def rule(event):
    if all(
        [
            any(
                [
                    "\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows CE Services\\AutoStart"
                    in event.deep_get("TargetObject", default=""),
                    "\\Software\\Wow6432Node\\Microsoft\\Command Processor\\Autorun"
                    in event.deep_get("TargetObject", default=""),
                    "\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components"
                    in event.deep_get("TargetObject", default=""),
                    "\\SOFTWARE\\Microsoft\\Windows CE Services\\AutoStartOnDisconnect"
                    in event.deep_get("TargetObject", default=""),
                    "\\SOFTWARE\\Microsoft\\Windows CE Services\\AutoStartOnConnect"
                    in event.deep_get("TargetObject", default=""),
                    "\\SYSTEM\\Setup\\CmdLine" in event.deep_get("TargetObject", default=""),
                    "\\Software\\Microsoft\\Ctf\\LangBarAddin"
                    in event.deep_get("TargetObject", default=""),
                    "\\Software\\Microsoft\\Command Processor\\Autorun"
                    in event.deep_get("TargetObject", default=""),
                    "\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components"
                    in event.deep_get("TargetObject", default=""),
                    "\\SOFTWARE\\Classes\\Protocols\\Handler"
                    in event.deep_get("TargetObject", default=""),
                    "\\SOFTWARE\\Classes\\Protocols\\Filter"
                    in event.deep_get("TargetObject", default=""),
                    "\\SOFTWARE\\Classes\\Htmlfile\\Shell\\Open\\Command\\(Default)"
                    in event.deep_get("TargetObject", default=""),
                    "\\Environment\\UserInitMprLogonScript"
                    in event.deep_get("TargetObject", default=""),
                    "\\SOFTWARE\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop\\Scrnsave.exe"
                    in event.deep_get("TargetObject", default=""),
                    "\\Software\\Microsoft\\Internet Explorer\\UrlSearchHooks"
                    in event.deep_get("TargetObject", default=""),
                    "\\SOFTWARE\\Microsoft\\Internet Explorer\\Desktop\\Components"
                    in event.deep_get("TargetObject", default=""),
                    "\\Software\\Classes\\Clsid\\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\\Inprocserver32"
                    in event.deep_get("TargetObject", default=""),
                    "\\Control Panel\\Desktop\\Scrnsave.exe"
                    in event.deep_get("TargetObject", default=""),
                ]
            ),
            not any(
                [
                    event.deep_get("Details", default="") == "(Empty)",
                    event.deep_get("Details", default="") == "",
                    event.deep_get("Image", default="") == "C:\\Windows\\System32\\poqexec.exe",
                ]
            ),
            not any(
                [
                    any(
                        [
                            any(
                                [
                                    "\\Office\\ClickToRun\\REGISTRY\\MACHINE\\Software\\Classes\\PROTOCOLS\\Handler\\"
                                    in event.deep_get("TargetObject", default=""),
                                    "\\ClickToRunStore\\HKMU\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\"
                                    in event.deep_get("TargetObject", default=""),
                                ]
                            ),
                            event.deep_get("Details", default="")
                            in [
                                "{314111c7-a502-11d2-bbca-00c04f8ec294}",
                                "{3459B272-CC19-4448-86C9-DDC3B4B2FAD3}",
                                "{42089D2D-912D-4018-9087-2B87803E93FB}",
                                "{5504BE45-A83B-4808-900A-3A5C36E7F77A}",
                                "{807583E5-5146-11D5-A672-00B0D022E945}",
                            ],
                        ]
                    ),
                    "\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{8A69D345-D564-463c-AFF1-A69D9E530F96}"
                    in event.deep_get("TargetObject", default=""),
                    "\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{9459C573-B17A-45AE-9F64-1857B5D58CEE}"
                    in event.deep_get("TargetObject", default=""),
                    "\\Software\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4383}"
                    in event.deep_get("TargetObject", default=""),
                    event.deep_get("Image", default="")
                    in [
                        "C:\\Program Files (x86)\\Microsoft Office\\root\\integration\\integrator.exe",
                        "C:\\Program Files\\Microsoft Office\\root\\integration\\integrator.exe",
                    ],
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\"
                                    ),
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\Updates\\"
                                    ),
                                ]
                            ),
                            event.deep_get("Image", default="").endswith("\\OfficeClickToRun.exe"),
                        ]
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
