def rule(event):
    if all(
        [
            any(
                [
                    any(
                        [
                            "cmd.exe/c" in event.deep_get("CommandLine", default=""),
                            "\\cmd/c" in event.deep_get("CommandLine", default=""),
                            '"cmd/c' in event.deep_get("CommandLine", default=""),
                            "cmd.exe/k" in event.deep_get("CommandLine", default=""),
                            "\\cmd/k" in event.deep_get("CommandLine", default=""),
                            '"cmd/k' in event.deep_get("CommandLine", default=""),
                            "cmd.exe/r" in event.deep_get("CommandLine", default=""),
                            "\\cmd/r" in event.deep_get("CommandLine", default=""),
                            '"cmd/r' in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                    any(
                        [
                            "/cwhoami" in event.deep_get("CommandLine", default=""),
                            "/cpowershell" in event.deep_get("CommandLine", default=""),
                            "/cschtasks" in event.deep_get("CommandLine", default=""),
                            "/cbitsadmin" in event.deep_get("CommandLine", default=""),
                            "/ccertutil" in event.deep_get("CommandLine", default=""),
                            "/kwhoami" in event.deep_get("CommandLine", default=""),
                            "/kpowershell" in event.deep_get("CommandLine", default=""),
                            "/kschtasks" in event.deep_get("CommandLine", default=""),
                            "/kbitsadmin" in event.deep_get("CommandLine", default=""),
                            "/kcertutil" in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                    any(
                        [
                            "cmd.exe /c" in event.deep_get("CommandLine", default=""),
                            "cmd /c" in event.deep_get("CommandLine", default=""),
                            "cmd.exe /k" in event.deep_get("CommandLine", default=""),
                            "cmd /k" in event.deep_get("CommandLine", default=""),
                            "cmd.exe /r" in event.deep_get("CommandLine", default=""),
                            "cmd /r" in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                ]
            ),
            not any(
                [
                    any(
                        [
                            "cmd.exe /c " in event.deep_get("CommandLine", default=""),
                            "cmd /c " in event.deep_get("CommandLine", default=""),
                            "cmd.exe /k " in event.deep_get("CommandLine", default=""),
                            "cmd /k " in event.deep_get("CommandLine", default=""),
                            "cmd.exe /r " in event.deep_get("CommandLine", default=""),
                            "cmd /r " in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                    any(
                        [
                            "AppData\\Local\\Programs\\Microsoft VS Code\\resources\\app\\node_modules"
                            in event.deep_get("CommandLine", default=""),
                            event.deep_get("CommandLine", default="").endswith("cmd.exe/c ."),
                            event.deep_get("CommandLine", default="") == "cmd.exe /c",
                            event.deep_get("CommandLine", default="") == "cmd /c",
                        ]
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
