--- Name: AcroRd32.exe Description: Execute Author: '' Created: 2018-05-25 Categories: [] Commands: - Command: Replace C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe by your binary Description: Hijack RdrCEF.exe with a payload executable to launch when opening Adobe Full_Path: - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ Code_Sample: [] Detection: [] Resources: - https://twitter.com/pabraeken/status/997997818362155008 Acknowledgement: - Person: Pierre-Alexandre Braeken Handle: '@pabraeken'