Adobe CC Setup
2025-02-21 by Freddy Ouzan (@falsneg), John Harrison (@Cratez)
Adobe performs...process injection??
Adobe Creative Cloud setup spawns and injects code to explorer.exe for deleting itself. The injected function calls WaitForSingleObject(INFINITE) on the injector's process duplicated handle, then CloseHandle it, follows to loop over DeleteFileW to retry while it fails with an inner Sleep(1000) until success, then calls ExitProcess(0).