def rule(event):
    if all(
        [
            any(
                [
                    event.deep_get("Image", default="").endswith("\\eqnedt32.exe"),
                    event.deep_get("Image", default="").endswith("\\wordpad.exe"),
                    event.deep_get("Image", default="").endswith("\\wordview.exe"),
                    event.deep_get("Image", default="").endswith("\\cmdl32.exe"),
                    event.deep_get("Image", default="").endswith("\\certutil.exe"),
                    event.deep_get("Image", default="").endswith("\\certoc.exe"),
                    event.deep_get("Image", default="").endswith("\\CertReq.exe"),
                    event.deep_get("Image", default="").endswith("\\bitsadmin.exe"),
                    event.deep_get("Image", default="").endswith("\\Desktopimgdownldr.exe"),
                    event.deep_get("Image", default="").endswith("\\esentutl.exe"),
                    event.deep_get("Image", default="").endswith("\\expand.exe"),
                    event.deep_get("Image", default="").endswith("\\extrac32.exe"),
                    event.deep_get("Image", default="").endswith("\\replace.exe"),
                    event.deep_get("Image", default="").endswith("\\mshta.exe"),
                    event.deep_get("Image", default="").endswith("\\ftp.exe"),
                    event.deep_get("Image", default="").endswith("\\Ldifde.exe"),
                    event.deep_get("Image", default="").endswith("\\RdrCEF.exe"),
                    event.deep_get("Image", default="").endswith("\\hh.exe"),
                    event.deep_get("Image", default="").endswith("\\finger.exe"),
                    event.deep_get("Image", default="").endswith("\\findstr.exe"),
                ]
            ),
            any(
                [
                    ":\\Perflogs" in event.deep_get("TargetFilename", default=""),
                    ":\\ProgramData\\" in event.deep_get("TargetFilename", default=""),
                    ":\\Temp\\" in event.deep_get("TargetFilename", default=""),
                    ":\\Users\\Public\\" in event.deep_get("TargetFilename", default=""),
                    ":\\Windows\\" in event.deep_get("TargetFilename", default=""),
                    "\\$Recycle.Bin\\" in event.deep_get("TargetFilename", default=""),
                    "\\AppData\\Local\\" in event.deep_get("TargetFilename", default=""),
                    "\\AppData\\Roaming\\" in event.deep_get("TargetFilename", default=""),
                    "\\Contacts\\" in event.deep_get("TargetFilename", default=""),
                    "\\Desktop\\" in event.deep_get("TargetFilename", default=""),
                    "\\Favorites\\" in event.deep_get("TargetFilename", default=""),
                    "\\Favourites\\" in event.deep_get("TargetFilename", default=""),
                    "\\inetpub\\wwwroot\\" in event.deep_get("TargetFilename", default=""),
                    "\\Music\\" in event.deep_get("TargetFilename", default=""),
                    "\\Pictures\\" in event.deep_get("TargetFilename", default=""),
                    "\\Start Menu\\Programs\\Startup\\"
                    in event.deep_get("TargetFilename", default=""),
                    "\\Users\\Default\\" in event.deep_get("TargetFilename", default=""),
                    "\\Videos\\" in event.deep_get("TargetFilename", default=""),
                ]
            ),
        ]
    ):
        return True
    return False
