Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN
SECRET//NOFORN
IOC ERB:
10
IV&V Observations (cont.)
Observation 5:
Context: On Windows Vista SP2, 64-bit OS with Kaspersky
Internet Security at default and high settings, seven events are
captured in the log file:
First: Log showed the actual name of the executable and is
classified by Kaspersky as a ‘Low Restricted Object’
The remaining six log events displayed the name of the executable
and the path to the Google Chrome browser’s cache file. These log
events presented a link between the executable and the browser’s
cache file. EZCheese was still able to collect browser data
Impact: Unauthorized activity on the target may be discovered
Workaround/Recommendation: Update the User Manual to note
this behavior