This detection rule identifies the execution of the 'del' command in Windows environments that utilizes greedy or wildcard expressions to delete files. This type of operation is commonly associated with malicious activities, where malware attempts to erase files that may contain remnants of the initial infection or other critical data that could evidence their presence. The rule focuses on monitoring the process creation logs for instances where the 'del' command or its equivalent 'erase' command is executed, especially in conjunction with patterns that suggest wildcards are being used to target multiple files or extensions. The rule applies to images ending in '\cmd.exe' or with the original file name of 'Cmd.Exe'. It narrows down the command line arguments to those that contain 'del' or 'erase', and it pays particular attention to commands that reference specific file extensions, such as '.au3', '.dll', '.exe', and '.js'. The comprehensive nature of this detection aims to bolster security postures by promptly identifying potentially harmful deletions during the file management operations of system processes.