def rule(event):
    if all(
        [
            event.deep_get("TargetObject", default="").endswith("\\shell\\open\\command"),
            not any(
                [
                    event.deep_get("Image", default="").endswith("C:\\Windows\\explorer.exe"),
                    event.deep_get("Image", default="") == "C:\\Windows\\system32\\svchost.exe",
                    event.deep_get("Image", default="")
                    in ["C:\\Windows\\System32\\msiexec.exe", "C:\\Windows\\SysWOW64\\msiexec.exe"],
                    any(
                        [
                            event.deep_get("Image", default="").startswith("C:\\Program Files\\"),
                            event.deep_get("Image", default="").startswith(
                                "C:\\Program Files (x86)\\"
                            ),
                        ]
                    ),
                    event.deep_get("Image", default="") == "C:\\Windows\\System32\\OpenWith.exe",
                ]
            ),
            not any(
                [
                    all(
                        [
                            event.deep_get("Image", default="").endswith("\\Dropbox.exe"),
                            "\\Dropbox." in event.deep_get("TargetObject", default=""),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("Image", default="").endswith(
                                "\\AppData\\Local\\Temp\\Wireshark_uninstaller.exe"
                            ),
                            "\\wireshark-capture-file\\"
                            in event.deep_get("TargetObject", default=""),
                        ]
                    ),
                    all(
                        [
                            "peazip" in event.deep_get("Image", default=""),
                            "\\PeaZip." in event.deep_get("TargetObject", default=""),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("Image", default="").endswith("\\Everything.exe"),
                            "\\Everything." in event.deep_get("TargetObject", default=""),
                        ]
                    ),
                    event.deep_get("Image", default="").startswith("C:\\Windows\\Installer\\MSI"),
                    all(
                        [
                            event.deep_get("Image", default="").startswith(
                                "C:\\Program Files (x86)\\Java\\"
                            ),
                            event.deep_get("Image", default="").endswith("\\installer.exe"),
                            "\\Classes\\WOW6432Node\\CLSID\\{4299124F-F2C3-41b4-9C73-9236B2AD0E8F}"
                            in event.deep_get("TargetObject", default=""),
                        ]
                    ),
                    "\\Microsoft\\EdgeUpdate\\Install" in event.deep_get("Image", default=""),
                    all(
                        [
                            event.deep_get("Image", default="")
                            in [
                                "C:\\Program Files (x86)\\Avira\\Antivirus\\",
                                "C:\\Program Files\\Avira\\Antivirus\\",
                            ],
                            any(
                                [
                                    event.deep_get("TargetObject", default="").endswith(
                                        "\\CLSID\\{305CA226-D286-468e-B848-2B2E8E697B74}\\Shell\\Open\\Command"
                                    ),
                                    event.deep_get("TargetObject", default="").endswith(
                                        "\\AntiVir.Keyfile\\shell\\open\\command"
                                    ),
                                ]
                            ),
                        ]
                    ),
                    any(
                        [
                            all(
                                [
                                    "AppData\\Local\\Temp" in event.deep_get("Image", default=""),
                                    "\\setup.exe" in event.deep_get("Image", default=""),
                                ]
                            ),
                            all(
                                [
                                    "\\Temp\\is-" in event.deep_get("Image", default=""),
                                    "\\target.tmp" in event.deep_get("Image", default=""),
                                ]
                            ),
                        ]
                    ),
                    event.deep_get("Image", default="").endswith("\\ninite.exe"),
                    all(
                        [
                            event.deep_get("Image", default="").endswith("\\reg.exe"),
                            event.deep_get("TargetObject", default="").endswith(
                                "\\Discord\\shell\\open\\command"
                            ),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("Image", default="").endswith("\\Spotify.exe"),
                            event.deep_get("TargetObject", default="").endswith(
                                "\\Spotify\\shell\\open\\command"
                            ),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("Image", default="").endswith(
                                "C:\\eclipse\\eclipse.exe"
                            ),
                            "_Classes\\eclipse+" in event.deep_get("TargetObject", default=""),
                        ]
                    ),
                    all(
                        [
                            "\\Temp" in event.deep_get("Image", default=""),
                            "\\TeamViewer" in event.deep_get("Image", default=""),
                        ]
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
