def rule(event):
    if all(
        [
            not any(
                [
                    event.deep_get("Image", default="").endswith(".bin"),
                    event.deep_get("Image", default="").endswith(".cgi"),
                    event.deep_get("Image", default="").endswith(".com"),
                    event.deep_get("Image", default="").endswith(".exe"),
                    event.deep_get("Image", default="").endswith(".scr"),
                    event.deep_get("Image", default="").endswith(".tmp"),
                ]
            ),
            not any(
                [
                    event.deep_get("Image", default="")
                    in ["System", "Registry", "MemCompression", "vmmem"],
                    ":\\Windows\\Installer\\MSI" in event.deep_get("Image", default=""),
                    ":\\Windows\\System32\\DriverStore\\FileRepository\\"
                    in event.deep_get("Image", default=""),
                    all(
                        [
                            ":\\Config.Msi\\" in event.deep_get("Image", default=""),
                            any(
                                [
                                    event.deep_get("Image", default="").endswith(".rbf"),
                                    event.deep_get("Image", default="").endswith(".rbs"),
                                ]
                            ),
                        ]
                    ),
                    any(
                        [
                            ":\\Windows\\Temp\\" in event.deep_get("ParentImage", default=""),
                            ":\\Windows\\Temp\\" in event.deep_get("Image", default=""),
                        ]
                    ),
                    ":\\$Extend\\$Deleted\\" in event.deep_get("Image", default=""),
                    event.deep_get("Image", default="") in ["-", ""],
                    event.deep_get("Image", default="") == "",
                ]
            ),
            not any(
                [
                    ":\\ProgramData\\Avira\\" in event.deep_get("ParentImage", default=""),
                    all(
                        [
                            "NVIDIA\\NvBackend\\" in event.deep_get("Image", default=""),
                            event.deep_get("Image", default="").endswith(".dat"),
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    ":\\Program Files (x86)\\WINPAKPRO\\"
                                    in event.deep_get("Image", default=""),
                                    ":\\Program Files\\WINPAKPRO\\"
                                    in event.deep_get("Image", default=""),
                                ]
                            ),
                            event.deep_get("Image", default="").endswith(".ngn"),
                        ]
                    ),
                    any(
                        [
                            event.deep_get("Image", default="").endswith(
                                ":\\Program Files (x86)\\MyQ\\Server\\pcltool.dll"
                            ),
                            event.deep_get("Image", default="").endswith(
                                ":\\Program Files\\MyQ\\Server\\pcltool.dll"
                            ),
                        ]
                    ),
                    all(
                        [
                            "\\AppData\\Local\\Packages\\" in event.deep_get("Image", default=""),
                            "\\LocalState\\rootfs\\" in event.deep_get("Image", default=""),
                        ]
                    ),
                    event.deep_get("Image", default="").endswith("\\LZMA_EXE"),
                    ":\\Program Files\\Mozilla Firefox\\" in event.deep_get("Image", default=""),
                    all(
                        [
                            event.deep_get("ParentImage", default="")
                            == "C:\\Windows\\System32\\services.exe",
                            event.deep_get("Image", default="").endswith("com.docker.service"),
                        ]
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
