def rule(event):
    if all(
        [
            "\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion"
            in event.deep_get("TargetObject", default=""),
            any(
                [
                    "\\Windows\\Appinit_Dlls" in event.deep_get("TargetObject", default=""),
                    "\\Image File Execution Options" in event.deep_get("TargetObject", default=""),
                    "\\Drivers32" in event.deep_get("TargetObject", default=""),
                ]
            ),
            not any(
                [
                    event.deep_get("Details", default="") == "(Empty)",
                    event.deep_get("Details", default="") == "",
                    event.deep_get("Details", default="").endswith(
                        "\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
