def rule(event):
    if all(
        [
            any(
                [
                    event.deep_get("TargetImage", default="").endswith("\\calc.exe"),
                    event.deep_get("TargetImage", default="").endswith("\\calculator.exe"),
                    event.deep_get("TargetImage", default="").endswith("\\mspaint.exe"),
                    event.deep_get("TargetImage", default="").endswith("\\notepad.exe"),
                    event.deep_get("TargetImage", default="").endswith("\\ping.exe"),
                    event.deep_get("TargetImage", default="").endswith("\\wordpad.exe"),
                    event.deep_get("TargetImage", default="").endswith("\\write.exe"),
                ]
            ),
            event.deep_get("GrantedAccess", default="") == "0x1FFFFF",
        ]
    ):
        return True
    return False
