search

mandiant / flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
Apache License 2.0
6.64k stars 925 forks source link

ERROR: Failed to install: VARIOUS #591

Closed nadrojisk closed 7 months ago

nadrojisk commented 7 months ago

What's the problem?

I recently upgraded my existing flare install with the newest version. Most of the tools installed fine however, there were a good handful that did not install. I tried to manually install them with choco post install but I got a ton of errors.

PS C:\Users\flare > choco install regcool.vm
Chocolatey v2.2.2
Installing the following packages:
regcool.vm
By installing, you accept licenses for the packages.
Unable to connect to source 'https://www.myget.org/F/fireeye/api/v2':
 Failed to fetch results from V2 feed at 'https://www.myget.org/F/fireeye/api/v2/Packages()?$filter=(tolower(Id)%20eq%20'regcool.vm')%20and%20IsLatestVersion&semVerLevel=2.0.0' with following message : Response status code does not indicate success: 404 (Not Found).
[NuGet] Access to the path 'C:\Users\flare\Application Data' is denied.
[NuGet] Access to the path 'C:\Users\flare\Cookies' is denied.
[NuGet] Access to the path 'C:\Users\flare\Local Settings' is denied.
[NuGet] Access to the path 'C:\Users\flare\My Documents' is denied.
[NuGet] Access to the path 'C:\Users\flare\NetHood' is denied.
[NuGet] Access to the path 'C:\Users\flare\PrintHood' is denied.
[NuGet] Access to the path 'C:\Users\flare\Recent' is denied.
[NuGet] Access to the path 'C:\Users\flare\SendTo' is denied.
[NuGet] Access to the path 'C:\Users\flare\Start Menu' is denied.
[NuGet] Access to the path 'C:\Users\flare\Templates' is denied.
Failed to fetch results from V2 feed at 'https://www.myget.org/F/fireeye/api/v2/FindPackagesById()?id='regcool.vm'&semVerLevel=2.0.0' with following message : Response status code does not indicate success: 404 (Not Found).
[NuGet] Access to the path 'C:\Users\flare\Application Data' is denied.
[NuGet] Access to the path 'C:\Users\flare\Cookies' is denied.
[NuGet] Access to the path 'C:\Users\flare\Local Settings' is denied.
[NuGet] Access to the path 'C:\Users\flare\My Documents' is denied.
[NuGet] Access to the path 'C:\Users\flare\NetHood' is denied.
[NuGet] Access to the path 'C:\Users\flare\PrintHood' is denied.
[NuGet] Access to the path 'C:\Users\flare\Recent' is denied.
[NuGet] Access to the path 'C:\Users\flare\SendTo' is denied.
[NuGet] Access to the path 'C:\Users\flare\Start Menu' is denied.
[NuGet] Access to the path 'C:\Users\flare\Templates' is denied.
[NuGet] Access to the path 'C:\Users\flare\Application Data' is denied.
[NuGet] Access to the path 'C:\Users\flare\Cookies' is denied.
[NuGet] Access to the path 'C:\Users\flare\Local Settings' is denied.
[NuGet] Access to the path 'C:\Users\flare\My Documents' is denied.
[NuGet] Access to the path 'C:\Users\flare\NetHood' is denied.
[NuGet] Access to the path 'C:\Users\flare\PrintHood' is denied.
[NuGet] Access to the path 'C:\Users\flare\Recent' is denied.
[NuGet] Access to the path 'C:\Users\flare\SendTo' is denied.
[NuGet] Access to the path 'C:\Users\flare\Start Menu' is denied.
[NuGet] Access to the path 'C:\Users\flare\Templates' is denied.
[NuGet] One or more unresolved package dependency constraints detected in the Chocolatey lib folder. All dependency constraints must be resolved to add or update packages. If these packages are being updated this message may be ignored, if not the following error(s) may be blocking the current package operation: 'procdot.vm 1.22.57 constraint: windump.vm '
Unable to resolve dependency: Unable to find a version of 'common.vm' that is compatible with 'adconnectdump.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'amcacheparser.vm 1.5.1.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'apktool.vm 2.9.3 constraint: common.vm (>= 0.0.0.20231221)', 'appcompatcacheparser.vm 1.5.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'asreproast.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'azurehound.vm 2.1.8.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'blobrunner.vm 0.0.5.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'blobrunner64.vm 0.0.5.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'bloodhound-custom-queries.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'bloodhound.vm 4.3.1.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'bstrings.vm 1.5.2.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'c3.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'capa.vm 7.0.1.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'certify.vm 1.1.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'chainsaw.vm 2.9.0 constraint: common.vm (>= 0.0.0.20240411)', 'covenant.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'credninja.vm 2.3.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'cryptotester.vm 1.7.1.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'cutter.vm 2.3.4.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'de4dot-cex.vm 4.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'dex2jar.vm 2.3.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'dnspyex.vm 6.5.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'dotdumper.vm 1.1.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'dotnettojscript.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'dumpert.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'egress-assess.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'evilclippy.vm 1.3.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'evtxecmd.vm 1.5.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'exeinfope.vm 0.0.7.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'extreme_dumper.vm 4.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'ezviewer.vm 2.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'fakenet-ng.vm 3.2.0.20240412 constraint: common.vm (>= 0.0.0.20240411)', 'file.vm 0.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'floss.vm 3.1.0 constraint: common.vm (>= 0.0.0.20240411)', 'fuzzdb.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'gadgettojscript.vm 2.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'garbageman.vm 0.2.4.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'gobuster.vm 3.5.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'googlechrome.vm 0.0.0.20240405 constraint: common.vm (>= 0.0.0.20240111)', 'goresym.vm 2.4.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'hasher.vm 2.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'hashmyfiles.vm 0.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'hayabusa.vm 2.11.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'hollowshunter.vm 0.3.9.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'ida.diaphora.vm 3.2.0 constraint: common.vm (>= 0.0.0.20240411)', 'idafree.vm 8.3.0.20240325 constraint: common.vm (>= 0.0.0.20240119)', 'ifpstools.vm 2.0.2.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'innoextract.vm 1.9.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'internal-monologue.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'inveigh.vm 2.0.10.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'invokedosfuscation.vm 1.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'invokeobfuscation.vm 1.8.2.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'jlecmd.vm 1.5.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'jumplist_explorer.vm 2.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'keethief.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'lecmd.vm 1.5.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'logfileparser.vm 2.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'mftecmd.vm 1.2.2.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'mft_explorer.vm 2.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'microburst.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'nanodump.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'networkminer.vm 2.8.1.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'offvis.vm 1.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'outflank-c2-tool-collection.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'payloadsallthethings.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'pdbresym.vm 1.3.4 constraint: common.vm (>= 0.0.0.20240411)', 'pdbs.pdbresym.vm 0.0.0.20240417 constraint: common.vm (>= 0.0.0.20240411)', 'peanatomist.vm 0.2.11931.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'pecmd.vm 1.5.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'peid.vm 0.95.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'pestudio.vm 9.58.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'petitpotam.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'pma-labs.vm 0.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'powermad.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'powersploit.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'powerupsql.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'powerzure.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)'.

Chocolatey installed 0/1 packages. 1 packages failed.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures
 - regcool.vm - Unable to resolve dependency: Unable to find a version of 'common.vm' that is compatible with 'adconnectdump.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'amcacheparser.vm 1.5.1.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'apktool.vm 2.9.3 constraint: common.vm (>= 0.0.0.20231221)', 'appcompatcacheparser.vm 1.5.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'asreproast.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'azurehound.vm 2.1.8.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'blobrunner.vm 0.0.5.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'blobrunner64.vm 0.0.5.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'bloodhound-custom-queries.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'bloodhound.vm 4.3.1.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'bstrings.vm 1.5.2.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'c3.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'capa.vm 7.0.1.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'certify.vm 1.1.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'chainsaw.vm 2.9.0 constraint: common.vm (>= 0.0.0.20240411)', 'covenant.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'credninja.vm 2.3.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'cryptotester.vm 1.7.1.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'cutter.vm 2.3.4.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'de4dot-cex.vm 4.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'dex2jar.vm 2.3.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'dnspyex.vm 6.5.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'dotdumper.vm 1.1.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'dotnettojscript.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'dumpert.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'egress-assess.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'evilclippy.vm 1.3.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'evtxecmd.vm 1.5.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'exeinfope.vm 0.0.7.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'extreme_dumper.vm 4.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'ezviewer.vm 2.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'fakenet-ng.vm 3.2.0.20240412 constraint: common.vm (>= 0.0.0.20240411)', 'file.vm 0.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'floss.vm 3.1.0 constraint: common.vm (>= 0.0.0.20240411)', 'fuzzdb.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'gadgettojscript.vm 2.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'garbageman.vm 0.2.4.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'gobuster.vm 3.5.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'googlechrome.vm 0.0.0.20240405 constraint: common.vm (>= 0.0.0.20240111)', 'goresym.vm 2.4.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'hasher.vm 2.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'hashmyfiles.vm 0.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'hayabusa.vm 2.11.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'hollowshunter.vm 0.3.9.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'ida.diaphora.vm 3.2.0 constraint: common.vm (>= 0.0.0.20240411)', 'idafree.vm 8.3.0.20240325 constraint: common.vm (>= 0.0.0.20240119)', 'ifpstools.vm 2.0.2.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'innoextract.vm 1.9.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'internal-monologue.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'inveigh.vm 2.0.10.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'invokedosfuscation.vm 1.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'invokeobfuscation.vm 1.8.2.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'jlecmd.vm 1.5.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'jumplist_explorer.vm 2.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'keethief.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'lecmd.vm 1.5.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'logfileparser.vm 2.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'mftecmd.vm 1.2.2.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'mft_explorer.vm 2.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'microburst.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'nanodump.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'networkminer.vm 2.8.1.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'offvis.vm 1.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'outflank-c2-tool-collection.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'payloadsallthethings.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'pdbresym.vm 1.3.4 constraint: common.vm (>= 0.0.0.20240411)', 'pdbs.pdbresym.vm 0.0.0.20240417 constraint: common.vm (>= 0.0.0.20240411)', 'peanatomist.vm 0.2.11931.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'pecmd.vm 1.5.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'peid.vm 0.95.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'pestudio.vm 9.58.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'petitpotam.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'pma-labs.vm 0.0.0.20240411 constraint: common.vm (>= 0.0.0.20240411)', 'powermad.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'powersploit.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'powerupsql.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)', 'powerzure.vm 0.0.0.20240412 constraint: common.vm (>= 0.0.0.20240412)'.

Additionally, I am unsure if the duplicated package names are normal in the log.txt. I wonder if its because I am installing ontop of an existing Flare install? image image

failed_packages.txt log.txt

Steps to Reproduce

  1. Have existing flare install (I believe my last install was 2/2/2023)
  2. Pull flare-vm git and run install.ps1

Environment

VMware Workstation 

2024/04/24 08:04:57 vm.common.psm1 [+] INFO : Host Information

VM OS version and Service Pack
-----

Version                 : 10.0.19044
BuildNumber             : 19044
OSArchitecture          : 64-bit
ServicePackMajorVersion : 0
Caption                 : Microsoft Windows 10 Enterprise LTSC

VM OS RAM (MB)
-----
8192

VM OS HDD Space / Usage
-----

DeviceID DriveType ProviderName VolumeName Size         FreeSpace
-------- --------- ------------ ---------- ----         ---------
C:       3                                 128502984704 47042248704
D:       5

VM AV Details
-----
AntiVirusProduct classname does not exist...

VM PowerShell Version
-----
5.1.19041.4291

VM CLR Version
-----
4.0.30319.42000

VM Chocolatey Version
-----
2.2.2

VM Boxstarter Version
-----

Boxstarter|3.0.3
Boxstarter.Bootstrapper|3.0.3
Boxstarter.Chocolatey|3.0.3
Boxstarter.Common|3.0.3
Boxstarter.HyperV|3.0.3
Boxstarter.WinConfig|3.0.3

VM Installed Packages
-----
010editor.flare|11.0.1
010editor.vm|14.0.1
7zip.flare|15.5.1.2
7zip.vm|0.0.0.20240410
7zip-15-05.vm|15.5.0.20240308
7zip-nsis.vm|23.1.0
7z-nsis.vm|23.1.0
adconnectdump.vm|0.0.0.20240412
aleapp.vm|3.2.1
amcacheparser.vm|1.5.1.20240411
apimonitor|2.13.0.20210213
apimonitor.flare|2.13.0.20160119
apimonitor.vm|2.13.0.20220224
apktool|2.6.1
apktool.flare|2.3.4.4
apktool.vm|2.9.3
appcompatcacheparser.vm|1.5.0.20240411
arsenalimagemounter|3.11.282
arsenalimagemounter.vm|3.11.282
asreproast.vm|0.0.0.20240412
autohotkey|1.1.37.1
autohotkey.install|1.1.37.1
autohotkey.portable|1.1.34.4
Autopsy.fireeye|4.18.0
autopsy.vm|4.21.0
az.powershell|11.5.0
azurehound.vm|2.1.8.20240411
badassmacros.vm|1.0.0
binaryninja.flare|2.2.2487
bindiff.vm|8.0.0.20240402
blobrunner.vm|0.0.5.20240411
blobrunner64.vm|0.0.5.20240411
bloodhound.vm|4.3.1.20240411
bloodhound-custom-queries.vm|0.0.0.20240412
Boxstarter|3.0.3
Boxstarter.Bootstrapper|3.0.3
Boxstarter.Chocolatey|3.0.3
Boxstarter.Common|3.0.3
Boxstarter.HyperV|3.0.3
Boxstarter.WinConfig|3.0.3
bstrings.vm|1.5.2.20240411
burp-free.vm|0.0.0.20240217
burp-suite-free-edition|2022.12.4
bytecode-viewer.flare|2.9.22.1
bytecodeviewer.vm|2.12.0
bytehist.fireeye|1.0.102.4
c3.vm|0.0.0.20240412
capa.fireeye|1.6.3
capa.vm|7.0.1.20240411
certify.vm|1.1.0.20240412
chainsaw.vm|2.9.0
checksum|0.2.0
chocolatey|2.2.2
chocolatey-compatibility.extension|1.0.0
chocolatey-core.extension|1.4.0
chocolatey-dotnetfx.extension|1.0.1
chocolatey-visualstudio.extension|1.10.2
chocolatey-windowsupdate.extension|1.0.5
Cmder|1.3.24
cmder.fireeye|2019.10.10.2
cmder.vm|1.3.24.20240217
codetrack|1.0.3.301
codetrack.vm|1.0.3.20230526
common.fireeye|3.0.0.12
common.vm|0.0.0.20240419
confuserex|1.6.0
confuserex.vm|1.6.0.20230713
covenant.vm|0.0.0.20240412
credninja.vm|2.3.0.20240412
cryptotester.vm|1.7.1.20240411
cutter.flare|2.0.0
cutter.vm|2.3.4.20240411
cyberchef.flare|8.27.0.20190404
cyberchef.vm|10.17.0
Cygwin|3.5.3
cygwin.flare|2.11.0.6
cygwin.vm|3.5.3
dcode.vm|5.5.21194.20240217
de4dot.flare|3.1.41592.3409
de4dot-cex.vm|4.0.0.20240411
debloat.vm|0.0.0.20240327
dependencywalker|2.2.6000.9
dependencywalker.vm|2.2.6000
dex2jar.flare|2.1.0.6
dex2jar.vm|2.3.0.20240411
die.flare|3.1.0
die.vm|3.7.20240217
dll-to-exe.vm|1.1.0
dnlib.vm|4.0.0
dnsd.flare|1.11.0.3
dnspy.flare|6.1.8.20210527
dnspyex.vm|6.5.0.20240411
dotdumper.vm|1.1.0.20240411
DotNet3.5|3.5.20160716
DotNet4.5.2|4.5.2.20140902
DotNet4.6.1|4.6.1055.20170308
dotnet4.6.2|4.6.1590.20190822
dotnet4.7.2|4.7.2.20210903
dotnet-5.0-desktopruntime|5.0.17
dotnet5-desktop-runtime|5.0.6
dotnet-6.0-desktopruntime|6.0.26
dotnet-6.0-runtime|6.0.26
dotnet-6.vm|0.0.0.20231224
dotnet-8.0-desktopruntime|8.0.2
dotnetfx|4.8.0.20220524
dotnettojscript.vm|0.0.0.20240412
dotPeek|2022.2.3
dotPeek.flare|2019.1.0.6
dumpert.vm|0.0.0.20240412
egress-assess.vm|0.0.0.20240412
event-log-explorer.vm|5.5.0.20240321
evilclippy.vm|1.3.0.20240412
evtxecmd.vm|1.5.0.20240411
exe2aut.fireeye|0.10.20201221
exeinfope.flare|0.0.5.5
exeinfope.vm|0.0.7.20240411
exiftool|12.82.0
exiftool.vm|12.82.0
explorersuite.flare|0.0.0.2015
explorersuite.vm|0.0.0.20230925
extreme_dumper.vm|4.0.0.20240411
ezviewer.vm|2.0.0.20240411
fakenet-ng.fireeye|1.4.11
fakenet-ng.vm|3.2.0.20240412
farmanager.flare|3.0.0.2
ffdec.flare|14.4.0
fiddler|5.0.20242.10753
fiddler.fireeye|1.0.0.3
fiddlerclassic.vm|5.0.20211.20240417
file.vm|0.0.0.20240411
fileinsight.flare|2.1.0.3
flare-floss.fireeye|1.7.0
flare-qdb.python.flare|1.0.0.7
flarevm.win10.config.fireeye|3.0.1.3
flarevm.win10.installer.fireeye|3.0.1.6
flarevm.win10.preconfig.fireeye|3.0.1.1
floss.vm|3.1.0
ftk-imager.vm|4.7.1.20231207
fuzzdb.vm|0.0.0.20240412
gadgettojscript.vm|2.0.0.20240412
garbageman.vm|0.2.4.20240411
getlapspasswords.vm|0.0.0.20240125
ghidra|11.0.3
ghidra.vm|11.0.3
git|2.43.0
git.install|2.43.0
gobuster.vm|3.5.0.20240411
GoogleChrome|107.0.5304.88
googlechrome.fireeye|2020.11.25
googlechrome.vm|0.0.0.20240405
goresym.vm|2.4.0.20240411
gowitness.vm|2.5.1.20240112
graphviz|6.0.2
group3r.vm|1.0.59
hashcalc.flare|2.2.0.4
hashcat.vm|6.2.6.20240410
hasher.vm|2.0.0.20240411
hashmyfiles.flare|2.38.0
hashmyfiles.vm|0.0.0.20240411
hayabusa.vm|2.11.0.20240411
hollowshunter.fireeye|0.2.9
hollowshunter.vm|0.3.9.20240411
HTTrack.fireeye|3.49.2.2
hxd|2.5.0
hxd.flare|2.0.1
hxd.vm|2.5.0.20230925
ida.diaphora.vm|3.2.0
idafree.vm|8.3.0.20240325
idafree70.flare|7.0.0.6
idr.vm|0.0.0.20230627
ifpstools.vm|2.0.2.20240411
ilspy|8.2.0
ilspy.flare|3.0.1.4
ilspy.vm|8.2.0
imhex|1.33.2
imhex.vm|1.33.2
ImpRec.fireeye|1.7.0
innoextract.fireeye|1.9.0
innoextract.vm|1.9.0.20240411
innounp.fireeye|0.50.0
innounp.vm|0.50.0.20230710
installer.vm|0.0.0.20240402
internal-monologue.vm|0.0.0.20240412
inveigh.vm|2.0.10.20240411
invokedosfuscation.vm|1.0.0.20240412
invokeobfuscation.vm|1.8.2.20240412
isd.vm|1.5.0.20240217
java-deobfuscator-gui.fireeye|1.5.2
javaruntime|8.0.231
jd-gui.flare|1.6.6.1
jlecmd.vm|1.5.0.20240411
jre8|8.0.351
juicypotato.vm|0.1.0
jumplist_explorer.vm|2.0.0.20240411
KB2533623|2.0.0
KB2919355|1.0.20160915
KB2919442|1.0.20160915
KB2999226|1.0.20181019
KB3033929|1.0.5
KB3035131|1.0.3
KB3063858|1.0.0
keethief.vm|0.0.0.20240412
kerbrute.vm|1.0.3
kernel-outlook-pst-viewer.vm|20.3.0
kmdloader.flare|1.2.20180705.5
ldapnomnom.vm|1.2.0
lecmd.vm|1.5.0.20240411
lessmsi|1.10.0
lessmsi.fireeye|1.6.3.3
libraries.python2.fireeye|1.0.20210316
libraries.python3.fireeye|1.0.20201125
logfileparser.vm|2.0.0.20240411
lordpe.flare|1.41.0.7
mailsniper.vm|0.0.0.20230712
malware-jail.fireeye|2020.11.25
MAP.flare|0.24.20201125
map.vm|0.0.0.20240416
memprocfs.vm|5.9.4.20240411
merlin.vm|2.1.2
mfasweep.vm|0.0.0.20230710
mft_explorer.vm|2.0.0.20240411
mftecmd.vm|1.2.2.20240411
microburst.vm|0.0.0.20240412
microsoft-windows-terminal|1.19.10302
microsoft-windows-terminal.vm|1.19.10302.20240217
mimikatz.vm|2.2.0
msoffcrypto-crack.fireeye|0.0.5
nanodump.vm|0.0.0.20240412
nasm|2.16.2
nasm.fireeye|2.14.0.3
nasm.vm|2.16.2
ncat.flare|5.59.1.5
netcat|1.12.0
netcat.vm|1.12.0
netfx-4.6.2|4.6.2.20210905
netfx-4.7.2|4.7.2
netfx-4.8|4.8.0.20220524
netgpppassword.vm|1.0.0
net-reactor-slayer|6.4.0
net-reactor-slayer.vm|6.4.0.20230621
networkminer.vm|2.8.1.20240411
nmap.flare|7.70.0.2
nmap.vm|7.93.20230418.20240102
nodejs|13.14.0
nodejs.install|13.14.0
notepadplusplus|8.6.5
notepadplusplus.flare|7.6.20190417.2
notepadplusplus.install|8.6.5
notepadplusplus.vm|8.6.5
notepadpp.plugin.xmltools.vm|3.1.1.20231219
officemalscanner.flare|0.5.20180131.6
offvis.flare|1.1.0.20201222
offvis.vm|1.0.0.20240411
oledump.fireeye|0.0.57
ollydbg.ollydumpex.vm|1.80.0
ollydbg.scyllahide.vm|0.0.0.20230210
ollydbg.vm|1.10.0.20230418
ollydbg2.ollydumpex.vm|1.80.0
ollydbg2.scyllahide.vm|0.0.0.20230210
ollydbg2.vm|2.1.0.20230418
onenoteanalyzer.vm|0.0.0.20240226
openjdk|21.0.1
openjdk.vm|0.0.0.20240202
openjdk11|11.0.16.20220913
openvpn|2.6.10.1
openvpn.vm|2.6.10
oraclejdk|17.0.2
outflank-c2-tool-collection.vm|0.0.0.20240412
payloadsallthethings.vm|0.0.0.20240412
pdbresym.vm|1.3.4
pdbs.pdbresym.vm|0.0.0.20240417
pdfid.flare|0.2.7.1
pdfparser.flare|0.7.4.1
PdfStreamDumper.flare|0.9.624.7
pdfstreamdumper.vm|0.9.634.20240226
peanatomist.vm|0.2.11931.20240411
pebear|0.6.7.3
pebear.flare|0.5.3.2
pebear.vm|0.6.7.20240208
pecmd.vm|1.5.0.20240411
peid.flare|0.9.5.5
peid.vm|0.95.0.20240411
pesieve|0.3.9
pesieve.fireeye|0.2.8
pesieve.vm|0.3.9.20240305
pestudio|9.46.0
pestudio.flare|9.9.0
pestudio.vm|9.58.0.20240411
petitpotam.vm|0.0.0.20240412
peview.flare|0.9.9.5
pmalabs.flare|0.0.1.5
pma-labs.vm|0.0.0.20240411
powercat.vm|0.0.0.20240217
powermad.vm|0.0.0.20240412
PowerShell|5.1.14409.20180811
powersploit.vm|0.0.0.20240412
powerupsql.vm|0.0.0.20240412
powerzure.vm|0.0.0.20240412
ppee.fireeye|1.12.0.5
procdot.fireeye|1.22.0.2
procdot.vm|1.22.57
processdump.fireeye|2.1.0.8
processhacker|2.39.0
processhacker.flare|2.39.0.5
processhacker.install|2.39.0
PSDecode.fireeye|2020.2.27.1
putty|0.78.0
putty.portable|0.78.0
py2exedecompiler.flare|0.1.20201222
pyinstxtractor.fireeye|1.9.1
python2|2.7.18
python2.x86.nopath.flare|2.7.15.3
python3|3.7.9
rawcap|0.1.5
regshot.flare|1.9.3.20200225
resharper-platform|222.0.20220831.104952
resourcehacker.flare|5.1.8
rtfdump.fireeye|0.0.10
rundotnetdll.flare|1.0.0.3
scdbg.flare|20191104.1.0
shellcode_launcher.flare|0.0.1.4
SilkETW.fireeye|0.8.0.1
spystudio|2.9.2.20161106
spystudio.flare|2.9.2.20161110
sublimetext3|3.2.2
SysAnalyzer.flare|20210309.0.0
sysinternals|2022.11.3
sysinternals.flare|2020.3.2.1
syspin|0.99.9.20210303
Temurin11|11.0.17.800
uniextract2.fireeye|2.0.0.5
unxUtils|1.0.0
upx|4.0.0
vbdecompiler.flare|11.6.0.2
vcbuildtools.fireeye|2017.1.0
vcredist140|14.36.32532
vcredist140.vm|0.0.0.20231019
vcredist2005|8.0.50727.619501
vcredist2010|10.0.40219.32503
vcredist2015|14.0.24215.20170201
vcredist-all.flare|1.0.0.5
vim.flare|8.1.1.3
visualstudio2017buildtools|15.9.50
visualstudio2017-workload-vctools|1.3.3
visualstudio-installer|2.0.3
volatility|2.6.0.20190425
volatility.flare|2.6.1.4
vscode|1.73.0
vscode.fireeye|2019.3.13.5
vscode.install|1.73.0
Wget|1.21.3
windbg.flare|10.0.10586.36
windbg.kenstheme.flare|1.0.0.3
windbg.ollydumpex.flare|1.7.2.13
windbg.pykd.flare|0.3.2.7
windump.vm|0.3.0
WinPcap|4.1.3.20161116
wireshark|4.2.4
wireshark.flare|2.2.5.4
wireshark.vm|4.2.4
x64dbg.flare|2021.4.17
x64dbg.ollydumpex.fireeye|1.7.2.4
xorsearch.flare|1.11.4
xorstrings.flare|0.0.1.20201222
yara.flare|3.7.0.5

Common Environment Variables
-----
VM_COMMON_DIR: C:\ProgramData\_VM
TOOL_LIST_DIR: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLARE
RAW_TOOLS_DIR: C:\Tools

Additional Information

No response

emtuls commented 7 months ago

Hi @nadrojisk! Thank you for submitting this issue.

I see that it looks like the script is attempting to connect to an older myget repo that is no longer being used (https://www.myget.org/F/fireeye/api/v2) and I wonder if that may be the root of most of these issues.

Would you be able to try and remove that source via chocolatey? It should be something like:

The current myget that is being used is: https://www.myget.org/F/vm-packages/api/v2 https://github.com/mandiant/flare-vm/blob/main/install.ps1#L380

Once that source has been removed, see if you can try the script again, but I will be honest, the best way to update is to usually perform a full fresh FLARE-VM install. There has been quite a bit of changes in the last ~1.5-2 years.

Also note, we are aware of some packages that are currently failing to install, though it shouldn't be as many as you are having. You can see the list of ones with current issues here: https://github.com/mandiant/VM-Packages/wiki/Daily-Failures A current list from today shows:

nadrojisk commented 7 months ago

Thanks for the suggestion @emtuls. I attempted to remove the source and add the new one. However all the old packages are suffixed under .flare which isn't the case anymore. I'll do a fresh install.

Do you know if moving forward flare will be more "stable" with trying to update the packages and install new ones added? It's nice to be able to just upgrade the VM especially since usually I'll add in plugins and what not.

emtuls commented 7 months ago

Hmmm. I wonder if removing those names from your choco cache might alleviate that. At the very least, while it may say failure, if you're using the new script and source, you should have the latest versions them still in the -mostly- same places. The only differences I can think of would likely be if there was a category change.

We definitely try to not change package names (and categories) as much as possible! Though it may happy from time to time. The biggest difference I believe that happened since that time frame may have been the open sourcing of our packages, which had a lot of changes. 😬

I'm sorry for the issues it caused! Thank you for letting us know. 🙂

nadrojisk commented 7 months ago

No worries! I ended up doing a fresh install. Thanks for your help though! :)