def rule(event):
    if any(
        [
            any(
                [
                    "\\goldenPac" in event.deep_get("Image", default=""),
                    "\\karmaSMB" in event.deep_get("Image", default=""),
                    "\\kintercept" in event.deep_get("Image", default=""),
                    "\\ntlmrelayx" in event.deep_get("Image", default=""),
                    "\\rpcdump" in event.deep_get("Image", default=""),
                    "\\samrdump" in event.deep_get("Image", default=""),
                    "\\secretsdump" in event.deep_get("Image", default=""),
                    "\\smbexec" in event.deep_get("Image", default=""),
                    "\\smbrelayx" in event.deep_get("Image", default=""),
                    "\\wmiexec" in event.deep_get("Image", default=""),
                    "\\wmipersist" in event.deep_get("Image", default=""),
                ]
            ),
            any(
                [
                    event.deep_get("Image", default="").endswith("\\atexec_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\dcomexec_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\dpapi_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\findDelegation_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\GetADUsers_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\GetNPUsers_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\getPac_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\getST_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\getTGT_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\GetUserSPNs_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\ifmap_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\mimikatz_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\netview_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\nmapAnswerMachine_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\opdump_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\psexec_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\rdp_check_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\sambaPipe_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\smbclient_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\smbserver_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\sniff_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\sniffer_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\split_windows.exe"),
                    event.deep_get("Image", default="").endswith("\\ticketer_windows.exe"),
                ]
            ),
        ]
    ):
        return True
    return False
