def rule(event):
    if all(
        [
            event.deep_get("TargetImage", default="").endswith("\\lsass.exe"),
            event.deep_get("GrantedAccess", default="").endswith("10"),
            not any(
                [
                    event.deep_get("SourceImage", default="")
                    in [
                        "C:\\Program Files\\Common Files\\McAfee\\MMSSHost\\MMSSHOST.exe",
                        "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe",
                        "C:\\Program Files\\Windows Defender\\MsMpEng.exe",
                        "C:\\PROGRAMDATA\\MALWAREBYTES\\MBAMSERVICE\\ctlrupdate\\mbupdatr.exe",
                        "C:\\Windows\\System32\\lsass.exe",
                        "C:\\Windows\\System32\\msiexec.exe",
                        "C:\\WINDOWS\\System32\\perfmon.exe",
                        "C:\\WINDOWS\\system32\\taskhostw.exe",
                        "C:\\WINDOWS\\system32\\taskmgr.exe",
                        "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe",
                        "C:\\Windows\\SysWOW64\\msiexec.exe",
                        "C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe",
                    ],
                    all(
                        [
                            event.deep_get("SourceImage", default="").startswith(
                                "C:\\ProgramData\\Microsoft\\Windows Defender\\"
                            ),
                            event.deep_get("SourceImage", default="").endswith("\\MsMpEng.exe"),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("SourceImage", default="").startswith(
                                "C:\\Program Files\\WindowsApps\\"
                            ),
                            event.deep_get("SourceImage", default="").endswith(
                                "\\GamingServices.exe"
                            ),
                        ]
                    ),
                    any(
                        [
                            event.deep_get("SourceImage", default="").endswith("\\PROCEXP64.EXE"),
                            event.deep_get("SourceImage", default="").endswith("\\PROCEXP.EXE"),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("SourceImage", default="").startswith(
                                "C:\\ProgramData\\VMware\\VMware Tools\\"
                            ),
                            event.deep_get("SourceImage", default="").endswith("\\vmtoolsd.exe"),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("SourceImage", default="").startswith(
                                        "C:\\Program Files\\"
                                    ),
                                    event.deep_get("SourceImage", default="").startswith(
                                        "C:\\Program Files (x86)\\"
                                    ),
                                ]
                            ),
                            "Antivirus" in event.deep_get("SourceImage", default=""),
                        ]
                    ),
                    any(
                        [
                            event.deep_get("SourceImage", default="").endswith("\\thor64.exe"),
                            event.deep_get("SourceImage", default="").endswith("\\thor.exe"),
                            event.deep_get("SourceImage", default="").endswith(
                                "\\aurora-agent-64.exe"
                            ),
                            event.deep_get("SourceImage", default="").endswith(
                                "\\aurora-agent.exe"
                            ),
                        ]
                    ),
                    all(
                        [
                            "\\AppData\\Local\\Temp\\" in event.deep_get("SourceImage", default=""),
                            "\\vs_bootstrapper_" in event.deep_get("SourceImage", default=""),
                            event.deep_get("GrantedAccess", default="") == "0x1410",
                        ]
                    ),
                    any(
                        [
                            event.deep_get("SourceImage", default="").startswith(
                                "C:\\Program Files\\"
                            ),
                            event.deep_get("SourceImage", default="").startswith(
                                "C:\\Program Files (x86)\\"
                            ),
                            event.deep_get("SourceImage", default="").startswith(
                                "C:\\WINDOWS\\system32\\"
                            ),
                        ]
                    ),
                    event.deep_get("SourceCommandLine", default="")
                    == "C:\\WINDOWS\\system32\\wermgr.exe -upload",
                    all(
                        [
                            "C:\\Users\\" in event.deep_get("SourceImage", default=""),
                            "\\AppData\\Local\\" in event.deep_get("SourceImage", default=""),
                            any(
                                [
                                    event.deep_get("SourceImage", default="").endswith(
                                        "\\Microsoft VS Code\\Code.exe"
                                    ),
                                    event.deep_get("SourceImage", default="").endswith(
                                        "\\software_reporter_tool.exe"
                                    ),
                                    event.deep_get("SourceImage", default="").endswith(
                                        "\\DropboxUpdate.exe"
                                    ),
                                    event.deep_get("SourceImage", default="").endswith(
                                        "\\MBAMInstallerService.exe"
                                    ),
                                    event.deep_get("SourceImage", default="").endswith(
                                        "\\WebEx\\WebexHost.exe"
                                    ),
                                    event.deep_get("SourceImage", default="").endswith(
                                        "\\Programs\\Microsoft VS Code\\Code.exe"
                                    ),
                                    event.deep_get("SourceImage", default="").endswith(
                                        "\\JetBrains\\Toolbox\\bin\\jetbrains-toolbox.exe"
                                    ),
                                ]
                            ),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("SourceImage", default="").endswith(
                                "\\xampp-control.exe"
                            ),
                            event.deep_get("GrantedAccess", default="") == "0x410",
                        ]
                    ),
                    all(
                        [
                            "\\SteamLibrary\\steamapps\\"
                            in event.deep_get("SourceImage", default=""),
                            event.deep_get("GrantedAccess", default="") in ["0x410", "0x10"],
                        ]
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
