def rule(event):
    if all(
        [
            event.deep_get("Provider_Name", default="") == "Service Control Manager",
            event.deep_get("EventID", default="") in [7045, 7036],
            any(
                [
                    any(
                        [
                            "cachedump" in event.deep_get("ServiceName", default=""),
                            "DumpSvc" in event.deep_get("ServiceName", default=""),
                            "gsecdump" in event.deep_get("ServiceName", default=""),
                            "pwdump" in event.deep_get("ServiceName", default=""),
                            "UACBypassedService" in event.deep_get("ServiceName", default=""),
                            "WCE SERVICE" in event.deep_get("ServiceName", default=""),
                            "WCESERVICE" in event.deep_get("ServiceName", default=""),
                            "winexesvc" in event.deep_get("ServiceName", default=""),
                        ]
                    ),
                    "bypass" in event.deep_get("ImagePath", default=""),
                ]
            ),
        ]
    ):
        return True
    return False
