This analytic rule identifies instances where a process attempts to delete its own file path, a behavior often indicative of defense evasion techniques used by malware. The detection leverages Sysmon EventCode 1 logs by focusing on command lines executed through cmd.exe that contain file deletion commands. Such behavior is commonly associated with malware such as Clop ransomware, which may try to evade detection by removing its executable file, enabling persistence without being tracked. The analytic is vital as it aids in identifying potential malicious activities that could compromise incident response and remediation efforts.