This analytic rule detects the execution of 7zip (7z, 7za) processes with command lines that reference SMB (Server Message Block) network shares, leveraging data sourced from various EDR agents like Sysmon and Windows Event Logs. The rule focuses on monitoring specific process names and their command-line arguments, recognizing that this behavior may indicate attempts to archive and exfiltrate sensitive data to shared network locations, which is a tactic associated with the techniques used by CONTI ransomware and other threat actors. If identified as malicious, such actions could lead to substantial data loss and further compromise of sensitive information, facilitating the success of subsequent attacks.