From 23e947d80e679c6edf5587bb1f9cb379c2dc4aef Mon Sep 17 00:00:00 2001
From: vm-packages <vm-packages@mandiant.com>
Date: Wed, 7 Feb 2024 22:11:23 +0000
Subject: [PATCH 1/8] Update capa.vm to v7.0.1

---
 packages/capa.vm/capa.vm.nuspec              | 2 +-
 packages/capa.vm/tools/chocolateyinstall.ps1 | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/capa.vm/capa.vm.nuspec b/packages/capa.vm/capa.vm.nuspec
index 3a25f4895..6a39fa759 100755
--- a/packages/capa.vm/capa.vm.nuspec
+++ b/packages/capa.vm/capa.vm.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>capa.vm</id>
-    <version>6.1.0.20231212</version>
+    <version>7.0.1</version>
     <description>capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do.</description>
     <authors>@williballenthin, @mr-tz, @Ana06, @mike-hunhoff, @mwilliams31, @MalwareMechanic</authors>
     <dependencies>
diff --git a/packages/capa.vm/tools/chocolateyinstall.ps1 b/packages/capa.vm/tools/chocolateyinstall.ps1
index 8d888e4bc..d5d1c408e 100755
--- a/packages/capa.vm/tools/chocolateyinstall.ps1
+++ b/packages/capa.vm/tools/chocolateyinstall.ps1
@@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking
 $toolName = 'capa'
 $category = 'Utilities'
 
-$zipUrl = "https://github.com/mandiant/capa/releases/download/v6.1.0/capa-v6.1.0-windows.zip"
-$zipSha256 = "070923d5ca225ef29a670af9cc66a8d648fcaaff7e283cb1ddc73de6e3610f0f"
+$zipUrl = "https://github.com/mandiant/capa/releases/download/v7.0.1/capa-v7.0.1-windows.zip"
+$zipSha256 = "05bac209f50302308e37eb658fe36a40418aa9c37f57d440355706e13cabc43d"
 
 VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -arguments "--help"

From ce535db65c44d16675bd5b5d90eb8abba22364d5 Mon Sep 17 00:00:00 2001
From: vm-packages <vm-packages@mandiant.com>
Date: Wed, 7 Feb 2024 22:16:19 +0000
Subject: [PATCH 2/8] Update dnspyex.vm to v6.5.0

---
 packages/dnspyex.vm/dnspyex.vm.nuspec           | 2 +-
 packages/dnspyex.vm/tools/chocolateyinstall.ps1 | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/dnspyex.vm/dnspyex.vm.nuspec b/packages/dnspyex.vm/dnspyex.vm.nuspec
index 47f4ed21a..a458451e8 100644
--- a/packages/dnspyex.vm/dnspyex.vm.nuspec
+++ b/packages/dnspyex.vm/dnspyex.vm.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>dnspyex.vm</id>
-    <version>6.4.1.20231203</version>
+    <version>6.5.0</version>
     <authors>0xd4d, ElektroKill</authors>
     <description>dnSpyEx is a unofficial continuation of the dnSpy project which is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.</description>
     <dependencies>
diff --git a/packages/dnspyex.vm/tools/chocolateyinstall.ps1 b/packages/dnspyex.vm/tools/chocolateyinstall.ps1
index 14cf81c69..3959fb6f9 100644
--- a/packages/dnspyex.vm/tools/chocolateyinstall.ps1
+++ b/packages/dnspyex.vm/tools/chocolateyinstall.ps1
@@ -5,8 +5,8 @@ try {
   $toolName = 'dnSpy'
   $category = 'dotNet'
 
-  $zipUrl = "https://github.com/dnSpyEx/dnSpy/releases/download/v6.4.1/dnSpy-netframework.zip"
-  $zipSha256 = "d3d8aefb7c5c4ef15d077c13f88c13b0f1403fb71e73610dc68975a62e4230cb"
+  $zipUrl = "https://github.com/dnSpyEx/dnSpy/releases/download/v6.5.0/dnSpy-netframework.zip"
+  $zipSha256 = "5962e3cca902e650c61050e2a879af58b78eec91288b7a7b77a7bc761424a0ed"
   $toolDir = (VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256)[0]
 
   $toolNameX86 = "$toolName-x86"

From 8ebd8a058ddc2a6e686916a8c1683a1121cff826 Mon Sep 17 00:00:00 2001
From: vm-packages <vm-packages@mandiant.com>
Date: Wed, 7 Feb 2024 22:16:39 +0000
Subject: [PATCH 3/8] Update exiftool.vm to 12.76.0

---
 packages/exiftool.vm/exiftool.vm.nuspec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/exiftool.vm/exiftool.vm.nuspec b/packages/exiftool.vm/exiftool.vm.nuspec
index aa497e4a3..21681c4d2 100644
--- a/packages/exiftool.vm/exiftool.vm.nuspec
+++ b/packages/exiftool.vm/exiftool.vm.nuspec
@@ -2,12 +2,12 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>exiftool.vm</id>
-    <version>12.73.0</version>
+    <version>12.76.0</version>
     <authors>Phil Harvey</authors>
     <description>A tool for reeding and writing file metadata</description>
     <dependencies>
       <dependency id="common.vm" />
-      <dependency id="exiftool" version="[12.73.0]" />
+      <dependency id="exiftool" version="[12.76.0]" />
     </dependencies>
   </metadata>
 </package>

From db634af81cc6a9f8c6e3bee287c9524c3f83f54b Mon Sep 17 00:00:00 2001
From: vm-packages <vm-packages@mandiant.com>
Date: Wed, 7 Feb 2024 22:17:36 +0000
Subject: [PATCH 4/8] Update ghidra.vm to 11.0.1

---
 packages/ghidra.vm/ghidra.vm.nuspec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/ghidra.vm/ghidra.vm.nuspec b/packages/ghidra.vm/ghidra.vm.nuspec
index f04d78f22..8d7e7dcda 100644
--- a/packages/ghidra.vm/ghidra.vm.nuspec
+++ b/packages/ghidra.vm/ghidra.vm.nuspec
@@ -2,12 +2,12 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>ghidra.vm</id>
-    <version>10.3.3.20231025</version>
+    <version>11.0.1</version>
     <authors>National Security Agency</authors>
     <description>A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission.</description>
     <dependencies>
       <dependency id="common.vm" />
-      <dependency id="ghidra" version="[10.3.3]" />
+      <dependency id="ghidra" version="[11.0.1]" />
       <dependency id="openjdk.vm" />
     </dependencies>
   </metadata>

From c18b600968363eb75dfd44e946e0cfd246b4627a Mon Sep 17 00:00:00 2001
From: vm-packages <vm-packages@mandiant.com>
Date: Wed, 7 Feb 2024 22:27:53 +0000
Subject: [PATCH 5/8] Update ida.plugin.capa.vm to 7.0.0

---
 packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec   | 2 +-
 packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1 | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec b/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec
index b22a4e0e5..b005822ea 100755
--- a/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec
+++ b/packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>ida.plugin.capa.vm</id>
-    <version>6.1.0</version>
+    <version>7.0.0</version>
     <description>capa explorer is an IDAPython plugin that integrates capa with IDA Pro.</description>
     <authors>@mike-hunhoff, @williballenthin, @mr-tz</authors>
     <dependencies>
diff --git a/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1 b/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1
index e2d8964e8..0f5781e84 100755
--- a/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1
+++ b/packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1
@@ -3,7 +3,7 @@ Import-Module vm.common -Force -DisableNameChecking
 
 try {
     # Install plugin
-    $pluginUrl = "https://raw.githubusercontent.com/mandiant/capa/v6.1.0/capa/ida/plugin/capa_explorer.py"
+    $pluginUrl = "https://raw.githubusercontent.com/mandiant/capa/v7.0.0/capa/ida/plugin/capa_explorer.py"
     $pluginSha256 = "a9a60d9066c170c4e18366eb442f215009433bcfe277d3c6d0c4c9860824a7d3"
     $pluginsDir = New-Item "$Env:APPDATA\Hex-Rays\IDA Pro\plugins" -ItemType "directory" -Force
     $pluginPath = Join-Path $pluginsDir "capa_explorer.py"
@@ -19,8 +19,8 @@ try {
     VM-Assert-Path $pluginPath
 
     # Download capa rules
-    $rulesUrl = "https://github.com/mandiant/capa-rules/archive/refs/tags/v6.1.0.zip"
-    $rulesSha256 = "d87240475b2989e919f65381556f28b455a2f7d6cd35d95acdbbbe9f04f86c84"
+    $rulesUrl = "https://github.com/mandiant/capa-rules/archive/refs/tags/v7.0.0.zip"
+    $rulesSha256 = "4dd27227e68ba419dd8cbe66ba6b09d2b55836e832a97170c9e8b6398caf15fb"
     $packageArgs = @{
         packageName    = ${Env:ChocolateyPackageName}
         unzipLocation  = $pluginsDir
@@ -29,7 +29,7 @@ try {
         checksumType   = 'sha256'
     }
     Install-ChocolateyZipPackage @packageArgs
-    $rulesDir = Join-Path $pluginsDir "capa-rules-6.1.0" -Resolve
+    $rulesDir = Join-Path $pluginsDir "capa-rules-7.0.0" -Resolve
 
     # Set capa rules in the capa plugin
     $registryPath = 'HKCU:\SOFTWARE\IDAPython\IDA-Settings\capa'

From 6b723aa0c8f69b081e7ec01f71f162cbf7648a1f Mon Sep 17 00:00:00 2001
From: vm-packages <vm-packages@mandiant.com>
Date: Thu, 8 Feb 2024 00:04:56 +0000
Subject: [PATCH 6/8] Update pebear.vm to 0.6.7.20240208

---
 packages/pebear.vm/pebear.vm.nuspec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/pebear.vm/pebear.vm.nuspec b/packages/pebear.vm/pebear.vm.nuspec
index 4c10b1d34..9657646a9 100644
--- a/packages/pebear.vm/pebear.vm.nuspec
+++ b/packages/pebear.vm/pebear.vm.nuspec
@@ -2,12 +2,12 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>pebear.vm</id>
-    <version>0.6.7</version>
+    <version>0.6.7.20240208</version>
     <authors>hasherezade</authors>
     <description>Delivers fast and flexible "first view" for malware analysts</description>
     <dependencies>
       <dependency id="common.vm" />
-      <dependency id="pebear" version="[0.6.7]" />
+      <dependency id="pebear" version="[0.6.7.3]" />
     </dependencies>
   </metadata>
 </package>

From 539cda2b60260d2c1a74096c39c99d5ebca493b9 Mon Sep 17 00:00:00 2001
From: vm-packages <vm-packages@mandiant.com>
Date: Thu, 8 Feb 2024 00:05:10 +0000
Subject: [PATCH 7/8] Update pestudio.vm to 9.58

---
 packages/pestudio.vm/pestudio.vm.nuspec          | 2 +-
 packages/pestudio.vm/tools/chocolateyinstall.ps1 | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/pestudio.vm/pestudio.vm.nuspec b/packages/pestudio.vm/pestudio.vm.nuspec
index abe735545..84ede3560 100644
--- a/packages/pestudio.vm/pestudio.vm.nuspec
+++ b/packages/pestudio.vm/pestudio.vm.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>pestudio.vm</id>
-    <version>9.57</version>
+    <version>9.58</version>
     <authors>Marc Ochsenmeier</authors>
     <description>The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment.</description>
     <dependencies>
diff --git a/packages/pestudio.vm/tools/chocolateyinstall.ps1 b/packages/pestudio.vm/tools/chocolateyinstall.ps1
index f41eb2138..380197fbf 100644
--- a/packages/pestudio.vm/tools/chocolateyinstall.ps1
+++ b/packages/pestudio.vm/tools/chocolateyinstall.ps1
@@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking
 $toolName = 'pestudio'
 $category = 'PE'
 
-$zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio-9.57.zip'
-$zipSha256 = 'df0664f07bc1561788abfad101ac371e37310bb20f50d5171fb3edf65e950eeb'
+$zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio-9.58.zip'
+$zipSha256 = '06c06dc1e6db6b8672b0827ca800affa0739a6878d9767d89122826ca0a2425e'
 
 VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true

From c49b5836327a700125c559c16efaa7da93d00d29 Mon Sep 17 00:00:00 2001
From: vm-packages <vm-packages@mandiant.com>
Date: Thu, 8 Feb 2024 00:06:46 +0000
Subject: [PATCH 8/8] Update tor-browser.vm to 13.0.9

---
 packages/tor-browser.vm/tor-browser.vm.nuspec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/tor-browser.vm/tor-browser.vm.nuspec b/packages/tor-browser.vm/tor-browser.vm.nuspec
index 18b5a5395..8ad5730ce 100644
--- a/packages/tor-browser.vm/tor-browser.vm.nuspec
+++ b/packages/tor-browser.vm/tor-browser.vm.nuspec
@@ -2,12 +2,12 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>tor-browser.vm</id>
-    <version>13.0.8</version>
+    <version>13.0.9</version>
     <authors>Tor Project</authors>
     <description>The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world.</description>
     <dependencies>
       <dependency id="common.vm" />
-      <dependency id="tor-browser" version="[13.0.8]" />
+      <dependency id="tor-browser" version="[13.0.9]" />
     </dependencies>
   </metadata>
 </package>