def rule(event):
    if event.deep_get("CommandLine", default="") in ["rundll32.exe", "rundll32"]:
        return True
    return False
