LOLBAS/Archive-Old-Version/LOLUtilz/OtherBinaries/AcroRd32.yml

---
Name: AcroRd32.exe
Description: Execute
Author: ''
Created: 2018-05-25
Commands:
  - Command: Replace C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe by your binary
    Description: Hijack RdrCEF.exe with a payload executable to launch when opening Adobe
Full_Path:
  - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\
Code_Sample: []
Detection: []
Resources:
  - https://twitter.com/pabraeken/status/997997818362155008
Acknowledgement:
  - Person: Pierre-Alexandre Braeken
    Handle: '@pabraeken'
Initial commit - LOLBAS V2.0 2018-06-09 00:15:06 +02:00			`---`
			`Name: AcroRd32.exe`
			`Description: Execute`
			`Author: ''`
Standardise date formats (see https://yaml.org/type/timestamp.html) 2021-01-10 16:04:52 +01:00			`Created: 2018-05-25`
Initial commit - LOLBAS V2.0 2018-06-09 00:15:06 +02:00			`Commands:`
			`- Command: Replace C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe by your binary`
			`Description: Hijack RdrCEF.exe with a payload executable to launch when opening Adobe`
Major changes to Web portal - Small fixes to source files to adjust 2018-12-10 14:28:12 +01:00			`Full_Path:`
Initial commit - LOLBAS V2.0 2018-06-09 00:15:06 +02:00			`- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\`
Major changes to Web portal - Small fixes to source files to adjust 2018-12-10 14:28:12 +01:00			`Code_Sample: []`
Initial commit - LOLBAS V2.0 2018-06-09 00:15:06 +02:00			`Detection: []`
			`Resources:`
			`- https://twitter.com/pabraeken/status/997997818362155008`
Fixed acknowledgements 2021-01-10 16:45:25 +01:00			`Acknowledgement:`
			`- Person: Pierre-Alexandre Braeken`
			`Handle: '@pabraeken'`