor thread 2026-03-08 08:32:27 [Info] [776] recvmsg: HELLO 2026-03-08 08:32:27 [Info] [776] recvmsg: WORK 2026-03-08 08:32:27 [Info] [776] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 08:32:27 [Info] [776] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 08:32:27 [Info] [776] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 08:32:29 [Info] [776] log fd cnt is [250], real fd cnt is [264] 2026-03-08 08:32:30 [Info] [776] log memory size is 20480KB, real memory size is 12908KB 2026-03-08 08:32:34 [Info] [776] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 08:32:34 [Info] [776] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-08 08:32:34 [Info] [776] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-08 08:32:35 [Info] [776] item: --windows-sysinfoext-check 2026-03-08 08:32:35 [Info] [776] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-08 08:32:35 [Info] [776] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-08 08:32:35 [Info] [776] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 08:32:35 [Info] [776] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 08:32:36 [Info] [776] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-08 08:32:36 [Info] [776] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-08 08:32:36 [Info] [776] Prepare stage1: --windows-sysinfoext-check 2026-03-08 08:32:36 [Info] [776] Prepare stage2 2026-03-08 08:32:37 [Warn] [776] high cpu, cpu is 18 2026-03-08 08:32:37 [Info] [776] try get sys version 2026-03-08 08:32:37 [Info] [776] win sys info:2/10:0:3 2026-03-08 08:32:37 [Info] [776] suit legal version, enable cpu control 2026-03-08 08:32:37 [Warn] [776] High CPU Warning: 18 2026-03-08 08:32:38 [Warn] [776] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-08 08:32:39 [Info] [776] log memory size is 30720KB, real memory size is 22736KB 2026-03-08 08:32:39 [Info] [776] stage3: --windows-sysinfoext-check 2026-03-08 08:32:39 [Info] [776] Loader after check 2026-03-08 08:32:40 [Warn] [776] high cpu, cpu is 16 2026-03-08 08:32:40 [Warn] [776] High CPU Warning: 16 2026-03-08 08:32:40 [Info] [776] Enter reuse wait state. 2026-03-08 08:32:42 [Info] [776] recvmsg: EXIT 2026-03-08 08:32:42 [Info] [776] Recv Exit Msg, Exit... 2026-03-08 08:57:30 [Info] [3268] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-08 08:57:30 [Info] [3268] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap12981772931450 2026-03-08 08:57:30 [Info] [3268] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-08 08:57:30 [Info] [3268] Resource monitor start 2026-03-08 08:57:30 [Info] [3268] ipc client init success 2026-03-08 08:57:30 [Info] [3268] Ipc init: 0 2026-03-08 08:57:30 [Info] [3268] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-08 08:57:30 [Info] [3268] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-08 08:57:30 [Info] [3268] start ipc thread id[520] 2026-03-08 08:57:30 [Info] [3268] Connect Yundun ipc server return state is 0 2026-03-08 08:57:30 [Info] [3268] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-08 08:57:30 [Info] [3268] CResourceMonitor::run Enter 2026-03-08 08:57:30 [Info] [3268] CIpcMsgHandlerMgr::run Enter 2026-03-08 08:57:30 [Info] [3268] Report thread 2026-03-08 08:57:30 [Info] [3268] Monitor thread 2026-03-08 08:57:30 [Info] [3268] Loader thread 2026-03-08 08:57:30 [Info] [3268] PythonEngineImpl Init... 2026-03-08 08:57:30 [Info] [3268] yundun connected 2026-03-08 08:57:30 [Info] [3268] recvmsg: HELLO 2026-03-08 08:57:30 [Info] [3268] recvmsg: WORK 2026-03-08 08:57:30 [Info] [3268] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 08:57:30 [Info] [3268] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 08:57:30 [Info] [3268] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 08:57:31 [Info] [3268] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 08:57:31 [Info] [3268] log fd cnt is [250], real fd cnt is [282] 2026-03-08 08:57:31 [Info] [3268] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-08 08:57:31 [Info] [3268] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-08 08:57:32 [Info] [3268] log memory size is 20480KB, real memory size is 14504KB 2026-03-08 08:57:32 [Info] [3268] item: --windows-process-check 2026-03-08 08:57:32 [Info] [3268] cgroup name aegisRtap0 2026-03-08 08:57:32 [Info] [3268] try get sys version 2026-03-08 08:57:32 [Info] [3268] win sys info:2/10:0:3 2026-03-08 08:57:32 [Info] [3268] suit legal version, enable cpu control 2026-03-08 08:57:32 [Info] [3268] get AssignProcessToJobObject handle [00000478] 2026-03-08 08:57:32 [Info] [3268] Set setJobExtended. 2026-03-08 08:57:32 [Info] [3268] Set cpu [9%] 2026-03-08 08:57:32 [Info] [3268] Set cpu success 2026-03-08 08:57:32 [Info] [3268] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-08 08:57:32 [Info] [3268] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-08 08:57:32 [Info] [3268] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 08:57:32 [Info] [3268] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 08:57:32 [Info] [3268] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-03-08 08:57:32 [Info] [3268] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-03-08 08:57:33 [Info] [3268] Prepare stage1: --windows-process-check 2026-03-08 08:57:33 [Info] [3268] Prepare stage2 2026-03-08 08:57:44 [Info] [3268] log memory size is 30720KB, real memory size is 20532KB 2026-03-08 08:57:53 [Info] [3268] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-08 08:57:53 [Info] [3268] stage3: --windows-process-check 2026-03-08 08:57:53 [Info] [3268] Loader after check 2026-03-08 08:57:54 [Info] [3268] Enter reuse wait state. 2026-03-08 08:57:58 [Info] [3268] recvmsg: EXIT 2026-03-08 08:57:58 [Info] [3268] Recv Exit Msg, Exit... 2026-03-08 10:33:18 [Info] [3608] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-08 10:33:18 [Info] [3608] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap200651772937197 2026-03-08 10:33:18 [Info] [3608] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-08 10:33:18 [Info] [3608] Resource monitor start 2026-03-08 10:33:18 [Info] [3608] ipc client init success 2026-03-08 10:33:18 [Info] [3608] Ipc init: 0 2026-03-08 10:33:18 [Info] [3608] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-08 10:33:18 [Info] [3608] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-08 10:33:18 [Info] [3608] CResourceMonitor::run Enter 2026-03-08 10:33:18 [Info] [3608] CIpcMsgHandlerMgr::run Enter 2026-03-08 10:33:18 [Info] [3608] start ipc thread id[4136] 2026-03-08 10:33:18 [Info] [3608] Connect Yundun ipc server return state is 0 2026-03-08 10:33:19 [Info] [3608] yundun connected 2026-03-08 10:33:19 [Info] [3608] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-08 10:33:19 [Info] [3608] Report thread 2026-03-08 10:33:19 [Info] [3608] Monitor thread 2026-03-08 10:33:19 [Info] [3608] Loader thread 2026-03-08 10:33:19 [Info] [3608] PythonEngineImpl Init... 2026-03-08 10:33:19 [Info] [3608] recvmsg: HELLO 2026-03-08 10:33:19 [Info] [3608] recvmsg: WORK 2026-03-08 10:33:19 [Info] [3608] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 10:33:19 [Info] [3608] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 10:33:19 [Info] [3608] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 10:33:19 [Info] [3608] log fd cnt is [250], real fd cnt is [282] 2026-03-08 10:33:19 [Info] [3608] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 10:33:20 [Info] [3608] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-08 10:33:20 [Info] [3608] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-08 10:33:20 [Info] [3608] log memory size is 20480KB, real memory size is 14556KB 2026-03-08 10:33:21 [Info] [3608] item: --windows-registry-check 2026-03-08 10:33:21 [Info] [3608] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-08 10:33:21 [Info] [3608] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-08 10:33:21 [Info] [3608] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 10:33:21 [Info] [3608] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 10:33:21 [Info] [3608] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-03-08 10:33:21 [Info] [3608] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-03-08 10:33:21 [Info] [3608] Prepare stage1: --windows-registry-check 2026-03-08 10:33:21 [Info] [3608] Prepare stage2 2026-03-08 10:33:38 [Info] [3608] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-08 10:33:50 [Info] [3608] stage3: --windows-registry-check 2026-03-08 10:33:50 [Info] [3608] Loader after check 2026-03-08 10:33:51 [Info] [3608] Enter reuse wait state. 2026-03-08 10:33:52 [Info] [2192] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-08 10:33:52 [Info] [2192] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap201801772937232 2026-03-08 10:33:52 [Info] [2192] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-08 10:33:52 [Info] [2192] Resource monitor start 2026-03-08 10:33:52 [Info] [2192] ipc client init success 2026-03-08 10:33:52 [Info] [2192] Ipc init: 0 2026-03-08 10:33:52 [Info] [2192] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-08 10:33:52 [Info] [2192] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-08 10:33:52 [Info] [2192] start ipc thread id[3804] 2026-03-08 10:33:52 [Info] [2192] Connect Yundun ipc server return state is 0 2026-03-08 10:33:52 [Info] [2192] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-08 10:33:52 [Info] [2192] CResourceMonitor::run Enter 2026-03-08 10:33:52 [Info] [2192] CIpcMsgHandlerMgr::run Enter 2026-03-08 10:33:52 [Info] [2192] Report thread 2026-03-08 10:33:52 [Info] [2192] Monitor thread 2026-03-08 10:33:52 [Info] [2192] Loader thread 2026-03-08 10:33:52 [Info] [2192] PythonEngineImpl Init... 2026-03-08 10:33:52 [Info] [2192] yundun connected 2026-03-08 10:33:52 [Info] [2192] recvmsg: HELLO 2026-03-08 10:33:52 [Info] [2192] recvmsg: WORK 2026-03-08 10:33:52 [Info] [2192] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 10:33:52 [Info] [2192] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 10:33:52 [Info] [2192] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 10:33:53 [Info] [2192] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 10:33:53 [Info] [2192] log fd cnt is [250], real fd cnt is [282] 2026-03-08 10:33:53 [Info] [2192] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-08 10:33:53 [Info] [2192] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-08 10:33:54 [Info] [2192] log memory size is 20480KB, real memory size is 14484KB 2026-03-08 10:33:54 [Info] [2192] item: --windows-schedule-task-check 2026-03-08 10:33:54 [Info] [2192] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-08 10:33:54 [Info] [2192] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-08 10:33:54 [Info] [2192] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 10:33:54 [Info] [2192] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 10:33:54 [Info] [2192] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-03-08 10:33:54 [Info] [2192] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-03-08 10:33:54 [Info] [2192] Prepare stage1: --windows-schedule-task-check 2026-03-08 10:33:54 [Info] [2192] Prepare stage2 2026-03-08 10:33:55 [Info] [3608] recvmsg: EXIT 2026-03-08 10:33:55 [Info] [3608] Recv Exit Msg, Exit... 2026-03-08 10:33:58 [Info] [2192] log memory size is 30720KB, real memory size is 23180KB 2026-03-08 10:34:27 [Info] [2192] stage3: --windows-schedule-task-check 2026-03-08 10:34:27 [Info] [2192] Loader after check 2026-03-08 10:34:28 [Info] [2192] Enter reuse wait state. 2026-03-08 10:34:30 [Info] [2192] recvmsg: EXIT 2026-03-08 10:34:30 [Info] [2192] Recv Exit Msg, Exit... 2026-03-08 10:46:55 [Info] [572] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-08 10:46:55 [Info] [572] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap227371772938015 2026-03-08 10:46:55 [Info] [572] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-08 10:46:55 [Info] [572] Resource monitor start 2026-03-08 10:46:55 [Info] [572] ipc client init success 2026-03-08 10:46:55 [Info] [572] Ipc init: 0 2026-03-08 10:46:55 [Info] [572] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-08 10:46:55 [Info] [572] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-08 10:46:55 [Info] [572] start ipc thread id[696] 2026-03-08 10:46:55 [Info] [572] Connect Yundun ipc server return state is 0 2026-03-08 10:46:55 [Info] [572] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-08 10:46:55 [Info] [572] CResourceMonitor::run Enter 2026-03-08 10:46:55 [Info] [572] CIpcMsgHandlerMgr::run Enter 2026-03-08 10:46:55 [Info] [572] Report thread 2026-03-08 10:46:55 [Info] [572] Monitor thread 2026-03-08 10:46:55 [Info] [572] Loader thread 2026-03-08 10:46:55 [Info] [572] PythonEngineImpl Init... 2026-03-08 10:46:55 [Info] [572] yundun connected 2026-03-08 10:46:56 [Info] [572] recvmsg: HELLO 2026-03-08 10:46:56 [Info] [572] recvmsg: WORK 2026-03-08 10:46:56 [Info] [572] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 10:46:56 [Info] [572] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 10:46:56 [Info] [572] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 10:46:56 [Info] [572] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 10:46:56 [Info] [572] log fd cnt is [250], real fd cnt is [282] 2026-03-08 10:46:56 [Info] [572] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-08 10:46:56 [Info] [572] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-08 10:46:57 [Info] [572] log memory size is 20480KB, real memory size is 14496KB 2026-03-08 10:46:58 [Info] [572] item: --windows-driver-version-check 2026-03-08 10:46:58 [Info] [572] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-08 10:46:58 [Info] [572] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-08 10:46:58 [Info] [572] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 10:46:58 [Info] [572] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 10:46:58 [Info] [572] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-03-08 10:46:58 [Info] [572] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-03-08 10:46:58 [Info] [572] Prepare stage1: --windows-driver-version-check 2026-03-08 10:46:58 [Info] [572] Prepare stage2 2026-03-08 10:46:58 [Info] [572] stage3: --windows-driver-version-check 2026-03-08 10:46:58 [Info] [572] Loader after check 2026-03-08 10:46:59 [Info] [572] Enter reuse wait state. 2026-03-08 10:47:03 [Info] [572] recvmsg: EXIT 2026-03-08 10:47:03 [Info] [572] Recv Exit Msg, Exit... 2026-03-08 10:52:58 [Info] [1276] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-08 10:52:58 [Info] [1276] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap239221772938378 2026-03-08 10:52:58 [Info] [1276] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-08 10:52:58 [Info] [1276] Resource monitor start 2026-03-08 10:52:58 [Info] [1276] ipc client init success 2026-03-08 10:52:58 [Info] [1276] Ipc init: 0 2026-03-08 10:52:58 [Info] [1276] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-08 10:52:58 [Info] [1276] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-08 10:52:58 [Info] [1276] start ipc thread id[4112] 2026-03-08 10:52:58 [Info] [1276] Connect Yundun ipc server return state is 0 2026-03-08 10:52:58 [Info] [1276] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-08 10:52:58 [Info] [1276] CResourceMonitor::run Enter 2026-03-08 10:52:58 [Info] [1276] CIpcMsgHandlerMgr::run Enter 2026-03-08 10:52:58 [Info] [1276] Report thread 2026-03-08 10:52:58 [Info] [1276] Monitor thread 2026-03-08 10:52:58 [Info] [1276] Loader thread 2026-03-08 10:52:58 [Info] [1276] PythonEngineImpl Init... 2026-03-08 10:52:58 [Info] [1276] yundun connected 2026-03-08 10:52:58 [Info] [1276] recvmsg: HELLO 2026-03-08 10:52:58 [Info] [1276] recvmsg: WORK 2026-03-08 10:52:58 [Info] [1276] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 10:52:58 [Info] [1276] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 10:52:58 [Info] [1276] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 10:52:59 [Info] [1276] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 10:52:59 [Info] [1276] log fd cnt is [250], real fd cnt is [282] 2026-03-08 10:52:59 [Info] [1276] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-08 10:52:59 [Info] [1276] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-08 10:53:00 [Info] [1276] log memory size is 20480KB, real memory size is 14504KB 2026-03-08 10:53:00 [Info] [1276] item: --sca 2026-03-08 10:53:00 [Info] [1276] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-08 10:53:00 [Info] [1276] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-08 10:53:00 [Info] [1276] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca.py 2026-03-08 10:53:00 [Info] [1276] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-03-08 10:53:00 [Info] [1276] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_utils.py 2026-03-08 10:53:00 [Info] [1276] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_common_proc.py 2026-03-08 10:53:00 [Info] [1276] Download redirect file, local file md5 check ok: rtap_file/official/1757387557_sca_new_rules_2_35_0_official/win32/plugin/sca_java_proc.py 2026-03-08 10:53:00 [Info] [1276] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-03-08 10:53:00 [Info] [1276] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-03-08 10:53:01 [Info] [1276] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-03-08 10:53:01 [Info] [1276] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-03-08 10:53:01 [Info] [1276] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-03-08 10:53:01 [Info] [1276] Download redirect files success. 2026-03-08 10:53:01 [Info] [1276] Prepare stage1: --sca 2026-03-08 10:53:01 [Info] [1276] Prepare stage2 2026-03-08 10:53:03 [Warn] [1276] high cpu, cpu is 21 2026-03-08 10:53:03 [Info] [1276] try get sys version 2026-03-08 10:53:03 [Info] [1276] win sys info:2/10:0:3 2026-03-08 10:53:03 [Info] [1276] suit legal version, enable cpu control 2026-03-08 10:53:03 [Warn] [1276] High CPU Warning: 21 2026-03-08 10:53:03 [Warn] [1276] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-08 10:53:04 [Info] [1276] log memory size is 30720KB, real memory size is 32344KB 2026-03-08 10:53:08 [Info] [1276] log memory size is 40960KB, real memory size is 32844KB 2026-03-08 10:53:36 [Warn] [1276] high cpu, cpu is 26 2026-03-08 10:53:36 [Warn] [1276] High CPU Warning: 26 2026-03-08 10:53:36 [Warn] [1276] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:sca_utils.py line: 3605 in func: get_listening_by_pid File:sca_utils.py line: 3629 in func: listening File:sca.py line: 205 in func: init_analyzer File:sca.py line: 390 in func: start 2026-03-08 10:53:37 [Info] [1276] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-08 10:53:37 [Info] [1276] stage3: --sca 2026-03-08 10:53:37 [Info] [1276] Loader after check 2026-03-08 10:53:38 [Info] [1276] Enter reuse wait state. 2026-03-08 10:53:42 [Info] [1276] recvmsg: EXIT 2026-03-08 10:53:42 [Info] [1276] Recv Exit Msg, Exit... 2026-03-08 11:02:42 [Info] [2332] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-08 11:02:42 [Info] [2332] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap258291772938962 2026-03-08 11:02:42 [Info] [2332] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-08 11:02:42 [Info] [2332] Resource monitor start 2026-03-08 11:02:42 [Info] [2332] ipc client init success 2026-03-08 11:02:42 [Info] [2332] Ipc init: 0 2026-03-08 11:02:42 [Info] [2332] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-08 11:02:42 [Info] [2332] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-08 11:02:42 [Info] [2332] start ipc thread id[3800] 2026-03-08 11:02:42 [Info] [2332] Connect Yundun ipc server return state is 0 2026-03-08 11:02:42 [Info] [2332] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-08 11:02:42 [Info] [2332] CResourceMonitor::run Enter 2026-03-08 11:02:42 [Info] [2332] CIpcMsgHandlerMgr::run Enter 2026-03-08 11:02:42 [Info] [2332] Report thread 2026-03-08 11:02:42 [Info] [2332] Monitor thread 2026-03-08 11:02:42 [Info] [2332] Loader thread 2026-03-08 11:02:42 [Info] [2332] PythonEngineImpl Init... 2026-03-08 11:02:42 [Info] [2332] yundun connected 2026-03-08 11:02:42 [Info] [2332] recvmsg: HELLO 2026-03-08 11:02:42 [Info] [2332] recvmsg: WORK 2026-03-08 11:02:42 [Info] [2332] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 11:02:42 [Info] [2332] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 11:02:42 [Info] [2332] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 11:02:42 [Info] [2332] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 11:02:43 [Info] [2332] log fd cnt is [250], real fd cnt is [282] 2026-03-08 11:02:43 [Info] [2332] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-08 11:02:43 [Info] [2332] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-08 11:02:44 [Info] [2332] log memory size is 20480KB, real memory size is 14600KB 2026-03-08 11:02:44 [Info] [2332] item: --tcp-connect-check 2026-03-08 11:02:44 [Info] [2332] cgroup name aegisRtap0 2026-03-08 11:02:44 [Info] [2332] try get sys version 2026-03-08 11:02:44 [Info] [2332] win sys info:2/10:0:3 2026-03-08 11:02:44 [Info] [2332] suit legal version, enable cpu control 2026-03-08 11:02:44 [Info] [2332] get AssignProcessToJobObject handle [00000478] 2026-03-08 11:02:44 [Info] [2332] Set setJobExtended. 2026-03-08 11:02:44 [Info] [2332] Set cpu [9%] 2026-03-08 11:02:44 [Info] [2332] Set cpu success 2026-03-08 11:02:44 [Info] [2332] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-08 11:02:44 [Info] [2332] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-08 11:02:44 [Info] [2332] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 11:02:44 [Info] [2332] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 11:02:44 [Info] [2332] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-03-08 11:02:44 [Info] [2332] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-03-08 11:02:44 [Info] [2332] Prepare stage1: --tcp-connect-check 2026-03-08 11:02:44 [Info] [2332] Prepare stage2 2026-03-08 11:02:47 [Info] [2332] stage3: --tcp-connect-check 2026-03-08 11:02:47 [Info] [2332] Loader after check 2026-03-08 11:02:49 [Info] [2332] Enter reuse wait state. 2026-03-08 11:02:53 [Info] [2332] recvmsg: EXIT 2026-03-08 11:02:53 [Info] [2332] Recv Exit Msg, Exit... 2026-03-08 11:11:37 [Info] [2996] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-08 11:11:37 [Info] [2996] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap275761772939497 2026-03-08 11:11:37 [Info] [2996] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-08 11:11:37 [Info] [2996] Resource monitor start 2026-03-08 11:11:37 [Info] [2996] ipc client init success 2026-03-08 11:11:37 [Info] [2996] Ipc init: 0 2026-03-08 11:11:37 [Info] [2996] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-08 11:11:37 [Info] [2996] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-08 11:11:37 [Info] [2996] start ipc thread id[3616] 2026-03-08 11:11:37 [Info] [2996] Connect Yundun ipc server return state is 0 2026-03-08 11:11:37 [Info] [2996] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-08 11:11:37 [Info] [2996] CResourceMonitor::run Enter 2026-03-08 11:11:37 [Info] [2996] CIpcMsgHandlerMgr::run Enter 2026-03-08 11:11:37 [Info] [2996] Report thread 2026-03-08 11:11:37 [Info] [2996] Monitor thread 2026-03-08 11:11:37 [Info] [2996] Loader thread 2026-03-08 11:11:37 [Info] [2996] PythonEngineImpl Init... 2026-03-08 11:11:37 [Info] [2996] yundun connected 2026-03-08 11:11:38 [Info] [2996] recvmsg: HELLO 2026-03-08 11:11:38 [Info] [2996] recvmsg: WORK 2026-03-08 11:11:38 [Info] [2996] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 11:11:38 [Info] [2996] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 11:11:38 [Info] [2996] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 11:11:38 [Info] [2996] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 11:11:38 [Info] [2996] log fd cnt is [250], real fd cnt is [282] 2026-03-08 11:11:38 [Info] [2996] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-08 11:11:38 [Info] [2996] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-08 11:11:39 [Info] [2996] log memory size is 20480KB, real memory size is 14512KB 2026-03-08 11:11:40 [Info] [2996] item: --windows-autorun-item-check 2026-03-08 11:11:40 [Info] [2996] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-08 11:11:40 [Info] [2996] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-08 11:11:40 [Info] [2996] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 11:11:40 [Info] [2996] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 11:11:40 [Info] [2996] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-03-08 11:11:40 [Info] [2996] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-03-08 11:11:40 [Info] [2996] Prepare stage1: --windows-autorun-item-check 2026-03-08 11:11:40 [Info] [2996] Prepare stage2 2026-03-08 11:11:43 [Info] [2996] log memory size is 30720KB, real memory size is 22288KB 2026-03-08 11:11:50 [Info] [2996] stage3: --windows-autorun-item-check 2026-03-08 11:11:50 [Info] [2996] Loader after check 2026-03-08 11:11:51 [Info] [2996] Enter reuse wait state. 2026-03-08 11:11:53 [Info] [2996] recvmsg: EXIT 2026-03-08 11:11:53 [Info] [2996] Recv Exit Msg, Exit... 2026-03-08 14:03:01 [Info] [3668] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-08 14:03:01 [Info] [3668] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap283361772949764 2026-03-08 14:03:01 [Info] [3668] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-08 14:03:01 [Info] [3668] Resource monitor start 2026-03-08 14:03:01 [Info] [3668] ipc client init success 2026-03-08 14:03:01 [Info] [3668] Ipc init: 0 2026-03-08 14:03:01 [Info] [3668] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-08 14:03:01 [Info] [3668] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-08 14:03:01 [Info] [3668] start ipc thread id[1828] 2026-03-08 14:03:01 [Info] [3668] Connect Yundun ipc server return state is 0 2026-03-08 14:03:01 [Info] [3668] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-08 14:03:07 [Info] [3668] CResourceMonitor::run Enter 2026-03-08 14:03:07 [Info] [3668] CIpcMsgHandlerMgr::run Enter 2026-03-08 14:03:07 [Info] [3668] yundun connected 2026-03-08 14:03:07 [Info] [3668] Report thread 2026-03-08 14:03:07 [Info] [3668] Monitor thread 2026-03-08 14:03:07 [Info] [3668] Loader thread 2026-03-08 14:03:07 [Info] [3668] PythonEngineImpl Init... 2026-03-08 14:03:07 [Info] [3668] recvmsg: HELLO 2026-03-08 14:03:08 [Info] [3668] log fd cnt is [250], real fd cnt is [263] 2026-03-08 14:03:08 [Info] [3668] recvmsg: WORK 2026-03-08 14:03:08 [Info] [3668] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 14:03:08 [Info] [3668] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 14:03:08 [Info] [3668] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 14:03:08 [Info] [3668] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 14:03:08 [Info] [3668] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-08 14:03:08 [Info] [3668] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-08 14:03:09 [Info] [3668] log memory size is 20480KB, real memory size is 14488KB 2026-03-08 14:03:10 [Info] [3668] item: --windows-sysinfoext-check 2026-03-08 14:03:10 [Info] [3668] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-08 14:03:10 [Info] [3668] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-08 14:03:10 [Info] [3668] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 14:03:10 [Info] [3668] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 14:03:10 [Info] [3668] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-08 14:03:10 [Info] [3668] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-08 14:03:10 [Info] [3668] Prepare stage1: --windows-sysinfoext-check 2026-03-08 14:03:10 [Info] [3668] Prepare stage2 2026-03-08 14:03:13 [Info] [3668] log memory size is 30720KB, real memory size is 22784KB 2026-03-08 14:03:13 [Info] [3668] stage3: --windows-sysinfoext-check 2026-03-08 14:03:13 [Info] [3668] Loader after check 2026-03-08 14:03:14 [Warn] [3668] high cpu, cpu is 12 2026-03-08 14:03:14 [Info] [3668] try get sys version 2026-03-08 14:03:14 [Info] [3668] win sys info:2/10:0:3 2026-03-08 14:03:14 [Info] [3668] suit legal version, enable cpu control 2026-03-08 14:03:14 [Warn] [3668] High CPU Warning: 12 2026-03-08 14:03:14 [Warn] [3668] resource monitor exp type: High CPU Warning, script runing: 0 2026-03-08 14:03:14 [Info] [3668] Enter reuse wait state. 2026-03-08 14:03:17 [Info] [3668] recvmsg: EXIT 2026-03-08 14:03:17 [Info] [3668] Recv Exit Msg, Exit... 2026-03-08 19:30:47 [Info] [832] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-08 19:30:47 [Info] [832] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap270401772969436 2026-03-08 19:30:47 [Info] [832] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-08 19:30:47 [Info] [832] Resource monitor start 2026-03-08 19:30:47 [Info] [832] ipc client init success 2026-03-08 19:30:47 [Info] [832] Ipc init: 0 2026-03-08 19:30:47 [Info] [832] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-08 19:30:47 [Info] [832] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-08 19:30:47 [Info] [832] start ipc thread id[1056] 2026-03-08 19:30:47 [Info] [832] Connect Yundun ipc server return state is 0 2026-03-08 19:30:47 [Info] [832] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-08 19:30:47 [Info] [832] CResourceMonitor::run Enter 2026-03-08 19:30:47 [Info] [832] CIpcMsgHandlerMgr::run Enter 2026-03-08 19:30:47 [Info] [832] yundun connected 2026-03-08 19:30:47 [Info] [832] Report thread 2026-03-08 19:30:47 [Info] [832] Monitor thread 2026-03-08 19:30:47 [Info] [832] Loader thread 2026-03-08 19:30:47 [Info] [832] PythonEngineImpl Init... 2026-03-08 19:30:55 [Info] [832] recvmsg: HELLO 2026-03-08 19:30:55 [Info] [832] recvmsg: WORK 2026-03-08 19:30:55 [Info] [832] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 19:30:55 [Info] [832] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 19:30:55 [Info] [832] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 19:30:58 [Info] [832] log fd cnt is [250], real fd cnt is [264] 2026-03-08 19:31:00 [Info] [832] log memory size is 20480KB, real memory size is 13308KB 2026-03-08 19:31:00 [Info] [2220] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-08 19:31:00 [Info] [2220] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap270931772969452 2026-03-08 19:31:00 [Info] [2220] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-08 19:31:00 [Info] [2220] Resource monitor start 2026-03-08 19:31:00 [Info] [2220] ipc client init success 2026-03-08 19:31:00 [Info] [2220] Ipc init: 0 2026-03-08 19:31:00 [Info] [2220] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-08 19:31:00 [Info] [2220] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-08 19:31:00 [Info] [2220] start ipc thread id[2000] 2026-03-08 19:31:00 [Info] [2220] Connect Yundun ipc server return state is 0 2026-03-08 19:31:00 [Info] [2220] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-08 19:31:00 [Info] [2220] CResourceMonitor::run Enter 2026-03-08 19:31:00 [Info] [2220] CIpcMsgHandlerMgr::run Enter 2026-03-08 19:31:00 [Info] [2220] yundun connected 2026-03-08 19:31:00 [Info] [2220] Report thread 2026-03-08 19:31:00 [Info] [2220] Monitor thread 2026-03-08 19:31:00 [Info] [2220] Loader thread 2026-03-08 19:31:00 [Info] [2220] PythonEngineImpl Init... 2026-03-08 19:31:00 [Info] [2220] recvmsg: HELLO 2026-03-08 19:31:00 [Info] [2220] recvmsg: WORK 2026-03-08 19:31:01 [Info] [2220] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 19:31:01 [Info] [2220] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 19:31:01 [Info] [2220] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 19:31:01 [Info] [832] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 19:31:01 [Info] [2220] log fd cnt is [250], real fd cnt is [264] 2026-03-08 19:31:01 [Info] [2220] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 19:31:01 [Info] [2220] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-08 19:31:01 [Info] [2220] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-08 19:31:01 [Info] [832] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-08 19:31:01 [Info] [832] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-08 19:31:02 [Info] [2220] log memory size is 20480KB, real memory size is 14516KB 2026-03-08 19:31:02 [Info] [832] item: --windows-sysinfoext-check 2026-03-08 19:31:02 [Info] [832] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-08 19:31:02 [Info] [832] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-08 19:31:02 [Info] [832] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 19:31:02 [Info] [832] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 19:31:02 [Info] [2220] item: --windows-vul-check 2026-03-08 19:31:02 [Info] [2220] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-08 19:31:02 [Info] [2220] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-08 19:31:02 [Info] [2220] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/windows-vul-check.py 2026-03-08 19:31:03 [Info] [832] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-08 19:31:03 [Info] [832] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-08 19:31:03 [Info] [832] Prepare stage1: --windows-sysinfoext-check 2026-03-08 19:31:03 [Info] [2220] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-08 19:31:03 [Info] [832] Prepare stage2 2026-03-08 19:31:03 [Info] [2220] Download redirect files success. 2026-03-08 19:31:03 [Info] [2220] Prepare stage1: --windows-vul-check 2026-03-08 19:31:03 [Info] [2220] Prepare stage2 2026-03-08 19:31:03 [Warn] [2220] high cpu, cpu is 12 2026-03-08 19:31:03 [Info] [2220] try get sys version 2026-03-08 19:31:03 [Info] [2220] win sys info:2/10:0:3 2026-03-08 19:31:03 [Info] [2220] suit legal version, enable cpu control 2026-03-08 19:31:03 [Warn] [2220] High CPU Warning: 12 2026-03-08 19:31:03 [Warn] [2220] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-vul-check.py line: 28 in func: <module> 2026-03-08 19:31:03 [Info] [2220] start DownLoadBuffer update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-03-08 19:31:03 [Info] [2220] start do http get request for update.aegis.aliyun.com/download/win32/sysvul/formal/2016.dat 2026-03-08 19:31:03 [Info] [2220] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 19:31:03 [Info] [2220] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 19:31:03 [Info] [2220] start DownLoadBuffer aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-03-08 19:31:03 [Info] [2220] start do http get request for aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5 2026-03-08 19:31:03 [Info] [2220] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat.md5, http code : 200, curl ret : 0 2026-03-08 19:31:03 [Info] [2220] http request success : https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat, http code : 200, curl ret : 0 2026-03-08 19:31:03 [Info] [2220] http download from redirect url success with https://aegis.alicdn.com/download/win32/sysvul/formal/2016.dat 2026-03-08 19:31:03 [Info] [2220] DownLoadFile ok C:\Program Files (x86)\Alibaba\Aegis\aegis_client\aegis_12_80\rule\vuldata_v2.dat 2026-03-08 19:31:04 [Info] [832] log memory size is 30720KB, real memory size is 22712KB 2026-03-08 19:31:04 [Info] [2220] stage3: --windows-vul-check 2026-03-08 19:31:04 [Info] [2220] Loader after check 2026-03-08 19:31:05 [Info] [2220] Enter reuse wait state. 2026-03-08 19:31:06 [Info] [832] stage3: --windows-sysinfoext-check 2026-03-08 19:31:06 [Info] [832] Loader after check 2026-03-08 19:31:06 [Info] [2220] log memory size is 30720KB, real memory size is 23220KB 2026-03-08 19:31:07 [Info] [832] Enter reuse wait state. 2026-03-08 19:31:07 [Info] [2220] recvmsg: EXIT 2026-03-08 19:31:07 [Info] [2220] Recv Exit Msg, Exit... 2026-03-08 19:31:13 [Info] [832] recvmsg: EXIT 2026-03-08 19:31:13 [Info] [832] Recv Exit Msg, Exit... 2026-03-08 20:59:06 [Info] [5084] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-08 20:59:06 [Info] [5084] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap116131772974746 2026-03-08 20:59:06 [Info] [5084] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-08 20:59:06 [Info] [5084] Resource monitor start 2026-03-08 20:59:06 [Info] [5084] ipc client init success 2026-03-08 20:59:06 [Info] [5084] Ipc init: 0 2026-03-08 20:59:06 [Info] [5084] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-08 20:59:06 [Info] [5084] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-08 20:59:06 [Info] [5084] start ipc thread id[2464] 2026-03-08 20:59:06 [Info] [5084] Connect Yundun ipc server return state is 0 2026-03-08 20:59:06 [Info] [5084] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-08 20:59:06 [Info] [5084] CResourceMonitor::run Enter 2026-03-08 20:59:06 [Info] [5084] CIpcMsgHandlerMgr::run Enter 2026-03-08 20:59:06 [Info] [5084] Report thread 2026-03-08 20:59:06 [Info] [5084] Monitor thread 2026-03-08 20:59:06 [Info] [5084] Loader thread 2026-03-08 20:59:06 [Info] [5084] PythonEngineImpl Init... 2026-03-08 20:59:06 [Info] [5084] yundun connected 2026-03-08 20:59:06 [Info] [5084] recvmsg: HELLO 2026-03-08 20:59:06 [Info] [5084] recvmsg: WORK 2026-03-08 20:59:06 [Info] [5084] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 20:59:06 [Info] [5084] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-08 20:59:06 [Info] [5084] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 20:59:07 [Info] [5084] log fd cnt is [250], real fd cnt is [274] 2026-03-08 20:59:08 [Info] [5084] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 20:59:08 [Info] [5084] log memory size is 20480KB, real memory size is 14320KB 2026-03-08 20:59:08 [Info] [5084] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-08 20:59:08 [Info] [5084] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-08 20:59:09 [Info] [5084] item: --secnet_rasp_agent 2026-03-08 20:59:09 [Info] [5084] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-08 20:59:09 [Info] [5084] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-08 20:59:09 [Info] [5084] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-03-08 20:59:09 [Info] [5084] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-08 20:59:09 [Info] [5084] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-03-08 20:59:09 [Info] [5084] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-03-08 20:59:09 [Info] [5084] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-03-08 20:59:09 [Info] [5084] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-03-08 20:59:09 [Info] [5084] Download redirect files success. 2026-03-08 20:59:09 [Info] [5084] Prepare stage1: --secnet_rasp_agent 2026-03-08 20:59:09 [Info] [5084] Prepare stage2 2026-03-08 20:59:10 [Info] [5084] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-08 20:59:10 [Info] [5084] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-08 20:59:10 [Info] [5084] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-08 20:59:10 [Info] [5084] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-08 20:59:11 [Info] [5084] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-03-08 20:59:11 [Info] [5084] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-08 20:59:11 [Info] [5084] stage3: --secnet_rasp_agent 2026-03-08 20:59:11 [Info] [5084] Loader after check 2026-03-08 20:59:12 [Info] [5084] Enter reuse wait state. 2026-03-08 20:59:12 [Info] [5084] log memory size is 30720KB, real memory size is 21080KB 2026-03-08 20:59:13 [Info] [5084] recvmsg: EXIT 2026-03-08 20:59:13 [Info] [5084] Recv Exit Msg, Exit... 2026-03-15 04:06:26 [Info] [3048] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-15 04:06:26 [Info] [3048] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap187461773518786 2026-03-15 04:06:26 [Info] [3048] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-15 04:06:26 [Info] [3048] Resource monitor start 2026-03-15 04:06:26 [Info] [3048] ipc client init success 2026-03-15 04:06:26 [Info] [3048] Ipc init: 0 2026-03-15 04:06:26 [Info] [3048] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-15 04:06:26 [Info] [3048] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-15 04:06:26 [Info] [3048] start ipc thread id[2312] 2026-03-15 04:06:26 [Info] [3048] Connect Yundun ipc server return state is 0 2026-03-15 04:06:26 [Info] [3048] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-15 04:06:26 [Info] [3048] CResourceMonitor::run Enter 2026-03-15 04:06:26 [Info] [3048] CIpcMsgHandlerMgr::run Enter 2026-03-15 04:06:26 [Info] [3048] Report thread 2026-03-15 04:06:26 [Info] [3048] Monitor thread 2026-03-15 04:06:26 [Info] [3048] Loader thread 2026-03-15 04:06:26 [Info] [3048] PythonEngineImpl Init... 2026-03-15 04:06:26 [Info] [3048] yundun connected 2026-03-15 04:06:27 [Info] [3048] recvmsg: HELLO 2026-03-15 04:06:27 [Info] [3048] recvmsg: WORK 2026-03-15 04:06:27 [Info] [3048] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 04:06:27 [Info] [3048] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 04:06:27 [Info] [3048] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 04:06:27 [Info] [3048] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 04:06:27 [Info] [3048] log fd cnt is [250], real fd cnt is [282] 2026-03-15 04:06:27 [Info] [3048] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-15 04:06:27 [Info] [3048] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-15 04:06:28 [Info] [3048] log memory size is 20480KB, real memory size is 14512KB 2026-03-15 04:06:29 [Info] [3048] item: --sca 2026-03-15 04:06:29 [Info] [3048] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-15 04:06:29 [Info] [3048] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-15 04:06:29 [Info] [3048] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca.py 2026-03-15 04:06:29 [Info] [3048] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/version.py 2026-03-15 04:06:29 [Info] [3048] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_utils.py 2026-03-15 04:06:29 [Info] [3048] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_common_proc.py 2026-03-15 04:06:29 [Info] [3048] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_java_proc.py 2026-03-15 04:06:29 [Info] [3048] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_node_proc.py 2026-03-15 04:06:29 [Info] [3048] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_webcontainer_proc.py 2026-03-15 04:06:29 [Info] [3048] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_business_type.py 2026-03-15 04:06:29 [Info] [3048] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_python_proc.py 2026-03-15 04:06:30 [Info] [3048] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/sca_poc_vul_scan.py 2026-03-15 04:06:30 [Info] [3048] Download redirect files success. 2026-03-15 04:06:30 [Info] [3048] Prepare stage1: --sca 2026-03-15 04:06:30 [Info] [3048] Prepare stage2 2026-03-15 04:06:31 [Warn] [3048] high cpu, cpu is 27 2026-03-15 04:06:31 [Info] [3048] try get sys version 2026-03-15 04:06:31 [Info] [3048] win sys info:2/10:0:3 2026-03-15 04:06:31 [Info] [3048] suit legal version, enable cpu control 2026-03-15 04:06:31 [Warn] [3048] High CPU Warning: 27 2026-03-15 04:06:31 [Warn] [3048] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:sca.py line: 199 in func: init_analyzer File:sca.py line: 390 in func: start 2026-03-15 04:06:32 [Info] [3048] log memory size is 30720KB, real memory size is 32916KB 2026-03-15 04:06:36 [Info] [3048] log memory size is 40960KB, real memory size is 33504KB 2026-03-15 04:06:51 [Info] [3048] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-15 04:07:24 [Warn] [3048] high cpu, cpu is 19 2026-03-15 04:07:24 [Warn] [3048] High CPU Warning: 19 2026-03-15 04:07:24 [Warn] [3048] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:_pswindows.py line: 857 in func: memory_maps File:__init__.py line: 1236 in func: memory_maps File:sca_utils.py line: 3556 in func: open_files File:sca_webcontainer_proc.py line: 519 in func: _analyze_web_container File:sca_utils.py line: 3282 in func: __init__ File:sca_common_proc.py line: 38 in func: __init__ File:sca_webcontainer_proc.py line: 40 in func: __init__ File:sca.py line: 187 in func: init_analyzer File:sca.py line: 390 in func: start 2026-03-15 04:07:27 [Info] [3048] stage3: --sca 2026-03-15 04:07:27 [Info] [3048] Loader after check 2026-03-15 04:07:28 [Info] [3048] log fd cnt is [300], real fd cnt is [371] 2026-03-15 04:07:28 [Info] [3048] Enter reuse wait state. 2026-03-15 04:07:31 [Info] [3048] recvmsg: EXIT 2026-03-15 04:07:31 [Info] [3048] Recv Exit Msg, Exit... 2026-03-15 05:10:29 [Info] [2164] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-15 05:10:29 [Info] [2164] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap312011773522600 2026-03-15 05:10:29 [Info] [2164] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-15 05:10:29 [Info] [2164] Resource monitor start 2026-03-15 05:10:29 [Info] [2164] ipc client init success 2026-03-15 05:10:29 [Info] [2164] Ipc init: 0 2026-03-15 05:10:29 [Info] [2164] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-15 05:10:29 [Info] [2164] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-15 05:10:29 [Info] [2164] start ipc thread id[980] 2026-03-15 05:10:29 [Info] [2164] Connect Yundun ipc server return state is 0 2026-03-15 05:10:29 [Info] [2164] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-15 05:10:30 [Info] [2164] CResourceMonitor::run Enter 2026-03-15 05:10:30 [Info] [2164] CIpcMsgHandlerMgr::run Enter 2026-03-15 05:10:30 [Info] [2164] yundun connected 2026-03-15 05:10:30 [Info] [2164] Report thread 2026-03-15 05:10:30 [Info] [2164] Monitor thread 2026-03-15 05:10:30 [Info] [2164] Loader thread 2026-03-15 05:10:30 [Info] [2164] PythonEngineImpl Init... 2026-03-15 05:10:30 [Info] [2164] recvmsg: HELLO 2026-03-15 05:10:33 [Info] [2164] recvmsg: WORK 2026-03-15 05:10:33 [Info] [2164] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 05:10:33 [Info] [2164] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 05:10:33 [Info] [2164] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 05:10:33 [Info] [2164] log fd cnt is [250], real fd cnt is [264] 2026-03-15 05:10:34 [Info] [2164] log memory size is 20480KB, real memory size is 13952KB 2026-03-15 05:10:34 [Info] [2164] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 05:10:35 [Info] [2164] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-15 05:10:35 [Info] [2164] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-15 05:10:41 [Info] [2164] item: --windows-sysinfoext-check 2026-03-15 05:10:41 [Info] [2164] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-15 05:10:41 [Info] [2164] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-15 05:10:41 [Info] [2164] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 05:10:41 [Info] [2164] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 05:10:42 [Info] [2164] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-15 05:10:42 [Info] [2164] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-15 05:10:43 [Info] [2164] Prepare stage1: --windows-sysinfoext-check 2026-03-15 05:10:43 [Info] [2164] Prepare stage2 2026-03-15 05:10:52 [Info] [2164] log memory size is 30720KB, real memory size is 20788KB 2026-03-15 05:11:06 [Info] [2164] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-15 05:11:18 [Info] [2164] stage3: --windows-sysinfoext-check 2026-03-15 05:11:18 [Info] [2164] Loader after check 2026-03-15 05:11:19 [Info] [2164] Enter reuse wait state. 2026-03-15 05:11:24 [Info] [2164] recvmsg: EXIT 2026-03-15 05:11:24 [Info] [2164] Recv Exit Msg, Exit... 2026-03-15 07:54:07 [Info] [4820] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-15 07:54:07 [Info] [4820] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap305891773532447 2026-03-15 07:54:07 [Info] [4820] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-15 07:54:07 [Info] [4820] Resource monitor start 2026-03-15 07:54:07 [Info] [4820] ipc client init success 2026-03-15 07:54:07 [Info] [4820] Ipc init: 0 2026-03-15 07:54:07 [Info] [4820] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-15 07:54:07 [Info] [4820] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-15 07:54:07 [Info] [4820] start ipc thread id[1012] 2026-03-15 07:54:07 [Info] [4820] Connect Yundun ipc server return state is 0 2026-03-15 07:54:07 [Info] [4820] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-15 07:54:07 [Info] [4820] CResourceMonitor::run Enter 2026-03-15 07:54:07 [Info] [4820] CIpcMsgHandlerMgr::run Enter 2026-03-15 07:54:07 [Info] [4820] Report thread 2026-03-15 07:54:07 [Info] [4820] Monitor thread 2026-03-15 07:54:07 [Info] [4820] Loader thread 2026-03-15 07:54:07 [Info] [4820] PythonEngineImpl Init... 2026-03-15 07:54:07 [Info] [4820] yundun connected 2026-03-15 07:54:07 [Info] [4820] recvmsg: HELLO 2026-03-15 07:54:08 [Info] [4820] recvmsg: WORK 2026-03-15 07:54:08 [Info] [4820] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 07:54:08 [Info] [4820] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 07:54:08 [Info] [4820] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 07:54:08 [Info] [4820] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 07:54:08 [Info] [4820] log fd cnt is [250], real fd cnt is [282] 2026-03-15 07:54:08 [Info] [4820] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-15 07:54:08 [Info] [4820] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-15 07:54:09 [Info] [4820] log memory size is 20480KB, real memory size is 14520KB 2026-03-15 07:54:09 [Info] [4820] item: --windows-vul-clean 2026-03-15 07:54:09 [Info] [4820] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-15 07:54:09 [Info] [4820] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-vul-clean.py.md5 2026-03-15 07:54:09 [Info] [4820] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 07:54:09 [Info] [4820] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 07:54:10 [Info] [4820] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5, http code : 200, curl ret : 0 2026-03-15 07:54:10 [Info] [4820] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-vul-clean.py.md5 2026-03-15 07:54:10 [Info] [4820] Prepare stage1: --windows-vul-clean 2026-03-15 07:54:10 [Info] [4820] Prepare stage2 2026-03-15 07:54:10 [Info] [4820] stage3: --windows-vul-clean 2026-03-15 07:54:10 [Info] [4820] Loader after check 2026-03-15 07:54:11 [Info] [4820] Enter reuse wait state. 2026-03-15 07:54:15 [Info] [4820] recvmsg: EXIT 2026-03-15 07:54:15 [Info] [4820] Recv Exit Msg, Exit... 2026-03-15 08:54:55 [Info] [728] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-15 08:54:55 [Info] [728] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap97341773536095 2026-03-15 08:54:55 [Info] [728] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-15 08:54:55 [Info] [728] Resource monitor start 2026-03-15 08:54:55 [Info] [728] ipc client init success 2026-03-15 08:54:55 [Info] [728] Ipc init: 0 2026-03-15 08:54:55 [Info] [728] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-15 08:54:55 [Info] [728] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-15 08:54:55 [Info] [728] start ipc thread id[4312] 2026-03-15 08:54:55 [Info] [728] Connect Yundun ipc server return state is 0 2026-03-15 08:54:55 [Info] [728] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-15 08:54:55 [Info] [728] CResourceMonitor::run Enter 2026-03-15 08:54:55 [Info] [728] CIpcMsgHandlerMgr::run Enter 2026-03-15 08:54:55 [Info] [728] Report thread 2026-03-15 08:54:55 [Info] [728] Monitor thread 2026-03-15 08:54:55 [Info] [728] Loader thread 2026-03-15 08:54:55 [Info] [728] PythonEngineImpl Init... 2026-03-15 08:54:55 [Info] [728] yundun connected 2026-03-15 08:54:56 [Info] [728] recvmsg: HELLO 2026-03-15 08:54:56 [Info] [728] recvmsg: WORK 2026-03-15 08:54:56 [Info] [728] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 08:54:56 [Info] [728] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 08:54:56 [Info] [728] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 08:54:56 [Info] [728] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 08:54:56 [Info] [728] log fd cnt is [250], real fd cnt is [282] 2026-03-15 08:54:56 [Info] [728] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-15 08:54:56 [Info] [728] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-15 08:54:57 [Info] [728] log memory size is 20480KB, real memory size is 14516KB 2026-03-15 08:54:57 [Info] [728] item: --windows-process-check 2026-03-15 08:54:57 [Info] [728] cgroup name aegisRtap0 2026-03-15 08:54:57 [Info] [728] try get sys version 2026-03-15 08:54:57 [Info] [728] win sys info:2/10:0:3 2026-03-15 08:54:57 [Info] [728] suit legal version, enable cpu control 2026-03-15 08:54:57 [Info] [728] get AssignProcessToJobObject handle [00000478] 2026-03-15 08:54:57 [Info] [728] Set setJobExtended. 2026-03-15 08:54:57 [Info] [728] Set cpu [9%] 2026-03-15 08:54:57 [Info] [728] Set cpu success 2026-03-15 08:54:57 [Info] [728] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-15 08:54:57 [Info] [728] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-process-check.py.md5 2026-03-15 08:54:57 [Info] [728] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 08:54:57 [Info] [728] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 08:54:58 [Info] [728] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5, http code : 200, curl ret : 0 2026-03-15 08:54:58 [Info] [728] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-process-check.py.md5 2026-03-15 08:54:58 [Info] [728] Prepare stage1: --windows-process-check 2026-03-15 08:54:58 [Info] [728] Prepare stage2 2026-03-15 08:55:15 [Info] [728] stage3: --windows-process-check 2026-03-15 08:55:15 [Info] [728] Loader after check 2026-03-15 08:55:16 [Info] [728] Enter reuse wait state. 2026-03-15 08:55:19 [Info] [728] recvmsg: EXIT 2026-03-15 08:55:19 [Info] [728] Recv Exit Msg, Exit... 2026-03-15 10:32:52 [Info] [5044] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-15 10:32:52 [Info] [5044] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap289231773541971 2026-03-15 10:32:52 [Info] [5044] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-15 10:32:52 [Info] [5044] Resource monitor start 2026-03-15 10:32:52 [Info] [5044] ipc client init success 2026-03-15 10:32:52 [Info] [5044] Ipc init: 0 2026-03-15 10:32:52 [Info] [5044] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-15 10:32:52 [Info] [5044] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-15 10:32:52 [Info] [5044] CResourceMonitor::run Enter 2026-03-15 10:32:52 [Info] [5044] start ipc thread id[1068] 2026-03-15 10:32:52 [Info] [5044] Connect Yundun ipc server return state is 0 2026-03-15 10:32:52 [Info] [5044] CIpcMsgHandlerMgr::run Enter 2026-03-15 10:32:52 [Info] [5044] yundun connected 2026-03-15 10:32:52 [Info] [5044] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-15 10:32:52 [Info] [5044] Report thread 2026-03-15 10:32:52 [Info] [5044] Monitor thread 2026-03-15 10:32:52 [Info] [5044] Loader thread 2026-03-15 10:32:52 [Info] [5044] PythonEngineImpl Init... 2026-03-15 10:32:53 [Info] [5044] recvmsg: HELLO 2026-03-15 10:32:53 [Info] [5044] recvmsg: WORK 2026-03-15 10:32:53 [Info] [5044] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 10:32:53 [Info] [5044] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 10:32:53 [Info] [5044] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 10:32:53 [Info] [5044] log fd cnt is [250], real fd cnt is [282] 2026-03-15 10:32:53 [Info] [5044] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 10:32:54 [Info] [5044] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-15 10:32:54 [Info] [5044] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-15 10:32:54 [Info] [5044] log memory size is 20480KB, real memory size is 14680KB 2026-03-15 10:32:55 [Info] [5044] item: --windows-schedule-task-check 2026-03-15 10:32:55 [Info] [5044] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-15 10:32:55 [Info] [5044] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-schedule-task-check.py.md5 2026-03-15 10:32:55 [Info] [5044] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 10:32:55 [Info] [5044] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 10:32:55 [Info] [5044] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5, http code : 200, curl ret : 0 2026-03-15 10:32:55 [Info] [5044] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-schedule-task-check.py.md5 2026-03-15 10:32:55 [Info] [5044] Prepare stage1: --windows-schedule-task-check 2026-03-15 10:32:55 [Info] [5044] Prepare stage2 2026-03-15 10:32:57 [Warn] [5044] high cpu, cpu is 18 2026-03-15 10:32:57 [Info] [5044] try get sys version 2026-03-15 10:32:57 [Info] [5044] win sys info:2/10:0:3 2026-03-15 10:32:57 [Info] [5044] suit legal version, enable cpu control 2026-03-15 10:32:57 [Warn] [5044] High CPU Warning: 18 2026-03-15 10:32:57 [Warn] [5044] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: File:windows-schedule-task-check.py line: 408 in func: GetScheduleTaskByCom File:windows-schedule-task-check.py line: 244 in func: GetTasksBySchtasks File:windows-schedule-task-check.py line: 425 in func: check File:windows-schedule-task-check.py line: 61 in func: main File:windows-schedule-task-check.py line: 433 in func: start 2026-03-15 10:32:58 [Info] [5044] log memory size is 30720KB, real memory size is 23312KB 2026-03-15 10:33:05 [Info] [5044] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-15 10:33:27 [Info] [5044] stage3: --windows-schedule-task-check 2026-03-15 10:33:27 [Info] [5044] Loader after check 2026-03-15 10:33:28 [Info] [5044] Enter reuse wait state. 2026-03-15 10:33:29 [Info] [4816] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-15 10:33:29 [Info] [4816] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap290471773542009 2026-03-15 10:33:29 [Info] [4816] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-15 10:33:29 [Info] [4816] Resource monitor start 2026-03-15 10:33:29 [Info] [4816] ipc client init success 2026-03-15 10:33:29 [Info] [4816] Ipc init: 0 2026-03-15 10:33:29 [Info] [4816] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-15 10:33:29 [Info] [4816] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-15 10:33:29 [Info] [4816] start ipc thread id[736] 2026-03-15 10:33:29 [Info] [4816] Connect Yundun ipc server return state is 0 2026-03-15 10:33:29 [Info] [4816] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-15 10:33:29 [Info] [4816] CResourceMonitor::run Enter 2026-03-15 10:33:29 [Info] [4816] CIpcMsgHandlerMgr::run Enter 2026-03-15 10:33:29 [Info] [4816] Report thread 2026-03-15 10:33:29 [Info] [4816] Monitor thread 2026-03-15 10:33:29 [Info] [4816] Loader thread 2026-03-15 10:33:29 [Info] [4816] PythonEngineImpl Init... 2026-03-15 10:33:29 [Info] [4816] yundun connected 2026-03-15 10:33:30 [Info] [4816] recvmsg: HELLO 2026-03-15 10:33:30 [Info] [4816] recvmsg: WORK 2026-03-15 10:33:30 [Info] [4816] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 10:33:30 [Info] [4816] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 10:33:30 [Info] [4816] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 10:33:30 [Info] [4816] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 10:33:30 [Info] [4816] log fd cnt is [250], real fd cnt is [282] 2026-03-15 10:33:30 [Info] [4816] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-15 10:33:30 [Info] [4816] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-15 10:33:31 [Info] [4816] log memory size is 20480KB, real memory size is 14496KB 2026-03-15 10:33:32 [Info] [4816] item: --windows-registry-check 2026-03-15 10:33:32 [Info] [4816] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-15 10:33:32 [Info] [4816] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-registry-check.py.md5 2026-03-15 10:33:32 [Info] [4816] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 10:33:32 [Info] [4816] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 10:33:32 [Info] [4816] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5, http code : 200, curl ret : 0 2026-03-15 10:33:32 [Info] [4816] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-registry-check.py.md5 2026-03-15 10:33:32 [Info] [4816] Prepare stage1: --windows-registry-check 2026-03-15 10:33:32 [Info] [4816] Prepare stage2 2026-03-15 10:33:33 [Info] [5044] recvmsg: EXIT 2026-03-15 10:33:33 [Info] [5044] Recv Exit Msg, Exit... 2026-03-15 10:34:01 [Info] [4816] stage3: --windows-registry-check 2026-03-15 10:34:01 [Info] [4816] Loader after check 2026-03-15 10:34:02 [Info] [4816] Enter reuse wait state. 2026-03-15 10:34:03 [Info] [4816] recvmsg: EXIT 2026-03-15 10:34:03 [Info] [4816] Recv Exit Msg, Exit... 2026-03-15 10:40:20 [Info] [3288] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-15 10:40:20 [Info] [3288] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap303561773542410 2026-03-15 10:40:20 [Info] [3288] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-15 10:40:20 [Info] [3288] Resource monitor start 2026-03-15 10:40:20 [Info] [3288] ipc client init success 2026-03-15 10:40:20 [Info] [3288] Ipc init: 0 2026-03-15 10:40:20 [Info] [3288] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-15 10:40:20 [Info] [3288] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-15 10:40:20 [Info] [3288] start ipc thread id[4716] 2026-03-15 10:40:20 [Info] [3288] Connect Yundun ipc server return state is 0 2026-03-15 10:40:20 [Info] [3288] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-15 10:40:20 [Info] [3288] CResourceMonitor::run Enter 2026-03-15 10:40:20 [Info] [3288] CIpcMsgHandlerMgr::run Enter 2026-03-15 10:40:20 [Info] [3288] Report thread 2026-03-15 10:40:20 [Info] [3288] Monitor thread 2026-03-15 10:40:20 [Info] [3288] Loader thread 2026-03-15 10:40:20 [Info] [3288] PythonEngineImpl Init... 2026-03-15 10:40:26 [Info] [3288] yundun connected 2026-03-15 10:40:28 [Info] [3288] log fd cnt is [250], real fd cnt is [261] 2026-03-15 10:40:28 [Info] [3288] recvmsg: HELLO 2026-03-15 10:40:28 [Info] [3288] recvmsg: WORK 2026-03-15 10:40:28 [Info] [3288] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 10:40:28 [Info] [3288] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 10:40:28 [Info] [3288] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 10:40:29 [Info] [3288] log memory size is 20480KB, real memory size is 12932KB 2026-03-15 10:40:33 [Info] [3288] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 10:40:33 [Info] [3288] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-15 10:40:33 [Info] [3288] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-15 10:40:35 [Info] [3288] item: --windows-sysinfoext-check 2026-03-15 10:40:35 [Info] [3288] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-15 10:40:35 [Info] [3288] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-15 10:40:35 [Info] [3288] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 10:40:35 [Info] [3288] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 10:40:35 [Info] [3288] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-15 10:40:35 [Info] [3288] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-15 10:40:35 [Info] [3288] Prepare stage1: --windows-sysinfoext-check 2026-03-15 10:40:35 [Info] [3288] Prepare stage2 2026-03-15 10:40:36 [Warn] [3288] high cpu, cpu is 15 2026-03-15 10:40:36 [Info] [3288] try get sys version 2026-03-15 10:40:36 [Info] [3288] win sys info:2/10:0:3 2026-03-15 10:40:36 [Info] [3288] suit legal version, enable cpu control 2026-03-15 10:40:36 [Warn] [3288] High CPU Warning: 15 2026-03-15 10:40:37 [Warn] [3288] resource monitor exp type: High CPU Warning, script runing: 1, has run: 1 script trace back: 2026-03-15 10:40:38 [Info] [3288] log memory size is 30720KB, real memory size is 22736KB 2026-03-15 10:40:38 [Info] [3288] stage3: --windows-sysinfoext-check 2026-03-15 10:40:38 [Info] [3288] Loader after check 2026-03-15 10:40:39 [Warn] [3288] high cpu, cpu is 13 2026-03-15 10:40:39 [Warn] [3288] High CPU Warning: 13 2026-03-15 10:40:39 [Info] [3288] Enter reuse wait state. 2026-03-15 10:40:41 [Info] [3288] recvmsg: EXIT 2026-03-15 10:40:41 [Info] [3288] Recv Exit Msg, Exit... 2026-03-15 10:46:04 [Info] [3048] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-15 10:46:04 [Info] [3048] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap315121773542764 2026-03-15 10:46:04 [Info] [3048] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-15 10:46:04 [Info] [3048] Resource monitor start 2026-03-15 10:46:04 [Info] [3048] ipc client init success 2026-03-15 10:46:04 [Info] [3048] Ipc init: 0 2026-03-15 10:46:04 [Info] [3048] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-15 10:46:04 [Info] [3048] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-15 10:46:04 [Info] [3048] start ipc thread id[4444] 2026-03-15 10:46:04 [Info] [3048] Connect Yundun ipc server return state is 0 2026-03-15 10:46:04 [Info] [3048] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-15 10:46:04 [Info] [3048] CResourceMonitor::run Enter 2026-03-15 10:46:04 [Info] [3048] CIpcMsgHandlerMgr::run Enter 2026-03-15 10:46:04 [Info] [3048] Report thread 2026-03-15 10:46:04 [Info] [3048] Monitor thread 2026-03-15 10:46:04 [Info] [3048] Loader thread 2026-03-15 10:46:04 [Info] [3048] PythonEngineImpl Init... 2026-03-15 10:46:04 [Info] [3048] yundun connected 2026-03-15 10:46:04 [Info] [3048] recvmsg: HELLO 2026-03-15 10:46:04 [Info] [3048] recvmsg: WORK 2026-03-15 10:46:04 [Info] [3048] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 10:46:04 [Info] [3048] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 10:46:04 [Info] [3048] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 10:46:05 [Info] [3048] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 10:46:05 [Info] [3048] log fd cnt is [250], real fd cnt is [286] 2026-03-15 10:46:05 [Info] [3048] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-15 10:46:05 [Info] [3048] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-15 10:46:06 [Info] [3048] log memory size is 20480KB, real memory size is 14492KB 2026-03-15 10:46:06 [Info] [3048] item: --windows-driver-version-check 2026-03-15 10:46:06 [Info] [3048] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-15 10:46:06 [Info] [3048] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-driver-version-check.py.md5 2026-03-15 10:46:06 [Info] [3048] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 10:46:06 [Info] [3048] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 10:46:06 [Info] [3048] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5, http code : 200, curl ret : 0 2026-03-15 10:46:06 [Info] [3048] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-driver-version-check.py.md5 2026-03-15 10:46:06 [Info] [3048] Prepare stage1: --windows-driver-version-check 2026-03-15 10:46:06 [Info] [3048] Prepare stage2 2026-03-15 10:46:06 [Info] [3048] stage3: --windows-driver-version-check 2026-03-15 10:46:06 [Info] [3048] Loader after check 2026-03-15 10:46:07 [Info] [3048] Enter reuse wait state. 2026-03-15 10:46:11 [Info] [3048] recvmsg: EXIT 2026-03-15 10:46:11 [Info] [3048] Recv Exit Msg, Exit... 2026-03-15 11:12:08 [Info] [2444] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-15 11:12:08 [Info] [2444] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap38491773544327 2026-03-15 11:12:08 [Info] [2444] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-15 11:12:08 [Info] [2444] Resource monitor start 2026-03-15 11:12:08 [Info] [2444] ipc client init success 2026-03-15 11:12:08 [Info] [2444] Ipc init: 0 2026-03-15 11:12:08 [Info] [2444] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-15 11:12:08 [Info] [2444] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-15 11:12:08 [Info] [2444] start ipc thread id[4736] 2026-03-15 11:12:08 [Info] [2444] Connect Yundun ipc server return state is 0 2026-03-15 11:12:08 [Info] [2444] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-15 11:12:08 [Info] [2444] CResourceMonitor::run Enter 2026-03-15 11:12:08 [Info] [2444] CIpcMsgHandlerMgr::run Enter 2026-03-15 11:12:08 [Info] [2444] Report thread 2026-03-15 11:12:08 [Info] [2444] Monitor thread 2026-03-15 11:12:08 [Info] [2444] Loader thread 2026-03-15 11:12:08 [Info] [2444] PythonEngineImpl Init... 2026-03-15 11:12:08 [Info] [2444] yundun connected 2026-03-15 11:12:08 [Info] [2444] recvmsg: HELLO 2026-03-15 11:12:08 [Info] [2444] recvmsg: WORK 2026-03-15 11:12:08 [Info] [2444] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 11:12:08 [Info] [2444] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 11:12:08 [Info] [2444] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 11:12:08 [Info] [2444] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 11:12:09 [Info] [2444] log fd cnt is [250], real fd cnt is [282] 2026-03-15 11:12:09 [Info] [2444] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-15 11:12:09 [Info] [2444] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-15 11:12:10 [Info] [2444] log memory size is 20480KB, real memory size is 14488KB 2026-03-15 11:12:10 [Info] [2444] item: --windows-autorun-item-check 2026-03-15 11:12:10 [Info] [2444] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-15 11:12:10 [Info] [2444] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-autorun-item-check.py.md5 2026-03-15 11:12:10 [Info] [2444] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 11:12:10 [Info] [2444] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 11:12:10 [Info] [2444] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5, http code : 200, curl ret : 0 2026-03-15 11:12:10 [Info] [2444] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-autorun-item-check.py.md5 2026-03-15 11:12:10 [Info] [2444] Prepare stage1: --windows-autorun-item-check 2026-03-15 11:12:10 [Info] [2444] Prepare stage2 2026-03-15 11:12:14 [Info] [2444] log memory size is 30720KB, real memory size is 22284KB 2026-03-15 11:12:20 [Info] [2444] stage3: --windows-autorun-item-check 2026-03-15 11:12:20 [Info] [2444] Loader after check 2026-03-15 11:12:21 [Info] [2444] Enter reuse wait state. 2026-03-15 11:12:23 [Info] [2444] recvmsg: EXIT 2026-03-15 11:12:23 [Info] [2444] Recv Exit Msg, Exit... 2026-03-15 11:45:28 [Info] [4372] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-15 11:45:28 [Info] [4372] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap103831773546328 2026-03-15 11:45:28 [Info] [4372] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-15 11:45:28 [Info] [4372] Resource monitor start 2026-03-15 11:45:28 [Info] [4372] ipc client init success 2026-03-15 11:45:28 [Info] [4372] Ipc init: 0 2026-03-15 11:45:28 [Info] [4372] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-15 11:45:28 [Info] [4372] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-15 11:45:28 [Info] [4372] start ipc thread id[2024] 2026-03-15 11:45:28 [Info] [4372] Connect Yundun ipc server return state is 0 2026-03-15 11:45:28 [Info] [4372] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-15 11:45:28 [Info] [4372] CResourceMonitor::run Enter 2026-03-15 11:45:28 [Info] [4372] CIpcMsgHandlerMgr::run Enter 2026-03-15 11:45:28 [Info] [4372] Report thread 2026-03-15 11:45:28 [Info] [4372] Monitor thread 2026-03-15 11:45:28 [Info] [4372] Loader thread 2026-03-15 11:45:28 [Info] [4372] PythonEngineImpl Init... 2026-03-15 11:45:28 [Info] [4372] yundun connected 2026-03-15 11:45:29 [Info] [4372] recvmsg: HELLO 2026-03-15 11:45:29 [Info] [4372] recvmsg: WORK 2026-03-15 11:45:29 [Info] [4372] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 11:45:29 [Info] [4372] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 11:45:29 [Info] [4372] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 11:45:29 [Info] [4372] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 11:45:30 [Info] [4372] log fd cnt is [250], real fd cnt is [282] 2026-03-15 11:45:30 [Info] [4372] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-15 11:45:30 [Info] [4372] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-15 11:45:31 [Info] [4372] log memory size is 20480KB, real memory size is 14504KB 2026-03-15 11:45:31 [Info] [4372] item: --tcp-connect-check 2026-03-15 11:45:31 [Info] [4372] cgroup name aegisRtap0 2026-03-15 11:45:31 [Info] [4372] try get sys version 2026-03-15 11:45:31 [Info] [4372] win sys info:2/10:0:3 2026-03-15 11:45:31 [Info] [4372] suit legal version, enable cpu control 2026-03-15 11:45:31 [Info] [4372] get AssignProcessToJobObject handle [00000478] 2026-03-15 11:45:31 [Info] [4372] Set setJobExtended. 2026-03-15 11:45:31 [Info] [4372] Set cpu [9%] 2026-03-15 11:45:31 [Info] [4372] Set cpu success 2026-03-15 11:45:31 [Info] [4372] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-15 11:45:31 [Info] [4372] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/tcp-connect-check.py.md5 2026-03-15 11:45:31 [Info] [4372] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 11:45:31 [Info] [4372] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 11:45:31 [Info] [4372] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5, http code : 200, curl ret : 0 2026-03-15 11:45:31 [Info] [4372] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/tcp-connect-check.py.md5 2026-03-15 11:45:31 [Info] [4372] Prepare stage1: --tcp-connect-check 2026-03-15 11:45:31 [Info] [4372] Prepare stage2 2026-03-15 11:45:38 [Info] [4372] stage3: --tcp-connect-check 2026-03-15 11:45:38 [Info] [4372] Loader after check 2026-03-15 11:45:39 [Info] [4372] log memory size is 30720KB, real memory size is 20604KB 2026-03-15 11:45:43 [Info] [4372] Enter reuse wait state. 2026-03-15 11:45:44 [Info] [4372] recvmsg: EXIT 2026-03-15 11:45:44 [Info] [4372] Recv Exit Msg, Exit... 2026-03-15 13:02:14 [Info] [1064] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-15 13:02:14 [Info] [1064] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap254211773550933 2026-03-15 13:02:14 [Info] [1064] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-15 13:02:14 [Info] [1064] Resource monitor start 2026-03-15 13:02:14 [Info] [1064] ipc client init success 2026-03-15 13:02:14 [Info] [1064] Ipc init: 0 2026-03-15 13:02:14 [Info] [1064] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-15 13:02:15 [Info] [1064] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-15 13:02:15 [Info] [1064] CResourceMonitor::run Enter 2026-03-15 13:02:15 [Info] [1064] CIpcMsgHandlerMgr::run Enter 2026-03-15 13:02:15 [Info] [1064] start ipc thread id[2560] 2026-03-15 13:02:15 [Info] [1064] Connect Yundun ipc server return state is 0 2026-03-15 13:02:15 [Info] [1064] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-15 13:02:15 [Info] [1064] yundun connected 2026-03-15 13:02:15 [Info] [1064] Report thread 2026-03-15 13:02:15 [Info] [1064] Monitor thread 2026-03-15 13:02:15 [Info] [1064] Loader thread 2026-03-15 13:02:15 [Info] [1064] PythonEngineImpl Init... 2026-03-15 13:02:15 [Info] [1064] recvmsg: HELLO 2026-03-15 13:02:15 [Info] [1064] recvmsg: WORK 2026-03-15 13:02:16 [Info] [1064] log fd cnt is [250], real fd cnt is [262] 2026-03-15 13:02:16 [Info] [1064] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 13:02:16 [Info] [1064] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 13:02:16 [Info] [1064] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 13:02:16 [Info] [1064] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 13:02:16 [Info] [1064] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-15 13:02:16 [Info] [1064] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-15 13:02:17 [Info] [1064] log memory size is 20480KB, real memory size is 14668KB 2026-03-15 13:02:18 [Info] [1064] item: --windows-sysinfoext-check 2026-03-15 13:02:18 [Info] [1064] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-15 13:02:18 [Info] [1064] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-15 13:02:18 [Info] [1064] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 13:02:18 [Info] [1064] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 13:02:18 [Info] [1064] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-15 13:02:18 [Info] [1064] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-15 13:02:18 [Info] [1064] Prepare stage1: --windows-sysinfoext-check 2026-03-15 13:02:18 [Info] [1064] Prepare stage2 2026-03-15 13:02:20 [Info] [3124] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-15 13:02:20 [Info] [3124] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap254441773550940 2026-03-15 13:02:20 [Info] [3124] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-15 13:02:20 [Info] [3124] Resource monitor start 2026-03-15 13:02:20 [Info] [3124] ipc client init success 2026-03-15 13:02:20 [Info] [3124] Ipc init: 0 2026-03-15 13:02:20 [Info] [3124] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-15 13:02:20 [Info] [3124] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-15 13:02:20 [Info] [3124] start ipc thread id[3160] 2026-03-15 13:02:20 [Info] [3124] Connect Yundun ipc server return state is 0 2026-03-15 13:02:20 [Info] [3124] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-15 13:02:20 [Info] [3124] CResourceMonitor::run Enter 2026-03-15 13:02:20 [Info] [3124] CIpcMsgHandlerMgr::run Enter 2026-03-15 13:02:20 [Info] [3124] Report thread 2026-03-15 13:02:20 [Info] [3124] Monitor thread 2026-03-15 13:02:20 [Info] [3124] Loader thread 2026-03-15 13:02:20 [Info] [3124] PythonEngineImpl Init... 2026-03-15 13:02:20 [Info] [3124] yundun connected 2026-03-15 13:02:20 [Info] [3124] recvmsg: HELLO 2026-03-15 13:02:20 [Info] [3124] recvmsg: WORK 2026-03-15 13:02:20 [Info] [3124] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 13:02:20 [Info] [3124] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 13:02:20 [Info] [3124] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 13:02:21 [Info] [3124] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 13:02:21 [Info] [1064] log memory size is 30720KB, real memory size is 22780KB 2026-03-15 13:02:21 [Info] [3124] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-15 13:02:21 [Info] [3124] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-15 13:02:21 [Info] [3124] log fd cnt is [250], real fd cnt is [281] 2026-03-15 13:02:22 [Info] [3124] log memory size is 20480KB, real memory size is 14736KB 2026-03-15 13:02:24 [Info] [3124] item: --alihips-dumpcheck 2026-03-15 13:02:24 [Info] [3124] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/alihips-dumpcheck.py.md5 2026-03-15 13:02:24 [Info] [3124] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/alihips-dumpcheck.py.md5 2026-03-15 13:02:24 [Info] [3124] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 13:02:24 [Info] [3124] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 13:02:24 [Info] [3124] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/alihips-dumpcheck.py.md5, http code : 200, curl ret : 0 2026-03-15 13:02:24 [Info] [3124] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/alihips-dumpcheck.py.md5 2026-03-15 13:02:24 [Info] [3124] Prepare stage1: --alihips-dumpcheck 2026-03-15 13:02:24 [Info] [3124] Prepare stage2 2026-03-15 13:02:25 [Info] [1064] stage3: --windows-sysinfoext-check 2026-03-15 13:02:25 [Info] [1064] Loader after check 2026-03-15 13:02:26 [Info] [1064] Enter reuse wait state. 2026-03-15 13:02:28 [Info] [1064] recvmsg: EXIT 2026-03-15 13:02:28 [Info] [1064] Recv Exit Msg, Exit... 2026-03-15 13:02:30 [Info] [3124] stage3: --alihips-dumpcheck 2026-03-15 13:02:30 [Info] [3124] Loader after check 2026-03-15 13:02:31 [Info] [3124] Enter reuse wait state. 2026-03-15 13:02:34 [Info] [3124] recvmsg: EXIT 2026-03-15 13:02:34 [Info] [3124] Recv Exit Msg, Exit... 2026-03-15 18:32:21 [Info] [5692] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-15 18:32:21 [Info] [5692] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap244291773570698 2026-03-15 18:32:21 [Info] [5692] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-15 18:32:21 [Info] [5692] Resource monitor start 2026-03-15 18:32:21 [Info] [5692] ipc client init success 2026-03-15 18:32:21 [Info] [5692] Ipc init: 0 2026-03-15 18:32:21 [Info] [5692] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-15 18:32:22 [Info] [5692] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-15 18:32:22 [Info] [5692] CResourceMonitor::run Enter 2026-03-15 18:32:22 [Info] [5692] CIpcMsgHandlerMgr::run Enter 2026-03-15 18:32:22 [Info] [5692] start ipc thread id[5956] 2026-03-15 18:32:22 [Info] [5692] Connect Yundun ipc server return state is 0 2026-03-15 18:32:22 [Info] [5692] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-15 18:32:22 [Info] [5692] yundun connected 2026-03-15 18:32:22 [Info] [5692] Report thread 2026-03-15 18:32:22 [Info] [5692] Monitor thread 2026-03-15 18:32:22 [Info] [5692] Loader thread 2026-03-15 18:32:22 [Info] [5692] PythonEngineImpl Init... 2026-03-15 18:32:23 [Info] [5692] recvmsg: HELLO 2026-03-15 18:32:23 [Info] [5692] recvmsg: WORK 2026-03-15 18:32:23 [Info] [5692] log fd cnt is [250], real fd cnt is [258] 2026-03-15 18:32:25 [Info] [5692] log memory size is 20480KB, real memory size is 12480KB 2026-03-15 18:32:26 [Info] [5692] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 18:32:26 [Info] [5692] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 18:32:26 [Info] [5692] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 18:32:28 [Info] [5692] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 18:32:29 [Info] [5692] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-15 18:32:29 [Info] [5692] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-15 18:32:33 [Info] [5692] item: --windows-sysinfoext-check 2026-03-15 18:32:33 [Info] [5692] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-15 18:32:33 [Info] [5692] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-15 18:32:33 [Info] [5692] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 18:32:33 [Info] [5692] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 18:32:33 [Info] [5692] http request success : https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5, http code : 200, curl ret : 0 2026-03-15 18:32:33 [Info] [5692] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/release/win32/plugin/windows-sysinfoext-check.py.md5 2026-03-15 18:32:33 [Info] [5692] Prepare stage1: --windows-sysinfoext-check 2026-03-15 18:32:33 [Info] [5692] Prepare stage2 2026-03-15 18:32:37 [Info] [5692] recvmsg: T_MSG_IPC_NETWORK_NOTIFY 2026-03-15 18:32:44 [Info] [5692] log memory size is 30720KB, real memory size is 20888KB 2026-03-15 18:33:20 [Info] [5692] stage3: --windows-sysinfoext-check 2026-03-15 18:33:20 [Info] [5692] Loader after check 2026-03-15 18:33:21 [Info] [5692] Enter reuse wait state. 2026-03-15 18:33:26 [Info] [5692] recvmsg: EXIT 2026-03-15 18:33:26 [Info] [5692] Recv Exit Msg, Exit... 2026-03-15 19:11:42 [Info] [4996] ====================Start AliSecCheck : 10_10, Feb 19 2025 00:11:37==================== 2026-03-15 19:11:42 [Info] [4996] cmdline:C:\Program Files (x86)\Alibaba\Aegis\AliSecCheckTmp\AliSecCheck.exe -t rtap -c Rtap322761773573101 2026-03-15 19:11:42 [Info] [4996] Aegis root path is C:/Program Files (x86)/Alibaba/Aegis 2026-03-15 19:11:42 [Info] [4996] Resource monitor start 2026-03-15 19:11:42 [Info] [4996] ipc client init success 2026-03-15 19:11:42 [Info] [4996] Ipc init: 0 2026-03-15 19:11:42 [Info] [4996] timer 1 magic num is 0x7672655363704943, interval is 10000ms, class name is CIpcServiceImpl 2026-03-15 19:11:42 [Info] [4996] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/rtap.dll 2026-03-15 19:11:42 [Info] [4996] start ipc thread id[4852] 2026-03-15 19:11:42 [Info] [4996] Connect Yundun ipc server return state is 0 2026-03-15 19:11:42 [Info] [4996] LoadModule : C:/Program Files (x86)/Alibaba/Aegis/AliSecCheckTmp/PythonEngine.dll 2026-03-15 19:11:42 [Info] [4996] CResourceMonitor::run Enter 2026-03-15 19:11:42 [Info] [4996] CIpcMsgHandlerMgr::run Enter 2026-03-15 19:11:42 [Info] [4996] yundun connected 2026-03-15 19:11:42 [Info] [4996] Report thread 2026-03-15 19:11:42 [Info] [4996] Monitor thread 2026-03-15 19:11:42 [Info] [4996] Loader thread 2026-03-15 19:11:42 [Info] [4996] PythonEngineImpl Init... 2026-03-15 19:11:42 [Info] [4996] recvmsg: HELLO 2026-03-15 19:11:42 [Info] [4996] recvmsg: WORK 2026-03-15 19:11:42 [Info] [4996] start DownLoadBuffer update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 19:11:42 [Info] [4996] start do http get request for update.aegis.aliyun.com/download/SecureCheck/Gray/win32/rtap_cfg.data.md5 2026-03-15 19:11:42 [Info] [4996] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 19:11:43 [Info] [4996] log fd cnt is [250], real fd cnt is [282] 2026-03-15 19:11:43 [Info] [4996] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 19:11:43 [Info] [4996] http request success : https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5, http code : 200, curl ret : 0 2026-03-15 19:11:43 [Info] [4996] http download from redirect url success with https://aegis.alicdn.com/rtap_file/official/1765194519_amsi_reg_remove_official/win32/rtap_cfg.data.md5 2026-03-15 19:11:44 [Info] [4996] log memory size is 20480KB, real memory size is 14728KB 2026-03-15 19:11:44 [Info] [4996] item: --secnet_rasp_agent 2026-03-15 19:11:44 [Info] [4996] start post buffer update.aegis.aliyun.com/file_policy/rtap_files 2026-03-15 19:11:44 [Info] [4996] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/rtap_files, http code : 200, curl ret : 0 2026-03-15 19:11:44 [Info] [4996] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent.py 2026-03-15 19:11:44 [Info] [4996] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/aegis_plugin_util.py 2026-03-15 19:11:44 [Info] [4996] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_lib.py 2026-03-15 19:11:44 [Info] [4996] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_engine.py 2026-03-15 19:11:44 [Info] [4996] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_finder.py 2026-03-15 19:11:44 [Info] [4996] Download redirect file, local file md5 check ok: rtap_file/official/release/win32/plugin/secnet_rasp_agent_action.py 2026-03-15 19:11:44 [Info] [4996] Download redirect files success. 2026-03-15 19:11:44 [Info] [4996] Prepare stage1: --secnet_rasp_agent 2026-03-15 19:11:44 [Info] [4996] Prepare stage2 2026-03-15 19:11:46 [Info] [4996] start DownLoadBuffer update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-15 19:11:46 [Info] [4996] start do http get request for update.aegis.aliyun.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-15 19:11:46 [Info] [4996] start post buffer update.aegis.aliyun.com/file_policy/file 2026-03-15 19:11:46 [Info] [4996] http request success : https://update-vpc.aegis.aliyuncs.com/file_policy/file, http code : 200, curl ret : 0 2026-03-15 19:11:46 [Info] [4996] http request success : https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update, http code : 200, curl ret : 0 2026-03-15 19:11:46 [Info] [4996] http download from redirect url success with https://aegis.alicdn.com/rasp/plugin/rtap/heartbeat?version=3.12&host_id=1df4a29c-9101-49c6-94e9-348f286d57d0&app_id=&action=update 2026-03-15 19:11:46 [Info] [4996] stage3: --secnet_rasp_agent 2026-03-15 19:11:46 [Info] [4996] Loader after check 2026-03-15 19:11:47 [Info] [4996] Enter reuse wait state. 2026-03-15 19:11:48 [Info] [4996] log memory size is 30720KB, real memory size is 21320KB 2026-03-15 19:11:49 [Info] [4996] recvmsg: EXIT 2026-03-15 19:11:49 [Info] [4996] Recv Exit Msg, Exit...