This detection rule is focused on identifying attempts to delete the `RunMRU` registry key in Windows systems. The `RunMRU` key is crucial as it stores the history of commands that users have executed through the run dialog (Win + R). By targeting this key, attackers may attempt to eliminate traces of their activity and commands executed during their malicious operations. This rule leverages the `registry_delete` category to monitor for specific deletion actions on the registry path corresponding to the `RunMRU`. Given that phishing techniques can coax users into running malicious commands via the run dialog, monitoring for unauthorized deletion of this registry key is essential to detect potential post-exploitation activities. This rule is classified under the high severity level due to its relevance to defense evasion tactics.