This rule is designed to detect the execution of various Windows-based hacktools by examining Portable Executable (PE) metadata, specifically focusing on the company and product fields within the PE files. It identifies these tools regardless of any renaming that may occur, thus ensuring a more effective detection mechanism. The rule targets processes that have been created on Windows systems, utilizing process creation logs to identify potential hacking activities. The specified selection criteria, where the Company field must match 'Cube0x0', is indicative of commonly used hacktools in the cybersecurity landscape. This detection rule is an essential part of a broader initiative to mitigate risks associated with unauthorized or malicious software execution on endpoints.