---
Name: AcroRd32.exe
Description: Execute
Author: ''
Created: 2018-05-25
Commands:
  - Command: Replace C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe by your binary
    Description: Hijack RdrCEF.exe with a payload executable to launch when opening Adobe
Full_Path:
  - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\
Code_Sample: []
Detection: []
Resources:
  - https://twitter.com/pabraeken/status/997997818362155008
Acknowledgement:
  - Person: Pierre-Alexandre Braeken
    Handle: '@pabraeken'