These appear to be legitimate packages created by our developers over a year apart, but somehow have the same size and hash. What are the odds? In fact I’ve found over a dozen instances of unique packages that somehow have the same SHA1. In the worst case, there were 13 discreet packages that share the same SHA1! This is quite the rabbit hole to go down …
(tuple string items 0 of it, tuple string items 1 of it) of values of results of property 1 of bes fixlets whose (name of it is "BigFix Server - Uploads Directory - Windows")
Thanks @strawgate! That did the trick. ‘Item’ to ‘Items’.
For everyone’s benefit, here is the updated version to use in your Presentation Debugger:
items 0 of items 1 of it whose (item 0 of it = item 0 of item 1 of it) of ((elements of ((set of unique values of (tuple string item 0 of it as lowercase) of values of results of property 1 of bes fixlets whose (name of it is "BigFix Server - Uploads Directory - Windows")) - (set of (it as lowercase) of unique values of parenthesized parts 2 of (matches (regex "(\:|%22)([0-9a-fA-F]{40})( |%22)") of it) of (scripts of actions of bes fixlets;action scripts of bes actions;scripts of actions of components of component groups of bes baselines;action scripts of member actions of bes actions;(values of shared variables of it; values of private variables of it) of bes wizards) ))), (tuple string items 0 of it, tuple string items 1 of it) of values of results of property 1 of bes fixlets whose (name of it is "BigFix Server - Uploads Directory - Windows"))