def rule(event):
    if all(
        [
            "\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
            in event.deep_get("TargetObject", default=""),
            any(
                [
                    event.deep_get("TargetObject", default="").endswith("\\Sens Api"),
                    event.deep_get("TargetObject", default="").endswith("\\OneDrive"),
                ]
            ),
            ":\\WINDOWS\\system32\\rundll32.exe" in event.deep_get("Details", default=""),
            ".wll" in event.deep_get("Details", default=""),
            "#1" in event.deep_get("Details", default=""),
        ]
    ):
        return True
    return False
