def rule(event):
    if all(
        [
            "\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion"
            in event.deep_get("TargetObject", default=""),
            any(
                [
                    "\\ShellServiceObjectDelayLoad" in event.deep_get("TargetObject", default=""),
                    "\\Run\\" in event.deep_get("TargetObject", default=""),
                    "\\RunOnce\\" in event.deep_get("TargetObject", default=""),
                    "\\RunOnceEx\\" in event.deep_get("TargetObject", default=""),
                    "\\RunServices\\" in event.deep_get("TargetObject", default=""),
                    "\\RunServicesOnce\\" in event.deep_get("TargetObject", default=""),
                    "\\Explorer\\ShellServiceObjects" in event.deep_get("TargetObject", default=""),
                    "\\Explorer\\ShellIconOverlayIdentifiers"
                    in event.deep_get("TargetObject", default=""),
                    "\\Explorer\\ShellExecuteHooks" in event.deep_get("TargetObject", default=""),
                    "\\Explorer\\SharedTaskScheduler" in event.deep_get("TargetObject", default=""),
                    "\\Explorer\\Browser Helper Objects"
                    in event.deep_get("TargetObject", default=""),
                ]
            ),
            not any(
                [
                    event.deep_get("Details", default="") == "(Empty)",
                    event.deep_get("Details", default="") == "",
                    event.deep_get("Details", default="").startswith(
                        '"C:\\ProgramData\\Package Cache\\{d21a4f20-968a-4b0c-bf04-a38da5f06e41}\\windowsdesktop-runtime-'
                    ),
                    all(
                        [
                            event.deep_get("Image", default="").endswith("\\VC_redist.x64.exe"),
                            event.deep_get("Details", default="").endswith(
                                '}\\VC_redist.x64.exe" /burn.runonce'
                            ),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\ProgramData\\Package Cache"
                                    ),
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Windows\\Temp\\"
                                    ),
                                ]
                            ),
                            any(
                                [
                                    "\\winsdksetup.exe" in event.deep_get("Image", default=""),
                                    "\\windowsdesktop-runtime-"
                                    in event.deep_get("Image", default=""),
                                    "\\AspNetCoreSharedFrameworkBundle-"
                                    in event.deep_get("Image", default=""),
                                ]
                            ),
                            event.deep_get("Details", default="").endswith(" /burn.runonce"),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("Image", default="").startswith(
                                "C:\\Windows\\Installer\\MSI"
                            ),
                            "\\Explorer\\Browser Helper Objects"
                            in event.deep_get("TargetObject", default=""),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("Image", default="")
                            == "C:\\WINDOWS\\system32\\msiexec.exe",
                            "\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\"
                            in event.deep_get("TargetObject", default=""),
                        ]
                    ),
                    all(
                        [
                            "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\Install\\{"
                            in event.deep_get("Image", default=""),
                            "\\setup.exe" in event.deep_get("Image", default=""),
                        ]
                    ),
                ]
            ),
            not any(
                [
                    all(
                        [
                            event.deep_get("Image", default="")
                            == "C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeClickToRun.exe",
                            "\\Office\\ClickToRun\\REGISTRY\\MACHINE\\Software\\Wow6432Node\\"
                            in event.deep_get("TargetObject", default=""),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("Image", default="")
                            in [
                                "C:\\Program Files\\Microsoft Office\\root\\integration\\integrator.exe",
                                "C:\\Program Files (x86)\\Microsoft Office\\root\\integration\\integrator.exe",
                            ],
                            "\\Explorer\\Browser Helper Objects\\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\\"
                            in event.deep_get("TargetObject", default=""),
                        ]
                    ),
                    any(
                        [
                            event.deep_get("Details", default="").endswith(
                                "-A251-47B7-93E1-CDD82E34AF8B}"
                            ),
                            event.deep_get("Details", default="") == "grpconv -o",
                            all(
                                [
                                    "C:\\Program Files" in event.deep_get("Details", default=""),
                                    "\\Dropbox\\Client\\Dropbox.exe"
                                    in event.deep_get("Details", default=""),
                                    " /systemstartup" in event.deep_get("Details", default=""),
                                ]
                            ),
                        ]
                    ),
                    event.deep_get("TargetObject", default="").endswith(
                        "\\Explorer\\Browser Helper Objects\\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\\NoExplorer"
                    ),
                    all(
                        [
                            "\\windowsdesktop-runtime-" in event.deep_get("Image", default=""),
                            any(
                                [
                                    event.deep_get("TargetObject", default="").endswith(
                                        "\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\{e2d1ae32-dd1d-4ad7-a298-10e42e7840fc}"
                                    ),
                                    event.deep_get("TargetObject", default="").endswith(
                                        "\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\{7037b699-7382-448c-89a7-4765961d2537}"
                                    ),
                                ]
                            ),
                            event.deep_get("Details", default="").startswith(
                                '"C:\\ProgramData\\Package Cache\\'
                            ),
                            event.deep_get("Details", default="").endswith('.exe" /burn.runonce'),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\"
                                    ),
                                    event.deep_get("Image", default="").startswith(
                                        "C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\Updates\\"
                                    ),
                                ]
                            ),
                            event.deep_get("Image", default="").endswith("\\OfficeClickToRun.exe"),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("TargetObject", default="").endswith(
                                "\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run\\Discord"
                            ),
                            event.deep_get("Details", default="").endswith(
                                "Discord.exe --checkInstall"
                            ),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("Details", default="").endswith(
                                '\\Avira.OE.Setup.Bundle.exe" /burn.runonce'
                            ),
                            event.deep_get("Image", default="").endswith(
                                "\\Avira.OE.Setup.Bundle.exe"
                            ),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("Image", default="").endswith("\\instup.exe"),
                            event.deep_get("TargetObject", default="").endswith(
                                "\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\AvRepair"
                            ),
                            event.deep_get("Details", default="").endswith(
                                'instup.exe" /instop:repair /wait'
                            ),
                        ]
                    ),
                    all(
                        [
                            event.deep_get("Image", default="").endswith("\\instup.exe"),
                            any(
                                [
                                    event.deep_get("TargetObject", default="").endswith(
                                        "\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\00avg\\(Default)"
                                    ),
                                    event.deep_get("TargetObject", default="").endswith(
                                        "\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\00asw\\(Default)"
                                    ),
                                ]
                            ),
                            event.deep_get("Details", default="")
                            in [
                                "{472083B1-C522-11CF-8763-00608CC02F24}",
                                "{472083B0-C522-11CF-8763-00608CC02F24}",
                            ],
                        ]
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
