Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
Next, if you have selected the check box Recharge Number of Runs then all payloads
and survey will have their max number of runs reset back to their original amount.
Next, if you have selected the check box Allow Retasking on Previous Targets then a
new GUID will be supplied to the DllPayload(64).dll allowing that dll to rewhack
computers it had already tagged.
4.6 Post Process of Collected Files
Post processing of the files is very easy. Post processor.exe must be ran as Admin.
The arguments for the Post Processor are as such:
PostProcessor -d <IN:PEM File> <IN:Folder to decrypt> <OUT:Name of output Folder>
4.7 Additional Software
4.7.1 Keygen.exe:
Keygen.exe produces a Public / Private key pair. The arguments are below:
KenGen.exe <file_to_store_pem.pem>
4.7.2 Extract WM Files.exe
This tool allows you to extract files off of a thumb drive with a covert storage
space on the thumb drive. This will allow the operator to extract files manually
from a thumb drive on target or back at station. The arguments are below:
ExtractWMFile.exe <Drive Letter> Optional:<Directory to store files>
If the Directory to store files is not filled out, then the files will be stored in a
folder named 1111 right next to the Extract WM Files.exe.
4.7.3 Get SN.exe
This tool will allow the operator to find the serial number of a thumb drive, either
on the target or back at station. The arguments are below:
GetSN.exe <Drive Letter>
4.7.4 Whack_Thumbdrive.exe
This tool is used by the GUI to whack a local thumb drive plugged into your
computer.
Whack_Thumbdrive.exe <Config.xml> <Drive letter>
23
SECRET//X1
CL BY: 2397517
REASON: 1.4(c)
DECL: 20361019
DRV: COL S-06