Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent crash in some cases when glob is invalid. #4039

Merged
merged 2 commits into from
Jan 29, 2025
Merged

Prevent crash in some cases when glob is invalid. #4039

merged 2 commits into from
Jan 29, 2025

Conversation

scudette
Copy link
Contributor

No description provided.

@scudette scudette merged commit 2a20ec6 into master Jan 29, 2025
3 checks passed
@scudette scudette deleted the globcrash branch January 29, 2025 02:19
@AndrewRathbun
Copy link

Thank you! I think I've been experiencing this lately with certain KAPE artifacts, specifically when leveraging VSS with the KapeTriage Target. I think it was a glob for a web browser artifact that would always cause the offline collector to freeze early on and therefore never complete, but if I targeted non-web browser artifacts like Event Logs, NTFS metadata files, etc, there'd be no issues, even with VSS.

@scudette
Copy link
Contributor Author

Thanks for reporting that. To be clear the issue was that the glob itself was not valid and add we tried to convert that to a regex there was an error.

This pr will prevent the crash but now actually all the globs will be rejected because we now try to compile all the regex before we start.

So it's still very important to find the offending glob and fix it because it will now result in an earlier failure and none of the globs will work

@AndrewRathbun
Copy link

Hmmm, I tried again with event logs this morning and it appeared to hang again before actually going through the VSS. Granted, this is an extreme case where this host has over 270 VSCs on it, but I've seen it do similar on hosts with much fewer VSCs.

[INFO] 2025-01-29T16:01:04Z Selecting EventLogs
[INFO] 2025-01-29T16:01:04Z auto: Selecting glob Windows\System32\config\*.evt
[INFO] 2025-01-29T16:01:04Z auto: Selecting glob Windows\System32\winevt\logs\*.evtx
[INFO] 2025-01-29T16:01:04Z auto: Selecting glob Windows.old\Windows\System32\winevt\logs\*.evtx
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy281 created 2024-11-29T10:54:22Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy282 created 2024-11-29T14:55:37Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy283 created 2024-11-29T18:57:57Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy284 created 2024-11-29T23:00:16Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy285 created 2024-11-30T03:02:36Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy287 created 2024-11-30T07:18:03Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy288 created 2024-11-30T11:22:47Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy289 created 2024-11-30T15:24:03Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy290 created 2024-11-30T19:26:03Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy291 created 2024-11-30T23:28:25Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy292 created 2024-12-01T03:30:44Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy294 created 2024-12-01T07:33:03Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy295 created 2024-12-01T11:37:52Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy296 created 2024-12-01T15:39:07Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy297 created 2024-12-01T19:41:27Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy298 created 2024-12-01T23:43:48Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy299 created 2024-12-02T03:46:29Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy301 created 2024-12-02T07:48:55Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy302 created 2024-12-02T11:53:12Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy303 created 2024-12-02T15:54:27Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy304 created 2024-12-02T19:56:44Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy305 created 2024-12-02T23:58:45Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy307 created 2024-12-03T04:02:11Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy308 created 2024-12-03T08:07:55Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy309 created 2024-12-03T12:09:49Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy310 created 2024-12-03T16:12:11Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy311 created 2024-12-03T20:14:12Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy312 created 2024-12-04T00:16:14Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy314 created 2024-12-04T04:18:35Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy315 created 2024-12-04T08:23:35Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy316 created 2024-12-04T12:24:47Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy317 created 2024-12-04T16:27:08Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy318 created 2024-12-04T20:29:07Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy319 created 2024-12-05T00:31:06Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy321 created 2024-12-05T04:33:30Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy322 created 2024-12-05T08:38:53Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy323 created 2024-12-05T12:40:08Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy324 created 2024-12-05T16:42:27Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy325 created 2024-12-05T20:44:08Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy326 created 2024-12-06T00:46:28Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy328 created 2024-12-06T04:48:56Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy329 created 2024-12-06T08:52:52Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy330 created 2024-12-06T12:54:11Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy331 created 2024-12-06T16:56:31Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy332 created 2024-12-06T20:58:54Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy333 created 2024-12-07T01:00:56Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy335 created 2024-12-07T05:03:16Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy336 created 2024-12-07T09:08:03Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy337 created 2024-12-07T13:09:22Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy338 created 2024-12-07T17:11:42Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy339 created 2024-12-07T21:14:02Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy340 created 2024-12-08T01:16:03Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy342 created 2024-12-08T05:18:26Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy343 created 2024-12-08T09:22:46Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy344 created 2024-12-08T13:24:05Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy345 created 2024-12-08T17:26:23Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy346 created 2024-12-08T21:28:46Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy347 created 2024-12-09T01:31:05Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy349 created 2024-12-09T05:33:28Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy350 created 2024-12-09T09:37:11Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy351 created 2024-12-09T13:38:30Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy352 created 2024-12-09T17:40:21Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy353 created 2024-12-09T21:42:42Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy354 created 2024-12-10T01:45:06Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy356 created 2024-12-10T05:47:25Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy357 created 2024-12-10T09:51:33Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy358 created 2024-12-10T13:52:47Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy359 created 2024-12-10T17:55:04Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy360 created 2024-12-10T21:57:23Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy361 created 2024-12-11T01:59:47Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy363 created 2024-12-11T06:21:39Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy364 created 2024-12-11T10:26:10Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy365 created 2024-12-11T14:27:09Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy366 created 2024-12-11T18:29:33Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy367 created 2024-12-11T22:31:36Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy368 created 2024-12-12T02:34:01Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy370 created 2024-12-12T06:35:57Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy371 created 2024-12-12T10:40:05Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy372 created 2024-12-12T14:41:21Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy373 created 2024-12-12T18:43:42Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy374 created 2024-12-12T22:45:47Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy375 created 2024-12-13T02:47:50Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy377 created 2024-12-13T06:50:14Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy378 created 2024-12-13T10:55:07Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy379 created 2024-12-13T14:56:22Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy380 created 2024-12-13T18:58:45Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy381 created 2024-12-13T23:01:07Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy382 created 2024-12-14T03:03:14Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy384 created 2024-12-14T07:17:13Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy385 created 2024-12-14T11:22:01Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy386 created 2024-12-14T15:23:33Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy387 created 2024-12-14T19:25:34Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy388 created 2024-12-14T23:27:15Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy389 created 2024-12-15T03:29:44Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy391 created 2024-12-15T07:32:08Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy392 created 2024-12-15T11:36:48Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy393 created 2024-12-15T15:38:08Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy394 created 2024-12-15T19:40:16Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy395 created 2024-12-15T23:42:20Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy396 created 2024-12-16T03:44:27Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy398 created 2024-12-16T07:46:08Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy399 created 2024-12-16T11:50:14Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy400 created 2024-12-16T15:51:29Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy401 created 2024-12-16T19:53:23Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy402 created 2024-12-16T23:55:23Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy404 created 2024-12-17T03:57:45Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy405 created 2024-12-17T08:04:01Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy406 created 2024-12-17T12:05:53Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy407 created 2024-12-17T16:08:17Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy408 created 2024-12-17T20:10:38Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy409 created 2024-12-18T00:13:02Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy411 created 2024-12-18T04:15:29Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy412 created 2024-12-18T08:19:54Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy413 created 2024-12-18T12:21:12Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy414 created 2024-12-18T16:23:16Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy415 created 2024-12-18T20:25:40Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy416 created 2024-12-19T00:28:03Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy418 created 2024-12-19T04:30:30Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy419 created 2024-12-19T08:35:43Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy420 created 2024-12-19T12:37:07Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy421 created 2024-12-19T16:39:09Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy422 created 2024-12-19T20:41:14Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy423 created 2024-12-20T00:43:41Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy425 created 2024-12-20T04:46:09Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy426 created 2024-12-20T08:50:55Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy427 created 2024-12-20T12:52:19Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy428 created 2024-12-20T16:54:47Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy429 created 2024-12-20T20:56:58Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy430 created 2024-12-21T00:59:14Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy432 created 2024-12-21T05:01:42Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy433 created 2024-12-21T09:06:37Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy434 created 2024-12-21T13:08:09Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy435 created 2024-12-21T17:10:55Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy436 created 2024-12-21T21:13:20Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy437 created 2024-12-22T01:15:34Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy439 created 2024-12-22T05:18:00Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy440 created 2024-12-22T09:23:02Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy441 created 2024-12-22T13:24:21Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy442 created 2024-12-22T17:26:53Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy443 created 2024-12-22T21:29:19Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy444 created 2024-12-23T01:31:24Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy446 created 2024-12-23T05:33:45Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy447 created 2024-12-23T09:38:11Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy448 created 2024-12-23T13:39:22Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy449 created 2024-12-23T17:41:52Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy450 created 2024-12-23T21:43:55Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy451 created 2024-12-24T01:46:24Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy453 created 2024-12-24T05:48:37Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy454 created 2024-12-24T09:53:31Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy455 created 2024-12-24T13:54:55Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy456 created 2024-12-24T17:57:05Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy457 created 2024-12-24T21:59:10Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy458 created 2024-12-25T02:01:20Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy460 created 2024-12-25T06:18:32Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy461 created 2024-12-25T10:24:08Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy462 created 2024-12-25T14:25:23Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy463 created 2024-12-25T18:27:26Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy464 created 2024-12-25T22:29:55Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy465 created 2024-12-26T02:32:01Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy467 created 2024-12-26T06:34:16Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy468 created 2024-12-26T10:38:48Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy469 created 2024-12-26T14:40:02Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy470 created 2024-12-26T18:41:48Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy471 created 2024-12-26T22:44:27Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy472 created 2024-12-26T23:21:26Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy473 created 2024-12-27T17:01:15Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy474 created 2024-12-27T21:02:27Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy475 created 2024-12-28T01:04:18Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy477 created 2024-12-28T05:06:26Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy478 created 2024-12-28T09:08:27Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy479 created 2024-12-28T13:11:08Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy480 created 2024-12-28T17:13:27Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy481 created 2024-12-28T21:15:41Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy482 created 2024-12-29T01:16:35Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy484 created 2024-12-29T05:18:39Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy485 created 2024-12-29T09:22:26Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy486 created 2024-12-29T13:23:37Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy487 created 2024-12-29T17:25:29Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy488 created 2024-12-29T21:27:40Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy489 created 2024-12-30T01:29:22Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy491 created 2024-12-30T05:31:30Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy492 created 2024-12-30T09:36:06Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy493 created 2024-12-30T13:37:12Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy494 created 2024-12-30T17:39:26Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy495 created 2024-12-30T21:41:37Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy496 created 2024-12-31T01:43:10Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z Compiled all artifacts. �[0m
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy498 created 2024-12-31T05:45:05Z within Max Age of 100 days �[0m
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy499 created 2024-12-31T09:50:13Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:05Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy500 created 2024-12-31T13:51:35Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy501 created 2024-12-31T17:53:49Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy502 created 2024-12-31T21:56:02Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy503 created 2025-01-01T01:57:55Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy505 created 2025-01-01T05:59:54Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy506 created 2025-01-01T06:22:09Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy507 created 2025-01-01T10:23:10Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy508 created 2025-01-01T14:25:09Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy509 created 2025-01-01T18:27:08Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy510 created 2025-01-01T22:29:08Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy511 created 2025-01-02T02:31:16Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy513 created 2025-01-02T06:32:59Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy514 created 2025-01-02T10:37:00Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy515 created 2025-01-02T14:37:59Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy516 created 2025-01-02T18:39:45Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy517 created 2025-01-02T22:41:44Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy518 created 2025-01-03T02:43:45Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy520 created 2025-01-03T06:45:46Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy521 created 2025-01-03T10:49:41Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy522 created 2025-01-03T14:50:43Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy523 created 2025-01-03T18:52:53Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy524 created 2025-01-03T22:54:43Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy525 created 2025-01-04T02:56:56Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy527 created 2025-01-04T06:58:32Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy528 created 2025-01-04T11:04:15Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy529 created 2025-01-04T15:05:36Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy530 created 2025-01-04T19:07:50Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy531 created 2025-01-04T23:10:05Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy532 created 2025-01-05T03:12:20Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy534 created 2025-01-05T07:18:17Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy535 created 2025-01-05T11:22:18Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy536 created 2025-01-05T15:23:29Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy537 created 2025-01-05T19:25:45Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy538 created 2025-01-05T23:27:59Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy539 created 2025-01-06T03:30:03Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy541 created 2025-01-06T07:32:23Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy542 created 2025-01-06T11:36:58Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy543 created 2025-01-06T15:37:59Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy544 created 2025-01-06T19:39:47Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy545 created 2025-01-06T23:41:35Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy546 created 2025-01-07T03:43:53Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy548 created 2025-01-07T07:46:12Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy549 created 2025-01-07T11:50:15Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy550 created 2025-01-07T15:51:23Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy551 created 2025-01-07T19:53:43Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy552 created 2025-01-07T23:56:01Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy554 created 2025-01-08T03:58:01Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy555 created 2025-01-08T08:05:11Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy556 created 2025-01-08T09:36:49Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z vss: Found VSS \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy557 created 2025-01-08T13:38:53Z within Max Age of 100 days
[INFO] 2025-01-29T16:01:06Z Processing Device F: with ntfs_vss: glob is \\.\F:\Windows\System32\config\*.evt
[INFO] 2025-01-29T16:01:06Z Processing Device F: with ntfs_vss: glob is \\.\F:\Windows\System32\winevt\logs\*.evtx
[INFO] 2025-01-29T16:01:06Z Processing Device F: with ntfs_vss: glob is \\.\F:\Windows.old\Windows\System32\winevt\logs\*.evtx

It's 1651 UTC, as I type this, so it has been hanging for 50 minutes now. If you want, I can create a separate issue for this, as it may be a separate issue. Thoughts?

@scudette
Copy link
Contributor Author

This is unlikely to be related since the original bug was a crash. If you experience a hang out would be interesting to see what's going on

You can enable the debug server as it's working and see what's happening inside the binary as described here https://docs.velociraptor.app/docs/deployment/troubleshooting/#debugging-the-offline-collector

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@scudette @AndrewRathbun