def rule(event):
    if any(
        [
            any(
                [
                    event.deep_get("Image", default="").endswith("\\PCHunter64.exe"),
                    event.deep_get("Image", default="").endswith("\\PCHunter32.exe"),
                ]
            ),
            any(
                [
                    event.deep_get("OriginalFileName", default="") == "PCHunter.exe",
                    event.deep_get("Description", default="")
                    == "Epoolsoft Windows Information View Tools",
                ]
            ),
            any(
                [
                    "SHA1=5F1CBC3D99558307BC1250D084FA968521482025"
                    in event.deep_get("Hashes", default=""),
                    "MD5=987B65CD9B9F4E9A1AFD8F8B48CF64A7" in event.deep_get("Hashes", default=""),
                    "SHA256=2B214BDDAAB130C274DE6204AF6DBA5AEEC7433DA99AA950022FA306421A6D32"
                    in event.deep_get("Hashes", default=""),
                    "IMPHASH=444D210CEA1FF8112F256A4997EED7FF"
                    in event.deep_get("Hashes", default=""),
                    "SHA1=3FB89787CB97D902780DA080545584D97FB1C2EB"
                    in event.deep_get("Hashes", default=""),
                    "MD5=228DD0C2E6287547E26FFBD973A40F14" in event.deep_get("Hashes", default=""),
                    "SHA256=55F041BF4E78E9BFA6D4EE68BE40E496CE3A1353E1CA4306598589E19802522C"
                    in event.deep_get("Hashes", default=""),
                    "IMPHASH=0479F44DF47CFA2EF1CCC4416A538663"
                    in event.deep_get("Hashes", default=""),
                ]
            ),
        ]
    ):
        return True
    return False
