This detection rule identifies the use of schtasks.exe to create or delete scheduled tasks that could be associated with the BadRabbit ransomware. Specifically, it focuses on the command-line flags that indicate task manipulation related to this malware. By monitoring for these patterns through Sysmon EventID 1, the rule aggregates data regarding the execution of scheduled tasks on endpoints. The search filters for processes that either create or delete tasks and checks if these processes have specific names tied to BadRabbit. As such, this rule is useful for detecting potential ransomware activity through the scheduling of malicious tasks but has been marked as deprecated due to the existence of a more effective detection strategy in place.