def rule(event):
    if all(
        [
            any(
                [
                    any(
                        [
                            event.deep_get("Image", default="").endswith("\\powershell.exe"),
                            event.deep_get("Image", default="").endswith("\\pwsh.exe"),
                        ]
                    ),
                    event.deep_get("OriginalFileName", default="")
                    in ["PowerShell.EXE", "pwsh.dll"],
                ]
            ),
            any(
                [
                    any(
                        [
                            "VwBpAG4AMwAyAF8AUwBoAGEAZABvAHcAYwBvAHAAeQ"
                            in event.deep_get("CommandLine", default=""),
                            "cAaQBuADMAMgBfAFMAaABhAGQAbwB3AGMAbwBwAHkA"
                            in event.deep_get("CommandLine", default=""),
                            "XAGkAbgAzADIAXwBTAGgAYQBkAG8AdwBjAG8AcAB5A"
                            in event.deep_get("CommandLine", default=""),
                            "V2luMzJfU2hhZG93Y29we" in event.deep_get("CommandLine", default=""),
                            "dpbjMyX1NoYWRvd2NvcH" in event.deep_get("CommandLine", default=""),
                            "XaW4zMl9TaGFkb3djb3B5" in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                    any(
                        [
                            "VwBpAG4AMwAyAF8AUwBjAGgAZQBkAHUAbABlAGQASgBvAGIA"
                            in event.deep_get("CommandLine", default=""),
                            "cAaQBuADMAMgBfAFMAYwBoAGUAZAB1AGwAZQBkAEoAbwBiA"
                            in event.deep_get("CommandLine", default=""),
                            "XAGkAbgAzADIAXwBTAGMAaABlAGQAdQBsAGUAZABKAG8AYg"
                            in event.deep_get("CommandLine", default=""),
                            "V2luMzJfU2NoZWR1bGVkSm9i" in event.deep_get("CommandLine", default=""),
                            "dpbjMyX1NjaGVkdWxlZEpvY" in event.deep_get("CommandLine", default=""),
                            "XaW4zMl9TY2hlZHVsZWRKb2" in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                    any(
                        [
                            "VwBpAG4AMwAyAF8AUAByAG8AYwBlAHMAcw"
                            in event.deep_get("CommandLine", default=""),
                            "cAaQBuADMAMgBfAFAAcgBvAGMAZQBzAHMA"
                            in event.deep_get("CommandLine", default=""),
                            "XAGkAbgAzADIAXwBQAHIAbwBjAGUAcwBzA"
                            in event.deep_get("CommandLine", default=""),
                            "V2luMzJfUHJvY2Vzc" in event.deep_get("CommandLine", default=""),
                            "dpbjMyX1Byb2Nlc3" in event.deep_get("CommandLine", default=""),
                            "XaW4zMl9Qcm9jZXNz" in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                    any(
                        [
                            "VwBpAG4AMwAyAF8AVQBzAGUAcgBBAGMAYwBvAHUAbgB0A"
                            in event.deep_get("CommandLine", default=""),
                            "cAaQBuADMAMgBfAFUAcwBlAHIAQQBjAGMAbwB1AG4AdA"
                            in event.deep_get("CommandLine", default=""),
                            "XAGkAbgAzADIAXwBVAHMAZQByAEEAYwBjAG8AdQBuAHQA"
                            in event.deep_get("CommandLine", default=""),
                            "V2luMzJfVXNlckFjY291bn" in event.deep_get("CommandLine", default=""),
                            "dpbjMyX1VzZXJBY2NvdW50" in event.deep_get("CommandLine", default=""),
                            "XaW4zMl9Vc2VyQWNjb3Vud" in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                    any(
                        [
                            "VwBpAG4AMwAyAF8ATABvAGcAZwBlAGQATwBuAFUAcwBlAHIA"
                            in event.deep_get("CommandLine", default=""),
                            "cAaQBuADMAMgBfAEwAbwBnAGcAZQBkAE8AbgBVAHMAZQByA"
                            in event.deep_get("CommandLine", default=""),
                            "XAGkAbgAzADIAXwBMAG8AZwBnAGUAZABPAG4AVQBzAGUAcg"
                            in event.deep_get("CommandLine", default=""),
                            "V2luMzJfTG9nZ2VkT25Vc2Vy" in event.deep_get("CommandLine", default=""),
                            "dpbjMyX0xvZ2dlZE9uVXNlc" in event.deep_get("CommandLine", default=""),
                            "XaW4zMl9Mb2dnZWRPblVzZX" in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
