def rule(event):
    if all(
        [
            "\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations\\"
            in event.deep_get("TargetObject", default=""),
            any(
                [
                    all(
                        [
                            event.deep_get("TargetObject", default="").endswith(
                                "\\DefaultFileTypeRisk"
                            ),
                            event.deep_get("Details", default="") == "DWORD (0x00006152)",
                        ]
                    ),
                    all(
                        [
                            event.deep_get("TargetObject", default="").endswith(
                                "\\LowRiskFileTypes"
                            ),
                            any(
                                [
                                    ".zip;" in event.deep_get("Details", default=""),
                                    ".rar;" in event.deep_get("Details", default=""),
                                    ".exe;" in event.deep_get("Details", default=""),
                                    ".bat;" in event.deep_get("Details", default=""),
                                    ".com;" in event.deep_get("Details", default=""),
                                    ".cmd;" in event.deep_get("Details", default=""),
                                    ".reg;" in event.deep_get("Details", default=""),
                                    ".msi;" in event.deep_get("Details", default=""),
                                    ".htm;" in event.deep_get("Details", default=""),
                                    ".html;" in event.deep_get("Details", default=""),
                                ]
                            ),
                        ]
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
