def rule(event):
    if all(
        [
            any(
                [
                    event.deep_get("Image", default="").endswith("\\cmd.exe"),
                    event.deep_get("OriginalFileName", default="") == "Cmd.Exe",
                ]
            ),
            any(
                [
                    "start " in event.deep_get("CommandLine", default=""),
                    "start/b" in event.deep_get("CommandLine", default=""),
                    "start/min" in event.deep_get("CommandLine", default=""),
                ]
            ),
            any(
                [
                    any(
                        [
                            "-b " in event.deep_get("CommandLine", default=""),
                            "/b " in event.deep_get("CommandLine", default=""),
                            "–b " in event.deep_get("CommandLine", default=""),
                            "—b " in event.deep_get("CommandLine", default=""),
                            "―b " in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                    any(
                        [
                            '-b"' in event.deep_get("CommandLine", default=""),
                            '/b"' in event.deep_get("CommandLine", default=""),
                            '–b"' in event.deep_get("CommandLine", default=""),
                            '—b"' in event.deep_get("CommandLine", default=""),
                            '―b"' in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                    any(
                        [
                            "-min " in event.deep_get("CommandLine", default=""),
                            "/min " in event.deep_get("CommandLine", default=""),
                            "–min " in event.deep_get("CommandLine", default=""),
                            "—min " in event.deep_get("CommandLine", default=""),
                            "―min " in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                    any(
                        [
                            '-min"' in event.deep_get("CommandLine", default=""),
                            '/min"' in event.deep_get("CommandLine", default=""),
                            '–min"' in event.deep_get("CommandLine", default=""),
                            '—min"' in event.deep_get("CommandLine", default=""),
                            '―min"' in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                ]
            ),
            any(
                [
                    any(
                        [
                            ":\\Perflogs\\" in event.deep_get("CommandLine", default=""),
                            ":\\Temp\\" in event.deep_get("CommandLine", default=""),
                            ":\\Users\\Default\\" in event.deep_get("CommandLine", default=""),
                            ":\\Windows\\Temp\\" in event.deep_get("CommandLine", default=""),
                            "\\AppData\\Roaming\\" in event.deep_get("CommandLine", default=""),
                            "\\Contacts\\" in event.deep_get("CommandLine", default=""),
                            "\\Documents\\" in event.deep_get("CommandLine", default=""),
                            "\\Downloads\\" in event.deep_get("CommandLine", default=""),
                            "\\Favorites\\" in event.deep_get("CommandLine", default=""),
                            "\\Favourites\\" in event.deep_get("CommandLine", default=""),
                            "\\inetpub\\" in event.deep_get("CommandLine", default=""),
                            "\\Music\\" in event.deep_get("CommandLine", default=""),
                            "\\Photos\\" in event.deep_get("CommandLine", default=""),
                            "\\Temporary Internet\\" in event.deep_get("CommandLine", default=""),
                            "\\Users\\Public\\" in event.deep_get("CommandLine", default=""),
                            "\\Videos\\" in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                    any(
                        [
                            ".bat" in event.deep_get("CommandLine", default=""),
                            ".cmd" in event.deep_get("CommandLine", default=""),
                            ".cpl" in event.deep_get("CommandLine", default=""),
                            ".hta" in event.deep_get("CommandLine", default=""),
                            ".js" in event.deep_get("CommandLine", default=""),
                            ".ps1" in event.deep_get("CommandLine", default=""),
                            ".scr" in event.deep_get("CommandLine", default=""),
                            ".vbe" in event.deep_get("CommandLine", default=""),
                            ".vbs" in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                    any(
                        [
                            " -nop " in event.deep_get("CommandLine", default=""),
                            " -sta " in event.deep_get("CommandLine", default=""),
                            ".downloadfile(" in event.deep_get("CommandLine", default=""),
                            ".downloadstring(" in event.deep_get("CommandLine", default=""),
                            "-noni " in event.deep_get("CommandLine", default=""),
                            "-w hidden " in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
