0.75sync2

artifacts/definitions/Generic/Collectors/File.yaml

@@ -36,8 +36,9 @@ parameters:
 
   - name: UPLOAD_IS_RESUMABLE
     type: bool
-    default: Y
-    description: If set the uploads can be resumed if the flow times out or errors.
+    default: N
+    description: |
+      If set the uploads can be resumed if the flow times out or errors.
 
   - name: MaxFileSize
     type: int

artifacts/definitions/Linux/Events/TrackProcesses.yaml

@@ -45,11 +45,11 @@ sources:
           SELECT * FROM watch_ebpf(events=["sched_process_exit", "sched_process_exec"])
         }, query={
           SELECT * FROM switch(a={
-            SELECT System.ProcessID AS id,
-                    System.ParentProcessID AS parent_id,
+            SELECT System.HostProcessID AS id,
+                    System.HostParentProcessID AS parent_id,
                     "start" AS update_type,
-                    dict(Pid=System.ProcessID,
-                         Ppid=System.ParentProcessID,
+                    dict(Pid=System.HostProcessID,
+                         Ppid=System.HostParentProcessID,
                          Name=System.ProcessName,
                          Username=System.UserID,
                          Exe=EventData.cmdpath,
@@ -60,7 +60,7 @@ sources:
             FROM scope()
             WHERE System.EventName =~ "exec"
           }, end={
-            SELECT System.ProcessID AS id,
+            SELECT System.HostProcessID AS id,
                    NULL AS parent_id,
                    "exit" AS update_type,
                    dict() AS data,

artifacts/definitions/Linux/Search/FileFinder.yaml

@@ -96,8 +96,9 @@ parameters:
 
   - name: UPLOAD_IS_RESUMABLE
     type: bool
-    default: Y
-    description: If set the uploads can be resumed if the flow times out or errors.
+    default: N
+    description: |
+      If set the uploads can be resumed if the flow times out or errors.
 
 sources:
 - query: |

artifacts/definitions/MacOS/Search/FileFinder.yaml

@@ -77,8 +77,9 @@ parameters:
 
   - name: UPLOAD_IS_RESUMABLE
     type: bool
-    default: Y
-    description: If set the uploads can be resumed if the flow times out or errors.
+    default: N
+    description: |
+      If set the uploads can be resumed if the flow times out or errors.
 
 sources:
 - query: |

artifacts/definitions/Server/Internal/ToolDependencies.yaml

@@ -7,19 +7,19 @@ description: |
 
 tools:
   - name: VelociraptorWindows
-    url: https://github.com/Velocidex/velociraptor/releases/download/v0.75/velociraptor-v0.75.5-windows-amd64.exe
+    url: https://github.com/Velocidex/velociraptor/releases/download/v0.75/velociraptor-v0.75.6-windows-amd64.exe
     serve_locally: true
-    version: 0.75.5
+    version: 0.75.6
 
   - name: VelociraptorWindows_x86
-    url: https://github.com/Velocidex/velociraptor/releases/download/v0.75/velociraptor-v0.75.5-windows-386.exe
+    url: https://github.com/Velocidex/velociraptor/releases/download/v0.75/velociraptor-v0.75.6-windows-386.exe
     serve_locally: true
-    version: 0.75.5
+    version: 0.75.6
 
   - name: VelociraptorLinux
-    url: https://github.com/Velocidex/velociraptor/releases/download/v0.75/velociraptor-v0.75.5-linux-amd64-musl
+    url: https://github.com/Velocidex/velociraptor/releases/download/v0.75/velociraptor-v0.75.6-linux-amd64-musl
     serve_locally: true
-    version: 0.75.5
+    version: 0.75.6
 
   # On MacOS we cannot embed the config in the binary so we use a
   # shell script stub instead. See
@@ -31,11 +31,11 @@ tools:
     serve_locally: true
 
   - name: VelociraptorWindowsMSI
-    url: https://github.com/Velocidex/velociraptor/releases/download/v0.75/velociraptor-v0.75.5-windows-amd64.msi
+    url: https://github.com/Velocidex/velociraptor/releases/download/v0.75/velociraptor-v0.75.6-windows-amd64.msi
     serve_locally: true
-    version: 0.75.5
+    version: 0.75.6
 
   - name: VelociraptorWindows_x86MSI
-    url: https://github.com/Velocidex/velociraptor/releases/download/v0.75/velociraptor-v0.75.5-windows-386.msi
+    url: https://github.com/Velocidex/velociraptor/releases/download/v0.75/velociraptor-v0.75.6-windows-386.msi
     serve_locally: true
-    version: 0.75.5
+    version: 0.75.6

artifacts/definitions/System/VFS/DownloadFile.yaml

@@ -24,7 +24,7 @@ parameters:
       we download all files below it.
   - name: UPLOAD_IS_RESUMABLE
     type: bool
-    default: Y
+    default: N
     description: If set the uploads can be resumed if the flow times out or errors.
 
 sources:

artifacts/definitions/Windows/Search/FileFinder.yaml

@@ -81,8 +81,9 @@ parameters:
 
   - name: UPLOAD_IS_RESUMABLE
     type: bool
-    default: Y
-    description: If set, file uploads will be asynchronous and resumable.
+    default: N
+    description: |
+      If set, file uploads will be asynchronous and resumable.
 
 sources:
   - query: |

docs/references/vql.yaml

@@ -12772,4 +12772,3 @@
   - linux_amd64_cgo
   - windows_386_cgo
   - windows_amd64_cgo
-

docs/winres/winres.json

@@ -11,7 +11,7 @@
       "0409": {
         "identity": {
           "name": "",
-          "version": "0.75.3.0"
+          "version": "0.75.6.0"
         },
         "description": "Velociraptor: Digging deeper!",
         "minimum-os": "win10",
@@ -35,22 +35,22 @@
     "#1": {
       "0000": {
         "fixed": {
-          "file_version": "0.75.3.0",
-          "product_version": "0.75.3.0"
+          "file_version": "0.75.6.0",
+          "product_version": "0.75.6.0"
         },
         "info": {
           "0409": {
             "Comments": "",
             "CompanyName": "Rapid 7 Inc",
             "FileDescription": "Velociraptor: Digging Deeper!",
-            "FileVersion": "0.75.3.0",
+            "FileVersion": "0.75.6.0",
             "InternalName": "",
             "LegalCopyright": "Rapid 7 Inc",
             "LegalTrademarks": "",
             "OriginalFilename": "Velociraptor.exe",
             "PrivateBuild": "",
             "ProductName": "Velociraptor",
-            "ProductVersion": "0.75.3.0",
+            "ProductVersion": "0.75.6.0",
             "SpecialBuild": ""
           }
         }

go.mod

@@ -1,8 +1,8 @@
 module www.velocidex.com/golang/velociraptor
 
 require (
-	cloud.google.com/go/pubsub v1.36.1
-	cloud.google.com/go/storage v1.38.0
+	cloud.google.com/go/pubsub v1.50.1
+	cloud.google.com/go/storage v1.58.0
 	github.com/Depado/bfchroma v1.3.0
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Showmax/go-fqdn v1.0.0
@@ -31,7 +31,6 @@ require (
 	github.com/elastic/go-elasticsearch/v7 v7.3.0 // indirect
 	github.com/go-ole/go-ole v1.2.6
 	github.com/go-sql-driver/mysql v1.7.1
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/mock v1.6.0
 	github.com/google/btree v1.1.2
 	github.com/google/rpmpack v0.5.0
@@ -58,7 +57,7 @@ require (
 	github.com/oschwald/maxminddb-golang v1.8.0
 	github.com/pkg/sftp v1.13.6
 	github.com/prometheus/client_golang v1.15.1
-	github.com/prometheus/client_model v0.6.0
+	github.com/prometheus/client_model v0.6.2
 	github.com/qri-io/starlib v0.5.0
 	github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5
 	github.com/robertkrimen/otto v0.3.0
@@ -70,16 +69,16 @@ require (
 	github.com/xor-gate/ar v0.0.0-20170530204233-5c72ae81e2b7 // indirect
 	github.com/xor-gate/debpkg v1.0.0
 	go.starlark.net v0.0.0-20230925163745-10651d5192ab
-	golang.org/x/crypto v0.45.0
-	golang.org/x/mod v0.29.0
-	golang.org/x/net v0.47.0
-	golang.org/x/sys v0.38.0
-	golang.org/x/text v0.31.0
-	golang.org/x/time v0.5.0
-	google.golang.org/api v0.169.0
-	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
-	google.golang.org/grpc v1.67.1
-	google.golang.org/protobuf v1.36.10
+	golang.org/x/crypto v0.46.0
+	golang.org/x/mod v0.30.0
+	golang.org/x/net v0.48.0
+	golang.org/x/sys v0.39.0
+	golang.org/x/text v0.32.0
+	golang.org/x/time v0.14.0
+	google.golang.org/api v0.258.0
+	google.golang.org/genproto v0.0.0-20251222181119-0a764e51fe1b // indirect
+	google.golang.org/grpc v1.78.0
+	google.golang.org/protobuf v1.36.11
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
@@ -148,14 +147,14 @@ require (
 	github.com/mitchellh/go-wordwrap v1.0.1
 	github.com/mooijtech/go-pst/v6 v6.0.2
 	github.com/pkg/errors v0.9.1
-	github.com/rogpeppe/go-internal v1.12.0
+	github.com/rogpeppe/go-internal v1.14.1
 	github.com/shirou/gopsutil/v4 v4.25.1
 	github.com/syndtr/goleveldb v1.0.0
 	github.com/valyala/fastjson v1.6.4
 	github.com/vincent-petithory/dataurl v1.0.0
 	github.com/virtuald/go-paniclog v0.0.0-20190812204905-43a7fa316459
-	golang.org/x/oauth2 v0.27.0
-	google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142
+	golang.org/x/oauth2 v0.34.0
+	google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b
 	google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.2.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
@@ -164,13 +163,21 @@ require (
 )
 
 require (
-	cloud.google.com/go v0.112.1 // indirect
-	cloud.google.com/go/compute/metadata v0.5.0 // indirect
-	cloud.google.com/go/iam v1.1.6 // indirect
+	cel.dev/expr v0.25.1 // indirect
+	cloud.google.com/go v0.123.0 // indirect
+	cloud.google.com/go/auth v0.18.0 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
+	cloud.google.com/go/compute/metadata v0.9.0 // indirect
+	cloud.google.com/go/iam v1.5.3 // indirect
+	cloud.google.com/go/monitoring v1.24.3 // indirect
+	cloud.google.com/go/pubsub/v2 v2.3.0 // indirect
 	github.com/360EntSecGroup-Skylar/excelize v1.4.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/BurntSushi/toml v1.5.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.54.0 // indirect
+	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.54.0 // indirect
 	github.com/PuerkitoBio/goquery v1.8.1 // indirect
 	github.com/alecthomas/colour v0.1.0 // indirect
 	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
@@ -207,29 +214,32 @@ require (
 	github.com/cilium/ebpf v0.18.0 // indirect
 	github.com/clipperhouse/stringish v0.1.1 // indirect
 	github.com/clipperhouse/uax29/v2 v2.3.0 // indirect
+	github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 // indirect
 	github.com/crewjam/httperr v0.2.0 // indirect
 	github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 // indirect
 	github.com/dlclark/regexp2 v1.7.0 // indirect
 	github.com/dustmop/soup v1.1.2-0.20190516214245-38228baa104e // indirect
 	github.com/ebitengine/purego v0.8.3 // indirect
 	github.com/emersion/go-message v0.16.0 // indirect
 	github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594 // indirect
+	github.com/envoyproxy/go-control-plane/envoy v1.36.0 // indirect
+	github.com/envoyproxy/protoc-gen-validate v1.3.0 // indirect
 	github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/geoffgarside/ber v1.1.0 // indirect
 	github.com/gizak/termui/v3 v3.1.0 // indirect
-	github.com/go-jose/go-jose/v4 v4.0.5 // indirect
-	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/goccy/go-yaml v1.18.0 // indirect
 	github.com/godzie44/go-uring v0.0.0-20220926161041-69611e8b13d5 // indirect
 	github.com/golang/gddo v0.0.0-20210115222349-20d68f94ee1f // indirect
-	github.com/golang/glog v1.2.4 // indirect
+	github.com/golang/glog v1.2.5 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/gopacket v1.1.19 // indirect
-	github.com/google/s2a-go v0.1.7 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.2 // indirect
+	github.com/google/s2a-go v0.1.9 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.7 // indirect
+	github.com/googleapis/gax-go/v2 v2.16.0 // indirect
 	github.com/gorilla/css v1.0.0 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
@@ -263,7 +273,8 @@ require (
 	github.com/nsf/termbox-go v1.1.1 // indirect
 	github.com/paulmach/orb v0.10.0 // indirect
 	github.com/philhofer/fwd v1.1.2 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/prometheus/common v0.44.0 // indirect
 	github.com/prometheus/procfs v0.9.0 // indirect
@@ -272,6 +283,7 @@ require (
 	github.com/russellhaering/goxmldsig v1.3.0 // indirect
 	github.com/shopspring/decimal v1.2.0 // indirect
 	github.com/spf13/cast v1.7.1 // indirect
+	github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect
 	github.com/tidwall/btree v1.6.0 // indirect
 	github.com/tinylib/msgp v1.1.8 // indirect
 	github.com/tklauser/go-sysconf v0.3.12 // indirect
@@ -282,17 +294,21 @@ require (
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	go.mongodb.org/mongo-driver v1.12.1 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
-	go.opentelemetry.io/otel v1.24.0 // indirect
-	go.opentelemetry.io/otel/metric v1.24.0 // indirect
-	go.opentelemetry.io/otel/trace v1.24.0 // indirect
+	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
+	go.opentelemetry.io/contrib/detectors/gcp v1.39.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.64.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 // indirect
+	go.opentelemetry.io/otel v1.39.0 // indirect
+	go.opentelemetry.io/otel/metric v1.39.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.39.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.39.0 // indirect
+	go.opentelemetry.io/otel/trace v1.39.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
-	golang.org/x/sync v0.18.0 // indirect
-	golang.org/x/term v0.37.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/term v0.38.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b // indirect
 	kernel.org/pub/linux/libs/security/libcap/cap v1.2.71 // indirect
 	kernel.org/pub/linux/libs/security/libcap/psx v1.2.71 // indirect
 	www.velocidex.com/golang/binparsergen v0.1.1-0.20240404114946-8f66c7cf586e // indirect