import re


def rule(event):
    if all(
        [
            event.deep_get("Initiated", default="") == "true",
            any(
                [
                    event.deep_get("DestinationHostname", default="").endswith(".t.me"),
                    event.deep_get("DestinationHostname", default="").endswith("4shared.com"),
                    event.deep_get("DestinationHostname", default="").endswith("abuse.ch"),
                    event.deep_get("DestinationHostname", default="").endswith("anonfiles.com"),
                    event.deep_get("DestinationHostname", default="").endswith(
                        "cdn.discordapp.com"
                    ),
                    event.deep_get("DestinationHostname", default="").endswith("cloudflare.com"),
                    event.deep_get("DestinationHostname", default="").endswith("ddns.net"),
                    event.deep_get("DestinationHostname", default="").endswith("discord.com"),
                    event.deep_get("DestinationHostname", default="").endswith("docs.google.com"),
                    event.deep_get("DestinationHostname", default="").endswith("drive.google.com"),
                    event.deep_get("DestinationHostname", default="").endswith("dropbox.com"),
                    event.deep_get("DestinationHostname", default="").endswith("dropmefiles.com"),
                    event.deep_get("DestinationHostname", default="").endswith("facebook.com"),
                    event.deep_get("DestinationHostname", default="").endswith(
                        "feeds.rapidfeeds.com"
                    ),
                    event.deep_get("DestinationHostname", default="").endswith("fotolog.com"),
                    event.deep_get("DestinationHostname", default="").endswith("ghostbin.co/"),
                    event.deep_get("DestinationHostname", default="").endswith(
                        "githubusercontent.com"
                    ),
                    event.deep_get("DestinationHostname", default="").endswith("gofile.io"),
                    event.deep_get("DestinationHostname", default="").endswith("hastebin.com"),
                    event.deep_get("DestinationHostname", default="").endswith("imgur.com"),
                    event.deep_get("DestinationHostname", default="").endswith("livejournal.com"),
                    event.deep_get("DestinationHostname", default="").endswith("mediafire.com"),
                    event.deep_get("DestinationHostname", default="").endswith("mega.co.nz"),
                    event.deep_get("DestinationHostname", default="").endswith("mega.nz"),
                    event.deep_get("DestinationHostname", default="").endswith("onedrive.com"),
                    event.deep_get("DestinationHostname", default="").endswith("pages.dev"),
                    event.deep_get("DestinationHostname", default="").endswith("paste.ee"),
                    event.deep_get("DestinationHostname", default="").endswith("pastebin.com"),
                    event.deep_get("DestinationHostname", default="").endswith("pastebin.pl"),
                    event.deep_get("DestinationHostname", default="").endswith("pastetext.net"),
                    event.deep_get("DestinationHostname", default="").endswith("pixeldrain.com"),
                    event.deep_get("DestinationHostname", default="").endswith("privatlab.com"),
                    event.deep_get("DestinationHostname", default="").endswith("privatlab.net"),
                    event.deep_get("DestinationHostname", default="").endswith("reddit.com"),
                    event.deep_get("DestinationHostname", default="").endswith("send.exploit.in"),
                    event.deep_get("DestinationHostname", default="").endswith("sendspace.com"),
                    event.deep_get("DestinationHostname", default="").endswith(
                        "steamcommunity.com"
                    ),
                    event.deep_get("DestinationHostname", default="").endswith(
                        "storage.googleapis.com"
                    ),
                    event.deep_get("DestinationHostname", default="").endswith(
                        "technet.microsoft.com"
                    ),
                    event.deep_get("DestinationHostname", default="").endswith("temp.sh"),
                    event.deep_get("DestinationHostname", default="").endswith("transfer.sh"),
                    event.deep_get("DestinationHostname", default="").endswith("trycloudflare.com"),
                    event.deep_get("DestinationHostname", default="").endswith("twitter.com"),
                    event.deep_get("DestinationHostname", default="").endswith("ufile.io"),
                    event.deep_get("DestinationHostname", default="").endswith("vimeo.com"),
                    event.deep_get("DestinationHostname", default="").endswith("w3spaces.com"),
                    event.deep_get("DestinationHostname", default="").endswith("wetransfer.com"),
                    event.deep_get("DestinationHostname", default="").endswith("workers.dev"),
                    event.deep_get("DestinationHostname", default="").endswith("youtube.com"),
                ]
            ),
            not any(
                [
                    event.deep_get("Image", default="")
                    in [
                        "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe",
                        "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                    ],
                    all(
                        [
                            event.deep_get("Image", default="").startswith("C:\\Users\\"),
                            event.deep_get("Image", default="").endswith(
                                "\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe"
                            ),
                        ]
                    ),
                    event.deep_get("Image", default="")
                    in [
                        "C:\\Program Files\\Mozilla Firefox\\firefox.exe",
                        "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
                    ],
                    all(
                        [
                            event.deep_get("Image", default="").startswith("C:\\Users\\"),
                            event.deep_get("Image", default="").endswith(
                                "\\AppData\\Local\\Mozilla Firefox\\firefox.exe"
                            ),
                        ]
                    ),
                    event.deep_get("Image", default="")
                    in [
                        "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe",
                        "C:\\Program Files\\Internet Explorer\\iexplore.exe",
                    ],
                    any(
                        [
                            event.deep_get("Image", default="").startswith(
                                "C:\\Program Files (x86)\\Microsoft\\EdgeWebView\\Application\\"
                            ),
                            event.deep_get("Image", default="").endswith(
                                "\\WindowsApps\\MicrosoftEdge.exe"
                            ),
                            event.deep_get("Image", default="")
                            in [
                                "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe",
                                "C:\\Program Files\\Microsoft\\Edge\\Application\\msedge.exe",
                            ],
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files (x86)\\Microsoft\\EdgeCore\\"
                                    ),
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files\\Microsoft\\EdgeCore\\"
                                    ),
                                ]
                            ),
                            any(
                                [
                                    event.deep_get("Image", default="").endswith("\\msedge.exe"),
                                    event.deep_get("Image", default="").endswith(
                                        "\\msedgewebview2.exe"
                                    ),
                                ]
                            ),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    "C:\\Program Files (x86)\\Safari\\"
                                    in event.deep_get("Image", default=""),
                                    "C:\\Program Files\\Safari\\"
                                    in event.deep_get("Image", default=""),
                                ]
                            ),
                            event.deep_get("Image", default="").endswith("\\safari.exe"),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    "C:\\Program Files\\Windows Defender Advanced Threat Protection\\"
                                    in event.deep_get("Image", default=""),
                                    "C:\\Program Files\\Windows Defender\\"
                                    in event.deep_get("Image", default=""),
                                    "C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\"
                                    in event.deep_get("Image", default=""),
                                ]
                            ),
                            any(
                                [
                                    event.deep_get("Image", default="").endswith("\\MsMpEng.exe"),
                                    event.deep_get("Image", default="").endswith("\\MsSense.exe"),
                                ]
                            ),
                        ]
                    ),
                    any(
                        [
                            event.deep_get("Image", default="").endswith(
                                "C:\\Program Files (x86)\\PRTG Network Monitor\\PRTG Probe.exe"
                            ),
                            event.deep_get("Image", default="").endswith(
                                "C:\\Program Files\\PRTG Network Monitor\\PRTG Probe.exe"
                            ),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("Image", default="").startswith(
                                "C:\\Program Files\\BraveSoftware\\"
                            ),
                            event.deep_get("Image", default="").endswith("\\brave.exe"),
                        ]
                    ),
                    all(
                        [
                            "\\AppData\\Local\\Maxthon\\" in event.deep_get("Image", default=""),
                            event.deep_get("Image", default="").endswith("\\maxthon.exe"),
                        ]
                    ),
                    all(
                        [
                            "\\AppData\\Local\\Programs\\Opera\\"
                            in event.deep_get("Image", default=""),
                            event.deep_get("Image", default="").endswith("\\opera.exe"),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files\\SeaMonkey\\"
                                    ),
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files (x86)\\SeaMonkey\\"
                                    ),
                                ]
                            ),
                            event.deep_get("Image", default="").endswith("\\seamonkey.exe"),
                        ]
                    ),
                    all(
                        [
                            "\\AppData\\Local\\Vivaldi\\" in event.deep_get("Image", default=""),
                            event.deep_get("Image", default="").endswith("\\vivaldi.exe"),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files\\Naver\\Naver Whale\\"
                                    ),
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files (x86)\\Naver\\Naver Whale\\"
                                    ),
                                ]
                            ),
                            event.deep_get("Image", default="").endswith("\\whale.exe"),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files\\Waterfox\\"
                                    ),
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files (x86)\\Waterfox\\"
                                    ),
                                ]
                            ),
                            event.deep_get("Image", default="").endswith("\\Waterfox.exe"),
                        ]
                    ),
                    all(
                        [
                            "\\AppData\\Local\\Programs\\midori-ng\\"
                            in event.deep_get("Image", default=""),
                            event.deep_get("Image", default="").endswith(
                                "\\Midori Next Generation.exe"
                            ),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files\\SlimBrowser\\"
                                    ),
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files (x86)\\SlimBrowser\\"
                                    ),
                                ]
                            ),
                            event.deep_get("Image", default="").endswith("\\slimbrowser.exe"),
                        ]
                    ),
                    all(
                        [
                            "\\AppData\\Local\\Flock\\" in event.deep_get("Image", default=""),
                            event.deep_get("Image", default="").endswith("\\Flock.exe"),
                        ]
                    ),
                    all(
                        [
                            "\\AppData\\Local\\Phoebe\\" in event.deep_get("Image", default=""),
                            event.deep_get("Image", default="").endswith("\\Phoebe.exe"),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files\\Falkon\\"
                                    ),
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files (x86)\\Falkon\\"
                                    ),
                                ]
                            ),
                            event.deep_get("Image", default="").endswith("\\falkon.exe"),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files (x86)\\QtWeb\\"
                                    ),
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files\\QtWeb\\"
                                    ),
                                ]
                            ),
                            event.deep_get("Image", default="").endswith("\\QtWeb.exe"),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files (x86)\\Avant Browser\\"
                                    ),
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files\\Avant Browser\\"
                                    ),
                                ]
                            ),
                            event.deep_get("Image", default="").endswith("\\avant.exe"),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files (x86)\\WindowsApps\\"
                                    ),
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files\\WindowsApps\\"
                                    ),
                                ]
                            ),
                            event.deep_get("Image", default="").endswith("\\WhatsApp.exe"),
                            event.deep_get("DestinationHostname", default="").endswith(
                                "facebook.com"
                            ),
                        ]
                    ),
                    all(
                        [
                            "\\AppData\\Roaming\\Telegram Desktop\\"
                            in event.deep_get("Image", default=""),
                            event.deep_get("Image", default="").endswith("\\Telegram.exe"),
                            event.deep_get("DestinationHostname", default="").endswith(".t.me"),
                        ]
                    ),
                    all(
                        [
                            "\\AppData\\Local\\Microsoft\\OneDrive\\"
                            in event.deep_get("Image", default=""),
                            event.deep_get("Image", default="").endswith("\\OneDrive.exe"),
                            event.deep_get("DestinationHostname", default="").endswith(
                                "onedrive.com"
                            ),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files (x86)\\Dropbox\\Client\\"
                                    ),
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files\\Dropbox\\Client\\"
                                    ),
                                ]
                            ),
                            any(
                                [
                                    event.deep_get("Image", default="").endswith("\\Dropbox.exe"),
                                    event.deep_get("Image", default="").endswith(
                                        "\\DropboxInstaller.exe"
                                    ),
                                ]
                            ),
                            event.deep_get("DestinationHostname", default="").endswith(
                                "dropbox.com"
                            ),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").endswith("\\MEGAsync.exe"),
                                    re.match(
                                        r"^.*\\MEGAsyncSetup32_.*RC.exe$",
                                        event.deep_get("Image", default=""),
                                    ),
                                    event.deep_get("Image", default="").endswith(
                                        "\\MEGAsyncSetup32.exe"
                                    ),
                                    event.deep_get("Image", default="").endswith(
                                        "\\MEGAsyncSetup64.exe"
                                    ),
                                    event.deep_get("Image", default="").endswith(
                                        "\\MEGAupdater.exe"
                                    ),
                                ]
                            ),
                            any(
                                [
                                    event.deep_get("DestinationHostname", default="").endswith(
                                        "mega.co.nz"
                                    ),
                                    event.deep_get("DestinationHostname", default="").endswith(
                                        "mega.nz"
                                    ),
                                ]
                            ),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    "C:\\Program Files\\Google\\Drive File Stream\\"
                                    in event.deep_get("Image", default=""),
                                    "C:\\Program Files (x86)\\Google\\Drive File Stream\\"
                                    in event.deep_get("Image", default=""),
                                ]
                            ),
                            event.deep_get("Image", default="").endswith("GoogleDriveFS.exe"),
                            event.deep_get("DestinationHostname", default="").endswith(
                                "drive.google.com"
                            ),
                        ]
                    ),
                    all(
                        [
                            "\\AppData\\Local\\Discord\\" in event.deep_get("Image", default=""),
                            event.deep_get("Image", default="").endswith("\\Discord.exe"),
                            any(
                                [
                                    event.deep_get("DestinationHostname", default="").endswith(
                                        "discord.com"
                                    ),
                                    event.deep_get("DestinationHostname", default="").endswith(
                                        "cdn.discordapp.com"
                                    ),
                                ]
                            ),
                        ]
                    ),
                    event.deep_get("Image", default="") == "",
                    event.deep_get("Image", default="") == "",
                ]
            ),
        ]
    ):
        return True
    return False
