def rule(event):
    if all(
        [
            any(
                [
                    event.deep_get("Product", default="").endswith("AccessChk"),
                    "Reports effective permissions" in event.deep_get("Description", default=""),
                    any(
                        [
                            event.deep_get("Image", default="").endswith("\\accesschk.exe"),
                            event.deep_get("Image", default="").endswith("\\accesschk64.exe"),
                        ]
                    ),
                    event.deep_get("OriginalFileName", default="") == "accesschk.exe",
                ]
            ),
            any(
                [
                    "uwcqv " in event.deep_get("CommandLine", default=""),
                    "kwsu " in event.deep_get("CommandLine", default=""),
                    "qwsu " in event.deep_get("CommandLine", default=""),
                    "uwdqs " in event.deep_get("CommandLine", default=""),
                ]
            ),
        ]
    ):
        return True
    return False
