def rule(event):
    if any(
        [
            any(
                [
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Add-ConstrainedDelegationBackdoor.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Add-Exfiltration.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Add-Persistence.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Add-RegBackdoor.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Add-RemoteRegBackdoor.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Add-ScrnSaveBackdoor.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\ADRecon.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\AzureADRecon.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\BadSuccessor.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Check-VM.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\ConvertTo-ROT13.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Copy-VSS.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Create-MultipleSessions.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\DNS_TXT_Pwnage.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\dnscat2.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Do-Exfiltration.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\DomainPasswordSpray.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Download_Execute.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Download-Execute-PS.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Enable-DuplicateToken.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Enabled-DuplicateToken.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Execute-Command-MSSQL.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Execute-DNSTXT-Code.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Execute-OnTime.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\ExetoText.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Exploit-Jboss.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Find-AVSignature.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Find-Fruit.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Find-GPOLocation.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Find-TrustedDocuments.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\FireBuster.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\FireListener.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Get-ApplicationHost.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-ChromeDump.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Get-ClipboardContents.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Get-ComputerDetail.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-FoxDump.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-GPPAutologon.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-GPPPassword.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-IndexedItem.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-Keystrokes.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-LSASecret.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Get-MicrophoneAudio.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-PassHashes.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-PassHints.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Get-RegAlwaysInstallElevated.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-RegAutoLogon.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-RickAstley.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-Screenshot.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Get-SecurityPackages.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Get-ServiceFilePermission.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Get-ServicePermission.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Get-ServiceUnquoted.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Get-SiteListPassword.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-System.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Get-TimedScreenshot.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Get-UnattendedInstallFile.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Get-Unconstrained.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Get-USBKeystrokes.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Get-VaultCredential.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-VulnAutoRun.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-VulnSchTask.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-WebConfig.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Get-WebCredentials.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Get-WLAN-Keys.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Gupt-Backdoor.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\HTTP-Backdoor.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\HTTP-Login.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Install-ServiceBinary.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Install-SSP.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-ACLScanner.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-ADSBackdoor.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-AmsiBypass.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-ARPScan.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-BackdoorLNK.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-BadPotato.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-BetterSafetyKatz.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-BruteForce.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-BypassUAC.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Carbuncle.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Certify.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-ConPtyShell.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-CredentialInjection.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-CredentialsPhish.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-DAFT.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-DCSync.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Decode.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-DinvokeKatz.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-DllInjection.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-DNSExfiltrator.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-DNSUpdate.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-DowngradeAccount.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-EgressCheck.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Encode.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-EventViewer.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-Eyewitness.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-FakeLogonScreen.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Farmer.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-Get-RBCD-Threaded.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Gopher.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Grouper2.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Grouper3.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-HandleKatz.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-Interceptor.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-Internalmonologue.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Inveigh.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-InveighRelay.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-JSRatRegsvr.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-JSRatRundll.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-KrbRelay.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-KrbRelayUp.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-LdapSignCheck.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Lockless.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-MalSCCM.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Mimikatz.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-MimikatzWDigestDowngrade.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-Mimikittenz.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-MITM6.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-NanoDump.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-NetRipper.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-NetworkRelay.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-NinjaCopy.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-OxidResolver.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-P0wnedshell.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-P0wnedshellx86.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Paranoia.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-PortScan.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-PoshRatHttp.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-PoshRatHttps.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-PostExfil.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-PowerDump.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-PowerDPAPI.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-PowerShellIcmp.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-PowerShellTCP.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-PowerShellTcpOneLine.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-PowerShellTcpOneLineBind.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-PowerShellUdp.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-PowerShellUdpOneLine.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-PowerShellWMI.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-PowerThIEf.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-PPLDump.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Prasadhak.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-PsExec.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-PsGcat.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-PsGcatAgent.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-PSInject.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-PsUaCme.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-ReflectivePEInjection.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-ReverseDNSLookup.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Rubeus.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-RunAs.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-SafetyKatz.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-SauronEye.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-SCShell.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Seatbelt.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-ServiceAbuse.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-SessionGopher.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-ShellCode.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-SMBScanner.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Snaffler.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-Spoolsample.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-SSHCommand.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-SSIDExfil.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-StandIn.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-StickyNotesExtract.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Tater.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-Thunderfox.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-ThunderStruck.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-TokenManipulation.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-Tokenvator.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-TotalExec.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-UrbanBishop.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-UserHunter.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-VoiceTroll.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Whisker.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-WinEnum.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-winPEAS.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-WireTap.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-WmiCommand.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Invoke-WScriptBypassUAC.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Invoke-Zerologon.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Keylogger.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\MailRaider.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\New-HoneyHash.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\OfficeMemScraper.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Offline_Winpwn.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Out-CHM.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Out-DnsTxt.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Out-Excel.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Out-HTA.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Out-Java.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Out-JS.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Out-Minidump.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Out-RundllCommand.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Out-SCF.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Out-SCT.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Out-Shortcut.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Out-WebQuery.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Out-Word.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Parse_Keys.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Port-Scan.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\PowerBreach.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\powercat.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Powermad.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\PowerRunAsSystem.psm1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\PowerSharpPack.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\PowerUp.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\PowerUpSQL.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\PowerView.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\PSAsyncShell.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\RemoteHashRetrieval.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Remove-Persistence.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Remove-PoshRat.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Remove-Update.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Run-EXEonRemote.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Schtasks-Backdoor.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Set-DCShadowPermissions.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Set-MacAttribute.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Set-RemotePSRemoting.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Set-RemoteWMI.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Set-Wallpaper.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Show-TargetScreen.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\Speak.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Start-CaptureServer.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\Start-WebcamRecorder.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\StringToBase64.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\TexttoExe.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\Veeam-Get-Creds.ps1"),
                    event.deep_get("TargetFilename", default="").endswith(
                        "\\VolumeShadowCopyTools.ps1"
                    ),
                    event.deep_get("TargetFilename", default="").endswith("\\WinPwn.ps1"),
                    event.deep_get("TargetFilename", default="").endswith("\\WSUSpendu.ps1"),
                ]
            ),
            all(
                [
                    "Invoke-Sharp" in event.deep_get("TargetFilename", default=""),
                    event.deep_get("TargetFilename", default="").endswith(".ps1"),
                ]
            ),
        ]
    ):
        return True
    return False
