Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
Elsa User Manual.doc
24
SECRET//NOFORN
2) There should only be one entry. Forcefully kill that process using the pid:
> taskkill /f /pid <pid from last step>
3) Remove the dll and log files
9.4 (S) AppInit Mode Uninstall
(S) To uninstall Elsa running in AppInit Mode:
1) Reset the registry keys edited during install to their original state
2) Remove the log file and dll
3) Elsa may already be running in the process it was injected into. There is
currently no method for stopping the dll without stopping that host
process. As such the operator must decide whether or not to kill the host
process or wait for that process to naturally stop – at which point Elsa will
have permanently stopped running.