WikiLeaks - Dumbo v3.0 -

Dumbo User Guide — SECRET//NOFORN
▻https://wikileaks.org/vault7/document/Dumbo-v3_0-User_Guide/Dumbo-v3_0-User_Guide.pdf

1.0 (U) Introduction
(S) Dumbo runs on a target to which we have physical access, mutes all microphones, disables all network adapters, suspends any processes using a camera recording device, and notifies the operator of any files to which those processes were actively writing so that they may be selectively corrupted or deleted.
[…]
2.0 (U) System Overview
(U) The tool is meant to be executed on a target machine directly from a USB thumb drive. The application requires being run as SYSTEM. Dumbo will log all actions taken either automatically, or manually by the operator, in a file called “log.txt” located in the same folder as the tool’s execution. Dumbo will also log all processes running at the start of its execution in a file called “proclist.txt” located in the same folder as the tool’s execution.

• GUI.exe: Main executable for Dumbo v3.0. Requires being run as SYSTEM. If run as Administrator, the tool will attempt to restart itself as SYSTEM. This file can be renamed as desired.
GUI.exe Command-Line Options:
-n : do not automatically disable network or Bluetooth adapters
• scanner.sys: Driver necessary for tool to run correctly on 32 bit Windows XP. Driver will automatically be installed and removed, if necessary. Driver must be named “scanner.sys” and be located in the same folder as the main executable. The driver is not needed, and will not be installed, on any operating system other than 32 bit Windows XP.

• wscupd.exe: Executable used to create a blue screen on 32 bit operating systems. This file must be named “wscupd.exe” and be in the same folder as the main executable.

• wermgr.exe: Executable used to create a blue screen on 64 bit operating systems. This file must be named “wermgr.exe” and be in the same folder as the main executable.