Tag
Attackers can maintain persistence by replacing the legitimate RdrCEF.exe file, used by Adobe Acrobat Reader, with a malicious executable that will be launched upon execution of Adobe Acrobat Reader.