def rule(event):
    if any(
        [
            "\\ProcessHacker_" in event.deep_get("Image", default=""),
            event.deep_get("Image", default="").endswith("\\ProcessHacker.exe"),
            event.deep_get("OriginalFileName", default="")
            in ["ProcessHacker.exe", "Process Hacker"],
            event.deep_get("Description", default="") == "Process Hacker",
            event.deep_get("Product", default="") == "Process Hacker",
            any(
                [
                    "MD5=68F9B52895F4D34E74112F3129B3B00D" in event.deep_get("Hashes", default=""),
                    "MD5=B365AF317AE730A67C936F21432B9C71" in event.deep_get("Hashes", default=""),
                    "SHA1=A0BDFAC3CE1880B32FF9B696458327CE352E3B1D"
                    in event.deep_get("Hashes", default=""),
                    "SHA1=C5E2018BF7C0F314FED4FD7FE7E69FA2E648359E"
                    in event.deep_get("Hashes", default=""),
                    "SHA256=D4A0FE56316A2C45B9BA9AC1005363309A3EDC7ACF9E4DF64D326A0FF273E80F"
                    in event.deep_get("Hashes", default=""),
                    "SHA256=BD2C2CF0631D881ED382817AFCCE2B093F4E412FFB170A719E2762F250ABFEA4"
                    in event.deep_get("Hashes", default=""),
                    "IMPHASH=3695333C60DEDECDCAFF1590409AA462"
                    in event.deep_get("Hashes", default=""),
                    "IMPHASH=04DE0AD9C37EB7BD52043D2ECAC958DF"
                    in event.deep_get("Hashes", default=""),
                ]
            ),
        ]
    ):
        return True
    return False
