Skip to content

Instantly share code, notes, and snippets.

@choco-bot

choco-bot/FilesSnapshot.xml

Created May 12, 2023 04:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save choco-bot/2b042b0a1c88ea37f3aacbbd264d647d to your computer and use it in GitHub Desktop.
Save choco-bot/2b042b0a1c88ea37f3aacbbd264d647d to your computer and use it in GitHub Desktop.
Download ZIP
osquery v5.8.2 - Passed - Package Tests Results
Raw
_Summary.md

osquery v5.8.2 - Passed - Package Test Results

  • https://community.chocolatey.org/packages/osquery/5.8.2
  • Tested 12 May 2023 04:59:09 +00:00
  • Tested against win2012r2x64 (Windows Server 2012 R2 x64)
  • Tested with the latest version of choco, possibly a beta version.
  • Tested with chocolatey-package-verifier service v1.0.1
  • Install was successful.
  • Uninstall was successful.
Raw
FilesSnapshot.xml
<?xml version="1.0" encoding="utf-8"?>
<fileSnapshot xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<files>
<file path="C:\ProgramData\chocolatey\lib\osquery\LICENSE.txt" checksum="0820FFE048483183320E2DAD339898F6" />
<file path="C:\ProgramData\chocolatey\lib\osquery\manage-osqueryd.ps1" checksum="3CCB09B60C319C2B6A43DF64360BD14F" />
<file path="C:\ProgramData\chocolatey\lib\osquery\osquery.conf" checksum="9027F1A3AF205ED3D209BE5F9AEA1842" />
<file path="C:\ProgramData\chocolatey\lib\osquery\osquery.flags" checksum="D41D8CD98F00B204E9800998ECF8427E" />
<file path="C:\ProgramData\chocolatey\lib\osquery\osquery.man" checksum="A4C03558EDB1FF1F5DC4B2194CF3A500" />
<file path="C:\ProgramData\chocolatey\lib\osquery\osquery.nupkg" checksum="7373DFE603C2FF707E7A04C9C5ADFF3E" />
<file path="C:\ProgramData\chocolatey\lib\osquery\osquery.nuspec" checksum="CD69CB7DCD2CDDF6DB56A8F9294F9BDB" />
<file path="C:\ProgramData\chocolatey\lib\osquery\osquery.png" checksum="34A5C156791B25AB5D130BD97AECA98C" />
<file path="C:\ProgramData\chocolatey\lib\osquery\osqueryi.exe" checksum="97D7D6BA1BCFA0D3490F8617BB03DFDF" />
<file path="C:\ProgramData\chocolatey\lib\osquery\osquery_utils.ps1" checksum="E851BB94C0F783653E3BFF527503A850" />
<file path="C:\ProgramData\chocolatey\lib\osquery\VERIFICATION.txt" checksum="77039304249AC12CA156465857B19382" />
<file path="C:\ProgramData\chocolatey\lib\osquery\certs\certs.pem" checksum="6C8779E5755D9DDDF677BF7A52D035CE" />
<file path="C:\ProgramData\chocolatey\lib\osquery\osqueryd\osqueryd.exe" checksum="E243D9BC769E5576BCB4DE91F0BD5D95" />
<file path="C:\ProgramData\chocolatey\lib\osquery\packs\hardware-monitoring.conf" checksum="3501087ED8C14DC4CB417D6F749ACAD4" />
<file path="C:\ProgramData\chocolatey\lib\osquery\packs\incident-response.conf" checksum="9FAF35B5ED735847D0162E4EAA5EF128" />
<file path="C:\ProgramData\chocolatey\lib\osquery\packs\it-compliance.conf" checksum="C90DCD8897F172B41770C2A658D4426A" />
<file path="C:\ProgramData\chocolatey\lib\osquery\packs\osquery-monitoring.conf" checksum="50B79815090F908C57B6317DD2F552BF" />
<file path="C:\ProgramData\chocolatey\lib\osquery\packs\ossec-rootkit.conf" checksum="788318DBABB9FDBC545315C4CA88FC40" />
<file path="C:\ProgramData\chocolatey\lib\osquery\packs\osx-attacks.conf" checksum="EE9CDBF8F06E672092B14DE993117569" />
<file path="C:\ProgramData\chocolatey\lib\osquery\packs\unwanted-chrome-extensions.conf" checksum="CF972DFC934DD8E09A628C6B0A3814DD" />
<file path="C:\ProgramData\chocolatey\lib\osquery\packs\vuln-management.conf" checksum="F1C82E2A9E05DE6AD9DFD47E16461FA8" />
<file path="C:\ProgramData\chocolatey\lib\osquery\packs\windows-attacks.conf" checksum="5C705090F10185E33F87AC8A79C445FB" />
<file path="C:\ProgramData\chocolatey\lib\osquery\packs\windows-hardening.conf" checksum="EBFB94E06E2914770A4EAEA4E5F83248" />
<file path="C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyBeforeModify.ps1" checksum="289840CCC12B230068E229CDD37E3703" />
<file path="C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyinstall.ps1" checksum="780C83D965D277E7A132A4E7208FD339" />
<file path="C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyuninstall.ps1" checksum="3C79361CA6117F7D02C1FEDDF82F07C6" />
<file path="C:\ProgramData\chocolatey\lib\osquery\tools\osquery_utils.ps1" checksum="E851BB94C0F783653E3BFF527503A850" />
</files>
</fileSnapshot>
Raw
Install.txt
2023-05-12 04:58:17,963 2580 [DEBUG] - XmlConfiguration is now operational
2023-05-12 04:58:18,135 2580 [DEBUG] - Adding new type 'WebPiService' for type 'ISourceRunner' from assembly 'choco'
2023-05-12 04:58:18,135 2580 [DEBUG] - Adding new type 'WindowsFeatureService' for type 'ISourceRunner' from assembly 'choco'
2023-05-12 04:58:18,135 2580 [DEBUG] - Adding new type 'CygwinService' for type 'ISourceRunner' from assembly 'choco'
2023-05-12 04:58:18,150 2580 [DEBUG] - Adding new type 'PythonService' for type 'ISourceRunner' from assembly 'choco'
2023-05-12 04:58:18,150 2580 [DEBUG] - Adding new type 'RubyGemsService' for type 'ISourceRunner' from assembly 'choco'
2023-05-12 04:58:18,150 2580 [DEBUG] - Adding new type 'SystemStateValidation' for type 'IValidation' from assembly 'choco'
2023-05-12 04:58:18,448 2580 [DEBUG] - Registering new command 'templates' in assembly 'choco'
2023-05-12 04:58:18,448 2580 [DEBUG] - Registering new command 'upgrade' in assembly 'choco'
2023-05-12 04:58:18,463 2580 [DEBUG] - Registering new command 'export' in assembly 'choco'
2023-05-12 04:58:18,463 2580 [DEBUG] - Registering new command 'list' in assembly 'choco'
2023-05-12 04:58:18,463 2580 [DEBUG] - Registering new command 'info' in assembly 'choco'
2023-05-12 04:58:18,478 2580 [DEBUG] - Registering new command 'help' in assembly 'choco'
2023-05-12 04:58:18,478 2580 [DEBUG] - Registering new command 'config' in assembly 'choco'
2023-05-12 04:58:18,478 2580 [DEBUG] - Registering new command 'feature' in assembly 'choco'
2023-05-12 04:58:18,478 2580 [DEBUG] - Registering new command 'new' in assembly 'choco'
2023-05-12 04:58:18,494 2580 [DEBUG] - Registering new command 'outdated' in assembly 'choco'
2023-05-12 04:58:18,494 2580 [DEBUG] - Registering new command 'pack' in assembly 'choco'
2023-05-12 04:58:18,494 2580 [DEBUG] - Registering new command 'pin' in assembly 'choco'
2023-05-12 04:58:18,494 2580 [DEBUG] - Registering new command 'push' in assembly 'choco'
2023-05-12 04:58:18,509 2580 [DEBUG] - Registering new command 'apikey' in assembly 'choco'
2023-05-12 04:58:18,509 2580 [DEBUG] - Registering new command 'sources' in assembly 'choco'
2023-05-12 04:58:18,509 2580 [DEBUG] - Registering new command 'uninstall' in assembly 'choco'
2023-05-12 04:58:18,525 2580 [DEBUG] - Registering new command 'unpackself' in assembly 'choco'
2023-05-12 04:58:18,525 2580 [DEBUG] - Registering new command 'install' in assembly 'choco'
2023-05-12 04:58:18,838 2580 [INFO ] - ============================================================
2023-05-12 04:58:19,260 2580 [INFO ] - Chocolatey v1.3.0
2023-05-12 04:58:19,306 2580 [DEBUG] - Chocolatey is running on Windows v 10.0.17763.0
2023-05-12 04:58:19,322 2580 [DEBUG] - Attempting to delete file "C:/ProgramData/chocolatey/choco.exe.old".
2023-05-12 04:58:19,322 2580 [DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\choco.exe.old".
2023-05-12 04:58:19,369 2580 [DEBUG] - Command line: "C:\ProgramData\chocolatey\choco.exe" install osquery --version 5.8.2 -fdvy --execution-timeout=2700 --allow-downgrade
2023-05-12 04:58:19,369 2580 [DEBUG] - Received arguments: install osquery --version 5.8.2 -fdvy --execution-timeout=2700 --allow-downgrade
2023-05-12 04:58:19,557 2580 [DEBUG] - RemovePendingPackagesTask is now ready and waiting for PreRunMessage.
2023-05-12 04:58:19,588 2580 [DEBUG] - Sending message 'PreRunMessage' out if there are subscribers...
2023-05-12 04:58:19,620 2580 [DEBUG] - [Pending] Removing all pending packages that should not be considered installed...
2023-05-12 04:58:19,776 2580 [DEBUG] - Performing validation checks.
2023-05-12 04:58:19,791 2580 [DEBUG] - Global Configuration Validation Checks:
2023-05-12 04:58:19,791 2580 [DEBUG] - - Package Exit Code / Exit On Reboot = Checked
2023-05-12 04:58:19,806 2580 [DEBUG] - System State Validation Checks:
2023-05-12 04:58:19,822 2580 [DEBUG] - Reboot Requirement Checks:
2023-05-12 04:58:19,839 2580 [DEBUG] - - Pending Computer Rename = Checked
2023-05-12 04:58:19,839 2580 [DEBUG] - - Pending Component Based Servicing = Checked
2023-05-12 04:58:19,854 2580 [DEBUG] - - Pending Windows Auto Update = Checked
2023-05-12 04:58:19,869 2580 [DEBUG] - - Pending File Rename Operations = Ignored
2023-05-12 04:58:19,885 2580 [DEBUG] - - Pending Windows Package Installer = Checked
2023-05-12 04:58:19,901 2580 [DEBUG] - - Pending Windows Package Installer SysWow64 = Checked
2023-05-12 04:58:19,917 2580 [INFO ] - 2 validations performed. 2 success(es), 0 warning(s), and 0 error(s).
2023-05-12 04:58:19,978 2580 [DEBUG] - The source 'c:\cached-packages;https://community.chocolatey.org/api/v2/' evaluated to a 'normal' source type
2023-05-12 04:58:19,994 2580 [DEBUG] -
NOTE: Hiding sensitive configuration data! Please double and triple
check to be sure no sensitive data is shown, especially if copying
output to a gist for review.
2023-05-12 04:58:20,025 2580 [DEBUG] - Configuration: CommandName='install'|
CacheLocation='C:\Users\vagrant\AppData\Local\Temp\chocolatey'|
ContainsLegacyPackageInstalls='True'|
CommandExecutionTimeoutSeconds='2700'|WebRequestTimeoutSeconds='30'|
Sources='c:\cached-packages;https://community.chocolatey.org/api/v2/'|
SourceType='normal'|Debug='True'|Verbose='True'|Trace='False'|
Force='True'|Noop='False'|HelpRequested='False'|
UnsuccessfulParsing='False'|RegularOutput='True'|QuietOutput='False'|
PromptForConfirmation='False'|DisableCompatibilityChecks='False'|
AcceptLicense='True'|AllowUnofficialBuild='False'|Input='osquery'|
Version='5.8.2'|AllVersions='False'|SkipPackageInstallProvider='False'|
SkipHookScripts='False'|PackageNames='osquery'|Prerelease='False'|
ForceX86='False'|OverrideArguments='False'|NotSilent='False'|
ApplyPackageParametersToDependencies='False'|
ApplyInstallArgumentsToDependencies='False'|IgnoreDependencies='False'|
AllowMultipleVersions='False'|AllowDowngrade='True'|
ForceDependencies='False'|PinPackage='False'|
Information.PlatformType='Windows'|
Information.PlatformVersion='10.0.17763.0'|
Information.PlatformName='Windows Server 2016'|
Information.ChocolateyVersion='1.3.0.0'|
Information.ChocolateyProductVersion='1.3.0'|
Information.FullName='choco, Version=1.3.0.0, Culture=neutral, PublicKeyToken=79d02ea9cad655eb'|
Information.Is64BitOperatingSystem='True'|
Information.Is64BitProcess='True'|Information.IsInteractive='False'|
Information.UserName='vagrant'|
Information.UserDomainName='WIN-09H5881UP2A'|
Information.IsUserAdministrator='True'|
Information.IsUserSystemAccount='False'|
Information.IsUserRemoteDesktop='False'|
Information.IsUserRemote='True'|
Information.IsProcessElevated='True'|
Information.IsLicensedVersion='False'|Information.LicenseType='Foss'|
Information.CurrentDirectory='C:\Users\vagrant'|
Features.AutoUninstaller='True'|Features.ChecksumFiles='True'|
Features.AllowEmptyChecksums='False'|
Features.AllowEmptyChecksumsSecure='True'|
Features.FailOnAutoUninstaller='False'|
Features.FailOnStandardError='False'|Features.UsePowerShellHost='True'|
Features.LogEnvironmentValues='True'|Features.LogWithoutColor='False'|
Features.VirusCheck='False'|
Features.FailOnInvalidOrMissingLicense='False'|
Features.IgnoreInvalidOptionsSwitches='True'|
Features.UsePackageExitCodes='True'|
Features.UseEnhancedExitCodes='False'|
Features.UseFipsCompliantChecksums='False'|
Features.ShowNonElevatedWarnings='True'|
Features.ShowDownloadProgress='False'|
Features.StopOnFirstPackageFailure='False'|
Features.UseRememberedArgumentsForUpgrades='False'|
Features.IgnoreUnfoundPackagesOnUpgradeOutdated='False'|
Features.SkipPackageUpgradesWhenNotInstalled='False'|
Features.RemovePackageInformationOnUninstall='False'|
Features.ExitOnRebootDetected='False'|
Features.LogValidationResultsOnWarnings='True'|
Features.UsePackageRepositoryOptimizations='True'|
ListCommand.LocalOnly='False'|ListCommand.IdOnly='False'|
ListCommand.IncludeRegistryPrograms='False'|ListCommand.PageSize='25'|
ListCommand.Exact='False'|ListCommand.ByIdOnly='False'|
ListCommand.ByTagOnly='False'|ListCommand.IdStartsWith='False'|
ListCommand.OrderByPopularity='False'|ListCommand.ApprovedOnly='False'|
ListCommand.DownloadCacheAvailable='False'|
ListCommand.NotBroken='False'|
ListCommand.IncludeVersionOverrides='False'|
UpgradeCommand.FailOnUnfound='False'|
UpgradeCommand.FailOnNotInstalled='False'|
UpgradeCommand.NotifyOnlyAvailableUpgrades='False'|
UpgradeCommand.ExcludePrerelease='False'|
NewCommand.AutomaticPackage='False'|
NewCommand.UseOriginalTemplate='False'|SourceCommand.Command='unknown'|
SourceCommand.Priority='0'|SourceCommand.BypassProxy='False'|
SourceCommand.AllowSelfService='False'|
SourceCommand.VisibleToAdminsOnly='False'|
FeatureCommand.Command='unknown'|ConfigCommand.Command='unknown'|
ApiKeyCommand.Remove='False'|PinCommand.Command='unknown'|
OutdatedCommand.IgnorePinned='False'|
ExportCommand.IncludeVersionNumbers='False'|Proxy.BypassOnLocal='True'|
TemplateCommand.Command='unknown'|
2023-05-12 04:58:20,057 2580 [DEBUG] - _ Chocolatey:ChocolateyInstallCommand - Normal Run Mode _
2023-05-12 04:58:20,089 2580 [INFO ] - Installing the following packages:
2023-05-12 04:58:20,089 2580 [INFO ] - osquery
2023-05-12 04:58:20,104 2580 [INFO ] - By installing, you accept licenses for the packages.
2023-05-12 04:58:20,119 2580 [DEBUG] - Current environment values (may contain sensitive data):
2023-05-12 04:58:20,135 2580 [DEBUG] - * 'Path'='C:\Users\vagrant\AppData\Local\Microsoft\WindowsApps;' ('User')
2023-05-12 04:58:20,150 2580 [DEBUG] - * 'TEMP'='C:\Users\vagrant\AppData\Local\Temp' ('User')
2023-05-12 04:58:20,150 2580 [DEBUG] - * 'TMP'='C:\Users\vagrant\AppData\Local\Temp' ('User')
2023-05-12 04:58:20,166 2580 [DEBUG] - * 'ChocolateyLastPathUpdate'='133282828905128368' ('User')
2023-05-12 04:58:20,166 2580 [DEBUG] - * 'ComSpec'='C:\Windows\system32\cmd.exe' ('Machine')
2023-05-12 04:58:20,166 2580 [DEBUG] - * 'DriverData'='C:\Windows\System32\Drivers\DriverData' ('Machine')
2023-05-12 04:58:20,181 2580 [DEBUG] - * 'OS'='Windows_NT' ('Machine')
2023-05-12 04:58:20,181 2580 [DEBUG] - * 'Path'='C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;' ('Machine')
2023-05-12 04:58:20,197 2580 [DEBUG] - * 'PATHEXT'='.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC' ('Machine')
2023-05-12 04:58:20,197 2580 [DEBUG] - * 'PROCESSOR_ARCHITECTURE'='AMD64' ('Machine')
2023-05-12 04:58:20,213 2580 [DEBUG] - * 'PSModulePath'='C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules' ('Machine')
2023-05-12 04:58:20,213 2580 [DEBUG] - * 'TEMP'='C:\Windows\TEMP' ('Machine')
2023-05-12 04:58:20,228 2580 [DEBUG] - * 'TMP'='C:\Windows\TEMP' ('Machine')
2023-05-12 04:58:20,228 2580 [DEBUG] - * 'USERNAME'='SYSTEM' ('Machine')
2023-05-12 04:58:20,243 2580 [DEBUG] - * 'windir'='C:\Windows' ('Machine')
2023-05-12 04:58:20,243 2580 [DEBUG] - * 'NUMBER_OF_PROCESSORS'='1' ('Machine')
2023-05-12 04:58:20,260 2580 [DEBUG] - * 'PROCESSOR_LEVEL'='6' ('Machine')
2023-05-12 04:58:20,260 2580 [DEBUG] - * 'PROCESSOR_IDENTIFIER'='Intel64 Family 6 Model 158 Stepping 13, GenuineIntel' ('Machine')
2023-05-12 04:58:20,275 2580 [DEBUG] - * 'PROCESSOR_REVISION'='9e0d' ('Machine')
2023-05-12 04:58:20,275 2580 [DEBUG] - * 'ChocolateyInstall'='C:\ProgramData\chocolatey' ('Machine')
2023-05-11 12:49:16,104 2580 [INFO ] - [NuGet] Installing 'osquery 5.8.2'.
2023-05-11 12:49:16,134 2580 [DEBUG] - [NuGet] Added file 'LICENSE.txt' to folder 'osquery'.
2023-05-11 12:49:16,134 2580 [DEBUG] - [NuGet] Added file 'manage-osqueryd.ps1' to folder 'osquery'.
2023-05-11 12:49:16,149 2580 [DEBUG] - [NuGet] Added file 'osquery.conf' to folder 'osquery'.
2023-05-11 12:49:16,149 2580 [DEBUG] - [NuGet] Added file 'osquery.flags' to folder 'osquery'.
2023-05-11 12:49:16,165 2580 [DEBUG] - [NuGet] Added file 'osquery.man' to folder 'osquery'.
2023-05-11 12:49:16,165 2580 [DEBUG] - [NuGet] Added file 'osquery.png' to folder 'osquery'.
2023-05-11 12:49:16,228 2580 [DEBUG] - [NuGet] Added file 'osqueryi.exe' to folder 'osquery'.
2023-05-11 12:49:16,228 2580 [DEBUG] - [NuGet] Added file 'osquery_utils.ps1' to folder 'osquery'.
2023-05-11 12:49:16,243 2580 [DEBUG] - [NuGet] Added file 'VERIFICATION.txt' to folder 'osquery'.
2023-05-11 12:49:16,258 2580 [DEBUG] - [NuGet] Added file 'certs.pem' to folder 'osquery\certs'.
2023-05-11 12:49:16,321 2580 [DEBUG] - [NuGet] Added file 'osqueryd.exe' to folder 'osquery\osqueryd'.
2023-05-11 12:49:16,336 2580 [DEBUG] - [NuGet] Added file 'hardware-monitoring.conf' to folder 'osquery\packs'.
2023-05-11 12:49:16,336 2580 [DEBUG] - [NuGet] Added file 'incident-response.conf' to folder 'osquery\packs'.
2023-05-11 12:49:16,352 2580 [DEBUG] - [NuGet] Added file 'it-compliance.conf' to folder 'osquery\packs'.
2023-05-11 12:49:16,368 2580 [DEBUG] - [NuGet] Added file 'osquery-monitoring.conf' to folder 'osquery\packs'.
2023-05-11 12:49:16,368 2580 [DEBUG] - [NuGet] Added file 'ossec-rootkit.conf' to folder 'osquery\packs'.
2023-05-11 12:49:16,384 2580 [DEBUG] - [NuGet] Added file 'osx-attacks.conf' to folder 'osquery\packs'.
2023-05-11 12:49:16,384 2580 [DEBUG] - [NuGet] Added file 'unwanted-chrome-extensions.conf' to folder 'osquery\packs'.
2023-05-11 12:49:16,399 2580 [DEBUG] - [NuGet] Added file 'vuln-management.conf' to folder 'osquery\packs'.
2023-05-11 12:49:16,399 2580 [DEBUG] - [NuGet] Added file 'windows-attacks.conf' to folder 'osquery\packs'.
2023-05-11 12:49:16,415 2580 [DEBUG] - [NuGet] Added file 'windows-hardening.conf' to folder 'osquery\packs'.
2023-05-11 12:49:16,415 2580 [DEBUG] - [NuGet] Added file 'chocolateyBeforeModify.ps1' to folder 'osquery\tools'.
2023-05-11 12:49:16,430 2580 [DEBUG] - [NuGet] Added file 'chocolateyinstall.ps1' to folder 'osquery\tools'.
2023-05-11 12:49:16,446 2580 [DEBUG] - [NuGet] Added file 'chocolateyuninstall.ps1' to folder 'osquery\tools'.
2023-05-11 12:49:16,446 2580 [DEBUG] - [NuGet] Added file 'osquery_utils.ps1' to folder 'osquery\tools'.
2023-05-11 12:49:16,493 2580 [DEBUG] - [NuGet] Added file 'osquery.nupkg' to folder 'osquery'.
2023-05-11 12:49:16,901 2580 [DEBUG] - [NuGet] Added file 'osquery.nuspec' to folder 'osquery'.
2023-05-11 12:49:16,916 2580 [INFO ] - [NuGet] Successfully installed 'osquery 5.8.2'.
2023-05-11 12:49:16,916 2580 [INFO ] -
osquery v5.8.2 (forced)
2023-05-11 12:49:16,947 2580 [INFO ] - osquery package files install completed. Performing other installation steps.
2023-05-11 12:49:17,025 2580 [DEBUG] - Setting installer args for osquery
2023-05-11 12:49:17,041 2580 [DEBUG] - Setting package parameters for osquery
2023-05-11 12:49:17,041 2580 [DEBUG] - Contents of 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyinstall.ps1':
2023-05-11 12:49:17,071 2580 [DEBUG] - # Copyright (c) 2014-present, The osquery authors
#
# This source code is licensed as defined by the LICENSE file found in the
# root directory of this source tree.
#
# SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only)
# This library file contains constant definitions and helper functions
#Requires -Version 3.0
$ErrorActionPreference = "Stop"
. (Join-Path "$PSScriptRoot" "osquery_utils.ps1")
$packageParameters = $env:chocolateyPackageParameters
$arguments = @{}
# Ensure the service is stopped and processes are not running if exists.
$svc = Get-WmiObject -ClassName Win32_Service -Filter "Name='osqueryd'"
if ($svc -and $svc.State -eq 'Running') {
Stop-Service $serviceName
# If we find zombie processes, ensure they're termintated
$proc = Get-Process | Where-Object { $_.ProcessName -eq 'osqueryd' }
if ($null -ne $proc) {
Stop-Process -Force $proc -ErrorAction SilentlyContinue
}
# If the service was installed using the legacy path in ProgramData, remove
# it and allow the service creation below to fix it up.
if ([regex]::escape($svc.PathName) -like [regex]::escape("${legacyInstall}*")) {
Get-CimInstance -ClassName Win32_Service -Filter "Name='osqueryd'" |
Invoke-CimMethod -MethodName Delete
}
}
# Lastly, ensure that the Deny Write ACLs have been removed before modifying
if (Test-Path $daemonFolder) {
Set-DenyWriteAcl $daemonFolder 'Remove'
}
if (Test-Path $extensionsFolder) {
Set-DenyWriteAcl $extensionsFolder 'Remove'
}
# Now parse the packageParameters using good old regular expression
if ($packageParameters) {
$match_pattern = "\/(?<option>([a-zA-Z]+)):(?<value>([`"'])?([a-zA-Z0-9- _\\:\.]+)([`"'])?)|\/(?<option>([a-zA-Z]+))"
$option_name = 'option'
$value_name = 'value'
if ($packageParameters -match $match_pattern ) {
$results = $packageParameters | Select-String $match_pattern -AllMatches
$results.matches | ForEach-Object {
$arguments.Add(
$_.Groups[$option_name].Value.Trim(),
$_.Groups[$value_name].Value.Trim())
}
} else {
Throw "Package Parameters were found but were invalid (REGEX Failure)"
}
if ($arguments.ContainsKey("InstallService")) {
$installService = $true
}
} else {
Write-Debug "No Package Parameters Passed in"
}
# Install the package
# Create a log directory in case one doesn't already exist
New-Item -Force -Type directory -Path $logFolder
# Grab the primary folders
$packageRoot = (Join-Path "$PSScriptRoot" "..")
Copy-Item -Force -Recurse (Join-Path "$packageRoot" "certs") $targetFolder
Copy-Item -Force -Recurse (Join-Path "$packageRoot" "osqueryd") $targetFolder
# Grab the individual files
Copy-Item -Force (Join-Path "$packageRoot" "manage-osqueryd.ps1") $targetFolder
Copy-Item -Force (Join-Path "$packageRoot" "osquery.man") $targetFolder
Copy-Item -Force (Join-Path "$PSScriptRoot" "osquery_utils.ps1") $targetFolder
Copy-Item -Force (Join-Path "$packageRoot" "osqueryi.exe") $targetFolder
# We intentionally do not replace configuration and flags files from previous
# installations, as these often dictate the osquery configuration and may not
# change through upgrades.
$currConf = (Join-Path "$targetFolder" "osquery.conf")
if (-not (Test-Path $currConf)) {
Copy-Item -Force (Join-Path "$packageRoot" "osquery.conf") $targetFolder
}
$currFlags = (Join-Path "$targetFolder" "osquery.flags")
if (-not (Test-Path $currFlags)) {
Copy-Item -Force (Join-Path "$packageRoot" "osquery.flags") $targetFolder
}
# The osquery daemon requires no low privileged users have write access to run
Set-SafePermissions $daemonFolder
if ($installService) {
if (-not (Get-Service $serviceName -ErrorAction SilentlyContinue)) {
Write-Debug 'Installing osquery daemon service.'
# If the 'install' parameter is passed, we create a Windows service with
# the flag file in the default location, 'C:\Program Files\osquery'
$cmd = '"{0}" --flagfile="{1}\osquery.flags"' -f $destDaemonBin, $targetFolder
$svcArgs = @{
Name = $serviceName
BinaryPathName = $cmd
DisplayName = $serviceName
Description = $serviceDescription
StartupType = "Automatic"
}
New-Service @svcArgs
# If the osquery.flags file doesn't exist, we create a blank one.
if (-not (Test-Path "$targetFolder\osquery.flags")) {
Add-Content "$targetFolder\osquery.flags" $null
}
}
Start-Service $serviceName
}
# Add osquery binary path to machines path for ease of use.
Install-ChocolateyPath $targetFolder -PathType 'Machine'
2023-05-11 12:49:17,853 2580 [DEBUG] - Calling built-in PowerShell host with ['[System.Threading.Thread]::CurrentThread.CurrentCulture = '';[System.Threading.Thread]::CurrentThread.CurrentUICulture = ''; & import-module -name 'C:\ProgramData\chocolatey\helpers\chocolateyInstaller.psm1'; & 'C:\ProgramData\chocolatey\helpers\chocolateyScriptRunner.ps1' -packageScript 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyinstall.ps1' -installArguments '' -packageParameters '' -preRunHookScripts $null -postRunHookScripts $null']
2023-05-11 12:49:17,868 2580 [DEBUG] - Redirecting System.Management.Automation.resources, Version=3.0.0.0, Culture=en-US, PublicKeyToken=31bf3856ad364e35, requested by ''
2023-05-11 12:49:18,790 2580 [DEBUG] - Host version is 5.1.17763.1, PowerShell Version is '5.1.17763.3770' and CLR Version is '4.0.30319.42000'.
2023-05-12 04:58:28,156 2580 [INFO ] - VERBOSE: Exporting function 'Format-FileSize'.
2023-05-12 04:58:28,203 2580 [INFO ] - VERBOSE: Exporting function 'Get-ChecksumValid'.
2023-05-12 04:58:28,203 2580 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyPath'.
2023-05-12 04:58:28,203 2580 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyUnzip'.
2023-05-12 04:58:28,219 2580 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyWebFile'.
2023-05-12 04:58:28,219 2580 [INFO ] - VERBOSE: Exporting function 'Get-EnvironmentVariable'.
2023-05-12 04:58:28,234 2580 [INFO ] - VERBOSE: Exporting function 'Get-EnvironmentVariableNames'.
2023-05-12 04:58:28,234 2580 [INFO ] - VERBOSE: Exporting function 'Get-FtpFile'.
2023-05-12 04:58:28,234 2580 [INFO ] - VERBOSE: Exporting function 'Get-OSArchitectureWidth'.
2023-05-12 04:58:28,250 2580 [INFO ] - VERBOSE: Exporting function 'Get-PackageParameters'.
2023-05-12 04:58:28,250 2580 [INFO ] - VERBOSE: Exporting function 'Get-PackageParametersBuiltIn'.
2023-05-12 04:58:28,266 2580 [INFO ] - VERBOSE: Exporting function 'Get-ToolsLocation'.
2023-05-12 04:58:28,266 2580 [INFO ] - VERBOSE: Exporting function 'Get-UACEnabled'.
2023-05-12 04:58:28,281 2580 [INFO ] - VERBOSE: Exporting function 'Get-UninstallRegistryKey'.
2023-05-12 04:58:28,281 2580 [INFO ] - VERBOSE: Exporting function 'Get-VirusCheckValid'.
2023-05-12 04:58:28,297 2580 [INFO ] - VERBOSE: Exporting function 'Get-WebFile'.
2023-05-12 04:58:28,312 2580 [INFO ] - VERBOSE: Exporting function 'Get-WebFileName'.
2023-05-12 04:58:28,312 2580 [INFO ] - VERBOSE: Exporting function 'Get-WebHeaders'.
2023-05-12 04:58:28,328 2580 [INFO ] - VERBOSE: Exporting function 'Install-BinFile'.
2023-05-12 04:58:28,328 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyEnvironmentVariable'.
2023-05-12 04:58:28,344 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyExplorerMenuItem'.
2023-05-12 04:58:28,344 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyFileAssociation'.
2023-05-12 04:58:28,359 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyInstallPackage'.
2023-05-12 04:58:28,359 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPackage'.
2023-05-12 04:58:28,375 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPath'.
2023-05-12 04:58:28,375 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPinnedTaskBarItem'.
2023-05-12 04:58:28,391 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPowershellCommand'.
2023-05-12 04:58:28,391 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyShortcut'.
2023-05-12 04:58:28,391 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyVsixPackage'.
2023-05-12 04:58:28,407 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyZipPackage'.
2023-05-12 04:58:28,407 2580 [INFO ] - VERBOSE: Exporting function 'Install-Vsix'.
2023-05-12 04:58:28,422 2580 [INFO ] - VERBOSE: Exporting function 'Set-EnvironmentVariable'.
2023-05-12 04:58:28,422 2580 [INFO ] - VERBOSE: Exporting function 'Set-PowerShellExitCode'.
2023-05-12 04:58:28,438 2580 [INFO ] - VERBOSE: Exporting function 'Start-ChocolateyProcessAsAdmin'.
2023-05-12 04:58:28,438 2580 [INFO ] - VERBOSE: Exporting function 'Test-ProcessAdminRights'.
2023-05-12 04:58:28,453 2580 [INFO ] - VERBOSE: Exporting function 'Uninstall-BinFile'.
2023-05-12 04:58:28,484 2580 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyEnvironmentVariable'.
2023-05-12 04:58:28,484 2580 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyPackage'.
2023-05-12 04:58:28,500 2580 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyZipPackage'.
2023-05-12 04:58:28,500 2580 [INFO ] - VERBOSE: Exporting function 'Update-SessionEnvironment'.
2023-05-12 04:58:28,515 2580 [INFO ] - VERBOSE: Exporting function 'Write-FunctionCallLogMessage'.
2023-05-12 04:58:28,515 2580 [INFO ] - VERBOSE: Exporting alias 'Get-ProcessorBits'.
2023-05-12 04:58:28,531 2580 [INFO ] - VERBOSE: Exporting alias 'Get-OSBitness'.
2023-05-12 04:58:28,531 2580 [INFO ] - VERBOSE: Exporting alias 'Get-InstallRegistryKey'.
2023-05-12 04:58:28,548 2580 [INFO ] - VERBOSE: Exporting alias 'Generate-BinFile'.
2023-05-12 04:58:28,548 2580 [INFO ] - VERBOSE: Exporting alias 'Add-BinFile'.
2023-05-12 04:58:28,563 2580 [INFO ] - VERBOSE: Exporting alias 'Start-ChocolateyProcess'.
2023-05-12 04:58:28,563 2580 [INFO ] - VERBOSE: Exporting alias 'Invoke-ChocolateyProcess'.
2023-05-12 04:58:28,578 2580 [INFO ] - VERBOSE: Exporting alias 'Remove-BinFile'.
2023-05-12 04:58:28,594 2580 [INFO ] - VERBOSE: Exporting alias 'refreshenv'.
2023-05-12 04:58:28,641 2580 [DEBUG] - Loading community extensions
2023-05-12 04:58:28,672 2580 [DEBUG] - Importing 'C:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\chocolatey-windowsupdate.psm1'
2023-05-12 04:58:28,672 2580 [INFO ] - VERBOSE: Loading module from path 'C:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\chocolatey-windowsupdate.psm1'.
2023-05-12 04:58:28,782 2580 [INFO ] - VERBOSE: Exporting function 'Install-WindowsUpdate'.
2023-05-12 04:58:28,782 2580 [INFO ] - VERBOSE: Exporting function 'Test-WindowsUpdate'.
2023-05-12 04:58:28,797 2580 [INFO ] - VERBOSE: Importing function 'Install-WindowsUpdate'.
2023-05-12 04:58:28,797 2580 [INFO ] - VERBOSE: Importing function 'Test-WindowsUpdate'.
2023-05-12 04:58:28,813 2580 [INFO ] - VERBOSE: Exporting function 'Format-FileSize'.
2023-05-12 04:58:28,813 2580 [INFO ] - VERBOSE: Exporting function 'Get-ChecksumValid'.
2023-05-12 04:58:28,828 2580 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyPath'.
2023-05-12 04:58:28,828 2580 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyUnzip'.
2023-05-12 04:58:28,844 2580 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyWebFile'.
2023-05-12 04:58:28,860 2580 [INFO ] - VERBOSE: Exporting function 'Get-EnvironmentVariable'.
2023-05-12 04:58:28,860 2580 [INFO ] - VERBOSE: Exporting function 'Get-EnvironmentVariableNames'.
2023-05-12 04:58:28,875 2580 [INFO ] - VERBOSE: Exporting function 'Get-FtpFile'.
2023-05-12 04:58:28,923 2580 [INFO ] - VERBOSE: Exporting function 'Get-OSArchitectureWidth'.
2023-05-12 04:58:28,953 2580 [INFO ] - VERBOSE: Exporting function 'Get-PackageParameters'.
2023-05-12 04:58:28,953 2580 [INFO ] - VERBOSE: Exporting function 'Get-PackageParametersBuiltIn'.
2023-05-12 04:58:28,969 2580 [INFO ] - VERBOSE: Exporting function 'Get-ToolsLocation'.
2023-05-12 04:58:28,969 2580 [INFO ] - VERBOSE: Exporting function 'Get-UACEnabled'.
2023-05-12 04:58:28,984 2580 [INFO ] - VERBOSE: Exporting function 'Get-UninstallRegistryKey'.
2023-05-12 04:58:28,984 2580 [INFO ] - VERBOSE: Exporting function 'Get-VirusCheckValid'.
2023-05-12 04:58:29,000 2580 [INFO ] - VERBOSE: Exporting function 'Get-WebFile'.
2023-05-12 04:58:29,000 2580 [INFO ] - VERBOSE: Exporting function 'Get-WebFileName'.
2023-05-12 04:58:29,015 2580 [INFO ] - VERBOSE: Exporting function 'Get-WebHeaders'.
2023-05-12 04:58:29,015 2580 [INFO ] - VERBOSE: Exporting function 'Install-BinFile'.
2023-05-12 04:58:29,031 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyEnvironmentVariable'.
2023-05-12 04:58:29,031 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyExplorerMenuItem'.
2023-05-12 04:58:29,047 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyFileAssociation'.
2023-05-12 04:58:29,047 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyInstallPackage'.
2023-05-12 04:58:29,063 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPackage'.
2023-05-12 04:58:29,063 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPath'.
2023-05-12 04:58:29,156 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPinnedTaskBarItem'.
2023-05-12 04:58:29,172 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPowershellCommand'.
2023-05-12 04:58:29,172 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyShortcut'.
2023-05-12 04:58:29,188 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyVsixPackage'.
2023-05-12 04:58:29,188 2580 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyZipPackage'.
2023-05-12 04:58:29,203 2580 [INFO ] - VERBOSE: Exporting function 'Install-Vsix'.
2023-05-12 04:58:29,218 2580 [INFO ] - VERBOSE: Exporting function 'Set-EnvironmentVariable'.
2023-05-12 04:58:29,218 2580 [INFO ] - VERBOSE: Exporting function 'Set-PowerShellExitCode'.
2023-05-12 04:58:29,234 2580 [INFO ] - VERBOSE: Exporting function 'Start-ChocolateyProcessAsAdmin'.
2023-05-12 04:58:29,234 2580 [INFO ] - VERBOSE: Exporting function 'Test-ProcessAdminRights'.
2023-05-12 04:58:29,250 2580 [INFO ] - VERBOSE: Exporting function 'Uninstall-BinFile'.
2023-05-12 04:58:29,250 2580 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyEnvironmentVariable'.
2023-05-12 04:58:29,265 2580 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyPackage'.
2023-05-12 04:58:29,281 2580 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyZipPackage'.
2023-05-12 04:58:29,281 2580 [INFO ] - VERBOSE: Exporting function 'Update-SessionEnvironment'.
2023-05-12 04:58:29,297 2580 [INFO ] - VERBOSE: Exporting function 'Write-FunctionCallLogMessage'.
2023-05-12 04:58:29,297 2580 [INFO ] - VERBOSE: Exporting function 'Install-WindowsUpdate'.
2023-05-12 04:58:29,313 2580 [INFO ] - VERBOSE: Exporting function 'Test-WindowsUpdate'.
2023-05-12 04:58:29,313 2580 [INFO ] - VERBOSE: Exporting alias 'Get-ProcessorBits'.
2023-05-12 04:58:29,547 2580 [INFO ] - VERBOSE: Exporting alias 'Get-OSBitness'.
2023-05-12 04:58:29,547 2580 [INFO ] - VERBOSE: Exporting alias 'Get-InstallRegistryKey'.
2023-05-12 04:58:29,563 2580 [INFO ] - VERBOSE: Exporting alias 'Generate-BinFile'.
2023-05-12 04:58:29,563 2580 [INFO ] - VERBOSE: Exporting alias 'Add-BinFile'.
2023-05-12 04:58:29,578 2580 [INFO ] - VERBOSE: Exporting alias 'Start-ChocolateyProcess'.
2023-05-12 04:58:29,578 2580 [INFO ] - VERBOSE: Exporting alias 'Invoke-ChocolateyProcess'.
2023-05-12 04:58:29,594 2580 [INFO ] - VERBOSE: Exporting alias 'Remove-BinFile'.
2023-05-12 04:58:29,594 2580 [INFO ] - VERBOSE: Exporting alias 'refreshenv'.
2023-05-12 04:58:29,609 2580 [INFO ] - VERBOSE: Importing function 'Format-FileSize'.
2023-05-12 04:58:29,609 2580 [INFO ] - VERBOSE: Importing function 'Get-ChecksumValid'.
2023-05-12 04:58:29,625 2580 [INFO ] - VERBOSE: Importing function 'Get-ChocolateyPath'.
2023-05-12 04:58:29,625 2580 [INFO ] - VERBOSE: Importing function 'Get-ChocolateyUnzip'.
2023-05-12 04:58:29,640 2580 [INFO ] - VERBOSE: Importing function 'Get-ChocolateyWebFile'.
2023-05-12 04:58:29,656 2580 [INFO ] - VERBOSE: Importing function 'Get-EnvironmentVariable'.
2023-05-12 04:58:29,656 2580 [INFO ] - VERBOSE: Importing function 'Get-EnvironmentVariableNames'.
2023-05-12 04:58:29,672 2580 [INFO ] - VERBOSE: Importing function 'Get-FtpFile'.
2023-05-12 04:58:29,672 2580 [INFO ] - VERBOSE: Importing function 'Get-OSArchitectureWidth'.
2023-05-12 04:58:29,688 2580 [INFO ] - VERBOSE: Importing function 'Get-PackageParameters'.
2023-05-12 04:58:29,688 2580 [INFO ] - VERBOSE: Importing function 'Get-PackageParametersBuiltIn'.
2023-05-12 04:58:29,688 2580 [INFO ] - VERBOSE: Importing function 'Get-ToolsLocation'.
2023-05-12 04:58:29,703 2580 [INFO ] - VERBOSE: Importing function 'Get-UACEnabled'.
2023-05-12 04:58:29,703 2580 [INFO ] - VERBOSE: Importing function 'Get-UninstallRegistryKey'.
2023-05-12 04:58:29,719 2580 [INFO ] - VERBOSE: Importing function 'Get-VirusCheckValid'.
2023-05-12 04:58:29,719 2580 [INFO ] - VERBOSE: Importing function 'Get-WebFile'.
2023-05-12 04:58:29,734 2580 [INFO ] - VERBOSE: Importing function 'Get-WebFileName'.
2023-05-12 04:58:29,766 2580 [INFO ] - VERBOSE: Importing function 'Get-WebHeaders'.
2023-05-12 04:58:29,781 2580 [INFO ] - VERBOSE: Importing function 'Install-BinFile'.
2023-05-12 04:58:29,797 2580 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyEnvironmentVariable'.
2023-05-12 04:58:29,797 2580 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyExplorerMenuItem'.
2023-05-12 04:58:29,813 2580 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyFileAssociation'.
2023-05-12 04:58:29,828 2580 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyInstallPackage'.
2023-05-12 04:58:29,828 2580 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyPackage'.
2023-05-12 04:58:29,844 2580 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyPath'.
2023-05-12 04:58:29,860 2580 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyPinnedTaskBarItem'.
2023-05-12 04:58:29,860 2580 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyPowershellCommand'.
2023-05-12 04:58:29,875 2580 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyShortcut'.
2023-05-12 04:58:29,875 2580 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyVsixPackage'.
2023-05-12 04:58:29,938 2580 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyZipPackage'.
2023-05-12 04:58:29,938 2580 [INFO ] - VERBOSE: Importing function 'Install-Vsix'.
2023-05-12 04:58:29,953 2580 [INFO ] - VERBOSE: Importing function 'Install-WindowsUpdate'.
2023-05-12 04:58:29,953 2580 [INFO ] - VERBOSE: Importing function 'Set-EnvironmentVariable'.
2023-05-12 04:58:29,969 2580 [INFO ] - VERBOSE: Importing function 'Set-PowerShellExitCode'.
2023-05-12 04:58:29,969 2580 [INFO ] - VERBOSE: Importing function 'Start-ChocolateyProcessAsAdmin'.
2023-05-12 04:58:29,985 2580 [INFO ] - VERBOSE: Importing function 'Test-ProcessAdminRights'.
2023-05-12 04:58:29,985 2580 [INFO ] - VERBOSE: Importing function 'Test-WindowsUpdate'.
2023-05-12 04:58:30,000 2580 [INFO ] - VERBOSE: Importing function 'Uninstall-BinFile'.
2023-05-12 04:58:30,000 2580 [INFO ] - VERBOSE: Importing function 'Uninstall-ChocolateyEnvironmentVariable'.
2023-05-12 04:58:30,016 2580 [INFO ] - VERBOSE: Importing function 'Uninstall-ChocolateyPackage'.
2023-05-12 04:58:30,016 2580 [INFO ] - VERBOSE: Importing function 'Uninstall-ChocolateyZipPackage'.
2023-05-12 04:58:30,016 2580 [INFO ] - VERBOSE: Importing function 'Update-SessionEnvironment'.
2023-05-12 04:58:30,031 2580 [INFO ] - VERBOSE: Importing function 'Write-FunctionCallLogMessage'.
2023-05-12 04:58:30,047 2580 [INFO ] - VERBOSE: Importing alias 'Add-BinFile'.
2023-05-12 04:58:30,047 2580 [INFO ] - VERBOSE: Importing alias 'Generate-BinFile'.
2023-05-12 04:58:30,062 2580 [INFO ] - VERBOSE: Importing alias 'Get-InstallRegistryKey'.
2023-05-12 04:58:30,062 2580 [INFO ] - VERBOSE: Importing alias 'Get-OSBitness'.
2023-05-12 04:58:30,078 2580 [INFO ] - VERBOSE: Importing alias 'Get-ProcessorBits'.
2023-05-12 04:58:30,078 2580 [INFO ] - VERBOSE: Importing alias 'Invoke-ChocolateyProcess'.
2023-05-12 04:58:30,094 2580 [INFO ] - VERBOSE: Importing alias 'refreshenv'.
2023-05-12 04:58:30,094 2580 [INFO ] - VERBOSE: Importing alias 'Remove-BinFile'.
2023-05-12 04:58:30,109 2580 [INFO ] - VERBOSE: Importing alias 'Start-ChocolateyProcess'.
2023-05-12 04:58:30,220 2580 [DEBUG] - ---------------------------Script Execution---------------------------
2023-05-12 04:58:30,234 2580 [DEBUG] - Running 'ChocolateyScriptRunner' for osquery v5.8.2 with packageScript 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyinstall.ps1', packageFolder:'C:\ProgramData\chocolatey\lib\osquery', installArguments: '', packageParameters: '', preRunHookScripts: '', postRunHookScripts: '',
2023-05-12 04:58:30,329 2580 [DEBUG] - Running package script 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyinstall.ps1'
2023-05-12 04:58:33,437 2580 [DEBUG] - No Package Parameters Passed in
2023-05-12 04:58:33,500 2580 [INFO ] - C:\Program Files\osquery\log
2023-05-12 04:58:34,094 2580 [INFO ] - True
2023-05-12 04:58:34,172 2580 [DEBUG] - Running Install-ChocolateyPath -pathType 'Machine' -pathToInstall 'C:\Program Files\osquery'
2023-05-12 04:58:34,204 2580 [DEBUG] - Running Update-SessionEnvironment
2023-05-12 04:58:34,250 2580 [INFO ] - VERBOSE: Refreshing environment variables from the registry.
2023-05-12 04:58:34,923 2580 [INFO ] - PATH environment variable does not have C:\Program Files\osquery in it. Adding...
2023-05-12 04:58:34,923 2580 [INFO ] - VERBOSE: Choosing not to expand environment names
2023-05-12 04:58:35,032 2580 [DEBUG] - Test-ProcessAdminRights: returning True
2023-05-12 04:58:35,110 2580 [DEBUG] - Running Set-EnvironmentVariable -Name 'Path' -Value '%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;C:\Program Files\osquery;' -Scope 'Machine'
2023-05-12 04:58:35,172 2580 [DEBUG] - Registry type for Path is/will be ExpandString
2023-05-12 04:58:35,203 2580 [DEBUG] -
using System;
using System.Runtime.InteropServices;
namespace Win32
{
public class NativeMethods
{
[DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Auto)]
public static extern IntPtr SendMessageTimeout(
IntPtr hWnd, uint Msg, UIntPtr wParam, string lParam,
uint fuFlags, uint uTimeout, out UIntPtr lpdwResult);
}
}
2023-05-12 04:58:35,906 2580 [DEBUG] - Running Update-SessionEnvironment
2023-05-12 04:58:35,906 2580 [INFO ] - VERBOSE: Refreshing environment variables from the registry.
2023-05-12 04:58:36,109 2580 [DEBUG] - ----------------------------------------------------------------------
2023-05-12 04:58:36,141 2580 [DEBUG] - Built-in PowerShell host called with ['[System.Threading.Thread]::CurrentThread.CurrentCulture = '';[System.Threading.Thread]::CurrentThread.CurrentUICulture = ''; & import-module -name 'C:\ProgramData\chocolatey\helpers\chocolateyInstaller.psm1'; & 'C:\ProgramData\chocolatey\helpers\chocolateyScriptRunner.ps1' -packageScript 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyinstall.ps1' -installArguments '' -packageParameters '' -preRunHookScripts $null -postRunHookScripts $null'] exited with '0'.
2023-05-12 04:58:36,158 2580 [DEBUG] - Calling command ['"C:\Windows\System32\shutdown.exe" /a']
2023-05-12 04:58:36,283 2580 [DEBUG] - Command ['"C:\Windows\System32\shutdown.exe" /a'] exited with '1116'
2023-05-12 04:58:36,328 2580 [WARN ] - Environment Vars (like PATH) have changed. Close/reopen your shell to
see the changes (or in powershell/cmd.exe just type `refreshenv`).
2023-05-12 04:58:36,328 2580 [DEBUG] - The following values have been added/changed (may contain sensitive data):
2023-05-12 04:58:36,345 2580 [DEBUG] - * ChocolateyLastPathUpdate='133283411157827122' (User)
2023-05-12 04:58:36,345 2580 [DEBUG] - * Path='C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;C:\Program Files\osquery;' (Machine)
2023-05-12 04:58:36,517 2580 [DEBUG] - Capturing package files in 'C:\ProgramData\chocolatey\lib\osquery'
2023-05-12 04:58:36,531 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\LICENSE.txt'
with checksum '0820FFE048483183320E2DAD339898F6'
2023-05-12 04:58:36,531 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\manage-osqueryd.ps1'
with checksum '3CCB09B60C319C2B6A43DF64360BD14F'
2023-05-12 04:58:36,547 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osquery.conf'
with checksum '9027F1A3AF205ED3D209BE5F9AEA1842'
2023-05-12 04:58:36,547 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osquery.flags'
with checksum 'D41D8CD98F00B204E9800998ECF8427E'
2023-05-12 04:58:36,562 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osquery.man'
with checksum 'A4C03558EDB1FF1F5DC4B2194CF3A500'
2023-05-12 04:58:36,656 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osquery.nupkg'
with checksum '7373DFE603C2FF707E7A04C9C5ADFF3E'
2023-05-12 04:58:36,656 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osquery.nuspec'
with checksum 'CD69CB7DCD2CDDF6DB56A8F9294F9BDB'
2023-05-12 04:58:36,672 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osquery.png'
with checksum '34A5C156791B25AB5D130BD97AECA98C'
2023-05-12 04:58:36,798 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osqueryi.exe'
with checksum '97D7D6BA1BCFA0D3490F8617BB03DFDF'
2023-05-12 04:58:36,813 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osquery_utils.ps1'
with checksum 'E851BB94C0F783653E3BFF527503A850'
2023-05-12 04:58:36,813 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\VERIFICATION.txt'
with checksum '77039304249AC12CA156465857B19382'
2023-05-12 04:58:36,844 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\certs\certs.pem'
with checksum '6C8779E5755D9DDDF677BF7A52D035CE'
2023-05-12 04:58:36,954 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osqueryd\osqueryd.exe'
with checksum 'E243D9BC769E5576BCB4DE91F0BD5D95'
2023-05-12 04:58:36,954 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\hardware-monitoring.conf'
with checksum '3501087ED8C14DC4CB417D6F749ACAD4'
2023-05-12 04:58:36,968 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\incident-response.conf'
with checksum '9FAF35B5ED735847D0162E4EAA5EF128'
2023-05-12 04:58:36,968 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\it-compliance.conf'
with checksum 'C90DCD8897F172B41770C2A658D4426A'
2023-05-12 04:58:36,984 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\osquery-monitoring.conf'
with checksum '50B79815090F908C57B6317DD2F552BF'
2023-05-12 04:58:36,984 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\ossec-rootkit.conf'
with checksum '788318DBABB9FDBC545315C4CA88FC40'
2023-05-12 04:58:37,000 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\osx-attacks.conf'
with checksum 'EE9CDBF8F06E672092B14DE993117569'
2023-05-12 04:58:37,000 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\unwanted-chrome-extensions.conf'
with checksum 'CF972DFC934DD8E09A628C6B0A3814DD'
2023-05-12 04:58:37,000 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\vuln-management.conf'
with checksum 'F1C82E2A9E05DE6AD9DFD47E16461FA8'
2023-05-12 04:58:37,015 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\windows-attacks.conf'
with checksum '5C705090F10185E33F87AC8A79C445FB'
2023-05-12 04:58:37,015 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\windows-hardening.conf'
with checksum 'EBFB94E06E2914770A4EAEA4E5F83248'
2023-05-12 04:58:37,031 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyBeforeModify.ps1'
with checksum '289840CCC12B230068E229CDD37E3703'
2023-05-12 04:58:37,031 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyinstall.ps1'
with checksum '780C83D965D277E7A132A4E7208FD339'
2023-05-12 04:58:37,047 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyuninstall.ps1'
with checksum '3C79361CA6117F7D02C1FEDDF82F07C6'
2023-05-12 04:58:37,062 2580 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\tools\osquery_utils.ps1'
with checksum 'E851BB94C0F783653E3BFF527503A850'
2023-05-12 04:58:37,096 2580 [DEBUG] - Calling command ['"C:\ProgramData\chocolatey\tools\shimgen.exe" --path="..\\lib\osquery\osqueryi.exe" --output="C:\ProgramData\chocolatey\bin\osqueryi.exe" --iconpath="C:\ProgramData\chocolatey\lib\osquery\osqueryi.exe"']
2023-05-12 04:58:37,765 2580 [DEBUG] - [ShimGen] [WARN ] Could not extract icon from associated program. Using default. Error:
2023-05-12 04:58:37,765 2580 [DEBUG] - [ShimGen] Selected Icon is invalid
2023-05-12 04:58:38,110 2580 [DEBUG] - [ShimGen] Microsoft (R) Visual C# Compiler version 4.8.3761.0
2023-05-12 04:58:38,125 2580 [DEBUG] - [ShimGen] for C# 5
2023-05-12 04:58:38,125 2580 [DEBUG] - [ShimGen] Copyright (C) Microsoft Corporation. All rights reserved.
2023-05-12 04:58:38,141 2580 [DEBUG] - [ShimGen] This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240
2023-05-12 04:58:38,141 2580 [DEBUG] - [ShimGen] ShimGen has successfully created 'C:\ProgramData\chocolatey\bin\osqueryi.exe'
2023-05-12 04:58:38,203 2580 [DEBUG] - Command ['"C:\ProgramData\chocolatey\tools\shimgen.exe" --path="..\\lib\osquery\osqueryi.exe" --output="C:\ProgramData\chocolatey\bin\osqueryi.exe" --iconpath="C:\ProgramData\chocolatey\lib\osquery\osqueryi.exe"'] exited with '0'
2023-05-12 04:58:38,203 2580 [INFO ] - ShimGen has successfully created a shim for osqueryi.exe
2023-05-12 04:58:38,203 2580 [DEBUG] - Created: C:\ProgramData\chocolatey\bin\osqueryi.exe
Targeting: C:\ProgramData\chocolatey\lib\osquery\osqueryi.exe
IsGui:False
2023-05-12 04:58:38,219 2580 [DEBUG] - Calling command ['"C:\ProgramData\chocolatey\tools\shimgen.exe" --path="..\\lib\osquery\osqueryd\osqueryd.exe" --output="C:\ProgramData\chocolatey\bin\osqueryd.exe" --iconpath="C:\ProgramData\chocolatey\lib\osquery\osqueryd\osqueryd.exe"']
2023-05-12 04:58:38,641 2580 [DEBUG] - [ShimGen] [WARN ] Could not extract icon from associated program. Using default. Error:
2023-05-12 04:58:38,656 2580 [DEBUG] - [ShimGen] Selected Icon is invalid
2023-05-12 04:58:38,938 2580 [DEBUG] - [ShimGen] Microsoft (R) Visual C# Compiler version 4.8.3761.0
2023-05-12 04:58:38,953 2580 [DEBUG] - [ShimGen] for C# 5
2023-05-12 04:58:38,953 2580 [DEBUG] - [ShimGen] Copyright (C) Microsoft Corporation. All rights reserved.
2023-05-12 04:58:38,953 2580 [DEBUG] - [ShimGen] This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240
2023-05-12 04:58:38,984 2580 [DEBUG] - [ShimGen] ShimGen has successfully created 'C:\ProgramData\chocolatey\bin\osqueryd.exe'
2023-05-12 04:58:39,032 2580 [DEBUG] - Command ['"C:\ProgramData\chocolatey\tools\shimgen.exe" --path="..\\lib\osquery\osqueryd\osqueryd.exe" --output="C:\ProgramData\chocolatey\bin\osqueryd.exe" --iconpath="C:\ProgramData\chocolatey\lib\osquery\osqueryd\osqueryd.exe"'] exited with '0'
2023-05-12 04:58:39,032 2580 [INFO ] - ShimGen has successfully created a shim for osqueryd.exe
2023-05-12 04:58:39,047 2580 [DEBUG] - Created: C:\ProgramData\chocolatey\bin\osqueryd.exe
Targeting: C:\ProgramData\chocolatey\lib\osquery\osqueryd\osqueryd.exe
IsGui:False
2023-05-12 04:58:39,109 2580 [DEBUG] - Attempting to create directory "C:\ProgramData\chocolatey\.chocolatey\osquery.5.8.2".
2023-05-12 04:58:39,142 2580 [DEBUG] - There was no original file at 'C:\ProgramData\chocolatey\.chocolatey\osquery.5.8.2\.files'
2023-05-12 04:58:39,172 2580 [DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\osquery.5.8.2\.extra".
2023-05-12 04:58:39,172 2580 [DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\osquery.5.8.2\.version".
2023-05-12 04:58:39,187 2580 [DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\osquery.5.8.2\.sxs".
2023-05-12 04:58:39,187 2580 [DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\osquery.5.8.2\.pin".
2023-05-12 04:58:39,203 2580 [DEBUG] - Sending message 'HandlePackageResultCompletedMessage' out if there are subscribers...
2023-05-12 04:58:39,219 2580 [DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\lib\osquery\.chocolateyPending".
2023-05-12 04:58:39,219 2580 [INFO ] - The install of osquery was successful.
2023-05-12 04:58:39,235 2580 [INFO ] - Software install location not explicitly set, it could be in package or
default install location of installer.
2023-05-12 04:58:39,235 2580 [DEBUG] - Attempting to delete file "C:\Users\vagrant\AppData\Local\NuGet\Cache\osquery.5.8.2.nupkg".
2023-05-12 04:58:39,282 2580 [WARN ] -
Chocolatey installed 1/1 packages.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).
2023-05-12 04:58:39,297 2580 [DEBUG] - Sending message 'PostRunMessage' out if there are subscribers...
2023-05-12 04:58:39,360 2580 [DEBUG] - Exiting with 0
Raw
Uninstall.txt
2023-05-12 04:58:52,234 792 [DEBUG] - XmlConfiguration is now operational
2023-05-12 04:58:52,376 792 [DEBUG] - Adding new type 'WebPiService' for type 'ISourceRunner' from assembly 'choco'
2023-05-12 04:58:52,390 792 [DEBUG] - Adding new type 'WindowsFeatureService' for type 'ISourceRunner' from assembly 'choco'
2023-05-12 04:58:52,391 792 [DEBUG] - Adding new type 'CygwinService' for type 'ISourceRunner' from assembly 'choco'
2023-05-12 04:58:52,391 792 [DEBUG] - Adding new type 'PythonService' for type 'ISourceRunner' from assembly 'choco'
2023-05-12 04:58:52,391 792 [DEBUG] - Adding new type 'RubyGemsService' for type 'ISourceRunner' from assembly 'choco'
2023-05-12 04:58:52,391 792 [DEBUG] - Adding new type 'SystemStateValidation' for type 'IValidation' from assembly 'choco'
2023-05-12 04:58:52,688 792 [DEBUG] - Registering new command 'templates' in assembly 'choco'
2023-05-12 04:58:52,688 792 [DEBUG] - Registering new command 'upgrade' in assembly 'choco'
2023-05-12 04:58:52,703 792 [DEBUG] - Registering new command 'export' in assembly 'choco'
2023-05-12 04:58:52,703 792 [DEBUG] - Registering new command 'list' in assembly 'choco'
2023-05-12 04:58:52,703 792 [DEBUG] - Registering new command 'info' in assembly 'choco'
2023-05-12 04:58:52,703 792 [DEBUG] - Registering new command 'help' in assembly 'choco'
2023-05-12 04:58:52,719 792 [DEBUG] - Registering new command 'config' in assembly 'choco'
2023-05-12 04:58:52,719 792 [DEBUG] - Registering new command 'feature' in assembly 'choco'
2023-05-12 04:58:52,719 792 [DEBUG] - Registering new command 'new' in assembly 'choco'
2023-05-12 04:58:52,719 792 [DEBUG] - Registering new command 'outdated' in assembly 'choco'
2023-05-12 04:58:52,734 792 [DEBUG] - Registering new command 'pack' in assembly 'choco'
2023-05-12 04:58:52,734 792 [DEBUG] - Registering new command 'pin' in assembly 'choco'
2023-05-12 04:58:52,734 792 [DEBUG] - Registering new command 'push' in assembly 'choco'
2023-05-12 04:58:52,750 792 [DEBUG] - Registering new command 'apikey' in assembly 'choco'
2023-05-12 04:58:52,750 792 [DEBUG] - Registering new command 'sources' in assembly 'choco'
2023-05-12 04:58:52,750 792 [DEBUG] - Registering new command 'uninstall' in assembly 'choco'
2023-05-12 04:58:52,766 792 [DEBUG] - Registering new command 'unpackself' in assembly 'choco'
2023-05-12 04:58:52,766 792 [DEBUG] - Registering new command 'install' in assembly 'choco'
2023-05-12 04:58:53,078 792 [INFO ] - ============================================================
2023-05-12 04:58:53,438 792 [INFO ] - Chocolatey v1.3.0
2023-05-12 04:58:53,469 792 [DEBUG] - Chocolatey is running on Windows v 10.0.17763.0
2023-05-12 04:58:53,485 792 [DEBUG] - Attempting to delete file "C:/ProgramData/chocolatey/choco.exe.old".
2023-05-12 04:58:53,485 792 [DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\choco.exe.old".
2023-05-12 04:58:53,516 792 [DEBUG] - Command line: "C:\ProgramData\chocolatey\choco.exe" uninstall osquery --version 5.8.2 -dvy --execution-timeout=2700
2023-05-12 04:58:53,531 792 [DEBUG] - Received arguments: uninstall osquery --version 5.8.2 -dvy --execution-timeout=2700
2023-05-12 04:58:53,703 792 [DEBUG] - RemovePendingPackagesTask is now ready and waiting for PreRunMessage.
2023-05-12 04:58:53,735 792 [DEBUG] - Sending message 'PreRunMessage' out if there are subscribers...
2023-05-12 04:58:53,766 792 [DEBUG] - [Pending] Removing all pending packages that should not be considered installed...
2023-05-12 04:58:53,922 792 [DEBUG] - Performing validation checks.
2023-05-12 04:58:53,938 792 [DEBUG] - Global Configuration Validation Checks:
2023-05-12 04:58:53,953 792 [DEBUG] - - Package Exit Code / Exit On Reboot = Checked
2023-05-12 04:58:53,969 792 [DEBUG] - System State Validation Checks:
2023-05-12 04:58:53,969 792 [DEBUG] - Reboot Requirement Checks:
2023-05-12 04:58:53,984 792 [DEBUG] - - Pending Computer Rename = Checked
2023-05-12 04:58:54,000 792 [DEBUG] - - Pending Component Based Servicing = Checked
2023-05-12 04:58:54,000 792 [DEBUG] - - Pending Windows Auto Update = Checked
2023-05-12 04:58:54,016 792 [DEBUG] - - Pending File Rename Operations = Ignored
2023-05-12 04:58:54,016 792 [DEBUG] - - Pending Windows Package Installer = Checked
2023-05-12 04:58:54,031 792 [DEBUG] - - Pending Windows Package Installer SysWow64 = Checked
2023-05-12 04:58:54,046 792 [INFO ] - 2 validations performed. 2 success(es), 0 warning(s), and 0 error(s).
2023-05-12 04:58:54,094 792 [DEBUG] - The source 'c:\cached-packages;https://community.chocolatey.org/api/v2/' evaluated to a 'normal' source type
2023-05-12 04:58:54,094 792 [DEBUG] -
NOTE: Hiding sensitive configuration data! Please double and triple
check to be sure no sensitive data is shown, especially if copying
output to a gist for review.
2023-05-12 04:58:54,141 792 [DEBUG] - Configuration: CommandName='uninstall'|
CacheLocation='C:\Users\vagrant\AppData\Local\Temp\chocolatey'|
ContainsLegacyPackageInstalls='True'|
CommandExecutionTimeoutSeconds='2700'|WebRequestTimeoutSeconds='30'|
Sources='c:\cached-packages;https://community.chocolatey.org/api/v2/'|
SourceType='normal'|Debug='True'|Verbose='True'|Trace='False'|
Force='False'|Noop='False'|HelpRequested='False'|
UnsuccessfulParsing='False'|RegularOutput='True'|QuietOutput='False'|
PromptForConfirmation='False'|DisableCompatibilityChecks='False'|
AcceptLicense='True'|AllowUnofficialBuild='False'|Input='osquery'|
Version='5.8.2'|AllVersions='False'|SkipPackageInstallProvider='False'|
SkipHookScripts='False'|PackageNames='osquery'|Prerelease='False'|
ForceX86='False'|OverrideArguments='False'|NotSilent='False'|
ApplyPackageParametersToDependencies='False'|
ApplyInstallArgumentsToDependencies='False'|IgnoreDependencies='False'|
AllowMultipleVersions='False'|AllowDowngrade='False'|
ForceDependencies='False'|PinPackage='False'|
Information.PlatformType='Windows'|
Information.PlatformVersion='10.0.17763.0'|
Information.PlatformName='Windows Server 2016'|
Information.ChocolateyVersion='1.3.0.0'|
Information.ChocolateyProductVersion='1.3.0'|
Information.FullName='choco, Version=1.3.0.0, Culture=neutral, PublicKeyToken=79d02ea9cad655eb'|
Information.Is64BitOperatingSystem='True'|
Information.Is64BitProcess='True'|Information.IsInteractive='False'|
Information.UserName='vagrant'|
Information.UserDomainName='WIN-09H5881UP2A'|
Information.IsUserAdministrator='True'|
Information.IsUserSystemAccount='False'|
Information.IsUserRemoteDesktop='False'|
Information.IsUserRemote='True'|
Information.IsProcessElevated='True'|
Information.IsLicensedVersion='False'|Information.LicenseType='Foss'|
Information.CurrentDirectory='C:\Users\vagrant'|
Features.AutoUninstaller='True'|Features.ChecksumFiles='True'|
Features.AllowEmptyChecksums='False'|
Features.AllowEmptyChecksumsSecure='True'|
Features.FailOnAutoUninstaller='False'|
Features.FailOnStandardError='False'|Features.UsePowerShellHost='True'|
Features.LogEnvironmentValues='True'|Features.LogWithoutColor='False'|
Features.VirusCheck='False'|
Features.FailOnInvalidOrMissingLicense='False'|
Features.IgnoreInvalidOptionsSwitches='True'|
Features.UsePackageExitCodes='True'|
Features.UseEnhancedExitCodes='False'|
Features.UseFipsCompliantChecksums='False'|
Features.ShowNonElevatedWarnings='True'|
Features.ShowDownloadProgress='False'|
Features.StopOnFirstPackageFailure='False'|
Features.UseRememberedArgumentsForUpgrades='False'|
Features.IgnoreUnfoundPackagesOnUpgradeOutdated='False'|
Features.SkipPackageUpgradesWhenNotInstalled='False'|
Features.RemovePackageInformationOnUninstall='False'|
Features.ExitOnRebootDetected='False'|
Features.LogValidationResultsOnWarnings='True'|
Features.UsePackageRepositoryOptimizations='True'|
ListCommand.LocalOnly='False'|ListCommand.IdOnly='False'|
ListCommand.IncludeRegistryPrograms='False'|ListCommand.PageSize='25'|
ListCommand.Exact='False'|ListCommand.ByIdOnly='False'|
ListCommand.ByTagOnly='False'|ListCommand.IdStartsWith='False'|
ListCommand.OrderByPopularity='False'|ListCommand.ApprovedOnly='False'|
ListCommand.DownloadCacheAvailable='False'|
ListCommand.NotBroken='False'|
ListCommand.IncludeVersionOverrides='False'|
UpgradeCommand.FailOnUnfound='False'|
UpgradeCommand.FailOnNotInstalled='False'|
UpgradeCommand.NotifyOnlyAvailableUpgrades='False'|
UpgradeCommand.ExcludePrerelease='False'|
NewCommand.AutomaticPackage='False'|
NewCommand.UseOriginalTemplate='False'|SourceCommand.Command='unknown'|
SourceCommand.Priority='0'|SourceCommand.BypassProxy='False'|
SourceCommand.AllowSelfService='False'|
SourceCommand.VisibleToAdminsOnly='False'|
FeatureCommand.Command='unknown'|ConfigCommand.Command='unknown'|
ApiKeyCommand.Remove='False'|PinCommand.Command='unknown'|
OutdatedCommand.IgnorePinned='False'|
ExportCommand.IncludeVersionNumbers='False'|Proxy.BypassOnLocal='True'|
TemplateCommand.Command='unknown'|
2023-05-12 04:58:54,156 792 [DEBUG] - _ Chocolatey:ChocolateyUninstallCommand - Normal Run Mode _
2023-05-12 04:58:54,187 792 [INFO ] - Uninstalling the following packages:
2023-05-12 04:58:54,187 792 [INFO ] - osquery
2023-05-12 04:58:54,203 792 [DEBUG] - Current environment values (may contain sensitive data):
2023-05-12 04:58:54,219 792 [DEBUG] - * 'Path'='C:\Users\vagrant\AppData\Local\Microsoft\WindowsApps;' ('User')
2023-05-12 04:58:54,235 792 [DEBUG] - * 'TEMP'='C:\Users\vagrant\AppData\Local\Temp' ('User')
2023-05-12 04:58:54,235 792 [DEBUG] - * 'TMP'='C:\Users\vagrant\AppData\Local\Temp' ('User')
2023-05-12 04:58:54,250 792 [DEBUG] - * 'ChocolateyLastPathUpdate'='133283411157827122' ('User')
2023-05-12 04:58:54,250 792 [DEBUG] - * 'ComSpec'='C:\Windows\system32\cmd.exe' ('Machine')
2023-05-12 04:58:54,266 792 [DEBUG] - * 'DriverData'='C:\Windows\System32\Drivers\DriverData' ('Machine')
2023-05-12 04:58:54,266 792 [DEBUG] - * 'OS'='Windows_NT' ('Machine')
2023-05-12 04:58:54,281 792 [DEBUG] - * 'Path'='C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;C:\Program Files\osquery;' ('Machine')
2023-05-12 04:58:54,281 792 [DEBUG] - * 'PATHEXT'='.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC' ('Machine')
2023-05-12 04:58:54,297 792 [DEBUG] - * 'PROCESSOR_ARCHITECTURE'='AMD64' ('Machine')
2023-05-12 04:58:54,297 792 [DEBUG] - * 'PSModulePath'='C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules' ('Machine')
2023-05-12 04:58:54,312 792 [DEBUG] - * 'TEMP'='C:\Windows\TEMP' ('Machine')
2023-05-12 04:58:54,312 792 [DEBUG] - * 'TMP'='C:\Windows\TEMP' ('Machine')
2023-05-12 04:58:54,328 792 [DEBUG] - * 'USERNAME'='SYSTEM' ('Machine')
2023-05-12 04:58:54,328 792 [DEBUG] - * 'windir'='C:\Windows' ('Machine')
2023-05-12 04:58:54,344 792 [DEBUG] - * 'NUMBER_OF_PROCESSORS'='1' ('Machine')
2023-05-12 04:58:54,344 792 [DEBUG] - * 'PROCESSOR_LEVEL'='6' ('Machine')
2023-05-12 04:58:54,344 792 [DEBUG] - * 'PROCESSOR_IDENTIFIER'='Intel64 Family 6 Model 158 Stepping 13, GenuineIntel' ('Machine')
2023-05-12 04:58:54,360 792 [DEBUG] - * 'PROCESSOR_REVISION'='9e0d' ('Machine')
2023-05-12 04:58:54,360 792 [DEBUG] - * 'ChocolateyInstall'='C:\ProgramData\chocolatey' ('Machine')
2023-05-12 04:58:54,516 792 [DEBUG] - Running list with the following filter = ''
2023-05-12 04:58:54,516 792 [DEBUG] - --- Start of List ---
2023-05-12 04:58:54,906 792 [DEBUG] - osquery 5.8.2
2023-05-12 04:58:54,922 792 [DEBUG] - --- End of List ---
2023-05-12 04:58:55,064 792 [DEBUG] - Setting installer args for osquery
2023-05-12 04:58:55,079 792 [DEBUG] - Setting package parameters for osquery
2023-05-12 04:58:55,079 792 [DEBUG] - Contents of 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyBeforeModify.ps1':
2023-05-12 04:58:55,110 792 [DEBUG] - # Copyright (c) 2014-present, The osquery authors
#
# This source code is licensed as defined by the LICENSE file found in the
# root directory of this source tree.
#
# SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only)
# This library file contains constant definitions and helper functions
#Requires -Version 3.0
. (Join-Path "$PSScriptRoot" "osquery_utils.ps1")
# Ensure the service is stopped and processes are not running if exists.
if ((Get-Service $serviceName -ErrorAction SilentlyContinue) -and `
(Get-Service $serviceName).Status -eq 'Running') {
Stop-Service $serviceName
# If we find zombie processes, ensure they're termintated
$proc = Get-Process | Where-Object { $_.ProcessName -eq 'osqueryd' }
if ($null -ne $proc) {
Stop-Process -Force $proc -ErrorAction SilentlyContinue
}
}
# Lastly, ensure that the Deny Write ACLs have been removed before modifying
if (Test-Path $daemonFolder) {
Set-DenyWriteAcl $daemonFolder 'Remove'
}
if (Test-Path $extensionsFolder) {
Set-DenyWriteAcl $extensionsFolder 'Remove'
}
2023-05-12 04:58:55,173 792 [DEBUG] - Calling built-in PowerShell host with ['[System.Threading.Thread]::CurrentThread.CurrentCulture = '';[System.Threading.Thread]::CurrentThread.CurrentUICulture = ''; & import-module -name 'C:\ProgramData\chocolatey\helpers\chocolateyInstaller.psm1'; & 'C:\ProgramData\chocolatey\helpers\chocolateyScriptRunner.ps1' -packageScript 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyBeforeModify.ps1' -installArguments '' -packageParameters '' -preRunHookScripts $null -postRunHookScripts $null']
2023-05-12 04:58:55,188 792 [DEBUG] - Redirecting System.Management.Automation.resources, Version=3.0.0.0, Culture=en-US, PublicKeyToken=31bf3856ad364e35, requested by ''
2023-05-12 04:58:55,954 792 [DEBUG] - Host version is 5.1.17763.1, PowerShell Version is '5.1.17763.3770' and CLR Version is '4.0.30319.42000'.
2023-05-12 04:58:56,531 792 [INFO ] - VERBOSE: Exporting function 'Format-FileSize'.
2023-05-12 04:58:56,547 792 [INFO ] - VERBOSE: Exporting function 'Get-ChecksumValid'.
2023-05-12 04:58:56,547 792 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyPath'.
2023-05-12 04:58:56,562 792 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyUnzip'.
2023-05-12 04:58:56,562 792 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyWebFile'.
2023-05-12 04:58:56,578 792 [INFO ] - VERBOSE: Exporting function 'Get-EnvironmentVariable'.
2023-05-12 04:58:56,578 792 [INFO ] - VERBOSE: Exporting function 'Get-EnvironmentVariableNames'.
2023-05-12 04:58:56,593 792 [INFO ] - VERBOSE: Exporting function 'Get-FtpFile'.
2023-05-12 04:58:56,593 792 [INFO ] - VERBOSE: Exporting function 'Get-OSArchitectureWidth'.
2023-05-12 04:58:56,609 792 [INFO ] - VERBOSE: Exporting function 'Get-PackageParameters'.
2023-05-12 04:58:56,609 792 [INFO ] - VERBOSE: Exporting function 'Get-PackageParametersBuiltIn'.
2023-05-12 04:58:56,625 792 [INFO ] - VERBOSE: Exporting function 'Get-ToolsLocation'.
2023-05-12 04:58:56,625 792 [INFO ] - VERBOSE: Exporting function 'Get-UACEnabled'.
2023-05-12 04:58:56,641 792 [INFO ] - VERBOSE: Exporting function 'Get-UninstallRegistryKey'.
2023-05-12 04:58:56,641 792 [INFO ] - VERBOSE: Exporting function 'Get-VirusCheckValid'.
2023-05-12 04:58:56,656 792 [INFO ] - VERBOSE: Exporting function 'Get-WebFile'.
2023-05-12 04:58:56,656 792 [INFO ] - VERBOSE: Exporting function 'Get-WebFileName'.
2023-05-12 04:58:56,656 792 [INFO ] - VERBOSE: Exporting function 'Get-WebHeaders'.
2023-05-12 04:58:56,672 792 [INFO ] - VERBOSE: Exporting function 'Install-BinFile'.
2023-05-12 04:58:56,687 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyEnvironmentVariable'.
2023-05-12 04:58:56,687 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyExplorerMenuItem'.
2023-05-12 04:58:56,703 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyFileAssociation'.
2023-05-12 04:58:56,719 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyInstallPackage'.
2023-05-12 04:58:56,719 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPackage'.
2023-05-12 04:58:56,734 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPath'.
2023-05-12 04:58:56,734 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPinnedTaskBarItem'.
2023-05-12 04:58:56,750 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPowershellCommand'.
2023-05-12 04:58:56,750 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyShortcut'.
2023-05-12 04:58:56,766 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyVsixPackage'.
2023-05-12 04:58:56,782 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyZipPackage'.
2023-05-12 04:58:56,782 792 [INFO ] - VERBOSE: Exporting function 'Install-Vsix'.
2023-05-12 04:58:56,797 792 [INFO ] - VERBOSE: Exporting function 'Set-EnvironmentVariable'.
2023-05-12 04:58:56,797 792 [INFO ] - VERBOSE: Exporting function 'Set-PowerShellExitCode'.
2023-05-12 04:58:56,813 792 [INFO ] - VERBOSE: Exporting function 'Start-ChocolateyProcessAsAdmin'.
2023-05-12 04:58:56,813 792 [INFO ] - VERBOSE: Exporting function 'Test-ProcessAdminRights'.
2023-05-12 04:58:56,828 792 [INFO ] - VERBOSE: Exporting function 'Uninstall-BinFile'.
2023-05-12 04:58:56,828 792 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyEnvironmentVariable'.
2023-05-12 04:58:56,844 792 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyPackage'.
2023-05-12 04:58:56,844 792 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyZipPackage'.
2023-05-12 04:58:56,860 792 [INFO ] - VERBOSE: Exporting function 'Update-SessionEnvironment'.
2023-05-12 04:58:56,860 792 [INFO ] - VERBOSE: Exporting function 'Write-FunctionCallLogMessage'.
2023-05-12 04:58:56,891 792 [INFO ] - VERBOSE: Exporting alias 'Get-ProcessorBits'.
2023-05-12 04:58:56,891 792 [INFO ] - VERBOSE: Exporting alias 'Get-OSBitness'.
2023-05-12 04:58:56,908 792 [INFO ] - VERBOSE: Exporting alias 'Get-InstallRegistryKey'.
2023-05-12 04:58:56,908 792 [INFO ] - VERBOSE: Exporting alias 'Generate-BinFile'.
2023-05-12 04:58:56,922 792 [INFO ] - VERBOSE: Exporting alias 'Add-BinFile'.
2023-05-12 04:58:56,922 792 [INFO ] - VERBOSE: Exporting alias 'Start-ChocolateyProcess'.
2023-05-12 04:58:56,937 792 [INFO ] - VERBOSE: Exporting alias 'Invoke-ChocolateyProcess'.
2023-05-12 04:58:56,937 792 [INFO ] - VERBOSE: Exporting alias 'Remove-BinFile'.
2023-05-12 04:58:56,953 792 [INFO ] - VERBOSE: Exporting alias 'refreshenv'.
2023-05-12 04:58:56,985 792 [DEBUG] - Loading community extensions
2023-05-12 04:58:57,032 792 [DEBUG] - Importing 'C:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\chocolatey-windowsupdate.psm1'
2023-05-12 04:58:57,048 792 [INFO ] - VERBOSE: Loading module from path 'C:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\chocolatey-windowsupdate.psm1'.
2023-05-12 04:58:57,173 792 [INFO ] - VERBOSE: Exporting function 'Install-WindowsUpdate'.
2023-05-12 04:58:57,188 792 [INFO ] - VERBOSE: Exporting function 'Test-WindowsUpdate'.
2023-05-12 04:58:57,188 792 [INFO ] - VERBOSE: Importing function 'Install-WindowsUpdate'.
2023-05-12 04:58:57,204 792 [INFO ] - VERBOSE: Importing function 'Test-WindowsUpdate'.
2023-05-12 04:58:57,204 792 [INFO ] - VERBOSE: Exporting function 'Format-FileSize'.
2023-05-12 04:58:57,220 792 [INFO ] - VERBOSE: Exporting function 'Get-ChecksumValid'.
2023-05-12 04:58:57,234 792 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyPath'.
2023-05-12 04:58:57,234 792 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyUnzip'.
2023-05-12 04:58:57,250 792 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyWebFile'.
2023-05-12 04:58:57,250 792 [INFO ] - VERBOSE: Exporting function 'Get-EnvironmentVariable'.
2023-05-12 04:58:57,265 792 [INFO ] - VERBOSE: Exporting function 'Get-EnvironmentVariableNames'.
2023-05-12 04:58:57,265 792 [INFO ] - VERBOSE: Exporting function 'Get-FtpFile'.
2023-05-12 04:58:57,281 792 [INFO ] - VERBOSE: Exporting function 'Get-OSArchitectureWidth'.
2023-05-12 04:58:57,281 792 [INFO ] - VERBOSE: Exporting function 'Get-PackageParameters'.
2023-05-12 04:58:57,297 792 [INFO ] - VERBOSE: Exporting function 'Get-PackageParametersBuiltIn'.
2023-05-12 04:58:57,297 792 [INFO ] - VERBOSE: Exporting function 'Get-ToolsLocation'.
2023-05-12 04:58:57,313 792 [INFO ] - VERBOSE: Exporting function 'Get-UACEnabled'.
2023-05-12 04:58:57,313 792 [INFO ] - VERBOSE: Exporting function 'Get-UninstallRegistryKey'.
2023-05-12 04:58:57,328 792 [INFO ] - VERBOSE: Exporting function 'Get-VirusCheckValid'.
2023-05-12 04:58:57,328 792 [INFO ] - VERBOSE: Exporting function 'Get-WebFile'.
2023-05-12 04:58:57,343 792 [INFO ] - VERBOSE: Exporting function 'Get-WebFileName'.
2023-05-12 04:58:57,343 792 [INFO ] - VERBOSE: Exporting function 'Get-WebHeaders'.
2023-05-12 04:58:57,343 792 [INFO ] - VERBOSE: Exporting function 'Install-BinFile'.
2023-05-12 04:58:57,359 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyEnvironmentVariable'.
2023-05-12 04:58:57,375 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyExplorerMenuItem'.
2023-05-12 04:58:57,375 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyFileAssociation'.
2023-05-12 04:58:57,390 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyInstallPackage'.
2023-05-12 04:58:57,390 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPackage'.
2023-05-12 04:58:57,406 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPath'.
2023-05-12 04:58:57,406 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPinnedTaskBarItem'.
2023-05-12 04:58:57,421 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPowershellCommand'.
2023-05-12 04:58:57,421 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyShortcut'.
2023-05-12 04:58:57,437 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyVsixPackage'.
2023-05-12 04:58:57,437 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyZipPackage'.
2023-05-12 04:58:57,453 792 [INFO ] - VERBOSE: Exporting function 'Install-Vsix'.
2023-05-12 04:58:57,453 792 [INFO ] - VERBOSE: Exporting function 'Set-EnvironmentVariable'.
2023-05-12 04:58:57,469 792 [INFO ] - VERBOSE: Exporting function 'Set-PowerShellExitCode'.
2023-05-12 04:58:57,469 792 [INFO ] - VERBOSE: Exporting function 'Start-ChocolateyProcessAsAdmin'.
2023-05-12 04:58:57,484 792 [INFO ] - VERBOSE: Exporting function 'Test-ProcessAdminRights'.
2023-05-12 04:58:57,484 792 [INFO ] - VERBOSE: Exporting function 'Uninstall-BinFile'.
2023-05-12 04:58:57,500 792 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyEnvironmentVariable'.
2023-05-12 04:58:57,500 792 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyPackage'.
2023-05-12 04:58:57,516 792 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyZipPackage'.
2023-05-12 04:58:57,516 792 [INFO ] - VERBOSE: Exporting function 'Update-SessionEnvironment'.
2023-05-12 04:58:57,546 792 [INFO ] - VERBOSE: Exporting function 'Write-FunctionCallLogMessage'.
2023-05-12 04:58:57,546 792 [INFO ] - VERBOSE: Exporting function 'Install-WindowsUpdate'.
2023-05-12 04:58:57,546 792 [INFO ] - VERBOSE: Exporting function 'Test-WindowsUpdate'.
2023-05-12 04:58:57,562 792 [INFO ] - VERBOSE: Exporting alias 'Get-ProcessorBits'.
2023-05-12 04:58:57,562 792 [INFO ] - VERBOSE: Exporting alias 'Get-OSBitness'.
2023-05-12 04:58:57,578 792 [INFO ] - VERBOSE: Exporting alias 'Get-InstallRegistryKey'.
2023-05-12 04:58:57,593 792 [INFO ] - VERBOSE: Exporting alias 'Generate-BinFile'.
2023-05-12 04:58:57,593 792 [INFO ] - VERBOSE: Exporting alias 'Add-BinFile'.
2023-05-12 04:58:57,609 792 [INFO ] - VERBOSE: Exporting alias 'Start-ChocolateyProcess'.
2023-05-12 04:58:57,609 792 [INFO ] - VERBOSE: Exporting alias 'Invoke-ChocolateyProcess'.
2023-05-12 04:58:57,626 792 [INFO ] - VERBOSE: Exporting alias 'Remove-BinFile'.
2023-05-12 04:58:57,626 792 [INFO ] - VERBOSE: Exporting alias 'refreshenv'.
2023-05-12 04:58:57,641 792 [INFO ] - VERBOSE: Importing function 'Format-FileSize'.
2023-05-12 04:58:57,656 792 [INFO ] - VERBOSE: Importing function 'Get-ChecksumValid'.
2023-05-12 04:58:57,656 792 [INFO ] - VERBOSE: Importing function 'Get-ChocolateyPath'.
2023-05-12 04:58:57,672 792 [INFO ] - VERBOSE: Importing function 'Get-ChocolateyUnzip'.
2023-05-12 04:58:57,672 792 [INFO ] - VERBOSE: Importing function 'Get-ChocolateyWebFile'.
2023-05-12 04:58:57,687 792 [INFO ] - VERBOSE: Importing function 'Get-EnvironmentVariable'.
2023-05-12 04:58:57,687 792 [INFO ] - VERBOSE: Importing function 'Get-EnvironmentVariableNames'.
2023-05-12 04:58:57,703 792 [INFO ] - VERBOSE: Importing function 'Get-FtpFile'.
2023-05-12 04:58:57,703 792 [INFO ] - VERBOSE: Importing function 'Get-OSArchitectureWidth'.
2023-05-12 04:58:57,829 792 [INFO ] - VERBOSE: Importing function 'Get-PackageParameters'.
2023-05-12 04:58:57,845 792 [INFO ] - VERBOSE: Importing function 'Get-PackageParametersBuiltIn'.
2023-05-12 04:58:57,845 792 [INFO ] - VERBOSE: Importing function 'Get-ToolsLocation'.
2023-05-12 04:58:57,859 792 [INFO ] - VERBOSE: Importing function 'Get-UACEnabled'.
2023-05-12 04:58:57,859 792 [INFO ] - VERBOSE: Importing function 'Get-UninstallRegistryKey'.
2023-05-12 04:58:57,875 792 [INFO ] - VERBOSE: Importing function 'Get-VirusCheckValid'.
2023-05-12 04:58:57,875 792 [INFO ] - VERBOSE: Importing function 'Get-WebFile'.
2023-05-12 04:58:57,891 792 [INFO ] - VERBOSE: Importing function 'Get-WebFileName'.
2023-05-12 04:58:57,891 792 [INFO ] - VERBOSE: Importing function 'Get-WebHeaders'.
2023-05-12 04:58:57,906 792 [INFO ] - VERBOSE: Importing function 'Install-BinFile'.
2023-05-12 04:58:57,906 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyEnvironmentVariable'.
2023-05-12 04:58:57,921 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyExplorerMenuItem'.
2023-05-12 04:58:57,921 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyFileAssociation'.
2023-05-12 04:58:57,937 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyInstallPackage'.
2023-05-12 04:58:57,937 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyPackage'.
2023-05-12 04:58:57,953 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyPath'.
2023-05-12 04:58:57,969 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyPinnedTaskBarItem'.
2023-05-12 04:58:57,969 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyPowershellCommand'.
2023-05-12 04:58:57,984 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyShortcut'.
2023-05-12 04:58:57,984 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyVsixPackage'.
2023-05-12 04:58:58,000 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyZipPackage'.
2023-05-12 04:58:58,000 792 [INFO ] - VERBOSE: Importing function 'Install-Vsix'.
2023-05-12 04:58:58,015 792 [INFO ] - VERBOSE: Importing function 'Install-WindowsUpdate'.
2023-05-12 04:58:58,015 792 [INFO ] - VERBOSE: Importing function 'Set-EnvironmentVariable'.
2023-05-12 04:58:58,031 792 [INFO ] - VERBOSE: Importing function 'Set-PowerShellExitCode'.
2023-05-12 04:58:58,031 792 [INFO ] - VERBOSE: Importing function 'Start-ChocolateyProcessAsAdmin'.
2023-05-12 04:58:58,047 792 [INFO ] - VERBOSE: Importing function 'Test-ProcessAdminRights'.
2023-05-12 04:58:58,047 792 [INFO ] - VERBOSE: Importing function 'Test-WindowsUpdate'.
2023-05-12 04:58:58,062 792 [INFO ] - VERBOSE: Importing function 'Uninstall-BinFile'.
2023-05-12 04:58:58,062 792 [INFO ] - VERBOSE: Importing function 'Uninstall-ChocolateyEnvironmentVariable'.
2023-05-12 04:58:58,078 792 [INFO ] - VERBOSE: Importing function 'Uninstall-ChocolateyPackage'.
2023-05-12 04:58:58,078 792 [INFO ] - VERBOSE: Importing function 'Uninstall-ChocolateyZipPackage'.
2023-05-12 04:58:58,094 792 [INFO ] - VERBOSE: Importing function 'Update-SessionEnvironment'.
2023-05-12 04:58:58,094 792 [INFO ] - VERBOSE: Importing function 'Write-FunctionCallLogMessage'.
2023-05-12 04:58:58,109 792 [INFO ] - VERBOSE: Importing alias 'Add-BinFile'.
2023-05-12 04:58:58,109 792 [INFO ] - VERBOSE: Importing alias 'Generate-BinFile'.
2023-05-12 04:58:58,125 792 [INFO ] - VERBOSE: Importing alias 'Get-InstallRegistryKey'.
2023-05-12 04:58:58,125 792 [INFO ] - VERBOSE: Importing alias 'Get-OSBitness'.
2023-05-12 04:58:58,140 792 [INFO ] - VERBOSE: Importing alias 'Get-ProcessorBits'.
2023-05-12 04:58:58,140 792 [INFO ] - VERBOSE: Importing alias 'Invoke-ChocolateyProcess'.
2023-05-12 04:58:58,156 792 [INFO ] - VERBOSE: Importing alias 'refreshenv'.
2023-05-12 04:58:58,156 792 [INFO ] - VERBOSE: Importing alias 'Remove-BinFile'.
2023-05-12 04:58:58,172 792 [INFO ] - VERBOSE: Importing alias 'Start-ChocolateyProcess'.
2023-05-12 04:58:58,267 792 [DEBUG] - ---------------------------Script Execution---------------------------
2023-05-12 04:58:58,282 792 [DEBUG] - Running 'ChocolateyScriptRunner' for osquery v5.8.2 with packageScript 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyBeforeModify.ps1', packageFolder:'C:\ProgramData\chocolatey\lib\osquery', installArguments: '', packageParameters: '', preRunHookScripts: '', postRunHookScripts: '',
2023-05-12 04:58:58,360 792 [DEBUG] - Running package script 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyBeforeModify.ps1'
2023-05-12 04:58:58,610 792 [INFO ] - True
2023-05-12 04:58:58,625 792 [INFO ] - True
2023-05-12 04:58:58,672 792 [DEBUG] - ----------------------------------------------------------------------
2023-05-12 04:58:58,687 792 [DEBUG] - Built-in PowerShell host called with ['[System.Threading.Thread]::CurrentThread.CurrentCulture = '';[System.Threading.Thread]::CurrentThread.CurrentUICulture = ''; & import-module -name 'C:\ProgramData\chocolatey\helpers\chocolateyInstaller.psm1'; & 'C:\ProgramData\chocolatey\helpers\chocolateyScriptRunner.ps1' -packageScript 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyBeforeModify.ps1' -installArguments '' -packageParameters '' -preRunHookScripts $null -postRunHookScripts $null'] exited with '0'.
2023-05-12 04:58:58,860 792 [DEBUG] - Attempting to create directory "C:\ProgramData\chocolatey\lib-bkp".
2023-05-12 04:58:58,876 792 [DEBUG] - Backing up existing osquery prior to operation.
2023-05-12 04:58:58,891 792 [DEBUG] - Moving 'C:\ProgramData\chocolatey\lib\osquery'
to 'C:\ProgramData\chocolatey\lib-bkp\osquery'
2023-05-12 04:59:00,906 792 [DEBUG] - Attempting to create directory "C:\ProgramData\chocolatey\lib\osquery".
2023-05-12 04:59:00,906 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\LICENSE.txt"
to "C:\ProgramData\chocolatey\lib\osquery\LICENSE.txt".
2023-05-12 04:59:00,923 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\manage-osqueryd.ps1"
to "C:\ProgramData\chocolatey\lib\osquery\manage-osqueryd.ps1".
2023-05-12 04:59:00,923 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\osquery.conf"
to "C:\ProgramData\chocolatey\lib\osquery\osquery.conf".
2023-05-12 04:59:00,938 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\osquery.flags"
to "C:\ProgramData\chocolatey\lib\osquery\osquery.flags".
2023-05-12 04:59:00,953 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\osquery.man"
to "C:\ProgramData\chocolatey\lib\osquery\osquery.man".
2023-05-12 04:59:00,953 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\osquery.nupkg"
to "C:\ProgramData\chocolatey\lib\osquery\osquery.nupkg".
2023-05-12 04:59:00,985 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\osquery.nuspec"
to "C:\ProgramData\chocolatey\lib\osquery\osquery.nuspec".
2023-05-12 04:59:01,001 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\osquery.png"
to "C:\ProgramData\chocolatey\lib\osquery\osquery.png".
2023-05-12 04:59:01,001 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\osqueryi.exe"
to "C:\ProgramData\chocolatey\lib\osquery\osqueryi.exe".
2023-05-12 04:59:01,049 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\osquery_utils.ps1"
to "C:\ProgramData\chocolatey\lib\osquery\osquery_utils.ps1".
2023-05-12 04:59:01,063 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\VERIFICATION.txt"
to "C:\ProgramData\chocolatey\lib\osquery\VERIFICATION.txt".
2023-05-12 04:59:01,079 792 [DEBUG] - Attempting to create directory "C:\ProgramData\chocolatey\lib\osquery\certs".
2023-05-12 04:59:01,079 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\certs\certs.pem"
to "C:\ProgramData\chocolatey\lib\osquery\certs\certs.pem".
2023-05-12 04:59:01,094 792 [DEBUG] - Attempting to create directory "C:\ProgramData\chocolatey\lib\osquery\osqueryd".
2023-05-12 04:59:01,094 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\osqueryd\osqueryd.exe"
to "C:\ProgramData\chocolatey\lib\osquery\osqueryd\osqueryd.exe".
2023-05-12 04:59:01,157 792 [DEBUG] - Attempting to create directory "C:\ProgramData\chocolatey\lib\osquery\packs".
2023-05-12 04:59:01,157 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\packs\hardware-monitoring.conf"
to "C:\ProgramData\chocolatey\lib\osquery\packs\hardware-monitoring.conf".
2023-05-12 04:59:01,172 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\packs\incident-response.conf"
to "C:\ProgramData\chocolatey\lib\osquery\packs\incident-response.conf".
2023-05-12 04:59:01,172 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\packs\it-compliance.conf"
to "C:\ProgramData\chocolatey\lib\osquery\packs\it-compliance.conf".
2023-05-12 04:59:01,188 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\packs\osquery-monitoring.conf"
to "C:\ProgramData\chocolatey\lib\osquery\packs\osquery-monitoring.conf".
2023-05-12 04:59:01,203 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\packs\ossec-rootkit.conf"
to "C:\ProgramData\chocolatey\lib\osquery\packs\ossec-rootkit.conf".
2023-05-12 04:59:01,203 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\packs\osx-attacks.conf"
to "C:\ProgramData\chocolatey\lib\osquery\packs\osx-attacks.conf".
2023-05-12 04:59:01,219 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\packs\unwanted-chrome-extensions.conf"
to "C:\ProgramData\chocolatey\lib\osquery\packs\unwanted-chrome-extensions.conf".
2023-05-12 04:59:01,219 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\packs\vuln-management.conf"
to "C:\ProgramData\chocolatey\lib\osquery\packs\vuln-management.conf".
2023-05-12 04:59:01,234 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\packs\windows-attacks.conf"
to "C:\ProgramData\chocolatey\lib\osquery\packs\windows-attacks.conf".
2023-05-12 04:59:01,234 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\packs\windows-hardening.conf"
to "C:\ProgramData\chocolatey\lib\osquery\packs\windows-hardening.conf".
2023-05-12 04:59:01,250 792 [DEBUG] - Attempting to create directory "C:\ProgramData\chocolatey\lib\osquery\tools".
2023-05-12 04:59:01,250 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\tools\chocolateyBeforeModify.ps1"
to "C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyBeforeModify.ps1".
2023-05-12 04:59:01,265 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\tools\chocolateyinstall.ps1"
to "C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyinstall.ps1".
2023-05-12 04:59:01,281 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\tools\chocolateyuninstall.ps1"
to "C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyuninstall.ps1".
2023-05-12 04:59:01,281 792 [DEBUG] - Attempting to copy "C:\ProgramData\chocolatey\lib-bkp\osquery\tools\osquery_utils.ps1"
to "C:\ProgramData\chocolatey\lib\osquery\tools\osquery_utils.ps1".
2023-05-12 04:59:02,813 792 [DEBUG] - Capturing package files in 'C:\ProgramData\chocolatey\lib\osquery'
2023-05-12 04:59:02,828 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\LICENSE.txt'
with checksum '0820FFE048483183320E2DAD339898F6'
2023-05-12 04:59:02,844 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\manage-osqueryd.ps1'
with checksum '3CCB09B60C319C2B6A43DF64360BD14F'
2023-05-12 04:59:02,844 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osquery.conf'
with checksum '9027F1A3AF205ED3D209BE5F9AEA1842'
2023-05-12 04:59:02,844 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osquery.flags'
with checksum 'D41D8CD98F00B204E9800998ECF8427E'
2023-05-12 04:59:02,859 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osquery.man'
with checksum 'A4C03558EDB1FF1F5DC4B2194CF3A500'
2023-05-12 04:59:02,953 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osquery.nupkg'
with checksum '7373DFE603C2FF707E7A04C9C5ADFF3E'
2023-05-12 04:59:02,953 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osquery.nuspec'
with checksum 'CD69CB7DCD2CDDF6DB56A8F9294F9BDB'
2023-05-12 04:59:02,969 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osquery.png'
with checksum '34A5C156791B25AB5D130BD97AECA98C'
2023-05-12 04:59:03,141 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osqueryi.exe'
with checksum '97D7D6BA1BCFA0D3490F8617BB03DFDF'
2023-05-12 04:59:03,141 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osquery_utils.ps1'
with checksum 'E851BB94C0F783653E3BFF527503A850'
2023-05-12 04:59:03,156 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\VERIFICATION.txt'
with checksum '77039304249AC12CA156465857B19382'
2023-05-12 04:59:03,156 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\certs\certs.pem'
with checksum '6C8779E5755D9DDDF677BF7A52D035CE'
2023-05-12 04:59:03,297 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\osqueryd\osqueryd.exe'
with checksum 'E243D9BC769E5576BCB4DE91F0BD5D95'
2023-05-12 04:59:03,297 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\hardware-monitoring.conf'
with checksum '3501087ED8C14DC4CB417D6F749ACAD4'
2023-05-12 04:59:03,313 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\incident-response.conf'
with checksum '9FAF35B5ED735847D0162E4EAA5EF128'
2023-05-12 04:59:03,313 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\it-compliance.conf'
with checksum 'C90DCD8897F172B41770C2A658D4426A'
2023-05-12 04:59:03,328 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\osquery-monitoring.conf'
with checksum '50B79815090F908C57B6317DD2F552BF'
2023-05-12 04:59:03,328 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\ossec-rootkit.conf'
with checksum '788318DBABB9FDBC545315C4CA88FC40'
2023-05-12 04:59:03,344 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\osx-attacks.conf'
with checksum 'EE9CDBF8F06E672092B14DE993117569'
2023-05-12 04:59:03,359 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\unwanted-chrome-extensions.conf'
with checksum 'CF972DFC934DD8E09A628C6B0A3814DD'
2023-05-12 04:59:03,359 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\vuln-management.conf'
with checksum 'F1C82E2A9E05DE6AD9DFD47E16461FA8'
2023-05-12 04:59:03,375 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\windows-attacks.conf'
with checksum '5C705090F10185E33F87AC8A79C445FB'
2023-05-12 04:59:03,375 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\packs\windows-hardening.conf'
with checksum 'EBFB94E06E2914770A4EAEA4E5F83248'
2023-05-12 04:59:03,390 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyBeforeModify.ps1'
with checksum '289840CCC12B230068E229CDD37E3703'
2023-05-12 04:59:03,390 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyinstall.ps1'
with checksum '780C83D965D277E7A132A4E7208FD339'
2023-05-12 04:59:03,406 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyuninstall.ps1'
with checksum '3C79361CA6117F7D02C1FEDDF82F07C6'
2023-05-12 04:59:03,406 792 [DEBUG] - Found 'C:\ProgramData\chocolatey\lib\osquery\tools\osquery_utils.ps1'
with checksum 'E851BB94C0F783653E3BFF527503A850'
2023-05-12 04:59:04,954 792 [INFO ] - [NuGet] Uninstalling 'osquery 5.8.2'.
2023-05-12 04:59:04,985 792 [INFO ] -
osquery v5.8.2
2023-05-12 04:59:05,172 792 [DEBUG] - Removing shim for osqueryi.exe at 'C:\ProgramData\chocolatey\bin\osqueryi.exe
2023-05-12 04:59:05,187 792 [DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\bin\osqueryi.exe".
2023-05-12 04:59:05,187 792 [DEBUG] - Removing shim for osqueryd.exe at 'C:\ProgramData\chocolatey\bin\osqueryd.exe
2023-05-12 04:59:05,203 792 [DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\bin\osqueryd.exe".
2023-05-12 04:59:05,219 792 [DEBUG] - Setting installer args for osquery
2023-05-12 04:59:05,219 792 [DEBUG] - Setting package parameters for osquery
2023-05-12 04:59:05,219 792 [DEBUG] - Contents of 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyuninstall.ps1':
2023-05-12 04:59:05,235 792 [DEBUG] - # Copyright (c) 2014-present, The osquery authors
#
# This source code is licensed as defined by the LICENSE file found in the
# root directory of this source tree.
#
# SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only)
# This library file contains constant definitions and helper functions
#Requires -Version 3.0
. (Join-Path "$PSScriptRoot" "osquery_utils.ps1")
# Remove the osquery path from the System PATH variable. Note: Here
# we don't make use of our local vars, as Regex requires escaping the '\'
$oldPath = [System.Environment]::GetEnvironmentVariable('Path', 'Machine')
if ($oldPath -imatch [regex]::escape($targetFolder)) {
$newPath = $oldPath -replace [regex]::escape($targetFolder), $NULL
[System.Environment]::SetEnvironmentVariable('Path', $newPath, 'Machine')
}
if ((Get-Service $serviceName -ErrorAction SilentlyContinue)) {
Stop-Service $serviceName
# If we find zombie processes, ensure they're termintated
$proc = Get-Process | Where-Object { $_.ProcessName -eq 'osqueryd' }
if ($null -ne $proc) {
Stop-Process -Force $proc -ErrorAction SilentlyContinue
}
Set-Service $serviceName -startuptype 'manual'
Get-CimInstance -ClassName Win32_Service -Filter "Name='osqueryd'" | Invoke-CimMethod -methodName Delete
}
if (Test-Path $targetFolder) {
Remove-Item -Force -Recurse $targetFolder
} else {
Write-Debug 'osquery was not found on the system. Nothing to do.'
}
2023-05-12 04:59:05,250 792 [DEBUG] - Calling built-in PowerShell host with ['[System.Threading.Thread]::CurrentThread.CurrentCulture = '';[System.Threading.Thread]::CurrentThread.CurrentUICulture = ''; & import-module -name 'C:\ProgramData\chocolatey\helpers\chocolateyInstaller.psm1'; & 'C:\ProgramData\chocolatey\helpers\chocolateyScriptRunner.ps1' -packageScript 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyuninstall.ps1' -installArguments '' -packageParameters '' -preRunHookScripts $null -postRunHookScripts $null']
2023-05-12 04:59:05,312 792 [DEBUG] - Redirecting Microsoft.WSMan.Management.resources, Version=3.0.0.0, Culture=en-US, PublicKeyToken=31bf3856ad364e35, requested by ''
2023-05-12 04:59:05,422 792 [DEBUG] - Host version is 5.1.17763.1, PowerShell Version is '5.1.17763.3770' and CLR Version is '4.0.30319.42000'.
2023-05-12 04:59:05,594 792 [INFO ] - VERBOSE: Exporting function 'Format-FileSize'.
2023-05-12 04:59:05,594 792 [INFO ] - VERBOSE: Exporting function 'Get-ChecksumValid'.
2023-05-12 04:59:05,610 792 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyPath'.
2023-05-12 04:59:05,610 792 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyUnzip'.
2023-05-12 04:59:05,625 792 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyWebFile'.
2023-05-12 04:59:05,625 792 [INFO ] - VERBOSE: Exporting function 'Get-EnvironmentVariable'.
2023-05-12 04:59:05,641 792 [INFO ] - VERBOSE: Exporting function 'Get-EnvironmentVariableNames'.
2023-05-12 04:59:05,657 792 [INFO ] - VERBOSE: Exporting function 'Get-FtpFile'.
2023-05-12 04:59:05,657 792 [INFO ] - VERBOSE: Exporting function 'Get-OSArchitectureWidth'.
2023-05-12 04:59:05,672 792 [INFO ] - VERBOSE: Exporting function 'Get-PackageParameters'.
2023-05-12 04:59:05,672 792 [INFO ] - VERBOSE: Exporting function 'Get-PackageParametersBuiltIn'.
2023-05-12 04:59:05,687 792 [INFO ] - VERBOSE: Exporting function 'Get-ToolsLocation'.
2023-05-12 04:59:05,687 792 [INFO ] - VERBOSE: Exporting function 'Get-UACEnabled'.
2023-05-12 04:59:05,704 792 [INFO ] - VERBOSE: Exporting function 'Get-UninstallRegistryKey'.
2023-05-12 04:59:05,704 792 [INFO ] - VERBOSE: Exporting function 'Get-VirusCheckValid'.
2023-05-12 04:59:05,719 792 [INFO ] - VERBOSE: Exporting function 'Get-WebFile'.
2023-05-12 04:59:05,719 792 [INFO ] - VERBOSE: Exporting function 'Get-WebFileName'.
2023-05-12 04:59:05,719 792 [INFO ] - VERBOSE: Exporting function 'Get-WebHeaders'.
2023-05-12 04:59:05,734 792 [INFO ] - VERBOSE: Exporting function 'Install-BinFile'.
2023-05-12 04:59:05,734 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyEnvironmentVariable'.
2023-05-12 04:59:05,750 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyExplorerMenuItem'.
2023-05-12 04:59:05,750 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyFileAssociation'.
2023-05-12 04:59:05,766 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyInstallPackage'.
2023-05-12 04:59:05,782 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPackage'.
2023-05-12 04:59:05,782 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPath'.
2023-05-12 04:59:05,797 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPinnedTaskBarItem'.
2023-05-12 04:59:05,812 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPowershellCommand'.
2023-05-12 04:59:05,813 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyShortcut'.
2023-05-12 04:59:05,828 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyVsixPackage'.
2023-05-12 04:59:05,828 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyZipPackage'.
2023-05-12 04:59:05,844 792 [INFO ] - VERBOSE: Exporting function 'Install-Vsix'.
2023-05-12 04:59:05,844 792 [INFO ] - VERBOSE: Exporting function 'Set-EnvironmentVariable'.
2023-05-12 04:59:05,860 792 [INFO ] - VERBOSE: Exporting function 'Set-PowerShellExitCode'.
2023-05-12 04:59:05,860 792 [INFO ] - VERBOSE: Exporting function 'Start-ChocolateyProcessAsAdmin'.
2023-05-12 04:59:05,875 792 [INFO ] - VERBOSE: Exporting function 'Test-ProcessAdminRights'.
2023-05-12 04:59:05,890 792 [INFO ] - VERBOSE: Exporting function 'Uninstall-BinFile'.
2023-05-12 04:59:05,890 792 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyEnvironmentVariable'.
2023-05-12 04:59:05,890 792 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyPackage'.
2023-05-12 04:59:05,906 792 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyZipPackage'.
2023-05-12 04:59:05,906 792 [INFO ] - VERBOSE: Exporting function 'Update-SessionEnvironment'.
2023-05-12 04:59:05,923 792 [INFO ] - VERBOSE: Exporting function 'Write-FunctionCallLogMessage'.
2023-05-12 04:59:05,923 792 [INFO ] - VERBOSE: Exporting alias 'Get-ProcessorBits'.
2023-05-12 04:59:05,938 792 [INFO ] - VERBOSE: Exporting alias 'Get-OSBitness'.
2023-05-12 04:59:05,953 792 [INFO ] - VERBOSE: Exporting alias 'Get-InstallRegistryKey'.
2023-05-12 04:59:05,953 792 [INFO ] - VERBOSE: Exporting alias 'Generate-BinFile'.
2023-05-12 04:59:05,969 792 [INFO ] - VERBOSE: Exporting alias 'Add-BinFile'.
2023-05-12 04:59:05,984 792 [INFO ] - VERBOSE: Exporting alias 'Start-ChocolateyProcess'.
2023-05-12 04:59:06,000 792 [INFO ] - VERBOSE: Exporting alias 'Invoke-ChocolateyProcess'.
2023-05-12 04:59:06,000 792 [INFO ] - VERBOSE: Exporting alias 'Remove-BinFile'.
2023-05-12 04:59:06,000 792 [INFO ] - VERBOSE: Exporting alias 'refreshenv'.
2023-05-12 04:59:06,016 792 [DEBUG] - Loading community extensions
2023-05-12 04:59:06,032 792 [DEBUG] - Importing 'C:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\chocolatey-windowsupdate.psm1'
2023-05-12 04:59:06,032 792 [INFO ] - VERBOSE: Loading module from path 'C:\ProgramData\chocolatey\extensions\chocolatey-windowsupdate\chocolatey-windowsupdate.psm1'.
2023-05-12 04:59:06,095 792 [INFO ] - VERBOSE: Exporting function 'Install-WindowsUpdate'.
2023-05-12 04:59:06,095 792 [INFO ] - VERBOSE: Exporting function 'Test-WindowsUpdate'.
2023-05-12 04:59:06,110 792 [INFO ] - VERBOSE: Importing function 'Install-WindowsUpdate'.
2023-05-12 04:59:06,110 792 [INFO ] - VERBOSE: Importing function 'Test-WindowsUpdate'.
2023-05-12 04:59:06,125 792 [INFO ] - VERBOSE: Exporting function 'Format-FileSize'.
2023-05-12 04:59:06,125 792 [INFO ] - VERBOSE: Exporting function 'Get-ChecksumValid'.
2023-05-12 04:59:06,141 792 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyPath'.
2023-05-12 04:59:06,141 792 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyUnzip'.
2023-05-12 04:59:06,156 792 [INFO ] - VERBOSE: Exporting function 'Get-ChocolateyWebFile'.
2023-05-12 04:59:06,156 792 [INFO ] - VERBOSE: Exporting function 'Get-EnvironmentVariable'.
2023-05-12 04:59:06,172 792 [INFO ] - VERBOSE: Exporting function 'Get-EnvironmentVariableNames'.
2023-05-12 04:59:06,172 792 [INFO ] - VERBOSE: Exporting function 'Get-FtpFile'.
2023-05-12 04:59:06,187 792 [INFO ] - VERBOSE: Exporting function 'Get-OSArchitectureWidth'.
2023-05-12 04:59:06,187 792 [INFO ] - VERBOSE: Exporting function 'Get-PackageParameters'.
2023-05-12 04:59:06,203 792 [INFO ] - VERBOSE: Exporting function 'Get-PackageParametersBuiltIn'.
2023-05-12 04:59:06,203 792 [INFO ] - VERBOSE: Exporting function 'Get-ToolsLocation'.
2023-05-12 04:59:06,219 792 [INFO ] - VERBOSE: Exporting function 'Get-UACEnabled'.
2023-05-12 04:59:06,219 792 [INFO ] - VERBOSE: Exporting function 'Get-UninstallRegistryKey'.
2023-05-12 04:59:06,234 792 [INFO ] - VERBOSE: Exporting function 'Get-VirusCheckValid'.
2023-05-12 04:59:06,234 792 [INFO ] - VERBOSE: Exporting function 'Get-WebFile'.
2023-05-12 04:59:06,250 792 [INFO ] - VERBOSE: Exporting function 'Get-WebFileName'.
2023-05-12 04:59:06,266 792 [INFO ] - VERBOSE: Exporting function 'Get-WebHeaders'.
2023-05-12 04:59:06,266 792 [INFO ] - VERBOSE: Exporting function 'Install-BinFile'.
2023-05-12 04:59:06,282 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyEnvironmentVariable'.
2023-05-12 04:59:06,282 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyExplorerMenuItem'.
2023-05-12 04:59:06,297 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyFileAssociation'.
2023-05-12 04:59:06,297 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyInstallPackage'.
2023-05-12 04:59:06,297 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPackage'.
2023-05-12 04:59:06,313 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPath'.
2023-05-12 04:59:06,313 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPinnedTaskBarItem'.
2023-05-12 04:59:06,328 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyPowershellCommand'.
2023-05-12 04:59:06,344 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyShortcut'.
2023-05-12 04:59:06,344 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyVsixPackage'.
2023-05-12 04:59:06,360 792 [INFO ] - VERBOSE: Exporting function 'Install-ChocolateyZipPackage'.
2023-05-12 04:59:06,375 792 [INFO ] - VERBOSE: Exporting function 'Install-Vsix'.
2023-05-12 04:59:06,375 792 [INFO ] - VERBOSE: Exporting function 'Set-EnvironmentVariable'.
2023-05-12 04:59:06,390 792 [INFO ] - VERBOSE: Exporting function 'Set-PowerShellExitCode'.
2023-05-12 04:59:06,390 792 [INFO ] - VERBOSE: Exporting function 'Start-ChocolateyProcessAsAdmin'.
2023-05-12 04:59:06,406 792 [INFO ] - VERBOSE: Exporting function 'Test-ProcessAdminRights'.
2023-05-12 04:59:06,406 792 [INFO ] - VERBOSE: Exporting function 'Uninstall-BinFile'.
2023-05-12 04:59:06,422 792 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyEnvironmentVariable'.
2023-05-12 04:59:06,422 792 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyPackage'.
2023-05-12 04:59:06,437 792 [INFO ] - VERBOSE: Exporting function 'Uninstall-ChocolateyZipPackage'.
2023-05-12 04:59:06,437 792 [INFO ] - VERBOSE: Exporting function 'Update-SessionEnvironment'.
2023-05-12 04:59:06,453 792 [INFO ] - VERBOSE: Exporting function 'Write-FunctionCallLogMessage'.
2023-05-12 04:59:06,453 792 [INFO ] - VERBOSE: Exporting function 'Install-WindowsUpdate'.
2023-05-12 04:59:06,468 792 [INFO ] - VERBOSE: Exporting function 'Test-WindowsUpdate'.
2023-05-12 04:59:06,484 792 [INFO ] - VERBOSE: Exporting alias 'Get-ProcessorBits'.
2023-05-12 04:59:06,499 792 [INFO ] - VERBOSE: Exporting alias 'Get-OSBitness'.
2023-05-12 04:59:06,500 792 [INFO ] - VERBOSE: Exporting alias 'Get-InstallRegistryKey'.
2023-05-12 04:59:06,500 792 [INFO ] - VERBOSE: Exporting alias 'Generate-BinFile'.
2023-05-12 04:59:06,516 792 [INFO ] - VERBOSE: Exporting alias 'Add-BinFile'.
2023-05-12 04:59:06,516 792 [INFO ] - VERBOSE: Exporting alias 'Start-ChocolateyProcess'.
2023-05-12 04:59:06,532 792 [INFO ] - VERBOSE: Exporting alias 'Invoke-ChocolateyProcess'.
2023-05-12 04:59:06,532 792 [INFO ] - VERBOSE: Exporting alias 'Remove-BinFile'.
2023-05-12 04:59:06,547 792 [INFO ] - VERBOSE: Exporting alias 'refreshenv'.
2023-05-12 04:59:06,625 792 [INFO ] - VERBOSE: Importing function 'Format-FileSize'.
2023-05-12 04:59:06,766 792 [INFO ] - VERBOSE: Importing function 'Get-ChecksumValid'.
2023-05-12 04:59:06,766 792 [INFO ] - VERBOSE: Importing function 'Get-ChocolateyPath'.
2023-05-12 04:59:06,781 792 [INFO ] - VERBOSE: Importing function 'Get-ChocolateyUnzip'.
2023-05-12 04:59:06,797 792 [INFO ] - VERBOSE: Importing function 'Get-ChocolateyWebFile'.
2023-05-12 04:59:06,797 792 [INFO ] - VERBOSE: Importing function 'Get-EnvironmentVariable'.
2023-05-12 04:59:06,797 792 [INFO ] - VERBOSE: Importing function 'Get-EnvironmentVariableNames'.
2023-05-12 04:59:06,812 792 [INFO ] - VERBOSE: Importing function 'Get-FtpFile'.
2023-05-12 04:59:06,812 792 [INFO ] - VERBOSE: Importing function 'Get-OSArchitectureWidth'.
2023-05-12 04:59:06,828 792 [INFO ] - VERBOSE: Importing function 'Get-PackageParameters'.
2023-05-12 04:59:06,828 792 [INFO ] - VERBOSE: Importing function 'Get-PackageParametersBuiltIn'.
2023-05-12 04:59:06,844 792 [INFO ] - VERBOSE: Importing function 'Get-ToolsLocation'.
2023-05-12 04:59:06,844 792 [INFO ] - VERBOSE: Importing function 'Get-UACEnabled'.
2023-05-12 04:59:06,860 792 [INFO ] - VERBOSE: Importing function 'Get-UninstallRegistryKey'.
2023-05-12 04:59:06,860 792 [INFO ] - VERBOSE: Importing function 'Get-VirusCheckValid'.
2023-05-12 04:59:06,875 792 [INFO ] - VERBOSE: Importing function 'Get-WebFile'.
2023-05-12 04:59:06,891 792 [INFO ] - VERBOSE: Importing function 'Get-WebFileName'.
2023-05-12 04:59:06,891 792 [INFO ] - VERBOSE: Importing function 'Get-WebHeaders'.
2023-05-12 04:59:06,906 792 [INFO ] - VERBOSE: Importing function 'Install-BinFile'.
2023-05-12 04:59:06,906 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyEnvironmentVariable'.
2023-05-12 04:59:06,922 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyExplorerMenuItem'.
2023-05-12 04:59:06,922 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyFileAssociation'.
2023-05-12 04:59:06,938 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyInstallPackage'.
2023-05-12 04:59:06,938 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyPackage'.
2023-05-12 04:59:06,953 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyPath'.
2023-05-12 04:59:06,953 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyPinnedTaskBarItem'.
2023-05-12 04:59:06,969 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyPowershellCommand'.
2023-05-12 04:59:06,969 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyShortcut'.
2023-05-12 04:59:06,985 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyVsixPackage'.
2023-05-12 04:59:06,985 792 [INFO ] - VERBOSE: Importing function 'Install-ChocolateyZipPackage'.
2023-05-12 04:59:07,000 792 [INFO ] - VERBOSE: Importing function 'Install-Vsix'.
2023-05-12 04:59:07,015 792 [INFO ] - VERBOSE: Importing function 'Install-WindowsUpdate'.
2023-05-12 04:59:07,015 792 [INFO ] - VERBOSE: Importing function 'Set-EnvironmentVariable'.
2023-05-12 04:59:07,032 792 [INFO ] - VERBOSE: Importing function 'Set-PowerShellExitCode'.
2023-05-12 04:59:07,047 792 [INFO ] - VERBOSE: Importing function 'Start-ChocolateyProcessAsAdmin'.
2023-05-12 04:59:07,047 792 [INFO ] - VERBOSE: Importing function 'Test-ProcessAdminRights'.
2023-05-12 04:59:07,047 792 [INFO ] - VERBOSE: Importing function 'Test-WindowsUpdate'.
2023-05-12 04:59:07,063 792 [INFO ] - VERBOSE: Importing function 'Uninstall-BinFile'.
2023-05-12 04:59:07,063 792 [INFO ] - VERBOSE: Importing function 'Uninstall-ChocolateyEnvironmentVariable'.
2023-05-12 04:59:07,078 792 [INFO ] - VERBOSE: Importing function 'Uninstall-ChocolateyPackage'.
2023-05-12 04:59:07,078 792 [INFO ] - VERBOSE: Importing function 'Uninstall-ChocolateyZipPackage'.
2023-05-12 04:59:07,094 792 [INFO ] - VERBOSE: Importing function 'Update-SessionEnvironment'.
2023-05-12 04:59:07,110 792 [INFO ] - VERBOSE: Importing function 'Write-FunctionCallLogMessage'.
2023-05-12 04:59:07,110 792 [INFO ] - VERBOSE: Importing alias 'Add-BinFile'.
2023-05-12 04:59:07,125 792 [INFO ] - VERBOSE: Importing alias 'Generate-BinFile'.
2023-05-12 04:59:07,125 792 [INFO ] - VERBOSE: Importing alias 'Get-InstallRegistryKey'.
2023-05-12 04:59:07,141 792 [INFO ] - VERBOSE: Importing alias 'Get-OSBitness'.
2023-05-12 04:59:07,141 792 [INFO ] - VERBOSE: Importing alias 'Get-ProcessorBits'.
2023-05-12 04:59:07,156 792 [INFO ] - VERBOSE: Importing alias 'Invoke-ChocolateyProcess'.
2023-05-12 04:59:07,156 792 [INFO ] - VERBOSE: Importing alias 'refreshenv'.
2023-05-12 04:59:07,172 792 [INFO ] - VERBOSE: Importing alias 'Remove-BinFile'.
2023-05-12 04:59:07,172 792 [INFO ] - VERBOSE: Importing alias 'Start-ChocolateyProcess'.
2023-05-12 04:59:07,188 792 [DEBUG] - ---------------------------Script Execution---------------------------
2023-05-12 04:59:07,203 792 [DEBUG] - Running 'ChocolateyScriptRunner' for osquery v5.8.2 with packageScript 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyuninstall.ps1', packageFolder:'C:\ProgramData\chocolatey\lib\osquery', installArguments: '', packageParameters: '', preRunHookScripts: '', postRunHookScripts: '',
2023-05-12 04:59:07,203 792 [DEBUG] - Running package script 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyuninstall.ps1'
2023-05-12 04:59:07,313 792 [DEBUG] - ----------------------------------------------------------------------
2023-05-12 04:59:07,328 792 [DEBUG] - Built-in PowerShell host called with ['[System.Threading.Thread]::CurrentThread.CurrentCulture = '';[System.Threading.Thread]::CurrentThread.CurrentUICulture = ''; & import-module -name 'C:\ProgramData\chocolatey\helpers\chocolateyInstaller.psm1'; & 'C:\ProgramData\chocolatey\helpers\chocolateyScriptRunner.ps1' -packageScript 'C:\ProgramData\chocolatey\lib\osquery\tools\chocolateyuninstall.ps1' -installArguments '' -packageParameters '' -preRunHookScripts $null -postRunHookScripts $null'] exited with '0'.
2023-05-12 04:59:07,375 792 [INFO ] - Skipping auto uninstaller - No registry snapshot.
2023-05-12 04:59:07,391 792 [DEBUG] - Calling command ['"C:\Windows\System32\shutdown.exe" /a']
2023-05-12 04:59:07,531 792 [DEBUG] - Command ['"C:\Windows\System32\shutdown.exe" /a'] exited with '1116'
2023-05-12 04:59:07,547 792 [DEBUG] - Attempting to delete directory "C:\ProgramData\chocolatey\lib-bkp\osquery".
2023-05-12 04:59:07,688 792 [DEBUG] - [NuGet] Removed file 'osqueryd.exe' to folder 'C:\ProgramData\chocolatey\lib\osquery\osqueryd'.
2023-05-12 04:59:07,703 792 [DEBUG] - [NuGet] Removed folder 'C:\ProgramData\chocolatey\lib\osquery\osqueryd'.
2023-05-12 04:59:07,719 792 [DEBUG] - [NuGet] Removed file 'certs.pem' to folder 'C:\ProgramData\chocolatey\lib\osquery\certs'.
2023-05-12 04:59:07,734 792 [DEBUG] - [NuGet] Removed folder 'C:\ProgramData\chocolatey\lib\osquery\certs'.
2023-05-12 04:59:07,734 792 [DEBUG] - [NuGet] Removed file 'hardware-monitoring.conf' to folder 'C:\ProgramData\chocolatey\lib\osquery\packs'.
2023-05-12 04:59:07,750 792 [DEBUG] - [NuGet] Removed file 'incident-response.conf' to folder 'C:\ProgramData\chocolatey\lib\osquery\packs'.
2023-05-12 04:59:07,750 792 [DEBUG] - [NuGet] Removed file 'it-compliance.conf' to folder 'C:\ProgramData\chocolatey\lib\osquery\packs'.
2023-05-12 04:59:07,765 792 [DEBUG] - [NuGet] Removed file 'osquery-monitoring.conf' to folder 'C:\ProgramData\chocolatey\lib\osquery\packs'.
2023-05-12 04:59:07,782 792 [DEBUG] - [NuGet] Removed file 'ossec-rootkit.conf' to folder 'C:\ProgramData\chocolatey\lib\osquery\packs'.
2023-05-12 04:59:07,782 792 [DEBUG] - [NuGet] Removed file 'osx-attacks.conf' to folder 'C:\ProgramData\chocolatey\lib\osquery\packs'.
2023-05-12 04:59:07,797 792 [DEBUG] - [NuGet] Removed file 'unwanted-chrome-extensions.conf' to folder 'C:\ProgramData\chocolatey\lib\osquery\packs'.
2023-05-12 04:59:07,797 792 [DEBUG] - [NuGet] Removed file 'vuln-management.conf' to folder 'C:\ProgramData\chocolatey\lib\osquery\packs'.
2023-05-12 04:59:07,813 792 [DEBUG] - [NuGet] Removed file 'windows-attacks.conf' to folder 'C:\ProgramData\chocolatey\lib\osquery\packs'.
2023-05-12 04:59:07,813 792 [DEBUG] - [NuGet] Removed file 'windows-hardening.conf' to folder 'C:\ProgramData\chocolatey\lib\osquery\packs'.
2023-05-12 04:59:07,828 792 [DEBUG] - [NuGet] Removed folder 'C:\ProgramData\chocolatey\lib\osquery\packs'.
2023-05-12 04:59:07,843 792 [DEBUG] - [NuGet] Removed file 'chocolateyBeforeModify.ps1' to folder 'C:\ProgramData\chocolatey\lib\osquery\tools'.
2023-05-12 04:59:07,843 792 [DEBUG] - [NuGet] Removed file 'chocolateyinstall.ps1' to folder 'C:\ProgramData\chocolatey\lib\osquery\tools'.
2023-05-12 04:59:07,859 792 [DEBUG] - [NuGet] Removed file 'chocolateyuninstall.ps1' to folder 'C:\ProgramData\chocolatey\lib\osquery\tools'.
2023-05-12 04:59:07,859 792 [DEBUG] - [NuGet] Removed file 'osquery_utils.ps1' to folder 'C:\ProgramData\chocolatey\lib\osquery\tools'.
2023-05-12 04:59:07,876 792 [DEBUG] - [NuGet] Removed folder 'C:\ProgramData\chocolatey\lib\osquery\tools'.
2023-05-12 04:59:07,891 792 [DEBUG] - [NuGet] Removed file 'LICENSE.txt' to folder 'C:\ProgramData\chocolatey\lib\osquery'.
2023-05-12 04:59:07,891 792 [DEBUG] - [NuGet] Removed file 'manage-osqueryd.ps1' to folder 'C:\ProgramData\chocolatey\lib\osquery'.
2023-05-12 04:59:07,906 792 [DEBUG] - [NuGet] Removed file 'osquery.conf' to folder 'C:\ProgramData\chocolatey\lib\osquery'.
2023-05-12 04:59:07,922 792 [DEBUG] - [NuGet] Removed file 'osquery.flags' to folder 'C:\ProgramData\chocolatey\lib\osquery'.
2023-05-12 04:59:07,922 792 [DEBUG] - [NuGet] Removed file 'osquery.man' to folder 'C:\ProgramData\chocolatey\lib\osquery'.
2023-05-12 04:59:07,937 792 [DEBUG] - [NuGet] Removed file 'osquery.png' to folder 'C:\ProgramData\chocolatey\lib\osquery'.
2023-05-12 04:59:08,002 792 [DEBUG] - [NuGet] Removed file 'osqueryi.exe' to folder 'C:\ProgramData\chocolatey\lib\osquery'.
2023-05-12 04:59:08,016 792 [DEBUG] - [NuGet] Removed file 'osquery_utils.ps1' to folder 'C:\ProgramData\chocolatey\lib\osquery'.
2023-05-12 04:59:08,016 792 [DEBUG] - [NuGet] Removed file 'VERIFICATION.txt' to folder 'C:\ProgramData\chocolatey\lib\osquery'.
2023-05-12 04:59:08,031 792 [DEBUG] - [NuGet] Removed file 'osquery.nuspec' to folder 'C:\ProgramData\chocolatey\lib\osquery'.
2023-05-12 04:59:08,046 792 [DEBUG] - [NuGet] Removed file 'osquery.nupkg' to folder 'C:\ProgramData\chocolatey\lib\osquery'.
2023-05-12 04:59:08,046 792 [DEBUG] - [NuGet] Removed folder 'C:\ProgramData\chocolatey\lib\osquery'.
2023-05-12 04:59:08,062 792 [INFO ] - [NuGet] Successfully uninstalled 'osquery 5.8.2'.
2023-05-12 04:59:08,078 792 [INFO ] - osquery has been successfully uninstalled.
2023-05-12 04:59:08,282 792 [DEBUG] - Removing nupkg if it still exists.
2023-05-12 04:59:08,297 792 [DEBUG] - Ensuring removal of installation files.
2023-05-12 04:59:08,297 792 [DEBUG] - Ensuring removal of package cache files.
2023-05-12 04:59:08,329 792 [WARN ] - Environment Vars (like PATH) have changed. Close/reopen your shell to
see the changes (or in powershell/cmd.exe just type `refreshenv`).
2023-05-12 04:59:08,344 792 [DEBUG] - The following values have been added/changed (may contain sensitive data):
2023-05-12 04:59:08,344 792 [DEBUG] - * Path='C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;;' (Machine)
2023-05-12 04:59:08,376 792 [WARN ] -
Chocolatey uninstalled 1/1 packages.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).
2023-05-12 04:59:08,391 792 [DEBUG] - Sending message 'PostRunMessage' out if there are subscribers...
2023-05-12 04:59:08,439 792 [DEBUG] - Exiting with 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment