AndrewRathbun
commented
3 days ago I'll look into this later today! Thanks for reporting 👍
Open bluDuckB3ar opened 3 days ago
AndrewRathbun
commented
3 days ago I'll look into this later today! Thanks for reporting 👍
bluDuckB3ar
commented
3 days ago
The bug appears to be related to duplicate keys within the map files used by EvtxECmd. Specifically, you are encountering errors when EvtxECmd tries to load the following map files:
Microsoft-Windows-VHDMP-Operational_Microsoft-Windows-VHDMP_1.map Microsoft-Windows-VHDMP-Operational_Microsoft-Windows-VHDMP_2.map The error messages indicate that these map files contain entries with the same key, leading to a System.ArgumentException.
---------------------------------------------------------------- This is an easy resolve by just deleting the file attaching my terminal output
I was able to fix it by deleting those two map files but was able to replicate the issue on a vm with a fresh install of windows. this was tested through PS 5 - 7 and on .net 6
this would be great in helping someone else if they came across it later
logs evtx.txt