Run calc.exe actually means steal money of everybody in their entire organization or blackmail the entire organization by encypting all the data they need to function.
If compromising a single machine of a user already compromises your entire orgs IT, you’re doing something wrong, right? Shouldn’t a normal user lack privileges to do this much damage to the network?