diff --git a/rules/windows/process_creation/win_susp_replace_lolbin.yml b/rules/windows/process_creation/win_susp_replace_lolbin.yml
deleted file mode 100644
index d530fec79..000000000
--- a/rules/windows/process_creation/win_susp_replace_lolbin.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-title: Ingress Tool Transfer Using Replace.exe
-id: 6ccf0c00-1061-4195-a724-6d9c0058b036
-description: Detect Copy and Download operations using Replace.exe.
-status: experimental
-references:
-  - https://lolbas-project.github.io/lolbas/Binaries/Replace
-author: Jonhnathan Ribeiro, oscd.community
-date: 2020/10/07
-tags:
-  - attack.command_and_control
-  - attack.t1105
-logsource:
-  category: process_creation
-  product: windows
-detection:
-  selection:
-    Image|endswith:
-      - '\replace.exe'
-    CommandLine|contains:
-      - "\\\\\\\\"
-      - "/A"
-  condition: selection
-falsepositives:
-  - Legitimate use of the binary
-level: low