@pickmansec okay, gotcha. I guess OSQuery doesn't interact directly with the various components? PowerShell does write contents of scripts executed to a file (can be specified).

You can get it thru some extensions though. I know our extension captures it. And I am sure there are other extensions out there that do the same.