import json


def rule(event):
    if all(
        [
            any(
                [
                    "Adfind" in json.dumps(event.to_dict()),
                    "ASP/BackDoor " in json.dumps(event.to_dict()),
                    "ATK/" in json.dumps(event.to_dict()),
                    "Backdoor.ASP" in json.dumps(event.to_dict()),
                    "Backdoor.Cobalt" in json.dumps(event.to_dict()),
                    "Backdoor.JSP" in json.dumps(event.to_dict()),
                    "Backdoor.PHP" in json.dumps(event.to_dict()),
                    "Blackworm" in json.dumps(event.to_dict()),
                    "Brutel" in json.dumps(event.to_dict()),
                    "BruteR" in json.dumps(event.to_dict()),
                    "Chopper" in json.dumps(event.to_dict()),
                    "Cobalt" in json.dumps(event.to_dict()),
                    "COBEACON" in json.dumps(event.to_dict()),
                    "Cometer" in json.dumps(event.to_dict()),
                    "CRYPTES" in json.dumps(event.to_dict()),
                    "Cryptor" in json.dumps(event.to_dict()),
                    "Destructor" in json.dumps(event.to_dict()),
                    "DumpCreds" in json.dumps(event.to_dict()),
                    "Exploit.Script.CVE" in json.dumps(event.to_dict()),
                    "FastReverseProxy" in json.dumps(event.to_dict()),
                    "Filecoder" in json.dumps(event.to_dict()),
                    "GrandCrab " in json.dumps(event.to_dict()),
                    "HackTool" in json.dumps(event.to_dict()),
                    "HKTL" in json.dumps(event.to_dict()),
                    "HTool-" in json.dumps(event.to_dict()),
                    "/HTool" in json.dumps(event.to_dict()),
                    ".HTool" in json.dumps(event.to_dict()),
                    "IISExchgSpawnCMD" in json.dumps(event.to_dict()),
                    "Impacket" in json.dumps(event.to_dict()),
                    "JSP/BackDoor " in json.dumps(event.to_dict()),
                    "Keylogger" in json.dumps(event.to_dict()),
                    "Koadic" in json.dumps(event.to_dict()),
                    "Krypt" in json.dumps(event.to_dict()),
                    "Lazagne" in json.dumps(event.to_dict()),
                    "Metasploit" in json.dumps(event.to_dict()),
                    "Meterpreter" in json.dumps(event.to_dict()),
                    "MeteTool" in json.dumps(event.to_dict()),
                    "mikatz" in json.dumps(event.to_dict()),
                    "Mimikatz" in json.dumps(event.to_dict()),
                    "Mpreter" in json.dumps(event.to_dict()),
                    "MsfShell" in json.dumps(event.to_dict()),
                    "Nighthawk" in json.dumps(event.to_dict()),
                    "Packed.Generic.347" in json.dumps(event.to_dict()),
                    "PentestPowerShell" in json.dumps(event.to_dict()),
                    "Phobos" in json.dumps(event.to_dict()),
                    "PHP/BackDoor " in json.dumps(event.to_dict()),
                    "Potato" in json.dumps(event.to_dict()),
                    "PowerSploit" in json.dumps(event.to_dict()),
                    "PowerSSH" in json.dumps(event.to_dict()),
                    "PshlSpy" in json.dumps(event.to_dict()),
                    "PSWTool" in json.dumps(event.to_dict()),
                    "PWCrack" in json.dumps(event.to_dict()),
                    "PWDump" in json.dumps(event.to_dict()),
                    "Ransom" in json.dumps(event.to_dict()),
                    "Rozena" in json.dumps(event.to_dict()),
                    "Ryzerlo" in json.dumps(event.to_dict()),
                    "Sbelt" in json.dumps(event.to_dict()),
                    "Seatbelt" in json.dumps(event.to_dict()),
                    "SecurityTool " in json.dumps(event.to_dict()),
                    "SharpDump" in json.dumps(event.to_dict()),
                    "Shellcode" in json.dumps(event.to_dict()),
                    "Sliver" in json.dumps(event.to_dict()),
                    "Splinter" in json.dumps(event.to_dict()),
                    "Swrort" in json.dumps(event.to_dict()),
                    "Tescrypt" in json.dumps(event.to_dict()),
                    "TeslaCrypt" in json.dumps(event.to_dict()),
                    "TurtleLoader" in json.dumps(event.to_dict()),
                    "Valyria" in json.dumps(event.to_dict()),
                    "Webshell" in json.dumps(event.to_dict()),
                ]
            ),
            not any(
                [
                    any(
                        [
                            "anti_ransomware_service.exe" in json.dumps(event.to_dict()),
                            "Anti-Ransomware" in json.dumps(event.to_dict()),
                            "Crack" in json.dumps(event.to_dict()),
                            "cyber-protect-service.exe" in json.dumps(event.to_dict()),
                            "encryptor" in json.dumps(event.to_dict()),
                            "Keygen" in json.dumps(event.to_dict()),
                        ]
                    ),
                    event.deep_get("Level", default="") == 4,
                    event.deep_get("Provider_Name", default="")
                    == "Microsoft-Windows-RestartManager",
                ]
            ),
        ]
    ):
        return True
    return False
