Product
This rule detects file name patterns generated by the use of Sysinternals SDelete utility, which attackers may abuse to delete forensic indicators and hinder recovery efforts after ransomware or data theft.