def rule(event):
    if all(
        [
            "\\Security\\Trusted Documents\\TrustRecords"
            in event.deep_get("TargetObject", default=""),
            any(
                [
                    "/AppData/Local/Microsoft/Windows/INetCache/"
                    in event.deep_get("TargetObject", default=""),
                    "/AppData/Local/Temp/" in event.deep_get("TargetObject", default=""),
                    "/PerfLogs/" in event.deep_get("TargetObject", default=""),
                    "C:/Users/Public/" in event.deep_get("TargetObject", default=""),
                    "file:///D:/" in event.deep_get("TargetObject", default=""),
                    "file:///E:/" in event.deep_get("TargetObject", default=""),
                ]
            ),
        ]
    ):
        return True
    return False
