def rule(event):
    if all(
        [
            "\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion"
            in event.deep_get("TargetObject", default=""),
            any(
                [
                    "\\ShellServiceObjectDelayLoad" in event.deep_get("TargetObject", default=""),
                    "\\Run\\" in event.deep_get("TargetObject", default=""),
                    "\\RunOnce\\" in event.deep_get("TargetObject", default=""),
                    "\\RunOnceEx\\" in event.deep_get("TargetObject", default=""),
                    "\\RunServices\\" in event.deep_get("TargetObject", default=""),
                    "\\RunServicesOnce\\" in event.deep_get("TargetObject", default=""),
                    "\\Policies\\System\\Shell" in event.deep_get("TargetObject", default=""),
                    "\\Policies\\Explorer\\Run" in event.deep_get("TargetObject", default=""),
                    "\\Group Policy\\Scripts\\Startup"
                    in event.deep_get("TargetObject", default=""),
                    "\\Group Policy\\Scripts\\Shutdown"
                    in event.deep_get("TargetObject", default=""),
                    "\\Group Policy\\Scripts\\Logon" in event.deep_get("TargetObject", default=""),
                    "\\Group Policy\\Scripts\\Logoff" in event.deep_get("TargetObject", default=""),
                    "\\Explorer\\ShellServiceObjects" in event.deep_get("TargetObject", default=""),
                    "\\Explorer\\ShellIconOverlayIdentifiers"
                    in event.deep_get("TargetObject", default=""),
                    "\\Explorer\\ShellExecuteHooks" in event.deep_get("TargetObject", default=""),
                    "\\Explorer\\SharedTaskScheduler" in event.deep_get("TargetObject", default=""),
                    "\\Explorer\\Browser Helper Objects"
                    in event.deep_get("TargetObject", default=""),
                    "\\Authentication\\PLAP Providers"
                    in event.deep_get("TargetObject", default=""),
                    "\\Authentication\\Credential Providers"
                    in event.deep_get("TargetObject", default=""),
                    "\\Authentication\\Credential Provider Filters"
                    in event.deep_get("TargetObject", default=""),
                ]
            ),
            not any(
                [
                    any(
                        [
                            event.deep_get("Details", default="") == "(Empty)",
                            event.deep_get("TargetObject", default="").endswith(
                                "\\NgcFirst\\ConsecutiveSwitchCount"
                            ),
                            any(
                                [
                                    event.deep_get("Image", default="").endswith(
                                        "\\AppData\\Local\\Microsoft\\OneDrive\\Update\\OneDriveSetup.exe"
                                    ),
                                    event.deep_get("Image", default="").endswith(
                                        "\\AppData\\Roaming\\Spotify\\Spotify.exe"
                                    ),
                                    event.deep_get("Image", default="").endswith(
                                        "\\AppData\\Local\\WebEx\\WebexHost.exe"
                                    ),
                                ]
                            ),
                            event.deep_get("Image", default="")
                            in [
                                "C:\\WINDOWS\\system32\\devicecensus.exe",
                                "C:\\Windows\\system32\\winsat.exe",
                                "C:\\Program Files\\Microsoft OneDrive\\StandaloneUpdater\\OneDriveSetup.exe",
                                "C:\\Program Files (x86)\\Microsoft OneDrive\\StandaloneUpdater\\OneDriveSetup.exe",
                                "C:\\Program Files\\Microsoft OneDrive\\Update\\OneDriveSetup.exe",
                                "C:\\Program Files (x86)\\Microsoft OneDrive\\Update\\OneDriveSetup.exe",
                                "C:\\Program Files\\Microsoft Office\\root\\integration\\Addons\\OneDriveSetup.exe",
                                "C:\\Program Files (x86)\\Microsoft Office\\root\\integration\\Addons\\OneDriveSetup.exe",
                                "C:\\Program Files\\KeePass Password Safe 2\\ShInstUtil.exe",
                                "C:\\Program Files\\Everything\\Everything.exe",
                                "C:\\Program Files (x86)\\Microsoft Office\\root\\integration\\integrator.exe",
                                "C:\\Program Files\\Microsoft Office\\root\\integration\\integrator.exe",
                            ],
                        ]
                    ),
                    event.deep_get("Details", default="") == "",
                    all(
                        [
                            event.deep_get("Image", default="")
                            == "C:\\Windows\\system32\\LogonUI.exe",
                            any(
                                [
                                    "\\Authentication\\Credential Providers\\{D6886603-9D2F-4EB2-B667-1971041FA96B}\\"
                                    in event.deep_get("TargetObject", default=""),
                                    "\\Authentication\\Credential Providers\\{BEC09223-B018-416D-A0AC-523971B639F5}\\"
                                    in event.deep_get("TargetObject", default=""),
                                    "\\Authentication\\Credential Providers\\{8AF662BF-65A0-4D0A-A540-A338A999D36F}\\"
                                    in event.deep_get("TargetObject", default=""),
                                    "\\Authentication\\Credential Providers\\{27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}\\"
                                    in event.deep_get("TargetObject", default=""),
                                ]
                            ),
                        ]
                    ),
                    any(
                        [
                            event.deep_get("Image", default="").startswith(
                                "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\Install\\"
                            ),
                            event.deep_get("Image", default="").startswith(
                                "C:\\Program Files (x86)\\Microsoft\\EdgeWebView\\"
                            ),
                            event.deep_get("Image", default="").startswith(
                                "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"
                            ),
                        ]
                    ),
                    event.deep_get("Image", default="")
                    == "C:\\Program Files\\Windows Defender\\MsMpEng.exe",
                    all(
                        [
                            event.deep_get("Image", default="").endswith(
                                "\\Microsoft\\Teams\\current\\Teams.exe"
                            ),
                            "\\Microsoft\\Teams\\Update.exe --processStart "
                            in event.deep_get("Details", default=""),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("Image", default="")
                            == "C:\\Windows\\system32\\userinit.exe",
                            event.deep_get("Details", default="") == "ctfmon.exe /n",
                        ]
                    ),
                ]
            ),
            not any(
                [
                    all(
                        [
                            event.deep_get("Image", default="")
                            == "C:\\Windows\\system32\\regsvr32.exe",
                            "DropboxExt" in event.deep_get("TargetObject", default=""),
                            event.deep_get("Details", default="").endswith(
                                "A251-47B7-93E1-CDD82E34AF8B}"
                            ),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("TargetObject", default="").endswith(
                                "\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Opera Browser Assistant"
                            ),
                            event.deep_get("Details", default="")
                            == "C:\\Program Files\\Opera\\assistant\\browser_assistant.exe",
                        ]
                    ),
                    all(
                        [
                            event.deep_get("TargetObject", default="").endswith(
                                "\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Opera Stable"
                            ),
                            event.deep_get("Details", default="")
                            in [
                                "C:\\Program Files\\Opera\\launcher.exe",
                                "C:\\Program Files (x86)\\Opera\\launcher.exe",
                            ],
                        ]
                    ),
                    all(
                        [
                            event.deep_get("TargetObject", default="").endswith(
                                "\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\iTunesHelper"
                            ),
                            event.deep_get("Details", default="")
                            == '"C:\\Program Files\\iTunes\\iTunesHelper.exe"',
                        ]
                    ),
                    all(
                        [
                            event.deep_get("TargetObject", default="").endswith(
                                "\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\zoommsirepair"
                            ),
                            event.deep_get("Details", default="")
                            == '"C:\\Program Files\\Zoom\\bin\\installer.exe" /repair',
                        ]
                    ),
                    all(
                        [
                            event.deep_get("TargetObject", default="").endswith(
                                "\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\Greenshot"
                            ),
                            event.deep_get("Details", default="")
                            == "C:\\Program Files\\Greenshot\\Greenshot.exe",
                        ]
                    ),
                    all(
                        [
                            event.deep_get("TargetObject", default="").endswith(
                                "\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\GoogleDriveFS"
                            ),
                            event.deep_get("Details", default="").startswith(
                                "C:\\Program Files\\Google\\Drive File Stream\\"
                            ),
                            "\\GoogleDriveFS.exe" in event.deep_get("Details", default=""),
                        ]
                    ),
                    all(
                        [
                            "GoogleDrive" in event.deep_get("TargetObject", default=""),
                            event.deep_get("Details", default="")
                            in [
                                "{CFE8B367-77A7-41D7-9C90-75D16D7DC6B6}",
                                "{A8E52322-8734-481D-A7E2-27B309EF8D56}",
                                "{C973DA94-CBDF-4E77-81D1-E5B794FBD146}",
                                "{51EF1569-67EE-4AD6-9646-E726C3FFC8A2}",
                            ],
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Details", default="").startswith(
                                        'C:\\Windows\\system32\\cmd.exe /q /c rmdir /s /q "C:\\Users\\'
                                    ),
                                    event.deep_get("Details", default="").startswith(
                                        'C:\\Windows\\system32\\cmd.exe /q /c del /q "C:\\Users\\'
                                    ),
                                ]
                            ),
                            "\\AppData\\Local\\Microsoft\\OneDrive\\"
                            in event.deep_get("Details", default=""),
                        ]
                    ),
                    all(
                        [
                            "\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\{"
                            in event.deep_get("TargetObject", default=""),
                            "\\AppData\\Local\\Package Cache\\{"
                            in event.deep_get("Details", default=""),
                            "}\\python-" in event.deep_get("Details", default=""),
                            event.deep_get("Details", default="").endswith('.exe" /burn.runonce'),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\"
                                    ),
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\ClickToRun\\"
                                    ),
                                ]
                            ),
                            event.deep_get("Image", default="").endswith("\\OfficeClickToRun.exe"),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("Image", default="").endswith(
                                "\\Microsoft\\Teams\\current\\Teams.exe"
                            ),
                            "\\Microsoft\\Teams\\Update.exe --processStart"
                            in event.deep_get("Details", default=""),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    "C:\\Program Files\\AVG\\Antivirus\\Setup\\"
                                    in event.deep_get("Image", default=""),
                                    "C:\\Program Files (x86)\\AVG\\Antivirus\\Setup\\"
                                    in event.deep_get("Image", default=""),
                                    "\\instup.exe" in event.deep_get("Image", default=""),
                                ]
                            ),
                            event.deep_get("Details", default="")
                            in [
                                '"C:\\Program Files\\AVG\\Antivirus\\AvLaunch.exe" /gui',
                                '"C:\\Program Files (x86)\\AVG\\Antivirus\\AvLaunch.exe" /gui',
                                "{472083B0-C522-11CF-8763-00608CC02F24}",
                                "{472083B1-C522-11CF-8763-00608CC02F24}",
                            ],
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    "C:\\Program Files\\Avast Software\\Avast\\Setup\\"
                                    in event.deep_get("Image", default=""),
                                    "C:\\Program Files (x86)\\Avast Software\\Avast\\Setup\\"
                                    in event.deep_get("Image", default=""),
                                    "\\instup.exe" in event.deep_get("Image", default=""),
                                ]
                            ),
                            event.deep_get("Details", default="")
                            in [
                                '"C:\\Program Files\\Avast Software\\Avast\\AvLaunch.exe" /gui',
                                '"C:\\Program Files (x86)\\Avast Software\\Avast\\AvLaunch.exe" /gui',
                            ],
                        ]
                    ),
                    all(
                        [
                            event.deep_get("Image", default="")
                            in [
                                "C:\\Program Files\\AVG\\Antivirus\\avgToolsSvc.exe",
                                "C:\\Program Files (x86)\\AVG\\Antivirus\\avgToolsSvc.exe",
                            ],
                            "\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\\"
                            in event.deep_get("TargetObject", default=""),
                            event.deep_get("Details", default="") == "Binary Data",
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").endswith(
                                        "\\aurora-agent-64.exe"
                                    ),
                                    event.deep_get("Image", default="").endswith(
                                        "\\aurora-agent.exe"
                                    ),
                                ]
                            ),
                            event.deep_get("TargetObject", default="").endswith(
                                "\\Microsoft\\Windows\\CurrentVersion\\Run\\aurora-dashboard"
                            ),
                            event.deep_get("Details", default="")
                            == "C:\\Program Files\\Aurora-Agent\\tools\\aurora-dashboard.exe",
                        ]
                    ),
                    all(
                        [
                            event.deep_get("TargetObject", default="").endswith(
                                "\\Microsoft\\Windows\\CurrentVersion\\Run\\Everything"
                            ),
                            event.deep_get("Details", default="").endswith(
                                '\\Everything\\Everything.exe" -startup'
                            ),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("TargetObject", default="").endswith(
                                "\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Discord"
                            ),
                            event.deep_get("Details", default="").endswith(
                                "\\Discord\\Update.exe --processStart Discord.exe"
                            ),
                        ]
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
