This detection rule aims to identify potentially malicious execution of scripts through the Node.js executable that comes packaged with Adobe Creative Cloud. The rule specifically monitors for the process creation of Node.js located in the 'Adobe Creative Cloud Experience' directory. It sets specific conditions where the image path must end with the Node.js executable, while filtering out command line executions that contain certain strings related to legitimate usage within the Adobe environment. By creating this refined selection, the rule seeks to flag any unauthorized or suspicious activity that may indicate abuse for nefarious purposes, such as evading defenses by leveraging trusted software. The context surrounding the usage of the Node executable from Adobe Creative Cloud is critical, as attackers often exploit legitimate tools to perform malicious actions without detection. By focusing on this area, the detection aims to enhance visibility into potential threat vectors stemming from user systems that have Adobe Creative Cloud installed.