def rule(event):
    if all(
        [
            any(
                [
                    "\\Active Directory Explorer" in event.deep_get("TargetObject", default=""),
                    "\\Handle" in event.deep_get("TargetObject", default=""),
                    "\\LiveKd" in event.deep_get("TargetObject", default=""),
                    "\\Process Explorer" in event.deep_get("TargetObject", default=""),
                    "\\ProcDump" in event.deep_get("TargetObject", default=""),
                    "\\PsExec" in event.deep_get("TargetObject", default=""),
                    "\\PsLoglist" in event.deep_get("TargetObject", default=""),
                    "\\PsPasswd" in event.deep_get("TargetObject", default=""),
                    "\\SDelete" in event.deep_get("TargetObject", default=""),
                    "\\Sysinternals" in event.deep_get("TargetObject", default=""),
                ]
            ),
            event.deep_get("TargetObject", default="").endswith("\\EulaAccepted"),
        ]
    ):
        return True
    return False
