This detection rule targets files with suspicious double extensions, which are often indicative of malicious activity, especially in the Windows operating system. Malware authors frequently employ double extensions to exploit the fact that, by default, Windows hides known file extensions, potentially deceiving users into executing harmful files while appearing benign. For instance, a file named 'document.pdf.exe' could mislead an unsuspecting user into believing it is a safe PDF document, while it actually executes a Windows executable. This rule is built to detect such file naming conventions by analyzing dropped files that match certain criteria related to common executable and compressed file types. The detection logic looks for files that end with extensions typically associated with executables, archives, and documents. It strategically identifies patterns where these extensions could be concatenated misleadingly, triggering alerts for further investigation.