def rule(event):
    if all(
        [
            any(
                [
                    event.deep_get("ImageLoaded", default="").endswith("\\aclui.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\activeds.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\adsldpc.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\aepic.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\apphelp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\applicationframe.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\appvpolicy.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\appxalluserstore.dll"),
                    event.deep_get("ImageLoaded", default="").endswith(
                        "\\appxdeploymentclient.dll"
                    ),
                    event.deep_get("ImageLoaded", default="").endswith("\\archiveint.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\atl.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\audioses.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\auditpolcore.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\authfwcfg.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\authz.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\avrt.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\batmeter.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\bcd.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\bcp47langs.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\bcp47mrm.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\bcrypt.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\bderepair.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\bootmenuux.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\bootux.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\cabinet.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\cabview.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\certcli.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\certenroll.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\cfgmgr32.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\cldapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\clipc.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\clusapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\cmpbk32.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\cmutil.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\coloradapterclient.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\colorui.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\comdlg32.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\configmanager2.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\connect.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\coredplus.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\coremessaging.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\coreuicomponents.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\credui.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\cryptbase.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\cryptdll.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\cryptsp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\cryptui.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\cryptxml.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\cscapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\cscobj.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\cscui.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\d2d1.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\d3d10_1.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\d3d10_1core.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\d3d10.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\d3d10core.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\d3d10warp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\d3d11.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\d3d12.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\d3d9.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\d3dx9_43.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dataexchange.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\davclnt.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dcntel.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dcomp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\defragproxy.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\desktopshellext.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\deviceassociation.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\devicecredential.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\devicepairing.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\devobj.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\devrtl.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dhcpcmonitor.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dhcpcsvc.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dhcpcsvc6.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\directmanipulation.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dismapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dismcore.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dmcfgutils.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dmcmnutils.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dmcommandlineutils.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dmenrollengine.dll"),
                    event.deep_get("ImageLoaded", default="").endswith(
                        "\\dmenterprisediagnostics.dll"
                    ),
                    event.deep_get("ImageLoaded", default="").endswith("\\dmiso8601utils.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dmoleaututils.dll"),
                    event.deep_get("ImageLoaded", default="").endswith(
                        "\\dmprocessxmlfiltered.dll"
                    ),
                    event.deep_get("ImageLoaded", default="").endswith("\\dmpushproxy.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dmxmlhelputils.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dnsapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dot3api.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dot3cfg.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dpx.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\drprov.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\drvstore.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dsclient.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dsparse.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dsprop.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dsreg.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dsrole.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dui70.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\duser.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dusmapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dwmapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dwmcore.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dwrite.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dxcore.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dxgi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dxva2.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dynamoapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\eappcfg.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\eappprxy.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\edgeiso.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\edputil.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\efsadu.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\efsutil.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\esent.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\execmodelproxy.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\explorerframe.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\fastprox.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\faultrep.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\fddevquery.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\feclient.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\fhcfg.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\fhsvcctl.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\firewallapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\flightsettings.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\fltlib.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\framedynos.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\fveapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\fveskybackup.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\fvewiz.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\fwbase.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\fwcfg.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\fwpolicyiomgr.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\fwpuclnt.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\fxsapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\fxsst.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\fxstiff.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\getuname.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\gpapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\hid.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\hnetmon.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\httpapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\icmp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\idstore.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ieadvpack.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\iedkcs32.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\iernonce.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\iertutil.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ifmon.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ifsutil.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\inproclogger.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\iphlpapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\iri.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\iscsidsc.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\iscsium.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\isv.exe_rsaenh.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\iumbase.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\iumsdk.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\joinutil.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\kdstub.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ksuser.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ktmw32.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\licensemanagerapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\licensingdiagspp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\linkinfo.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\loadperf.dll"),
                    event.deep_get("ImageLoaded", default="").endswith(
                        "\\lockhostingframework.dll"
                    ),
                    event.deep_get("ImageLoaded", default="").endswith("\\logoncli.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\logoncontroller.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\lpksetupproxyserv.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\lrwizdll.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\magnification.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\maintenanceui.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mapistub.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mbaexmlparser.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mdmdiagnostics.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mfc42u.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mfcore.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mfplat.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\midimap.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mintdh.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\miutils.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mlang.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mmdevapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mobilenetworking.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mpr.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mprapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mrmcorer.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\msacm32.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mscms.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mscoree.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\msctf.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\msctfmonitor.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\msdrm.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\msdtctm.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\msftedit.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\msi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\msiso.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\msutb.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\msvcp110_win.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mswb7.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mswsock.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\msxml3.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\mtxclu.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\napinsp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ncrypt.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ndfapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\netapi32.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\netid.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\netiohlp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\netjoin.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\netplwiz.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\netprofm.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\netprovfw.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\netsetupapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\netshell.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\nettrace.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\netutils.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\networkexplorer.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\newdev.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ninput.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\nlaapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\nlansp_c.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\npmproxy.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\nshhttp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\nshipsec.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\nshwfp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ntdsapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ntlanman.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ntlmshared.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ntmarta.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ntshrui.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\oleacc.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\omadmapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\onex.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\opcservices.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\osbaseln.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\osksupport.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\osuninst.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\p2p.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\p2pnetsh.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\p9np.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\pcaui.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\pdh.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\peerdistsh.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\pkeyhelper.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\pla.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\playsndsrv.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\pnrpnsp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\policymanager.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\polstore.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\powrprof.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\printui.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\prntvpt.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\profapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\propsys.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\proximitycommon.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\proximityservicepal.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\prvdmofcomp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\puiapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\radcui.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\rasapi32.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\rasdlg.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\rasgcw.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\rasman.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\rasmontr.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\reagent.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\regapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\reseteng.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\resetengine.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\resutils.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\rmclient.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\rpcnsh.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\rsaenh.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\rtutils.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\rtworkq.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\samcli.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\samlib.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\sapi_onecore.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\sas.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\scansetting.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\scecli.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\schedcli.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\secur32.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\security.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\sensapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\shell32.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\shfolder.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\slc.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\snmpapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\spectrumsyncclient.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\spp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\sppc.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\sppcext.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\srclient.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\srcore.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\srmtrace.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\srpapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\srvcli.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ssp_isv.exe_rsaenh.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ssp.exe_rsaenh.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\sspicli.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ssshim.dll"),
                    event.deep_get("ImageLoaded", default="").endswith(
                        "\\staterepository.core.dll"
                    ),
                    event.deep_get("ImageLoaded", default="").endswith("\\structuredquery.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\sxshared.dll"),
                    event.deep_get("ImageLoaded", default="").endswith(
                        "\\systemsettingsthresholdadminflowui.dll"
                    ),
                    event.deep_get("ImageLoaded", default="").endswith("\\tapi32.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\tbs.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\tdh.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\textshaping.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\timesync.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\tpmcoreprovisioning.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\tquery.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\tsworkspace.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\ttdrecord.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\twext.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\twinapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\twinui.appcore.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\uianimation.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\uiautomationcore.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\uireng.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\uiribbon.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\umpdc.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\unattend.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\updatepolicy.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\upshared.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\urlmon.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\userenv.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\utildll.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\uxinit.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\uxtheme.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\vaultcli.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\vdsutil.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\version.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\virtdisk.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\vssapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\vsstrace.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wbemprox.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wbemsvc.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wcmapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wcnnetsh.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wdi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wdscore.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\webservices.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wecapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wer.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wevtapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\whhelper.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wimgapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\winbio.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\winbrand.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\windows.storage.dll"),
                    event.deep_get("ImageLoaded", default="").endswith(
                        "\\windows.storage.search.dll"
                    ),
                    event.deep_get("ImageLoaded", default="").endswith(
                        "\\windows.ui.immersive.dll"
                    ),
                    event.deep_get("ImageLoaded", default="").endswith("\\windowscodecs.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\windowscodecsext.dll"),
                    event.deep_get("ImageLoaded", default="").endswith(
                        "\\windowsudk.shellcommon.dll"
                    ),
                    event.deep_get("ImageLoaded", default="").endswith("\\winhttp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wininet.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\winipsec.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\winmde.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\winmm.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\winnsi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\winrnr.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\winscard.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\winsqlite3.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\winsta.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\winsync.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wkscli.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wlanapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wlancfg.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wldp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wlidprov.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wmiclnt.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wmidcom.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wmiutils.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wmpdui.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wmsgapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wofutil.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wpdshext.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wscapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wsdapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wshbth.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wshelper.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wsmsvc.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wtsapi32.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wwancfg.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wwapi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\xmllite.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\xolehlp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\xpsservices.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\xwizards.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\xwtpw32.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\amsi.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\appraiser.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\COMRES.DLL"),
                    event.deep_get("ImageLoaded", default="").endswith("\\cryptnet.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\DispBroker.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dsound.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\dxilconv.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\FxsCompose.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\FXSRESM.DLL"),
                    event.deep_get("ImageLoaded", default="").endswith("\\msdtcVSp1res.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\PrintIsolationProxy.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\rdpendp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\rpchttp.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\storageusage.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\utcutil.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\WfsR.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\igd10iumd64.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\igd12umd64.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\igdumdim64.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\igdusc64.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\TSMSISrv.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\TSVIPSrv.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wbemcomn.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\WLBSCTRL.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\wow64log.dll"),
                    event.deep_get("ImageLoaded", default="").endswith("\\WptsExtensions.dll"),
                ]
            ),
            not any(
                [
                    any(
                        [
                            "C:\\$WINDOWS.~BT\\" in event.deep_get("ImageLoaded", default=""),
                            "C:\\$WinREAgent\\" in event.deep_get("ImageLoaded", default=""),
                            "C:\\Windows\\SoftwareDistribution\\"
                            in event.deep_get("ImageLoaded", default=""),
                            "C:\\Windows\\System32\\" in event.deep_get("ImageLoaded", default=""),
                            "C:\\Windows\\SystemTemp\\"
                            in event.deep_get("ImageLoaded", default=""),
                            "C:\\Windows\\SysWOW64\\" in event.deep_get("ImageLoaded", default=""),
                            "C:\\Windows\\WinSxS\\" in event.deep_get("ImageLoaded", default=""),
                            "C:\\Windows\\SyChpe32\\" in event.deep_get("ImageLoaded", default=""),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("ImageLoaded", default="").startswith(
                                "C:\\Windows\\Temp\\"
                            ),
                            any(
                                [
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Windows\\WinSxS\\arm64"
                                    ),
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Windows\\UUS\\arm64\\"
                                    ),
                                ]
                            ),
                            any(
                                [
                                    event.deep_get("Image", default="").endswith("\\TiWorker.exe"),
                                    event.deep_get("Image", default="").endswith(
                                        "\\wuaucltcore.exe"
                                    ),
                                ]
                            ),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("ImageLoaded", default="").startswith(
                                "C:\\Windows\\Microsoft.NET\\"
                            ),
                            event.deep_get("ImageLoaded", default="").endswith("\\cscui.dll"),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("ImageLoaded", default="").startswith(
                                "C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\"
                            ),
                            event.deep_get("ImageLoaded", default="").endswith("\\version.dll"),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("ImageLoaded", default="").startswith(
                                "C:\\Program Files\\WindowsApps\\Microsoft.DirectXRuntime_"
                            ),
                            event.deep_get("ImageLoaded", default="").endswith("\\d3dx9_43.dll"),
                        ]
                    ),
                ]
            ),
            not any(
                [
                    all(
                        [
                            event.deep_get("ImageLoaded", default="").startswith(
                                "C:\\Program Files\\Microsoft\\Exchange Server\\"
                            ),
                            event.deep_get("ImageLoaded", default="").endswith("\\mswb7.dll"),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("ImageLoaded", default="").startswith(
                                "C:\\Program Files\\Arsenal-Image-Mounter-"
                            ),
                            any(
                                [
                                    event.deep_get("ImageLoaded", default="").endswith("\\mi.dll"),
                                    event.deep_get("ImageLoaded", default="").endswith(
                                        "\\miutils.dl"
                                    ),
                                ]
                            ),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("Image", default="")
                            == "C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\OfficeClickToRun.exe",
                            event.deep_get("ImageLoaded", default="")
                            == "C:\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppVPolicy.dll",
                        ]
                    ),
                    event.deep_get("ImageLoaded", default="").startswith(
                        "C:\\Packages\\Plugins\\Microsoft.GuestConfiguration.ConfigurationforWindows\\"
                    ),
                    all(
                        [
                            any(
                                [
                                    "C:\\Program Files\\WindowsApps\\DellInc.DellSupportAssistforPCs"
                                    in event.deep_get("Image", default=""),
                                    "C:\\Windows\\System32\\backgroundTaskHost.exe"
                                    in event.deep_get("Image", default=""),
                                ]
                            ),
                            event.deep_get("ImageLoaded", default="").startswith(
                                "C:\\Program Files\\WindowsApps\\DellInc.DellSupportAssistforPCs"
                            ),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("Image", default="").startswith(
                                "C:\\Program Files\\WindowsApps\\DellInc.DellSupportAssistforPCs"
                            ),
                            event.deep_get("Image", default="").endswith("\\wldp.dll"),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files\\CheckPoint\\"
                                    ),
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files (x86)\\CheckPoint\\"
                                    ),
                                ]
                            ),
                            event.deep_get("Image", default="").endswith("\\SmartConsole.exe"),
                            any(
                                [
                                    event.deep_get("ImageLoaded", default="").startswith(
                                        "C:\\Program Files\\CheckPoint\\"
                                    ),
                                    event.deep_get("ImageLoaded", default="").startswith(
                                        "C:\\Program Files (x86)\\CheckPoint\\"
                                    ),
                                ]
                            ),
                            event.deep_get("ImageLoaded", default="").endswith(
                                "\\PolicyManager.dll"
                            ),
                        ]
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
