def rule(event):
    if all(
        [
            event.deep_get("EventID", default="") == 5145,
            any(
                [
                    any(
                        [
                            "\\mimidrv" in event.deep_get("RelativeTargetName", default=""),
                            "\\lsass" in event.deep_get("RelativeTargetName", default=""),
                            "\\windows\\minidump\\"
                            in event.deep_get("RelativeTargetName", default=""),
                            "\\hiberfil" in event.deep_get("RelativeTargetName", default=""),
                            "\\sqldmpr" in event.deep_get("RelativeTargetName", default=""),
                        ]
                    ),
                    event.deep_get("RelativeTargetName", default="")
                    in [
                        "Windows\\NTDS\\ntds.dit",
                        "Windows\\System32\\config\\SAM",
                        "Windows\\System32\\config\\SECURITY",
                        "Windows\\System32\\config\\SYSTEM",
                    ],
                ]
            ),
        ]
    ):
        return True
    return False
