├── .gitignore
├── styles.css
├── README.md
├── windows.html
├── index.html
├── about.html
├── LICENSE
├── info.json
└── info.yaml


/.gitignore:
--------------------------------------------------------------------------------
1 | *.sh
2 | .git
3 | update.py


--------------------------------------------------------------------------------
/styles.css:
--------------------------------------------------------------------------------
 1 | table.dataTable thead .sorting, table.dataTable thead .sorting_asc, table.dataTable thead .sorting_desc, table.dataTable thead .sorting_asc_disabled, table.dataTable thead .sorting_desc_disabled {
 2 |     cursor: pointer;
 3 |     background-repeat: no-repeat;
 4 |     background-position: center left;
 5 | }
 6 | 
 7 | h2, h3, h4, h5 {
 8 |     margin-bottom: 0.5em;
 9 | }
10 | 
11 | 
12 | h2, h3, h4, h5 {
13 |     margin-top: 1em;
14 |     margin-bottom: 0.5em;
15 | }
16 | 
17 | .table {
18 |     border-color: #eaeaea !important; /* This sets the outer border color */
19 | }
20 | 
21 | .table th, .table td {
22 |     border-color: #f2f2f2 !important; /* This sets the cell borders */
23 | }
24 | 
25 | .table thead th {
26 |     border-bottom-color: #e0e0e0 !important; /* Adjust the header bottom border if needed */
27 | }


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # badfiles
 2 | 
 3 | List of dangerous or potentially malicious file extensions.
 4 | 
 5 | Used for: 
 6 | * Content Filter Proxy blacklist
 7 | * Content Filter Proxy checks
 8 | * [Waasa](https://github.com/dobin/waasa)
 9 | 
10 | Check it at: [badfiles.ch](https://github.com/dobin/badfiles)
11 | 
12 | 
13 | ## Where is the data coming from?
14 | 
15 | * [filesec.io](https://filesec.io) list
16 | * [govcert.ch](https://govcert.ch/downloads/blocked-filetypes.txt) list 
17 | * IOProtect.ch list
18 | * Microsoft [Blocked attachments in Outlook/Onenote/Teams
19 | ](https://support.microsoft.com/en-us/office/blocked-attachments-in-outlook-434752e1-02d3-4e90-9124-8b81e49a8519)
20 | * [michalzobec List of blocked file extensions](https://github.com/michalzobec/Security-Blocked-File-Extensions-Attachments)
21 | * ChatGPT
22 | * Me
23 | * [Chrome Safe Browsing list](https://github.com/chromium/chromium/blob/main/components/safe_browsing/content/resources/download_file_types.asciipb)
24 | 
25 | MITRE Initial Access and MITRE Execution is done based on my CTI. 
26 | 
27 | The main reference file is located in the Waasa project at [info.yaml](https://github.com/dobin/waasa/blob/master/waasa/Data/info.yaml).
28 | badfiles.ch is just a viewer. Check the waasa project more more information about the data sources.
29 | 
30 | 
31 | ## Dat Files
32 | 
33 | * `info.yaml`: List of bad file extensions as yaml
34 | * `info.json`: `info.yaml` converted to json
35 | 


--------------------------------------------------------------------------------
/windows.html:
--------------------------------------------------------------------------------
  1 | <!DOCTYPE html>
  2 | <html lang="en">
  3 | <head>
  4 |     <meta charset="UTF-8">
  5 |     <meta name="viewport" content="width=device-width, initial-scale=1.0">
  6 |     <title>Bad Files</title>
  7 |     <link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/1.11.5/css/jquery.dataTables.css">
  8 |     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
  9 | 
 10 |     <script type="text/javascript" charset="utf8" src="https://code.jquery.com/jquery-3.5.1.js"></script>
 11 |     <script type="text/javascript" charset="utf8" src="https://cdn.datatables.net/1.11.5/js/jquery.dataTables.js"></script>
 12 |     <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
 13 | 
 14 |     <link rel="stylesheet" href="styles.css"></link>
 15 | </head>
 16 | <body>
 17 |     <nav class="navbar navbar-expand-lg navbar-dark bg-dark">
 18 |         <div class="container-fluid">
 19 |             <a class="navbar-brand" href="#!">badfiles</a>
 20 |             <button class="navbar-toggler" 
 21 |                     type="button" 
 22 |                     data-bs-toggle="collapse" 
 23 |                     data-bs-target="#navbarSupportedContent" 
 24 |                     aria-controls="navbarSupportedContent" 
 25 |                     aria-expanded="false" 
 26 |                     aria-label="Toggle navigation"
 27 |             >
 28 |                 <span class="navbar-toggler-icon"></span>
 29 |             </button>
 30 |     
 31 |             <div class="collapse navbar-collapse" id="navbarSupportedContent">
 32 |                 <ul class="navbar-nav mr-auto">
 33 |                     <li class="nav-item"><a class="nav-link " href="/">Extensions</a></li>
 34 |                     <li class="nav-item"><a class="nav-link active" href="/windows.html">Windows</a></li>
 35 |                     <li class="nav-item"><a class="nav-link " href="/about.html">About</a></li>
 36 |                 </ul>
 37 |             </div>
 38 |         </div>
 39 |     </nav>
 40 | 
 41 |     <table id="myTable" class="table compact cell-border">
 42 |         <thead>
 43 |             <tr>
 44 |                 <!-- assuming your object has three properties: name, age, and city -->
 45 |                 <th>Extension</th>
 46 |                 <th>DoubleClick</th>
 47 |                 <th>Judgment</th>
 48 |                 <th>App Name</th>
 49 |                 <th>Executable Path</th>
 50 |                 <th>Args</th>
 51 |             </tr>
 52 |         </thead>
 53 |         <tbody>
 54 |             <!-- Data will be inserted here via JavaScript -->
 55 |         </tbody>
 56 |     </table>
 57 | 
 58 |     <script>
 59 |         // Fetching data from JSON file and initializing DataTable
 60 |         $(document).ready(function() {
 61 |             $.getJSON('waasa.json', function(data) {
 62 |                 $.each(data, function(key, value) {
 63 |                     var row = $('<tr></tr>');
 64 |                     row.append('<td>' + value.Extension + '</td>');
 65 |                     row.append('<td>' + value.Assumption + '</td>');
 66 | 
 67 |                     var j = "";
 68 |                     switch(value.Judgement) {
 69 |                         case 0:
 70 |                             j = ""; // unknown
 71 |                             break;
 72 |                         case 1:
 73 |                             j = "Good";
 74 |                             break;
 75 |                         case 2: 
 76 |                             j = "Bad";
 77 |                             break;
 78 |                         case 3:
 79 |                             j = "Careful";
 80 |                             break;
 81 |                     }
 82 | 
 83 |                     row.append('<td>' + j + '</td>');
 84 | 
 85 |                     row.append('<td>' + value.AppName + '</td>');
 86 |                     row.append('<td>' + value.CmdExePath + '</td>');
 87 |                     row.append('<td>' + value.CmdArgs + '</td>');
 88 | 
 89 |                     if (value.Assumption != "openwith") {
 90 |                         $('#myTable tbody').append(row);
 91 |                     }
 92 |                 });
 93 | 
 94 |                 $('#myTable').DataTable({
 95 |                     searching: false,
 96 |                     paging: false,
 97 |                 });
 98 |             });
 99 |         });
100 |     </script>
101 | </body>
102 | </html>


--------------------------------------------------------------------------------
/index.html:
--------------------------------------------------------------------------------
  1 | <!DOCTYPE html>
  2 | <html lang="en">
  3 | <head>
  4 |     <meta charset="UTF-8">
  5 |     <meta name="viewport" content="width=device-width, initial-scale=1.0">
  6 |     <title>Bad Files</title>
  7 |     <link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/1.11.5/css/jquery.dataTables.css">
  8 |     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
  9 | 
 10 |     <script type="text/javascript" charset="utf8" src="https://code.jquery.com/jquery-3.5.1.js"></script>
 11 |     <script type="text/javascript" charset="utf8" src="https://cdn.datatables.net/1.11.5/js/jquery.dataTables.js"></script>
 12 |     <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
 13 | 
 14 |     <link rel="stylesheet" href="styles.css"></link>
 15 | </head>
 16 | <body>
 17 |     <nav class="navbar navbar-expand-lg navbar-dark bg-dark">
 18 |         <div class="container-fluid">
 19 |             <a class="navbar-brand" href="#!">badfiles</a>
 20 |                 <button class="navbar-toggler" 
 21 |                     type="button" 
 22 |                     data-bs-toggle="collapse" 
 23 |                     data-bs-target="#navbarSupportedContent" 
 24 |                     aria-controls="navbarSupportedContent" 
 25 |                     aria-expanded="false" 
 26 |                     aria-label="Toggle navigation"
 27 |                 >
 28 |                 <span class="navbar-toggler-icon"></span>
 29 |             </button>
 30 |     
 31 |             <div class="collapse navbar-collapse" id="navbarSupportedContent">
 32 |                 <ul class="navbar-nav mr-auto">
 33 |                     <li class="nav-item"><a class="nav-link active" href="/">Extensions</a></li>
 34 |                     <li class="nav-item"><a class="nav-link" href="/windows.html">Windows</a></li>
 35 |                     <li class="nav-item"><a class="nav-link" href="/about.html">About</a></li>
 36 |                 </ul>
 37 |             </div>
 38 |         </div>
 39 |     </nav>
 40 |     
 41 |     <table id="myTable" class="table compact cell-border ">
 42 |         <thead>
 43 |             <tr>
 44 |                 <th>Extension</th>
 45 |                 <th>Category</th>
 46 |                 <th>Exec</th>
 47 |                 <th>MITRE InitialAccess</th>
 48 |                 <th>MITRE Execution</th>
 49 | 
 50 |                 <th>Notes</th>
 51 |                 <th>Builtin</th>
 52 |             </tr>
 53 |         </thead>
 54 |         <tbody>
 55 |             <!-- Data will be inserted here via JavaScript -->
 56 |         </tbody>
 57 |     </table>
 58 | 
 59 |     <script>
 60 |         $(document).ready(function() {
 61 |             $.getJSON('info.json', function(data) {
 62 |                 $.each(data, function(key, value) {
 63 |                     var row = $('<tr></tr>');
 64 | 
 65 |                     var Confidence = value.Confidence !== undefined ? value.Confidence : '';
 66 |                     var Common = value.Common !== undefined ? value.Common : '';
 67 |                     var Exec = value.Exec !== undefined ? value.Exec : '';
 68 |                     var Category = value.Category !== undefined ? value.Category : '';
 69 |                     var MitreInitialAccess = value.MitreInitialAccess !== undefined ? value.MitreInitialAccess : '';
 70 |                     var MitreExecution = value.MitreExecution !== undefined ? value.MitreExecution : '';
 71 |                     var WindowsBuiltin = value.WindowsBuiltin !== undefined ? value.WindowsBuiltin : '';
 72 |                     var Notes = value.Notes !== undefined ? value.Notes : '';
 73 | 
 74 |                     row.append('<td style="padding-left: 1em">' + value.Extension + '</td>');
 75 |                     row.append('<td>' + Category + '</td>');
 76 | 
 77 |                     if (Exec == "") {
 78 |                         row.append('<td>' + Exec + '</td>');
 79 |                     } else {
 80 |                         row.append('<td style="color: red;" data-bs-toggle="tooltip" data-bs-placement="top" title="Can execute arbitrary code when opened">' + Exec + '</td>');
 81 |                     }
 82 | 
 83 |                     if (MitreInitialAccess == "") {
 84 |                         row.append('<td>' + '</td>');
 85 |                     } else {
 86 |                         row.append('<td style="color: orange;" data-bs-toggle="tooltip" data-bs-placement="top" title="MITRE Initial Access">' + MitreInitialAccess + '</td>');
 87 |                     }
 88 |                     if (MitreExecution == "") {
 89 |                         row.append('<td>' + '</td>');
 90 |                     } else {
 91 |                         row.append('<td style="color: orange;" data-bs-toggle="tooltip" data-bs-placement="top" title="MITRE Execution">' + MitreExecution + '</td>');
 92 |                     }
 93 |                     
 94 |                     
 95 |                     row.append('<td>' + Notes + '</td>');
 96 |                     row.append('<td data-bs-toggle="tooltip" data-bs-placement="top" title="Windows builtin">' + WindowsBuiltin + '</td>');
 97 |                     $('#myTable tbody').append(row);
 98 |                 });
 99 | 
100 |                 $('#myTable').DataTable({
101 |                     searching: false,
102 |                     paging: false,
103 |                     columnDefs: [{
104 |                       targets: "_all",
105 |                       className: 'dt-left'
106 |                     }]
107 |                 });
108 |             });
109 |         });
110 |     </script>
111 | </body>
112 | </html>


--------------------------------------------------------------------------------
/about.html:
--------------------------------------------------------------------------------
  1 | <!DOCTYPE html>
  2 | <html lang="en">
  3 | <head>
  4 |     <meta charset="UTF-8">
  5 |     <meta name="viewport" content="width=device-width, initial-scale=1.0">
  6 |     <title>Bad Files</title>
  7 |     <link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/1.11.5/css/jquery.dataTables.css">
  8 |     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
  9 | 
 10 |     <script type="text/javascript" charset="utf8" src="https://code.jquery.com/jquery-3.5.1.js"></script>
 11 |     <script type="text/javascript" charset="utf8" src="https://cdn.datatables.net/1.11.5/js/jquery.dataTables.js"></script>
 12 |     <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
 13 | 
 14 |     <link rel="stylesheet" href="styles.css"></link>
 15 | </head>
 16 | <body>
 17 |     <nav class="navbar navbar-expand-lg navbar-dark bg-dark">
 18 |         <div class="container-fluid">
 19 |             <a class="navbar-brand" href="#!">badfiles</a>
 20 |             <button class="navbar-toggler" 
 21 |                     type="button" 
 22 |                     data-bs-toggle="collapse" 
 23 |                     data-bs-target="#navbarSupportedContent" 
 24 |                     aria-controls="navbarSupportedContent" 
 25 |                     aria-expanded="false" 
 26 |                     aria-label="Toggle navigation"
 27 |             >
 28 |                 <span class="navbar-toggler-icon"></span>
 29 |             </button>
 30 |     
 31 |             <div class="collapse navbar-collapse" id="navbarSupportedContent">
 32 |                 <ul class="navbar-nav mr-auto">
 33 |                     <li class="nav-item"><a class="nav-link " href="/">Extensions</a></li>
 34 |                     <li class="nav-item"><a class="nav-link " href="/windows.html">Windows</a></li>
 35 |                     <li class="nav-item"><a class="nav-link active" href="/about.html">About</a></li>
 36 |                 </ul>
 37 |             </div>
 38 |         </div>
 39 |     </nav>
 40 | 
 41 |     <h1>Legend</h1>
 42 | 
 43 |     There are many lists out there which enumerate bad, malicious, or potentially dangerous file extensions. <br>
 44 |     The list usually includes .exe, .dll, .docx, .zip, .iso and .html. But why are these file extensions dangerous?
 45 |     Are they all equally dangerous? <br>
 46 |     This website or list should give a more nuanced view on the whole problem.
 47 |     It is part of Windows Application Attack Surface Analyzer <a href="https://github.com/dobin/waasa">WAASA</a>.
 48 | 
 49 |     <h3>Category</h3>
 50 |     <p>
 51 |     A wide categorization of the extensions. 
 52 |     Mostly for <b>organizational purposes</b>. 
 53 |     Not strict, consumed by humans, informative.<br>
 54 | 
 55 |     <table class="table">
 56 |         <tr>
 57 |             <th>Category</th>
 58 |             <th>Description</th>
 59 |             <th>Can execute?</th>
 60 |         </tr>
 61 |         <tr>
 62 |             <td>Office</td>
 63 |             <td>Mostly MS Office related (.docx, .pptm)</td>
 64 |             <td>Yes: Makros, OLE</td>
 65 |         </tr><tr>
 66 |             <td>Executable</td>
 67 |             <td>Its a file intended to be executed, native code (.exe, .bat)</td>
 68 |             <td>Always</td>
 69 |         </tr><tr>
 70 |             <td>Script</td>
 71 |             <td>Its a file intended to be executed, interpreted code (.js, .vb)</td>
 72 |             <td>Usually</td>
 73 |         </tr><tr>
 74 |             <td>Code</td>
 75 |             <td>It has code, but cannot be executed by double clicking (.dll, .aspx)</td>
 76 |             <td>Never</td>
 77 |         </tr><tr>
 78 |             <td>System</td>
 79 |             <td>Windows related files without much details (can be executable, script, code...)</td>
 80 |             <td>Can</td>
 81 |         </tr><tr>
 82 |             <td>Document</td>
 83 |             <td>A document which cannot execute code (.rtf)</td>
 84 |             <td>Never</td>
 85 |         </tr><tr>
 86 |             <td>Archive</td>
 87 |             <td>File archive (.zip, .rar). Can usually execute code.</td>
 88 |             <td>Always</td>
 89 |         </tr><tr>
 90 |             <td>HTML</td>
 91 |             <td>Special case dedicated for HTML (.html, .htm). Can execute code by HTML Smuggling files</td>
 92 |             <td>Yes</td>
 93 |         </tr><tr>
 94 |             <td>Image</td>
 95 |             <td>Plain old images (.jpg, .gif)</td>
 96 |             <td>No</td>
 97 |         </tr>
 98 |     </table>
 99 | 
100 |     </p>
101 | 
102 |     <h3>Exec</h3>
103 |     <p>
104 |     Is it possible to <b>execute code when opened/clicked</b>? <br>
105 |     Or in other words, can it lead to initial access?
106 |     <ul>
107 |         <li>Directly executable: .exe, .com, .scr</li>
108 |         <li>Feature executable: .docm (Makros and OLE)</li>
109 |         <li>File container: .zip, .iso (can contain executable files)</li>
110 |         <li>Special cases: .lnk, .reg</li>
111 |     </ul>
112 |     Note: For many of the more unknown/uncommon file extensions, it is not completely clear if code execution is possible.
113 |     </p>
114 | 
115 |     <h3>MITRE Initial Access & Execution</h3>
116 |     <p>
117 |     <b>MITRE Initial Access</b>: Is the file extension being used for initial access? (Opinion based on CTI)<br>
118 |     Currently, a lot of attacks involve .iso, .zip with a .exe or .bat. Also .docm has been widely used, now 
119 |     superseeded by .one. This is based on my own Cyber Threat Intelligence (CTI) gathering and common sense.
120 |     <br>
121 |     <br>
122 |     <b>MITRE Execution</b>: Is the file extension being used for execution? <br>
123 |     This opinion is also based on CTI. For example threat actors like to chain .lnk, .bat, .js, .vbs and rundll 
124 |     to execute different parts of their execution chain. 
125 |     <br>
126 |     </p>
127 | 
128 |     <h3>Builtin</h3>
129 |     <p>
130 |         If its generally directly builtin into windows. Informative, unstable. <br>
131 |         .exe is always builtin, .docm is an optional software.
132 |     </p>
133 | 
134 |     <h1>YAML Specification</h1>
135 |     The <a href="https://github.com/dobin/badfiles/blob/main/info.yaml">YAML file</a> contains more data than displayed currently.
136 |     <p>
137 |         <table class="table">
138 |             <tr>
139 |                 <td>Extension</td>
140 |                 <td>The file extension, with a dot (.exe)</td>
141 |             </tr><tr>
142 |                 <td>Category</td>
143 |                 <td>Broad category of this file extension (Archive, Executable)</td>
144 |             </tr><tr>
145 |                 <td>Description</td>
146 |                 <td>The file extension written out (.msi -> Windows Installer Package)</td>
147 |             </tr><tr>
148 |                 <td>Confidence</td>
149 |                 <td>
150 |                     How much i'd trust ALL information in this extension description <br>
151 |                     "High" when written, "Low" when nothing is mentioned.
152 |                 </td>
153 |             </tr><tr>
154 |                 <td>Common</td>
155 |                 <td>
156 |                     Is the file a common sight? (.docx yes, .pif no) <br>
157 |                     True if its common, default is False. 
158 |                 </td>
159 |             </tr><tr>
160 |                 <td>Exec</td>
161 |                 <td>
162 |                     Can the file be executed (.exe, .vb), or provides feature which can lead to execution? (.docm, .iso)<br>
163 |                     Or in other words, can this file be reasonably lead the user to execute attacker code? Default False.
164 |                 </td>
165 |             </tr><tr>
166 |                 <td>Code</td>
167 |                 <td>
168 |                     The file contains code, which cannot be directly executed when clicking. <br>
169 |                     For example .dll, .aspx, .sh are typically harmless when clicked. Can be used for MITRE Execution. Default False.
170 |                 </td>
171 |             </tr><tr>
172 |                 <td>MitreInitialAccess</td>
173 |                 <td>
174 |                     The extension is known to be used in real world attacks as initial access.
175 |                     Either "often" or "sometimes". Will be "no" if not set.
176 |                 </td>
177 |             </tr><tr>
178 |                 <td>MitreExecution</td>
179 |                 <td>
180 |                     The extension is known to be used in real world attacks as execution.
181 |                     Either "often" or "sometimes". Will be "no" if not set.
182 |                 </td>
183 |             </tr><tr>
184 |                 <td>WindowsBuiltin</td>
185 |                 <td>
186 |                     Does windows support it out of the box. <br>
187 |                     .docx will be a False, .zip will be a True. Default False.
188 |                 </td>
189 |             </tr><tr>
190 |                 <td>Notes</td>
191 |                 <td>
192 |                     Notes about the exploitability, recommendations, hardening etc.
193 |                 </td>
194 |             </tr><tr>
195 |                 <td>Container</td>
196 |                 <td>
197 |                     Set to true if it can contain other files (e.g. .zip, .iso, .docx). <br>
198 |                     Usually always executable. Default False.
199 |                 </td>
200 |             </tr><tr>
201 |                 <td>BusinessCase</td>
202 |                 <td>
203 |                     Does a business case exist for this file extension? <br>
204 |                     .docx often has one, .pif not. Default False.
205 |                 </td>
206 |             </tr>
207 |         </table>
208 |     </p>
209 | 
210 |     <h1>Source</h1>
211 |     <p>
212 |     Github Repo: <a href="https://github.com/dobin/badfiles">dobin/badfiles</a>
213 |     <br>
214 |     Waasa: <a href="https://github.com/dobin/waasa">dobin/waasa</a><br>
215 |     </p>
216 | 
217 |     <h1>Where is the data coming from?</h1>
218 | 
219 |     <ul>
220 |         <li>filesec.io list</li>
221 |         <li>govcert.ch list </li>
222 |         <li>IOProtect.ch list</li>
223 |         <li>MS Outlook & OneNote list https://support.microsoft.com/en-us/office/blocked-attachments-in-outlook-434752e1-02d3-4e90-9124-8b81e49a8519</li>
224 |         <li>https://github.com/michalzobec/Security-Blocked-File-Extensions-Attachments</li>
225 |         <li>ChatGPT</li>
226 |         <li>Me</li>
227 |         <li>https://www.howtogeek.com/137270/50-file-extensions-that-are-potentially-dangerous-on-windows/</li>
228 |     </ul>
229 | 
230 | </body>
231 | </html>


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                     GNU GENERAL PUBLIC LICENSE
  2 |                        Version 3, 29 June 2007
  3 | 
  4 |  Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  5 |  Everyone is permitted to copy and distribute verbatim copies
  6 |  of this license document, but changing it is not allowed.
  7 | 
  8 |                             Preamble
  9 | 
 10 |   The GNU General Public License is a free, copyleft license for
 11 | software and other kinds of works.
 12 | 
 13 |   The licenses for most software and other practical works are designed
 14 | to take away your freedom to share and change the works.  By contrast,
 15 | the GNU General Public License is intended to guarantee your freedom to
 16 | share and change all versions of a program--to make sure it remains free
 17 | software for all its users.  We, the Free Software Foundation, use the
 18 | GNU General Public License for most of our software; it applies also to
 19 | any other work released this way by its authors.  You can apply it to
 20 | your programs, too.
 21 | 
 22 |   When we speak of free software, we are referring to freedom, not
 23 | price.  Our General Public Licenses are designed to make sure that you
 24 | have the freedom to distribute copies of free software (and charge for
 25 | them if you wish), that you receive source code or can get it if you
 26 | want it, that you can change the software or use pieces of it in new
 27 | free programs, and that you know you can do these things.
 28 | 
 29 |   To protect your rights, we need to prevent others from denying you
 30 | these rights or asking you to surrender the rights.  Therefore, you have
 31 | certain responsibilities if you distribute copies of the software, or if
 32 | you modify it: responsibilities to respect the freedom of others.
 33 | 
 34 |   For example, if you distribute copies of such a program, whether
 35 | gratis or for a fee, you must pass on to the recipients the same
 36 | freedoms that you received.  You must make sure that they, too, receive
 37 | or can get the source code.  And you must show them these terms so they
 38 | know their rights.
 39 | 
 40 |   Developers that use the GNU GPL protect your rights with two steps:
 41 | (1) assert copyright on the software, and (2) offer you this License
 42 | giving you legal permission to copy, distribute and/or modify it.
 43 | 
 44 |   For the developers' and authors' protection, the GPL clearly explains
 45 | that there is no warranty for this free software.  For both users' and
 46 | authors' sake, the GPL requires that modified versions be marked as
 47 | changed, so that their problems will not be attributed erroneously to
 48 | authors of previous versions.
 49 | 
 50 |   Some devices are designed to deny users access to install or run
 51 | modified versions of the software inside them, although the manufacturer
 52 | can do so.  This is fundamentally incompatible with the aim of
 53 | protecting users' freedom to change the software.  The systematic
 54 | pattern of such abuse occurs in the area of products for individuals to
 55 | use, which is precisely where it is most unacceptable.  Therefore, we
 56 | have designed this version of the GPL to prohibit the practice for those
 57 | products.  If such problems arise substantially in other domains, we
 58 | stand ready to extend this provision to those domains in future versions
 59 | of the GPL, as needed to protect the freedom of users.
 60 | 
 61 |   Finally, every program is threatened constantly by software patents.
 62 | States should not allow patents to restrict development and use of
 63 | software on general-purpose computers, but in those that do, we wish to
 64 | avoid the special danger that patents applied to a free program could
 65 | make it effectively proprietary.  To prevent this, the GPL assures that
 66 | patents cannot be used to render the program non-free.
 67 | 
 68 |   The precise terms and conditions for copying, distribution and
 69 | modification follow.
 70 | 
 71 |                        TERMS AND CONDITIONS
 72 | 
 73 |   0. Definitions.
 74 | 
 75 |   "This License" refers to version 3 of the GNU General Public License.
 76 | 
 77 |   "Copyright" also means copyright-like laws that apply to other kinds of
 78 | works, such as semiconductor masks.
 79 | 
 80 |   "The Program" refers to any copyrightable work licensed under this
 81 | License.  Each licensee is addressed as "you".  "Licensees" and
 82 | "recipients" may be individuals or organizations.
 83 | 
 84 |   To "modify" a work means to copy from or adapt all or part of the work
 85 | in a fashion requiring copyright permission, other than the making of an
 86 | exact copy.  The resulting work is called a "modified version" of the
 87 | earlier work or a work "based on" the earlier work.
 88 | 
 89 |   A "covered work" means either the unmodified Program or a work based
 90 | on the Program.
 91 | 
 92 |   To "propagate" a work means to do anything with it that, without
 93 | permission, would make you directly or secondarily liable for
 94 | infringement under applicable copyright law, except executing it on a
 95 | computer or modifying a private copy.  Propagation includes copying,
 96 | distribution (with or without modification), making available to the
 97 | public, and in some countries other activities as well.
 98 | 
 99 |   To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies.  Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 | 
103 |   An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License.  If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 | 
112 |   1. Source Code.
113 | 
114 |   The "source code" for a work means the preferred form of the work
115 | for making modifications to it.  "Object code" means any non-source
116 | form of a work.
117 | 
118 |   A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 | 
123 |   The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form.  A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 | 
134 |   The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities.  However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work.  For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 | 
147 |   The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 | 
151 |   The Corresponding Source for a work in source code form is that
152 | same work.
153 | 
154 |   2. Basic Permissions.
155 | 
156 |   All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met.  This License explicitly affirms your unlimited
159 | permission to run the unmodified Program.  The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work.  This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 | 
164 |   You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force.  You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright.  Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 | 
175 |   Conveying under any other circumstances is permitted solely under
176 | the conditions stated below.  Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 | 
179 |   3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 | 
181 |   No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 | 
187 |   When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 | 
195 |   4. Conveying Verbatim Copies.
196 | 
197 |   You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 | 
205 |   You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 | 
208 |   5. Conveying Modified Source Versions.
209 | 
210 |   You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 | 
214 |     a) The work must carry prominent notices stating that you modified
215 |     it, and giving a relevant date.
216 | 
217 |     b) The work must carry prominent notices stating that it is
218 |     released under this License and any conditions added under section
219 |     7.  This requirement modifies the requirement in section 4 to
220 |     "keep intact all notices".
221 | 
222 |     c) You must license the entire work, as a whole, under this
223 |     License to anyone who comes into possession of a copy.  This
224 |     License will therefore apply, along with any applicable section 7
225 |     additional terms, to the whole of the work, and all its parts,
226 |     regardless of how they are packaged.  This License gives no
227 |     permission to license the work in any other way, but it does not
228 |     invalidate such permission if you have separately received it.
229 | 
230 |     d) If the work has interactive user interfaces, each must display
231 |     Appropriate Legal Notices; however, if the Program has interactive
232 |     interfaces that do not display Appropriate Legal Notices, your
233 |     work need not make them do so.
234 | 
235 |   A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit.  Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 | 
245 |   6. Conveying Non-Source Forms.
246 | 
247 |   You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 | 
252 |     a) Convey the object code in, or embodied in, a physical product
253 |     (including a physical distribution medium), accompanied by the
254 |     Corresponding Source fixed on a durable physical medium
255 |     customarily used for software interchange.
256 | 
257 |     b) Convey the object code in, or embodied in, a physical product
258 |     (including a physical distribution medium), accompanied by a
259 |     written offer, valid for at least three years and valid for as
260 |     long as you offer spare parts or customer support for that product
261 |     model, to give anyone who possesses the object code either (1) a
262 |     copy of the Corresponding Source for all the software in the
263 |     product that is covered by this License, on a durable physical
264 |     medium customarily used for software interchange, for a price no
265 |     more than your reasonable cost of physically performing this
266 |     conveying of source, or (2) access to copy the
267 |     Corresponding Source from a network server at no charge.
268 | 
269 |     c) Convey individual copies of the object code with a copy of the
270 |     written offer to provide the Corresponding Source.  This
271 |     alternative is allowed only occasionally and noncommercially, and
272 |     only if you received the object code with such an offer, in accord
273 |     with subsection 6b.
274 | 
275 |     d) Convey the object code by offering access from a designated
276 |     place (gratis or for a charge), and offer equivalent access to the
277 |     Corresponding Source in the same way through the same place at no
278 |     further charge.  You need not require recipients to copy the
279 |     Corresponding Source along with the object code.  If the place to
280 |     copy the object code is a network server, the Corresponding Source
281 |     may be on a different server (operated by you or a third party)
282 |     that supports equivalent copying facilities, provided you maintain
283 |     clear directions next to the object code saying where to find the
284 |     Corresponding Source.  Regardless of what server hosts the
285 |     Corresponding Source, you remain obligated to ensure that it is
286 |     available for as long as needed to satisfy these requirements.
287 | 
288 |     e) Convey the object code using peer-to-peer transmission, provided
289 |     you inform other peers where the object code and Corresponding
290 |     Source of the work are being offered to the general public at no
291 |     charge under subsection 6d.
292 | 
293 |   A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 | 
297 |   A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling.  In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage.  For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product.  A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 | 
310 |   "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source.  The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 | 
318 |   If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information.  But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 | 
329 |   The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed.  Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 | 
337 |   Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 | 
343 |   7. Additional Terms.
344 | 
345 |   "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law.  If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 | 
354 |   When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it.  (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.)  You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 | 
361 |   Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 | 
365 |     a) Disclaiming warranty or limiting liability differently from the
366 |     terms of sections 15 and 16 of this License; or
367 | 
368 |     b) Requiring preservation of specified reasonable legal notices or
369 |     author attributions in that material or in the Appropriate Legal
370 |     Notices displayed by works containing it; or
371 | 
372 |     c) Prohibiting misrepresentation of the origin of that material, or
373 |     requiring that modified versions of such material be marked in
374 |     reasonable ways as different from the original version; or
375 | 
376 |     d) Limiting the use for publicity purposes of names of licensors or
377 |     authors of the material; or
378 | 
379 |     e) Declining to grant rights under trademark law for use of some
380 |     trade names, trademarks, or service marks; or
381 | 
382 |     f) Requiring indemnification of licensors and authors of that
383 |     material by anyone who conveys the material (or modified versions of
384 |     it) with contractual assumptions of liability to the recipient, for
385 |     any liability that these contractual assumptions directly impose on
386 |     those licensors and authors.
387 | 
388 |   All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10.  If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term.  If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 | 
398 |   If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 | 
403 |   Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 | 
407 |   8. Termination.
408 | 
409 |   You may not propagate or modify a covered work except as expressly
410 | provided under this License.  Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 | 
415 |   However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 | 
422 |   Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 | 
429 |   Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License.  If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 | 
435 |   9. Acceptance Not Required for Having Copies.
436 | 
437 |   You are not required to accept this License in order to receive or
438 | run a copy of the Program.  Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance.  However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work.  These actions infringe copyright if you do
443 | not accept this License.  Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 | 
446 |   10. Automatic Licensing of Downstream Recipients.
447 | 
448 |   Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License.  You are not responsible
451 | for enforcing compliance by third parties with this License.
452 | 
453 |   An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations.  If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 | 
463 |   You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License.  For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 | 
471 |   11. Patents.
472 | 
473 |   A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based.  The
475 | work thus licensed is called the contributor's "contributor version".
476 | 
477 |   A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version.  For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 | 
487 |   Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 | 
492 |   In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement).  To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 | 
499 |   If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients.  "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 | 
513 |   If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 | 
521 |   A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License.  You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 | 
536 |   Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 | 
540 |   12. No Surrender of Others' Freedom.
541 | 
542 |   If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License.  If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all.  For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 | 
552 |   13. Use with the GNU Affero General Public License.
553 | 
554 |   Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work.  The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 | 
563 |   14. Revised Versions of this License.
564 | 
565 |   The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time.  Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 | 
570 |   Each version is given a distinguishing version number.  If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation.  If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 | 
579 |   If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 | 
584 |   Later license versions may give you additional or different
585 | permissions.  However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 | 
589 |   15. Disclaimer of Warranty.
590 | 
591 |   THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 | 
600 |   16. Limitation of Liability.
601 | 
602 |   IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 | 
612 |   17. Interpretation of Sections 15 and 16.
613 | 
614 |   If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 | 
621 |                      END OF TERMS AND CONDITIONS
622 | 
623 |             How to Apply These Terms to Your New Programs
624 | 
625 |   If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 | 
629 |   To do so, attach the following notices to the program.  It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 | 
634 |     <one line to give the program's name and a brief idea of what it does.>
635 |     Copyright (C) <year>  <name of author>
636 | 
637 |     This program is free software: you can redistribute it and/or modify
638 |     it under the terms of the GNU General Public License as published by
639 |     the Free Software Foundation, either version 3 of the License, or
640 |     (at your option) any later version.
641 | 
642 |     This program is distributed in the hope that it will be useful,
643 |     but WITHOUT ANY WARRANTY; without even the implied warranty of
644 |     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
645 |     GNU General Public License for more details.
646 | 
647 |     You should have received a copy of the GNU General Public License
648 |     along with this program.  If not, see <https://www.gnu.org/licenses/>.
649 | 
650 | Also add information on how to contact you by electronic and paper mail.
651 | 
652 |   If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 | 
655 |     <program>  Copyright (C) <year>  <name of author>
656 |     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 |     This is free software, and you are welcome to redistribute it
658 |     under certain conditions; type `show c' for details.
659 | 
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License.  Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 | 
664 |   You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | <https://www.gnu.org/licenses/>.
668 | 
669 |   The GNU General Public License does not permit incorporating your program
670 | into proprietary programs.  If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library.  If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License.  But first, please read
674 | <https://www.gnu.org/licenses/why-not-lgpl.html>.
675 | 


--------------------------------------------------------------------------------
/info.json:
--------------------------------------------------------------------------------
1 | [{"Extension": ".exe", "Category": "Executable", "Description": "Windows executable file", "Confidence": "High", "Common": true, "Exec": true, "MitreInitialAccess": "sometimes", "MitreExecution": "often", "WindowsBuiltin": true, "Notes": "Always available, except if application whitelistening is active. Commonly blocked.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".com", "Category": "Executable", "Description": "Command File for DOS", "Confidence": "High", "Exec": true, "MitreInitialAccess": "sometimes", "MitreExecution": "often", "WindowsBuiltin": true, "Notes": "Always available, except if application whitelistening is active. Commonly blocked.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".scr", "Category": "Executable", "Description": "Windows Screen Saver", "Confidence": "High", "Exec": true, "WindowsBuiltin": true, "Notes": "Just an .exe", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".bat", "Category": "Executable", "Description": "Batch script file for cmd.exe", "Confidence": "High", "Exec": true, "MitreInitialAccess": "often", "MitreExecution": "often", "WindowsBuiltin": true, "Notes": "Always available, except if application whitelistening is active. Commonly blocked.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".cmd", "Category": "Executable", "Description": "Windows Command Script", "Confidence": "High", "Exec": true, "WindowsBuiltin": true, "MitreExecution": "sometimes", "Notes": "Just a .bat", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".msi", "Category": "Executable", "Description": "Windows Installer Package", "Confidence": "High", "Common": true, "Exec": true, "MitreInitialAccess": "sometimes", "MitreExecution": "sometimes", "WindowsBuiltin": true, "Notes": "While meant for installations, it can be crafted to deploy malicious software.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".msix", "Category": "Executable", "Description": "Windows Installer Package", "Exec": true, "WindowsBuiltin": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".msixbundle", "Category": "Executable", "Description": "Windows Installer Package", "Exec": true, "WindowsBuiltin": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".vbs", "Category": "Script", "Description": "VBScript file", "Confidence": "High", "Common": true, "Exec": true, "MitreInitialAccess": "sometimes", "MitreExecution": "often", "WindowsBuiltin": true, "Notes": "Scripting language file. Can be used to execute malicious scripts.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".vbe", "Category": "Script", "Description": "VBScript Encoded Script File", "Confidence": "Govcert.ch", "Exec": true, "WindowsBuiltin": true, "MitreInitialAccess": "sometimes", "Notes": "Encoded version of .vbs. Makes it harder to read, but can be used for same malicious purposes as .vbs.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".vb", "Category": "Script", "Description": "Windows Visual Basic Script file", "Confidence": "Govcert.ch", "Exec": true, "WindowsBuiltin": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".vbscript", "Category": "Script", "Description": "Windows Visual Basic Script file", "Notes": "Some sites claim .vbscript is a valid extension for vbs files.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".drv", "Category": "Executable", "Description": "Windows Executable", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".wsf", "Category": "Script", "Description": "Windows Script File", "Confidence": "Govcert.ch", "Exec": true, "WindowsBuiltin": true, "MitreInitialAccess": "sometimes", "MitreExecution": "sometimes", "Notes": "Allows mixing of scripting languages. Can execute malicious scripts.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".wsh", "Category": "Script", "Description": "Windows Script Host Settings File", "Confidence": "Govcert.ch", "Exec": true, "WindowsBuiltin": true, "Notes": "Used to set properties for script execution. Can be used in conjunction with other scripts for execution.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".ws", "Category": "Script", "Exec": true, "Description": "Windows Script file", "WindowsBuiltin": true, "Notes": "Can execute scripts, similar to other Windows scripting files like .vbs or .js.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".wsc", "Exec": true, "Category": "Script", "Description": "Windows Script Component", "WindowsBuiltin": true, "Notes": "Allows for the creation of COM objects with scripts. Can be used to execute malicious scripts.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".inf", "Exec": true, "Category": "System", "WindowsBuiltin": true, "Notes": "If run, this file could potentially launch dangerous applications it came with or pass dangerous options to programs included with Windows.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".ini", "Category": "System", "WindowsBuiltin": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "DANGEROUS", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".application", "Category": "System", "Description": "ClickOnce Deployment Manifest", "Confidence": "Filesec", "Exec": true, "WindowsBuiltin": true, "Notes": "ClickOnce applications can execute code when deployed.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".appinstaller", "Description": "Windows 10 App Installer", "Category": "System", "Confidence": "Filesec", "Exec": true, "WindowsBuiltin": true, "Notes": "Used to install apps. Potentially harmful if sourced from untrusted locations."}, {"Extension": ".appref-ms", "Description": "ClickOnce Application Reference", "Category": "System", "Confidence": "Filesec", "Exec": true, "WindowsBuiltin": true, "Notes": "A pointer to a ClickOnce application. Can cause the referenced application to be run.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".appx", "Description": "Windows Application Package", "Category": "System", "Confidence": "Filesec", "Exec": true, "WindowsBuiltin": true, "Notes": "Can be used to install potentially malicious Windows apps.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".appxbundle", "Description": "Windows App Bundle", "Category": "System", "Confidence": "Filesec", "Exec": true, "WindowsBuiltin": true, "Notes": "Bundle of APPX packages. Can install potentially malicious apps.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".chm", "Description": "Compiled HTML Help file", "Category": "Script", "Confidence": "Filesec", "Exec": true, "WindowsBuiltin": true, "MitreInitialAccess": "sometimes", "Notes": "Can run embedded scripts or malicious payloads when opened.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".chi", "Description": "Compiled HTML Help file", "Category": "Script", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".hlp", "Description": "Windows Script Component", "WindowsBuiltin": true, "Notes": "Legacy help file format. Can potentially execute other files or code under specific circumstances.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".cpl", "Description": "Windows Control Panel item", "Category": "System", "Confidence": "Filesec", "Exec": true, "WindowsBuiltin": true, "Notes": "Executes directly, potentially harmful if malicious.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".desktopthemefile", "Description": "Executable", "Category": "System", "WindowsBuiltin": true, "Notes": "For customizing appearance in Windows, but be wary of the source."}, {"Extension": ".diagcab", "Description": "Microsoft Windows Troubleshooting Pack", "Category": "System", "Confidence": "Filesec", "Exec": true, "WindowsBuiltin": true, "Notes": "Can be used to automate troubleshooting steps, but can also be abused.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".dmg", "Description": "Apple Disk Image", "Category": "System", "Exec": true, "Notes": "Used to mount applications on macOS", "ChromePlatform": "PLATFORM_TYPE_MAC", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".gadget", "Description": "Windows Gadget", "Category": "System", "Confidence": "Filesec", "Exec": true, "WindowsBuiltin": true, "Notes": "Can execute code, especially if the gadget is malicious.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".hta", "Description": "HTML Application", "Category": "Script", "Confidence": "Filesec", "Exec": true, "WindowsBuiltin": true, "Notes": "An HTML application. Unlike HTML applications run in browsers, .HTA files are run as trusted applications without sandboxing.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".img", "Description": "Disk image file", "Category": "Archive", "Confidence": "Low", "WindowsBuiltin": true, "Notes": "Non-executable by default. However, contents inside can be harmful once deployed/mounted.", "ChromePlatform": "PLATFORM_TYPE_MAC", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".jnlp", "Description": "Java Network Launch Protocol", "Category": "App", "Exec": true, "Confidence": "High", "WindowsBuiltin": false, "Notes": "Can run Java applications remotely. Ensure Java security settings are strict.", "ChromePlatform": "PLATFORM_TYPE_ANY", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".js", "Description": "JavaScript file", "WindowsBuiltin": true, "Confidence": "Low", "Exec": true, "Category": "Script", "MitreExecution": "often", "Notes": "A JavaScript file. .JS files are normally used by webpages and are safe if run in Web browsers. However, Windows will run .JS files outside the browser with no sandboxing.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".jse", "Description": "JScript Encoded Script File", "Category": "Script", "Exec": true, "Confidence": "Filesec", "WindowsBuiltin": true, "Notes": "Encoded .js file. Can execute malicious scripts.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".htc", "Description": "HTML Component", "Category": "Script", "Notes": "Contains script to be executed in web pages."}, {"Extension": ".mht", "Description": "MHTML Web Archive", "Category": "Script", "Confidence": "Filesec", "WindowsBuiltin": true, "Notes": "Web page archive format. Potential risk if it contains malicious scripts and is opened in a browser.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".mhtml", "Description": "MHTML Web Archive", "Category": "Script", "Confidence": "Filesec", "WindowsBuiltin": true, "Notes": "Web page archive format. Potential risk if it contains malicious scripts and is opened in a browser.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".app", "Description": "macOS application bundle", "Category": "System", "Confidence": "Govcert.ch", "WindowsBuiltin": true, "Exec": true, "Notes": "It's an application bundle on macOS. If malicious, it can introduce harmful software to the system.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".ocx", "Description": "OLE Control Extension (ActiveX)", "Category": "System", "Confidence": "Govcert.ch", "WindowsBuiltin": true, "Notes": "Can be used to run code when invoked by an application. Potential for malicious use.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".tlb", "Description": "Type Library", "Category": "System", "Confidence": "Govcert.ch", "WindowsBuiltin": true, "Notes": "Contains definitions and information for software components, but doesn't execute code itself."}, {"Extension": ".pif", "Description": "Program Information File", "Category": "System", "WindowsBuiltin": true, "Notes": "A program information file for MS-DOS programs. While .PIF files aren\ufffdt supposed to contain executable code, Windows will treat .PIFs the same as .EXE files if they contain executable code.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".msm", "Description": "Windows Installer Merge Module", "Category": "System", "WindowsBuiltin": true, "Notes": "While meant for installations, can introduce malicious components if tampered with."}, {"Extension": ".msp", "Description": "Windows Installer Patch", "Category": "System", "WindowsBuiltin": true, "Exec": true, "Notes": "Meant for updating software, but can be crafted to modify installations maliciously.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".mst", "Description": "Windows Installer Transform", "Category": "System", "Exec": true, "WindowsBuiltin": true, "Notes": "Contains changes to be applied to a Windows Installer package. Can be used maliciously to modify software installations.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".msu", "Description": "Microsoft Update Standalone Package", "Category": "System", "WindowsBuiltin": true, "Exec": true, "Notes": "Used to distribute Windows updates or hotfixes. If maliciously crafted, can introduce harmful changes to the system."}, {"Extension": ".ppkg", "Description": "Windows Provisioning Package file", "Category": "System", "Exec": true, "WindowsBuiltin": true, "Notes": "Used to configure settings on Windows devices. If malicious, can modify system settings."}, {"Extension": ".jar", "Description": "Java Archive", "Category": "System", "Exec": true, "MitreInitialAccess": "sometimes", "Notes": "Can execute Java code when opened with Java Runtime Environment, if installed.", "ChromePlatform": "PLATFORM_TYPE_ANY", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".doc", "Description": "Office Word Doc (with macros)", "Category": "Office", "Confidence": "High", "Common": true, "Exec": true, "MitreInitialAccess": "often", "Container": true, "BusinessCase": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".ppt", "Description": "Office Powerpoint Doc (with macros)", "Category": "Office", "Confidence": "High", "Common": true, "Exec": true, "MitreInitialAccess": "sometimes", "BusinessCase": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".xls", "Description": "Office Execel Doc (with macros)", "Category": "Office", "Confidence": "High", "Common": true, "Exec": true, "MitreInitialAccess": "sometimes", "BusinessCase": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".xlm", "Description": "Office Excel 4 Doc (with macros)", "Category": "Office", "Confidence": "High", "MitreInitialAccess": "sometimes", "Exec": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".docx", "Description": "Office Word Doc (without macros)", "Category": "Office", "Common": true, "Exec": true, "MitreInitialAccess": "often", "Container": true, "BusinessCase": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".pptx", "Description": "Office Powerpoint Doc (without macros)", "Category": "Office", "Confidence": "High", "Common": true, "Exec": true, "BusinessCase": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".xlsx", "Description": "Office Execel Doc with (without macros)", "Category": "Office", "Confidence": "High", "Common": true, "Exec": true, "MitreInitialAccess": "often", "BusinessCase": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".docm", "Description": "Office Word Doc with macros", "Category": "Office", "Confidence": "High", "Exec": true, "MitreInitialAccess": "often", "Container": true, "BusinessCase": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".dotm", "Description": "Office Word Template with macros", "Category": "Office", "Confidence": "High", "Exec": true, "MitreInitialAccess": "sometimes", "Container": true, "BusinessCase": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".pptm", "Description": "Office Powerpoint Doc with macros", "Category": "Office", "Confidence": "High", "Exec": true, "MitreInitialAccess": "sometimes", "BusinessCase": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".potm", "Description": "Office Powerpoint with macros", "Category": "Office", "Exec": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".ppam", "Description": "Microsoft PowerPoint Add-in file", "Category": "Office", "Exec": true, "MitreInitialAccess": "sometimes", "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".ppsm", "Description": "Office Powerpoint with macros", "Category": "Office", "Exec": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".xlsm", "Description": "Office Execel Doc with macros", "Category": "Office", "Confidence": "High", "Exec": true, "MitreInitialAccess": "often", "BusinessCase": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".xltm", "Description": "Office Execel Template with macros", "Category": "Office", "Exec": true, "BusinessCase": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".xlsb", "Description": "Office Excel Add-in", "Category": "Office", "Exec": true, "MitreInitialAccess": "often", "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".xlam", "Description": "Office Excel Add-in", "Category": "Office", "Exec": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".xll", "Description": "Office Excel Add-in", "Category": "Office", "Exec": true, "MitreInitialAccess": "sometimes", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".xlw", "Description": "Office Excel Add-in", "Category": "Office", "Exec": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".asd", "Description": "AutoRecovery file for Microsoft Word", "Category": "Office", "Confidence": "Filesec", "Exec": true, "Notes": "It's a Word recovery file, but be cautious of macros or embedded objects if opened."}, {"Extension": ".iqy", "Description": "Excel Web Query File", "Category": "Office", "Confidence": "Filesec", "Exec": true, "WindowsBuiltin": true, "Notes": "Can fetch data from external sources and can be used in data-driven attacks."}, {"Extension": ".sldm", "Description": "PowerPoint Slide Show with Macros", "Category": "Office", "Exec": true, "Notes": "While primarily a presentation format, the macro capability means it can contain and execute malicious VBA code.", "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".slk", "Description": "Symbolic Link format used by Microsoft Excel", "Category": "Office", "Notes": "Can potentially introduce malicious formulas or external data connections in Excel.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".ade", "Description": "Microsoft Access project extension", "Category": "Office", "Execute": true, "Notes": "Can contain scripts and execute actions within Access.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".adp", "Description": "Microsoft Access project", "Category": "Office", "Execute": true, "Notes": "Similar to .ade, can contain and execute scripts within Access.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".bas", "Description": "Basic module", "Category": "Office", "Notes": "Contains code for Visual Basic for Applications; can be run within host applications like MS Excel or Access.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".wbk", "Description": "Microsoft Word backup file", "Exec": true, "Category": "Office", "Notes": "Can contain and execute macros."}, {"Extension": ".bgi", "Description": "Borland Graphics Interface", "Category": "Office", "Exec": true, "Notes": "Old graphics program; be cautious of sources as it's an executable.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".mad", "Description": "Microsoft Access module shortcut", "Category": "Office", "Exec": true, "Notes": "Can reference and execute modules within Access.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".maf", "Description": "Microsoft Access form shortcut", "Category": "Office", "Notes": "Can reference and execute forms within Access.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".mag", "Description": "Microsoft Access diagram shortcut", "Category": "Office", "Notes": "Can reference and execute diagrams within Access.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".mam", "Description": "Microsoft Access macro shortcut", "Exec": true, "Category": "Office", "Notes": "Can reference and execute macros within Access.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".maq", "Description": "Microsoft Access query shortcut", "Category": "Office", "Notes": "Can reference and execute queries within Access.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".mar", "Description": "Microsoft Access report shortcut", "Category": "Office", "Notes": "Can reference and execute reports within Access.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".mas", "Description": "Microsoft Access stored procedures", "Exec": true, "Category": "Office", "Notes": "Contains code that can be executed within Access.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".mat", "Description": "Microsoft Access table shortcut", "Category": "Office", "Notes": "Can reference tables in Access.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".mav", "Description": "Microsoft Access view shortcut", "Category": "Office", "Notes": "Can reference and execute views within Access.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".maw", "Description": "Microsoft Access data access page", "Category": "Office", "Notes": "Can reference and execute data access pages in Access.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".one", "Description": "Onenote", "Category": "Office", "Confidence": "High", "Exec": true, "MitreInitialAccess": "often", "Container": true, "WindowsBuiltin": true, "Notes": "May have file extension blacklist"}, {"Extension": ".onepkg", "Description": "Onenote", "Category": "Office", "Exec": true, "Container": true, "WindowsBuiltin": true, "Notes": "May have file extension blacklist"}, {"Extension": ".onetoc", "Description": "Onenote", "Category": "Office", "Exec": true, "Container": true, "WindowsBuiltin": true, "Notes": "May have file extension blacklist"}, {"Extension": ".onetoc2", "Description": "Onenote", "Category": "Office", "Exec": true, "Container": true, "WindowsBuiltin": true, "Notes": "May have file extension blacklist"}, {"Extension": ".zip", "Description": "ZIP Archive", "Category": "Archive", "Confidence": "High", "Exec": true, "Common": true, "MitreInitialAccess": "often", "Container": true, "WindowsBuiltin": true, "ChromePlatform": "PLATFORM_TYPE_ANY", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".iso", "Description": "ISO File", "Category": "Archive", "Confidence": "High", "Exec": true, "Common": true, "MitreInitialAccess": "often", "Container": true, "WindowsBuiltin": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".vhd", "Description": "Hyper-V Virtual Hard Disk files", "Category": "Container", "Container": true, "WindowsBuiltin": true, "Notes": "Disk image file. Doesn't execute, but the contents inside, once mounted, might contain malicious files or software.", "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".vhdx", "Description": "Hyper-V Virtual Hard Disk files", "Category": "Container", "Container": true, "WindowsBuiltin": true, "Notes": "Similar concerns as .vhd. Contents inside, once mounted, might be harmful.", "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".rar", "Description": "RAR Archive", "Category": "Archive", "Confidence": "High", "Exec": true, "Common": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_ANY", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".7z", "Description": "7Zip Archive", "Category": "Archive", "Confidence": "High", "Exec": true, "Common": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".z", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".bz", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".bz2", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".bin", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".cab", "Description": "Cabinet file", "Category": "Archive", "Exec": true, "Container": true, "WindowsBuiltin": true, "MitreInitialAccess": "sometimes", "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".cpio", "Category": "Archive", "Confidence": "High", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".lha", "Category": "Archive", "Confidence": "High", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".rev", "Category": "Archive", "Confidence": "High", "Exec": true, "Container": true}, {"Extension": ".rpm", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_LINUX", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".tbz", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".tbz2", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".tgz", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".xxe", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".xar", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".webarchive", "Category": "Archive", "Exec": true, "Container": true}, {"Extension": ".gz", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".tar", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".ace", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".arj", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".bzip", "Category": "Archive", "Exec": true, "Container": true}, {"Extension": ".bzip2", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".gzip", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".r00", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".r01", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".lzma", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".lz", "Category": "Archive", "Exec": true, "Container": true}, {"Extension": ".lzh", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".xz", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".r02", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".r03", "Category": "Archive", "Exec": true, "Container": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".ps1", "Description": "Powershell script", "WindowsBuiltin": true, "Category": "Code", "Confidence": "High", "Code": true, "MitreExecution": "often", "Common": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".ps1xml", "Description": "Powershell script", "WindowsBuiltin": true, "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".psm1", "Description": "Powershell script", "WindowsBuiltin": true, "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".ps2", "Description": "Powershell script", "WindowsBuiltin": true, "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".ps2xml", "Description": "Powershell script", "WindowsBuiltin": true, "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".psc1", "Description": "Powershell script", "WindowsBuiltin": true, "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".psc2", "Description": "Powershell script", "WindowsBuiltin": true, "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".msh", "Description": "Powershell script", "WindowsBuiltin": true, "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".msh1", "Description": "Powershell script", "WindowsBuiltin": true, "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".msh2", "Description": "Powershell script", "WindowsBuiltin": true, "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".mshxml", "Description": "Powershell script", "WindowsBuiltin": true, "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".msh1xml", "Description": "Powershell script", "WindowsBuiltin": true, "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".msh2xml", "Description": "Powershell script", "WindowsBuiltin": true, "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".sh", "Description": "Shell script", "Category": "Code", "Confidence": "High", "Code": true, "ChromePlatform": "PLATFORM_TYPE_ANY", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".dll", "Description": "DLL File", "WindowsBuiltin": true, "Category": "Code", "Confidence": "High", "Code": true, "Common": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "DANGEROUS", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".asp", "Description": "Active Server Pages", "Category": "Code", "Code": true, "Notes": "Web file that can contain and execute server-side script.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".aspx", "Category": "Code", "Code": true, "Notes": "Web file that can execute server-side script, primarily in .NET."}, {"Extension": ".asax", "Category": "Code", "Code": true}, {"Extension": ".ashx", "Category": "Code", "Code": true}, {"Extension": ".btm", "Category": "Code", "Code": true}, {"Extension": ".cla", "Category": "Code", "Code": true}, {"Extension": ".class", "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_ANY", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".csh", "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_ANY", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".ksh", "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_ANY", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".pl", "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_LINUX", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".plg", "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".wml", "Category": "Code", "Code": true}, {"Extension": ".xbap", "Category": "Code", "Code": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".xdp", "Category": "Code", "Code": true}, {"Extension": ".pdf", "Description": "PDF File", "Category": "Document", "Confidence": "High", "BusinessCase": true, "WindowsBuiltin": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".html", "Description": "HTML file", "Category": "HTML", "Confidence": "High", "Container": true, "WindowsBuiltin": true, "Common": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".htm", "Description": "HTML file", "Category": "HTML", "Confidence": "High", "Container": true, "WindowsBuiltin": true, "Common": true, "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".ics", "Category": "Office", "Description": "Calendar file format", "Container": true, "Exec": true, "WindowsBuiltin": true, "Common": true, "Notes": "Used for sharing calendar information. However, be cautious about links or attachments embedded within."}, {"Extension": ".odt", "Description": "OpenDocument Text Document", "Category": "Office", "Container": true, "Notes": "A word processing document. Be cautious of embedded macros or scripts, although they're less common than in .doc files."}, {"Extension": ".oxps", "Description": "Open XML Paper Specification", "Category": "Document", "WindowsBuiltin": true, "Container": true, "Notes": "Essentially a PDF alternative from Microsoft. While generally safe, be wary of embedded content."}, {"Extension": ".rtf", "Description": "Rich Text Format", "Category": "Document", "WindowsBuiltin": true, "BusinessCase": true, "MitreInitialAccess": "sometimes", "Notes": "Can potentially contain embedded objects or links that could lead to malicious content or actions when opened.", "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".xps", "Description": "XML Paper Specification", "Category": "Document", "WindowsBuiltin": true, "BusinessCase": true, "Notes": "Essentially a PDF alternative from Microsoft. While generally safe, be wary of embedded content."}, {"Extension": ".reg", "Category": "System", "Description": "Windows Registry file", "Exec": true, "WindowsBuiltin": true, "MitreExecution": "often", "Notes": "Can make changes to the Windows Registry. Malicious edits can compromise system integrity or security.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".lnk", "Description": "Windows shortcut file", "Category": "System", "Confidence": "High", "Exec": true, "MitreInitialAccess": "often", "MitreExecution": "sometimes", "WindowsBuiltin": true, "Notes": "Can point to and execute malicious applications or scripts. Can also have embedded harmful arguments or actions.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".msc", "Category": "System", "Description": "Microsoft Management Console file", "WindowsBuiltin": true, "Notes": "Provides a UI for managing different aspects of Windows. Maliciously crafted .msc files can be harmful.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".pol", "Category": "System", "Description": "Windows Group Policy file", "WindowsBuiltin": true, "Notes": "Represents policy settings. While not executable, they can alter system configurations if applied."}, {"Extension": ".scf", "Category": "Executable", "Description": "Windows Explorer Command", "Exec": true, "WindowsBuiltin": true, "Notes": "A Windows Explorer command file. Could pass potentially dangerous commands to Windows Explorer.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "DANGEROUS", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".shb", "Category": "Executable", "Description": "Windows Document Shortcut", "Exec": true, "WindowsBuiltin": true, "Notes": "Can be used to execute documents or applications.", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".settingscontent-ms", "Description": "Windows Settings shortcut", "Category": "System", "Exec": true, "WindowsBuiltin": true, "Notes": "Can be abused to execute arbitrary code, including shell commands."}, {"Extension": ".svg", "Description": "Scalable Vector Graphics", "Category": "Browser", "Tags": ["phishing"], "Notes": "An XML-based image format that can contain embedded JavaScript, which can download additional file (HTML smuggling)", "Exec": false, "WindowsBuiltin": true, "MitreInitialAccess": "sometimes", "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".uue", "Description": "Uuencode (Unix-to-Unix encoding) encoded file", "Notes": "Used for encoding binary data to text. While the format itself doesn't execute, the decoded content might be malicious.", "Category": "Encoding", "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".b64", "Description": "Base64 encoded file", "Notes": "Used for encoding binary data to text. While the format itself doesn't execute, the decoded content might be malicious.", "Category": "Encoding", "ChromePlatform": "PLATFORM_TYPE_UNKNOWN", "ChromeDangerLevel": "NOT_DANGEROUS", "ChromeAutoOpenHint": "UNKNOWN"}, {"Extension": ".swf", "Description": "Flash file", "Notes": "Flash files downloaded locally can sometimes access the local filesystem", "Category": "Executable", "Exec": true, "WindowsBuiltin": false, "ChromePlatform": "PLATFORM_TYPE_ANY", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".crx", "Description": "Chrome extension", "Notes": "Chrome displays a prompt prior to installation", "Category": "Browser", "Exec": true, "ChromePlatform": "PLATFORM_TYPE_ANY", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".oxt", "Description": "OpenOffice extension", "Notes": "OpenOffice extension, can execute arbitrary code.", "Category": "Office", "Exec": true, "ChromePlatform": "PLATFORM_TYPE_ANY", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".mda", "Description": "MS Access Add-In", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".mdb", "Description": "MS Access Database", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".mde", "Description": "MS Access", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".mdt", "Description": "MS Access Add-In", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".mdw", "Description": "MS Access Workgroup Information", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".mdz", "Description": "MS Access Wizard Template", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".accdb", "Description": "MS Access Database (like .mdb)", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".accde", "Description": "MS Access Database (like .mdb)", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".accdr", "Description": "MS Access Database (like .mdb)", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".accda", "Description": "MS Access Database (like .mdb)", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".ops", "Description": "MS Office Profile Settings File", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".paf", "Description": "Portable Application Installer File", "Category": "System", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".pcd", "Description": "MS Visual Test", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".prf", "Description": "Windows System File", "Category": "System", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".prg", "Description": "Program file", "Category": "Misc", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".pst", "Description": "Microsoft Exchange Address Book File.", "Notes": "Microsoft Outlook Personal Folder.", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".eml", "Description": "Outlook file", "Notes": "Opens in Outlook. Not common, but could be exploited (CVE-2015-6172)", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".cpi", "Description": "Control Panel Item. Executable used for adding icons to Control Panel.", "Category": "System", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".partial", "Description": "will open in IE even when chrome is set as default browser", "Category": "Browser", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".xrm-ms", "Description": "will open in IE even when chrome is set as default browser", "Category": "Browser", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".rels", "Description": "will open in IE even when chrome is set as default browser", "Category": "Browser", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".xml", "Description": "will open in IE even when chrome is set as default browser", "Category": "Browser", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".xsl", "Description": "will open in IE even when chrome is set as default browser", "Category": "Browser", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".xsd", "Description": "will open in IE even when chrome is set as default browser", "Category": "Browser", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".url", "Description": "Internet Shortcut", "Notes": "They can point at anything. Dropping a download of this type and opening it automatically can in effect sidestep origin restrictions etc.", "Category": "Browser", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".website", "Description": "Internet Shortcut", "Notes": "They can point at anything. Dropping a download of this type and opening it automatically can in effect sidestep origin restrictions etc.", "Category": "Browser", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".crt", "Description": "Signed certificate file", "Category": "Certificate", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".cer", "Description": "Signed certificate file", "Category": "Certificate", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".der", "Description": "Signed certificate file", "Category": "Certificate", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".cfg", "Category": "Misc", "Exec": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "DANGEROUS", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".fon", "Description": "Font file", "Notes": "uses Portable Executable or New Executable format. Not supposed to contain executable code.", "Category": "Font", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".fxp", "Description": "Microsoft FoxPro Compiled Source.", "Category": "Code", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".grp", "Description": "MSProgramGroup (?)", "Category": "Misc", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".htt", "Description": "Hypertext Template File", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".ins", "Description": "Microsoft IIS Internet Communication Settings.", "Category": "Misc", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".inx", "Description": "InstallShield Compiled Script", "Category": "Misc", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".isu", "Description": "InstallShield Uninstaller Script", "Category": "Misc", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".isp", "Description": "Microsoft IIS Internet Service Provider Settings.", "Category": "Misc", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".job", "Description": "Windows Task Scheduler Job file", "Notes": "No handler is registered by default, so this is probably normally not dangerous unless saved into the task scheduler directory.", "Category": "System", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".local", "Notes": ".local files affect DLL search path for .exe file with same base name.", "Category": "System", "Exec": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "DANGEROUS", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".manifest", "Description": "Manifest", "Notes": "having a .manifest file with the same basename as .exe file changes the DLL search order for the .exe file", "Category": "System", "Exec": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "DANGEROUS", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".mmc", "Category": "System", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".msg", "Description": "Outlook", "Notes": "Opens in Outlook. Not common, but could be exploited (CVE-2015-6172)", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".rgs", "Description": "Registry Script Windows", "Category": "Misc", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".sct", "Description": "Microsoft Windows Script Component. Microsoft FoxPro Screen.", "Notes": "A Script Component is a COM component created using script.", "Category": "Misc", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".search-ms", "Description": "Windows Vista Index Search Data, for local file system.", "Category": "System", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".settingcontent-ms", "Description": "Used to create shortcuts to various Windows 10 setting pages.", "Notes": "Allows invoking any binary file with any parameters.", "Category": "System", "Exec": true, "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".sys", "Description": "System executable", "Category": "Executable", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".vdx", "Description": "Visio file", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".vsx", "Description": "Visio file", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".vtx", "Description": "Visio file", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".vsdx", "Description": "Visio file", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".vssx", "Description": "Visio file", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".vstx", "Description": "Visio file", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".vsdm", "Description": "Visio file", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".vssm", "Description": "Visio file", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".vstm", "Description": "Visio file", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".vsmacros", "Description": "Microsoft Visual Studio Binary-based Macro Project.", "Category": "Development", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".vss", "Description": "Visio file", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".vst", "Description": "Visio file", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".vsw", "Description": "Visio file", "Category": "Office", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".xnk", "Description": "Microsoft Exchange Public Folder Shortcut", "Category": "Misc", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "ALLOW_AUTO_OPEN"}, {"Extension": ".diagcfg", "Description": "Windows troubleshooting", "Category": "System", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}, {"Extension": ".diagpkg", "Description": "Windows troubleshooting component", "Category": "System", "ChromePlatform": "PLATFORM_TYPE_WINDOWS", "ChromeDangerLevel": "ALLOW_ON_USER_GESTURE", "ChromeAutoOpenHint": "DISALLOW_AUTO_OPEN"}]


--------------------------------------------------------------------------------
/info.yaml:
--------------------------------------------------------------------------------
   1 | Extensions:
   2 | - Extension: .exe
   3 |   Category: Executable
   4 |   Description: Windows executable file
   5 |   Confidence: High
   6 |   Common: true
   7 |   Exec: true
   8 |   MitreInitialAccess: sometimes
   9 |   MitreExecution: often
  10 |   WindowsBuiltin: true
  11 |   Notes: Always available, except if application whitelistening is active. Commonly blocked.
  12 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
  13 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
  14 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
  15 | - Extension: .com
  16 |   Category: Executable
  17 |   Description: Command File for DOS
  18 |   Confidence: High
  19 |   Exec: true
  20 |   MitreInitialAccess: sometimes
  21 |   MitreExecution: often
  22 |   WindowsBuiltin: true
  23 |   Notes: Always available, except if application whitelistening is active. Commonly blocked.
  24 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
  25 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
  26 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
  27 | - Extension: .scr
  28 |   Category: Executable
  29 |   Description: Windows Screen Saver
  30 |   Confidence: High
  31 |   Exec: true
  32 |   WindowsBuiltin: true
  33 |   Notes: Just an .exe
  34 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
  35 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
  36 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
  37 | - Extension: .bat
  38 |   Category: Executable
  39 |   Description: Batch script file for cmd.exe
  40 |   Confidence: High
  41 |   Exec: true
  42 |   MitreInitialAccess: often
  43 |   MitreExecution: often
  44 |   WindowsBuiltin: true
  45 |   Notes: Always available, except if application whitelistening is active. Commonly blocked.
  46 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
  47 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
  48 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
  49 | - Extension: .cmd
  50 |   Category: Executable
  51 |   Description: Windows Command Script
  52 |   Confidence: High
  53 |   Exec: true
  54 |   WindowsBuiltin: true
  55 |   MitreExecution: sometimes
  56 |   Notes: Just a .bat
  57 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
  58 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
  59 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
  60 | - Extension: .msi
  61 |   Category: Executable
  62 |   Description: Windows Installer Package
  63 |   Confidence: High
  64 |   Common: true
  65 |   Exec: true
  66 |   MitreInitialAccess: sometimes
  67 |   MitreExecution: sometimes
  68 |   WindowsBuiltin: true
  69 |   Notes: While meant for installations, it can be crafted to deploy malicious software.
  70 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
  71 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
  72 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
  73 | - Extension: .msix
  74 |   Category: Executable
  75 |   Description: Windows Installer Package
  76 |   Exec: true
  77 |   WindowsBuiltin: true
  78 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
  79 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
  80 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
  81 | - Extension: .msixbundle
  82 |   Category: Executable
  83 |   Description: Windows Installer Package
  84 |   Exec: true
  85 |   WindowsBuiltin: true
  86 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
  87 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
  88 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
  89 | - Extension: .vbs
  90 |   Category: Script
  91 |   Description: VBScript file
  92 |   Confidence: High
  93 |   Common: true
  94 |   Exec: true
  95 |   MitreInitialAccess: sometimes
  96 |   MitreExecution: often
  97 |   WindowsBuiltin: true
  98 |   Notes: Scripting language file. Can be used to execute malicious scripts.
  99 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 100 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 101 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 102 | - Extension: .vbe
 103 |   Category: Script
 104 |   Description: VBScript Encoded Script File
 105 |   Confidence: Govcert.ch
 106 |   Exec: true
 107 |   WindowsBuiltin: true
 108 |   MitreInitialAccess: sometimes
 109 |   Notes: Encoded version of .vbs. Makes it harder to read, but can be used for same malicious purposes as .vbs.
 110 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 111 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 112 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 113 | - Extension: .vb
 114 |   Category: Script
 115 |   Description: Windows Visual Basic Script file
 116 |   Confidence: Govcert.ch
 117 |   Exec: true
 118 |   WindowsBuiltin: true
 119 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 120 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 121 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 122 | - Extension: .vbscript
 123 |   Category: Script
 124 |   Description: Windows Visual Basic Script file
 125 |   Notes: Some sites claim .vbscript is a valid extension for vbs files.
 126 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 127 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 128 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 129 | - Extension: .drv
 130 |   Category: Executable
 131 |   Description: Windows Executable
 132 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 133 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 134 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 135 | - Extension: .wsf
 136 |   Category: Script
 137 |   Description: Windows Script File
 138 |   Confidence: Govcert.ch
 139 |   Exec: true
 140 |   WindowsBuiltin: true
 141 |   MitreInitialAccess: sometimes
 142 |   MitreExecution: sometimes
 143 |   Notes: Allows mixing of scripting languages. Can execute malicious scripts.
 144 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 145 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 146 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 147 | - Extension: .wsh
 148 |   Category: Script
 149 |   Description: Windows Script Host Settings File
 150 |   Confidence: Govcert.ch
 151 |   Exec: true
 152 |   WindowsBuiltin: true
 153 |   Notes: Used to set properties for script execution. Can be used in conjunction with other scripts for execution.
 154 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 155 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 156 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 157 | - Extension: .ws
 158 |   Category: Script
 159 |   Exec: true
 160 |   Description: Windows Script file
 161 |   WindowsBuiltin: true
 162 |   Notes: Can execute scripts, similar to other Windows scripting files like .vbs or .js.
 163 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 164 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 165 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 166 | - Extension: .wsc
 167 |   Exec: true
 168 |   Category: Script
 169 |   Description: Windows Script Component
 170 |   WindowsBuiltin: true
 171 |   Notes: Allows for the creation of COM objects with scripts. Can be used to execute malicious scripts.
 172 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 173 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 174 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 175 | - Extension: '.inf'
 176 |   Exec: true
 177 |   Category: System
 178 |   WindowsBuiltin: true
 179 |   Notes: If run, this file could potentially launch dangerous applications it came with or pass dangerous options to programs included with Windows.
 180 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 181 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 182 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 183 | - Extension: .ini
 184 |   Category: System
 185 |   WindowsBuiltin: true
 186 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 187 |   ChromeDangerLevel: DANGEROUS
 188 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 189 | - Extension: .application
 190 |   Category: System
 191 |   Description: ClickOnce Deployment Manifest
 192 |   Confidence: Filesec
 193 |   Exec: true
 194 |   WindowsBuiltin: true
 195 |   Notes: ClickOnce applications can execute code when deployed.
 196 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 197 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 198 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 199 | - Extension: .appinstaller
 200 |   Description: Windows 10 App Installer
 201 |   Category: System
 202 |   Confidence: Filesec
 203 |   Exec: true
 204 |   WindowsBuiltin: true
 205 |   Notes: Used to install apps. Potentially harmful if sourced from untrusted locations.
 206 | - Extension: .appref-ms
 207 |   Description: ClickOnce Application Reference
 208 |   Category: System
 209 |   Confidence: Filesec
 210 |   Exec: true
 211 |   WindowsBuiltin: true
 212 |   Notes: A pointer to a ClickOnce application. Can cause the referenced application to be run.
 213 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 214 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 215 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 216 | - Extension: .appx
 217 |   Description: Windows Application Package
 218 |   Category: System
 219 |   Confidence: Filesec
 220 |   Exec: true
 221 |   WindowsBuiltin: true
 222 |   Notes: Can be used to install potentially malicious Windows apps.
 223 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 224 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 225 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 226 | - Extension: .appxbundle
 227 |   Description: Windows App Bundle
 228 |   Category: System
 229 |   Confidence: Filesec
 230 |   Exec: true
 231 |   WindowsBuiltin: true
 232 |   Notes: Bundle of APPX packages. Can install potentially malicious apps.
 233 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 234 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 235 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 236 | - Extension: .chm
 237 |   Description: Compiled HTML Help file
 238 |   Category: Script
 239 |   Confidence: Filesec
 240 |   Exec: true
 241 |   WindowsBuiltin: true
 242 |   MitreInitialAccess: sometimes
 243 |   Notes: Can run embedded scripts or malicious payloads when opened.
 244 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 245 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 246 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 247 | - Extension: .chi
 248 |   Description: Compiled HTML Help file
 249 |   Category: Script
 250 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 251 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 252 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 253 | - Extension: .hlp
 254 |   Description: Windows Script Component
 255 |   WindowsBuiltin: true
 256 |   Notes: Legacy help file format. Can potentially execute other files or code under specific circumstances.
 257 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 258 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 259 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 260 | - Extension: .cpl
 261 |   Description: Windows Control Panel item
 262 |   Category: System
 263 |   Confidence: Filesec
 264 |   Exec: true
 265 |   WindowsBuiltin: true
 266 |   Notes: Executes directly, potentially harmful if malicious.
 267 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 268 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 269 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 270 | - Extension: .desktopthemefile
 271 |   Description: Executable
 272 |   Category: System
 273 |   WindowsBuiltin: true
 274 |   Notes: For customizing appearance in Windows, but be wary of the source.
 275 | - Extension: .diagcab
 276 |   Description: Microsoft Windows Troubleshooting Pack
 277 |   Category: System
 278 |   Confidence: Filesec
 279 |   Exec: true
 280 |   WindowsBuiltin: true
 281 |   Notes: Can be used to automate troubleshooting steps, but can also be abused.
 282 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 283 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 284 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 285 | - Extension: .dmg
 286 |   Description: Apple Disk Image
 287 |   Category: System
 288 |   Exec: true
 289 |   Notes: Used to mount applications on macOS
 290 |   ChromePlatform: PLATFORM_TYPE_MAC
 291 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 292 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 293 | - Extension: .gadget
 294 |   Description: Windows Gadget
 295 |   Category: System
 296 |   Confidence: Filesec
 297 |   Exec: true
 298 |   WindowsBuiltin: true
 299 |   Notes: Can execute code, especially if the gadget is malicious.
 300 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 301 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 302 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 303 | - Extension: .hta
 304 |   Description: HTML Application
 305 |   Category: Script
 306 |   Confidence: Filesec
 307 |   Exec: true
 308 |   WindowsBuiltin: true
 309 |   Notes: An HTML application. Unlike HTML applications run in browsers, .HTA files are run as trusted applications without sandboxing.
 310 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 311 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 312 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 313 | - Extension: .img
 314 |   Description: Disk image file
 315 |   Category: Archive
 316 |   Confidence: Low
 317 |   WindowsBuiltin: true
 318 |   Notes: Non-executable by default. However, contents inside can be harmful once deployed/mounted.
 319 |   ChromePlatform: PLATFORM_TYPE_MAC
 320 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 321 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 322 | - Extension: .jnlp
 323 |   Description: Java Network Launch Protocol
 324 |   Category: App
 325 |   Exec: True
 326 |   Confidence: High
 327 |   WindowsBuiltin: False
 328 |   Notes: Can run Java applications remotely. Ensure Java security settings are strict.
 329 |   ChromePlatform: PLATFORM_TYPE_ANY
 330 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 331 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 332 | - Extension: .js
 333 |   Description: JavaScript file
 334 |   WindowsBuiltin: true
 335 |   Confidence: Low
 336 |   Exec: true
 337 |   Category: Script
 338 |   MitreExecution: often
 339 |   Notes: A JavaScript file. .JS files are normally used by webpages and are safe if run in Web browsers. However, Windows will run .JS files outside the browser with no sandboxing.
 340 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 341 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 342 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 343 | - Extension: .jse
 344 |   Description: JScript Encoded Script File
 345 |   Category: Script
 346 |   Exec: true
 347 |   Confidence: Filesec
 348 |   WindowsBuiltin: true
 349 |   Notes: Encoded .js file. Can execute malicious scripts.
 350 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 351 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 352 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 353 | - Extension: .htc
 354 |   Description: HTML Component
 355 |   Category: Script
 356 |   Notes: Contains script to be executed in web pages.
 357 | - Extension: .mht
 358 |   Description: MHTML Web Archive
 359 |   Category: Script
 360 |   Confidence: Filesec
 361 |   WindowsBuiltin: true
 362 |   Notes: Web page archive format. Potential risk if it contains malicious scripts and is opened in a browser.
 363 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 364 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 365 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 366 | - Extension: .mhtml
 367 |   Description: MHTML Web Archive
 368 |   Category: Script
 369 |   Confidence: Filesec
 370 |   WindowsBuiltin: true
 371 |   Notes: Web page archive format. Potential risk if it contains malicious scripts and is opened in a browser.
 372 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 373 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 374 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 375 | - Extension: .app
 376 |   Description: macOS application bundle
 377 |   Category: System
 378 |   Confidence: Govcert.ch
 379 |   WindowsBuiltin: true
 380 |   Exec: true
 381 |   Notes: It's an application bundle on macOS. If malicious, it can introduce harmful software to the system.
 382 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 383 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 384 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 385 | - Extension: .ocx
 386 |   Description: OLE Control Extension (ActiveX)
 387 |   Category: System
 388 |   Confidence: Govcert.ch
 389 |   WindowsBuiltin: true
 390 |   Notes: Can be used to run code when invoked by an application. Potential for malicious use.
 391 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 392 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 393 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 394 | - Extension: .tlb
 395 |   Description: Type Library
 396 |   Category: System
 397 |   Confidence: Govcert.ch
 398 |   WindowsBuiltin: true
 399 |   Notes: Contains definitions and information for software components, but doesn't execute code itself.
 400 | - Extension: .pif
 401 |   Description: Program Information File
 402 |   Category: System
 403 |   WindowsBuiltin: true
 404 |   Notes: "A program information file for MS-DOS programs. While .PIF files aren\uFFFDt supposed to contain executable code, Windows will treat .PIFs the same as .EXE files if they contain executable code."
 405 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 406 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 407 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 408 | - Extension: .msm
 409 |   Description: Windows Installer Merge Module
 410 |   Category: System
 411 |   WindowsBuiltin: true
 412 |   Notes: While meant for installations, can introduce malicious components if tampered with.
 413 | - Extension: .msp
 414 |   Description: Windows Installer Patch
 415 |   Category: System
 416 |   WindowsBuiltin: true
 417 |   Exec: true
 418 |   Notes: Meant for updating software, but can be crafted to modify installations maliciously.
 419 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 420 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 421 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 422 | - Extension: .mst
 423 |   Description: Windows Installer Transform
 424 |   Category: System
 425 |   Exec: true
 426 |   WindowsBuiltin: true
 427 |   Notes: Contains changes to be applied to a Windows Installer package. Can be used maliciously to modify software installations.
 428 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 429 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 430 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 431 | - Extension: .msu
 432 |   Description: Microsoft Update Standalone Package
 433 |   Category: System
 434 |   WindowsBuiltin: true
 435 |   Exec: true
 436 |   Notes: Used to distribute Windows updates or hotfixes. If maliciously crafted, can introduce harmful changes to the system.
 437 | - Extension: .ppkg
 438 |   Description: Windows Provisioning Package file
 439 |   Category: System
 440 |   Exec: true
 441 |   WindowsBuiltin: true
 442 |   Notes: Used to configure settings on Windows devices. If malicious, can modify system settings.
 443 | - Extension: .jar
 444 |   Description: Java Archive
 445 |   Category: System
 446 |   Exec: true
 447 |   MitreInitialAccess: sometimes
 448 |   Notes: Can execute Java code when opened with Java Runtime Environment, if installed.
 449 |   ChromePlatform: PLATFORM_TYPE_ANY
 450 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 451 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 452 | - Extension: .doc
 453 |   Description: Office Word Doc (with macros)
 454 |   Category: Office
 455 |   Confidence: High
 456 |   Common: true
 457 |   Exec: true
 458 |   MitreInitialAccess: often
 459 |   Container: true
 460 |   BusinessCase: true
 461 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 462 |   ChromeDangerLevel: NOT_DANGEROUS
 463 |   ChromeAutoOpenHint: UNKNOWN
 464 | - Extension: .ppt
 465 |   Description: Office Powerpoint Doc (with macros)
 466 |   Category: Office
 467 |   Confidence: High
 468 |   Common: true
 469 |   Exec: true
 470 |   MitreInitialAccess: sometimes
 471 |   BusinessCase: true
 472 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 473 |   ChromeDangerLevel: NOT_DANGEROUS
 474 |   ChromeAutoOpenHint: UNKNOWN
 475 | - Extension: .xls
 476 |   Description: Office Execel Doc (with macros)
 477 |   Category: Office
 478 |   Confidence: High
 479 |   Common: true
 480 |   Exec: true
 481 |   MitreInitialAccess: sometimes
 482 |   BusinessCase: true
 483 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 484 |   ChromeDangerLevel: NOT_DANGEROUS
 485 |   ChromeAutoOpenHint: UNKNOWN
 486 | - Extension: .xlm
 487 |   Description: Office Excel 4 Doc (with macros)
 488 |   Category: Office
 489 |   Confidence: High
 490 |   MitreInitialAccess: sometimes
 491 |   Exec: true
 492 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 493 |   ChromeDangerLevel: NOT_DANGEROUS
 494 |   ChromeAutoOpenHint: UNKNOWN
 495 | - Extension: .docx
 496 |   Description: Office Word Doc (without macros)
 497 |   Category: Office
 498 |   Common: true
 499 |   Exec: true
 500 |   MitreInitialAccess: often
 501 |   Container: true
 502 |   BusinessCase: true
 503 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 504 |   ChromeDangerLevel: NOT_DANGEROUS
 505 |   ChromeAutoOpenHint: UNKNOWN
 506 | - Extension: .pptx
 507 |   Description: Office Powerpoint Doc (without macros)
 508 |   Category: Office
 509 |   Confidence: High
 510 |   Common: true
 511 |   Exec: true
 512 |   BusinessCase: true
 513 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 514 |   ChromeDangerLevel: NOT_DANGEROUS
 515 |   ChromeAutoOpenHint: UNKNOWN
 516 | - Extension: .xlsx
 517 |   Description: Office Execel Doc with (without macros)
 518 |   Category: Office
 519 |   Confidence: High
 520 |   Common: true
 521 |   Exec: true
 522 |   MitreInitialAccess: often
 523 |   BusinessCase: true
 524 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 525 |   ChromeDangerLevel: NOT_DANGEROUS
 526 |   ChromeAutoOpenHint: UNKNOWN
 527 | - Extension: .docm
 528 |   Description: Office Word Doc with macros
 529 |   Category: Office
 530 |   Confidence: High
 531 |   Exec: true
 532 |   MitreInitialAccess: often
 533 |   Container: true
 534 |   BusinessCase: true
 535 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 536 |   ChromeDangerLevel: NOT_DANGEROUS
 537 |   ChromeAutoOpenHint: UNKNOWN
 538 | - Extension: .dotm
 539 |   Description: Office Word Template with macros
 540 |   Category: Office
 541 |   Confidence: High
 542 |   Exec: true
 543 |   MitreInitialAccess: sometimes
 544 |   Container: true
 545 |   BusinessCase: true
 546 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 547 |   ChromeDangerLevel: NOT_DANGEROUS
 548 |   ChromeAutoOpenHint: UNKNOWN
 549 | - Extension: .pptm
 550 |   Description: Office Powerpoint Doc with macros
 551 |   Category: Office
 552 |   Confidence: High
 553 |   Exec: true
 554 |   MitreInitialAccess: sometimes
 555 |   BusinessCase: true
 556 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 557 |   ChromeDangerLevel: NOT_DANGEROUS
 558 |   ChromeAutoOpenHint: UNKNOWN
 559 | - Extension: .potm
 560 |   Description: Office Powerpoint with macros
 561 |   Category: Office
 562 |   Exec: true
 563 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 564 |   ChromeDangerLevel: NOT_DANGEROUS
 565 |   ChromeAutoOpenHint: UNKNOWN
 566 | - Extension: .ppam
 567 |   Description: Microsoft PowerPoint Add-in file
 568 |   Category: Office
 569 |   Exec: true
 570 |   MitreInitialAccess: sometimes
 571 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 572 |   ChromeDangerLevel: NOT_DANGEROUS
 573 |   ChromeAutoOpenHint: UNKNOWN
 574 | - Extension: .ppsm
 575 |   Description: Office Powerpoint with macros
 576 |   Category: Office
 577 |   Exec: true
 578 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 579 |   ChromeDangerLevel: NOT_DANGEROUS
 580 |   ChromeAutoOpenHint: UNKNOWN
 581 | - Extension: .xlsm
 582 |   Description: Office Execel Doc with macros
 583 |   Category: Office
 584 |   Confidence: High
 585 |   Exec: true
 586 |   MitreInitialAccess: often
 587 |   BusinessCase: true
 588 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 589 |   ChromeDangerLevel: NOT_DANGEROUS
 590 |   ChromeAutoOpenHint: UNKNOWN
 591 | - Extension: .xltm
 592 |   Description: Office Execel Template with macros
 593 |   Category: Office
 594 |   Exec: true
 595 |   BusinessCase: true
 596 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 597 |   ChromeDangerLevel: NOT_DANGEROUS
 598 |   ChromeAutoOpenHint: UNKNOWN
 599 | - Extension: .xlsb
 600 |   Description: Office Excel Add-in
 601 |   Category: Office
 602 |   Exec: true
 603 |   MitreInitialAccess: often
 604 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 605 |   ChromeDangerLevel: NOT_DANGEROUS
 606 |   ChromeAutoOpenHint: UNKNOWN
 607 | - Extension: .xlam
 608 |   Description: Office Excel Add-in
 609 |   Category: Office
 610 |   Exec: true
 611 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 612 |   ChromeDangerLevel: NOT_DANGEROUS
 613 |   ChromeAutoOpenHint: UNKNOWN
 614 | - Extension: .xll
 615 |   Description: Office Excel Add-in
 616 |   Category: Office
 617 |   Exec: true
 618 |   MitreInitialAccess: sometimes
 619 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 620 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 621 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 622 | - Extension: .xlw
 623 |   Description: Office Excel Add-in
 624 |   Category: Office
 625 |   Exec: true
 626 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 627 |   ChromeDangerLevel: NOT_DANGEROUS
 628 |   ChromeAutoOpenHint: UNKNOWN
 629 | - Extension: .asd
 630 |   Description: AutoRecovery file for Microsoft Word
 631 |   Category: Office
 632 |   Confidence: Filesec
 633 |   Exec: true
 634 |   Notes: It's a Word recovery file, but be cautious of macros or embedded objects if opened.
 635 | - Extension: .iqy
 636 |   Description: Excel Web Query File
 637 |   Category: Office
 638 |   Confidence: Filesec
 639 |   Exec: true
 640 |   WindowsBuiltin: true
 641 |   Notes: Can fetch data from external sources and can be used in data-driven attacks.
 642 | - Extension: .sldm
 643 |   Description: PowerPoint Slide Show with Macros
 644 |   Category: Office
 645 |   Exec: true
 646 |   Notes: While primarily a presentation format, the macro capability means it can contain and execute malicious VBA code.
 647 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 648 |   ChromeDangerLevel: NOT_DANGEROUS
 649 |   ChromeAutoOpenHint: UNKNOWN
 650 | - Extension: .slk
 651 |   Description: Symbolic Link format used by Microsoft Excel
 652 |   Category: Office
 653 |   Notes: Can potentially introduce malicious formulas or external data connections in Excel.
 654 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 655 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 656 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 657 | - Extension: .ade
 658 |   Description: Microsoft Access project extension
 659 |   Category: Office
 660 |   Execute: true
 661 |   Notes: Can contain scripts and execute actions within Access.
 662 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 663 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 664 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 665 | - Extension: .adp
 666 |   Description: Microsoft Access project
 667 |   Category: Office
 668 |   Execute: true
 669 |   Notes: Similar to .ade, can contain and execute scripts within Access.
 670 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 671 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 672 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 673 | - Extension: .bas
 674 |   Description: Basic module
 675 |   Category: Office
 676 |   Notes: Contains code for Visual Basic for Applications; can be run within host applications like MS Excel or Access.
 677 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 678 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 679 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 680 | - Extension: .wbk
 681 |   Description: Microsoft Word backup file
 682 |   Exec: true
 683 |   Category: Office
 684 |   Notes: Can contain and execute macros.
 685 | - Extension: .bgi
 686 |   Description: Borland Graphics Interface
 687 |   Category: Office
 688 |   Exec: true
 689 |   Notes: Old graphics program; be cautious of sources as it's an executable.
 690 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 691 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 692 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 693 | - Extension: .mad
 694 |   Description: Microsoft Access module shortcut
 695 |   Category: Office
 696 |   Exec: true
 697 |   Notes: Can reference and execute modules within Access.
 698 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 699 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 700 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 701 | - Extension: .maf
 702 |   Description: Microsoft Access form shortcut
 703 |   Category: Office
 704 |   Notes: Can reference and execute forms within Access.
 705 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 706 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 707 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 708 | - Extension: .mag
 709 |   Description: Microsoft Access diagram shortcut
 710 |   Category: Office
 711 |   Notes: Can reference and execute diagrams within Access.
 712 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 713 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 714 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 715 | - Extension: .mam
 716 |   Description: Microsoft Access macro shortcut
 717 |   Exec: true
 718 |   Category: Office
 719 |   Notes: Can reference and execute macros within Access.
 720 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 721 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 722 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 723 | - Extension: .maq
 724 |   Description: Microsoft Access query shortcut
 725 |   Category: Office
 726 |   Notes: Can reference and execute queries within Access.
 727 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 728 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 729 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 730 | - Extension: .mar
 731 |   Description: Microsoft Access report shortcut
 732 |   Category: Office
 733 |   Notes: Can reference and execute reports within Access.
 734 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 735 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 736 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 737 | - Extension: .mas
 738 |   Description: Microsoft Access stored procedures
 739 |   Exec: true
 740 |   Category: Office
 741 |   Notes: Contains code that can be executed within Access.
 742 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 743 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 744 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 745 | - Extension: .mat
 746 |   Description: Microsoft Access table shortcut
 747 |   Category: Office
 748 |   Notes: Can reference tables in Access.
 749 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 750 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 751 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 752 | - Extension: .mav
 753 |   Description: Microsoft Access view shortcut
 754 |   Category: Office
 755 |   Notes: Can reference and execute views within Access.
 756 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 757 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 758 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 759 | - Extension: .maw
 760 |   Description: Microsoft Access data access page
 761 |   Category: Office
 762 |   Notes: Can reference and execute data access pages in Access.
 763 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
 764 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 765 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 766 | - Extension: .one
 767 |   Description: Onenote
 768 |   Category: Office
 769 |   Confidence: High
 770 |   Exec: true
 771 |   MitreInitialAccess: often
 772 |   Container: true
 773 |   WindowsBuiltin: true
 774 |   Notes: May have file extension blacklist
 775 | - Extension: .onepkg
 776 |   Description: Onenote
 777 |   Category: Office
 778 |   Exec: true
 779 |   Container: true
 780 |   WindowsBuiltin: true
 781 |   Notes: May have file extension blacklist
 782 | - Extension: .onetoc
 783 |   Description: Onenote
 784 |   Category: Office
 785 |   Exec: true
 786 |   Container: true
 787 |   WindowsBuiltin: true
 788 |   Notes: May have file extension blacklist
 789 | - Extension: .onetoc2
 790 |   Description: Onenote
 791 |   Category: Office
 792 |   Exec: true
 793 |   Container: true
 794 |   WindowsBuiltin: true
 795 |   Notes: May have file extension blacklist
 796 | - Extension: .zip
 797 |   Description: ZIP Archive
 798 |   Category: Archive
 799 |   Confidence: High
 800 |   Exec: true
 801 |   Common: true
 802 |   MitreInitialAccess: often
 803 |   Container: true
 804 |   WindowsBuiltin: true
 805 |   ChromePlatform: PLATFORM_TYPE_ANY
 806 |   ChromeDangerLevel: NOT_DANGEROUS
 807 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 808 | - Extension: .iso
 809 |   Description: ISO File
 810 |   Category: Archive
 811 |   Confidence: High
 812 |   Exec: true
 813 |   Common: true
 814 |   MitreInitialAccess: often
 815 |   Container: true
 816 |   WindowsBuiltin: true
 817 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 818 |   ChromeDangerLevel: NOT_DANGEROUS
 819 |   ChromeAutoOpenHint: UNKNOWN
 820 | - Extension: .vhd
 821 |   Description: Hyper-V Virtual Hard Disk files
 822 |   Category: Container
 823 |   Container: true
 824 |   WindowsBuiltin: true
 825 |   Notes: Disk image file. Doesn't execute, but the contents inside, once mounted, might contain malicious files or software.
 826 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 827 |   ChromeDangerLevel: NOT_DANGEROUS
 828 |   ChromeAutoOpenHint: UNKNOWN
 829 | - Extension: .vhdx
 830 |   Description: Hyper-V Virtual Hard Disk files
 831 |   Category: Container
 832 |   Container: true
 833 |   WindowsBuiltin: true
 834 |   Notes: Similar concerns as .vhd. Contents inside, once mounted, might be harmful.
 835 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 836 |   ChromeDangerLevel: NOT_DANGEROUS
 837 |   ChromeAutoOpenHint: UNKNOWN
 838 | - Extension: .rar
 839 |   Description: RAR Archive
 840 |   Category: Archive
 841 |   Confidence: High
 842 |   Exec: true
 843 |   Common: true
 844 |   Container: true
 845 |   ChromePlatform: PLATFORM_TYPE_ANY
 846 |   ChromeDangerLevel: NOT_DANGEROUS
 847 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
 848 | - Extension: .7z
 849 |   Description: 7Zip Archive
 850 |   Category: Archive
 851 |   Confidence: High
 852 |   Exec: true
 853 |   Common: true
 854 |   Container: true
 855 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 856 |   ChromeDangerLevel: NOT_DANGEROUS
 857 |   ChromeAutoOpenHint: UNKNOWN
 858 | - Extension: .z
 859 | 
 860 |   Category: Archive
 861 |   Exec: true
 862 |   Container: true
 863 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 864 |   ChromeDangerLevel: NOT_DANGEROUS
 865 |   ChromeAutoOpenHint: UNKNOWN
 866 | - Extension: .bz
 867 | 
 868 |   Category: Archive
 869 |   Exec: true
 870 |   Container: true
 871 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 872 |   ChromeDangerLevel: NOT_DANGEROUS
 873 |   ChromeAutoOpenHint: UNKNOWN
 874 | - Extension: .bz2
 875 | 
 876 |   Category: Archive
 877 |   Exec: true
 878 |   Container: true
 879 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 880 |   ChromeDangerLevel: NOT_DANGEROUS
 881 |   ChromeAutoOpenHint: UNKNOWN
 882 | - Extension: .bin
 883 | 
 884 |   Category: Archive
 885 |   Exec: true
 886 |   Container: true
 887 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 888 |   ChromeDangerLevel: NOT_DANGEROUS
 889 |   ChromeAutoOpenHint: UNKNOWN
 890 | - Extension: .cab
 891 |   Description: Cabinet file
 892 |   Category: Archive
 893 |   Exec: true
 894 |   Container: true
 895 |   WindowsBuiltin: true
 896 |   MitreInitialAccess: sometimes
 897 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 898 |   ChromeDangerLevel: NOT_DANGEROUS
 899 |   ChromeAutoOpenHint: UNKNOWN
 900 | - Extension: .cpio
 901 | 
 902 |   Category: Archive
 903 |   Confidence: High
 904 |   Exec: true
 905 |   Container: true
 906 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 907 |   ChromeDangerLevel: NOT_DANGEROUS
 908 |   ChromeAutoOpenHint: UNKNOWN
 909 | - Extension: .lha
 910 | 
 911 |   Category: Archive
 912 |   Confidence: High
 913 |   Exec: true
 914 |   Container: true
 915 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 916 |   ChromeDangerLevel: NOT_DANGEROUS
 917 |   ChromeAutoOpenHint: UNKNOWN
 918 | - Extension: .rev
 919 | 
 920 |   Category: Archive
 921 |   Confidence: High
 922 |   Exec: true
 923 |   Container: true
 924 | - Extension: .rpm
 925 | 
 926 |   Category: Archive
 927 |   Exec: true
 928 |   Container: true
 929 |   ChromePlatform: PLATFORM_TYPE_LINUX
 930 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
 931 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
 932 | - Extension: .tbz
 933 | 
 934 |   Category: Archive
 935 |   Exec: true
 936 |   Container: true
 937 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 938 |   ChromeDangerLevel: NOT_DANGEROUS
 939 |   ChromeAutoOpenHint: UNKNOWN
 940 | - Extension: .tbz2
 941 | 
 942 |   Category: Archive
 943 |   Exec: true
 944 |   Container: true
 945 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 946 |   ChromeDangerLevel: NOT_DANGEROUS
 947 |   ChromeAutoOpenHint: UNKNOWN
 948 | - Extension: .tgz
 949 | 
 950 |   Category: Archive
 951 |   Exec: true
 952 |   Container: true
 953 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 954 |   ChromeDangerLevel: NOT_DANGEROUS
 955 |   ChromeAutoOpenHint: UNKNOWN
 956 | - Extension: .xxe
 957 | 
 958 |   Category: Archive
 959 |   Exec: true
 960 |   Container: true
 961 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 962 |   ChromeDangerLevel: NOT_DANGEROUS
 963 |   ChromeAutoOpenHint: UNKNOWN
 964 | - Extension: .xar
 965 | 
 966 |   Category: Archive
 967 |   Exec: true
 968 |   Container: true
 969 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 970 |   ChromeDangerLevel: NOT_DANGEROUS
 971 |   ChromeAutoOpenHint: UNKNOWN
 972 | - Extension: .webarchive
 973 | 
 974 |   Category: Archive
 975 |   Exec: true
 976 |   Container: true
 977 | - Extension: .gz
 978 | 
 979 |   Category: Archive
 980 |   Exec: true
 981 |   Container: true
 982 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 983 |   ChromeDangerLevel: NOT_DANGEROUS
 984 |   ChromeAutoOpenHint: UNKNOWN
 985 | - Extension: .tar
 986 | 
 987 |   Category: Archive
 988 |   Exec: true
 989 |   Container: true
 990 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 991 |   ChromeDangerLevel: NOT_DANGEROUS
 992 |   ChromeAutoOpenHint: UNKNOWN
 993 | - Extension: .ace
 994 | 
 995 |   Category: Archive
 996 |   Exec: true
 997 |   Container: true
 998 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
 999 |   ChromeDangerLevel: NOT_DANGEROUS
1000 |   ChromeAutoOpenHint: UNKNOWN
1001 | - Extension: .arj
1002 | 
1003 |   Category: Archive
1004 |   Exec: true
1005 |   Container: true
1006 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1007 |   ChromeDangerLevel: NOT_DANGEROUS
1008 |   ChromeAutoOpenHint: UNKNOWN
1009 | - Extension: .bzip
1010 | 
1011 |   Category: Archive
1012 |   Exec: true
1013 |   Container: true
1014 | - Extension: .bzip2
1015 | 
1016 |   Category: Archive
1017 |   Exec: true
1018 |   Container: true
1019 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1020 |   ChromeDangerLevel: NOT_DANGEROUS
1021 |   ChromeAutoOpenHint: UNKNOWN
1022 | - Extension: .gzip
1023 | 
1024 |   Category: Archive
1025 |   Exec: true
1026 |   Container: true
1027 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1028 |   ChromeDangerLevel: NOT_DANGEROUS
1029 |   ChromeAutoOpenHint: UNKNOWN
1030 | - Extension: .r00
1031 | 
1032 |   Category: Archive
1033 |   Exec: true
1034 |   Container: true
1035 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1036 |   ChromeDangerLevel: NOT_DANGEROUS
1037 |   ChromeAutoOpenHint: UNKNOWN
1038 | - Extension: .r01
1039 | 
1040 |   Category: Archive
1041 |   Exec: true
1042 |   Container: true
1043 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1044 |   ChromeDangerLevel: NOT_DANGEROUS
1045 |   ChromeAutoOpenHint: UNKNOWN
1046 | - Extension: .lzma
1047 | 
1048 |   Category: Archive
1049 |   Exec: true
1050 |   Container: true
1051 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1052 |   ChromeDangerLevel: NOT_DANGEROUS
1053 |   ChromeAutoOpenHint: UNKNOWN
1054 | - Extension: .lz
1055 | 
1056 |   Category: Archive
1057 |   Exec: true
1058 |   Container: true
1059 | - Extension: .lzh
1060 | 
1061 |   Category: Archive
1062 |   Exec: true
1063 |   Container: true
1064 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1065 |   ChromeDangerLevel: NOT_DANGEROUS
1066 |   ChromeAutoOpenHint: UNKNOWN
1067 | - Extension: .xz
1068 | 
1069 |   Category: Archive
1070 |   Exec: true
1071 |   Container: true
1072 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1073 |   ChromeDangerLevel: NOT_DANGEROUS
1074 |   ChromeAutoOpenHint: UNKNOWN
1075 | - Extension: .r02
1076 | 
1077 |   Category: Archive
1078 |   Exec: true
1079 |   Container: true
1080 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1081 |   ChromeDangerLevel: NOT_DANGEROUS
1082 |   ChromeAutoOpenHint: UNKNOWN
1083 | - Extension: .r03
1084 | 
1085 |   Category: Archive
1086 |   Exec: true
1087 |   Container: true
1088 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1089 |   ChromeDangerLevel: NOT_DANGEROUS
1090 |   ChromeAutoOpenHint: UNKNOWN
1091 | - Extension: .ps1
1092 |   Description: Powershell script
1093 |   WindowsBuiltin: true
1094 |   Category: Code
1095 |   Confidence: High
1096 |   Code: true
1097 |   MitreExecution: often
1098 |   Common: true
1099 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1100 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1101 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1102 | - Extension: .ps1xml
1103 |   Description: Powershell script
1104 |   WindowsBuiltin: true
1105 |   Category: Code
1106 |   Code: true
1107 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1108 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1109 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1110 | - Extension: .psm1
1111 |   Description: Powershell script
1112 |   WindowsBuiltin: true
1113 |   Category: Code
1114 |   Code: true
1115 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1116 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1117 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1118 | - Extension: .ps2
1119 |   Description: Powershell script
1120 |   WindowsBuiltin: true
1121 |   Category: Code
1122 |   Code: true
1123 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1124 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1125 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1126 | - Extension: .ps2xml
1127 |   Description: Powershell script
1128 |   WindowsBuiltin: true
1129 |   Category: Code
1130 |   Code: true
1131 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1132 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1133 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1134 | - Extension: .psc1
1135 |   Description: Powershell script
1136 |   WindowsBuiltin: true
1137 |   Category: Code
1138 |   Code: true
1139 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1140 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1141 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1142 | - Extension: .psc2
1143 |   Description: Powershell script
1144 |   WindowsBuiltin: true
1145 |   Category: Code
1146 |   Code: true
1147 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1148 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1149 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1150 | - Extension: .msh
1151 |   Description: Powershell script
1152 |   WindowsBuiltin: true
1153 |   Category: Code
1154 |   Code: true
1155 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1156 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1157 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1158 | - Extension: .msh1
1159 |   Description: Powershell script
1160 |   WindowsBuiltin: true
1161 |   Category: Code
1162 |   Code: true
1163 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1164 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1165 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1166 | - Extension: .msh2
1167 |   Description: Powershell script
1168 |   WindowsBuiltin: true
1169 |   Category: Code
1170 |   Code: true
1171 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1172 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1173 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1174 | - Extension: .mshxml
1175 |   Description: Powershell script
1176 |   WindowsBuiltin: true
1177 |   Category: Code
1178 |   Code: true
1179 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1180 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1181 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1182 | - Extension: .msh1xml
1183 |   Description: Powershell script
1184 |   WindowsBuiltin: true
1185 |   Category: Code
1186 |   Code: true
1187 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1188 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1189 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1190 | - Extension: .msh2xml
1191 |   Description: Powershell script
1192 |   WindowsBuiltin: true
1193 |   Category: Code
1194 |   Code: true
1195 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1196 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1197 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1198 | - Extension: .sh
1199 |   Description: Shell script
1200 |   Category: Code
1201 |   Confidence: High
1202 |   Code: true
1203 |   ChromePlatform: PLATFORM_TYPE_ANY
1204 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1205 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1206 | - Extension: .dll
1207 |   Description: DLL File
1208 |   WindowsBuiltin: true
1209 |   Category: Code
1210 |   Confidence: High
1211 |   Code: true
1212 |   Common: true
1213 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1214 |   ChromeDangerLevel: DANGEROUS
1215 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1216 | - Extension: .asp
1217 |   Description: Active Server Pages
1218 |   Category: Code
1219 |   Code: true
1220 |   Notes: Web file that can contain and execute server-side script.
1221 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1222 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1223 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1224 | - Extension: .aspx
1225 | 
1226 |   Category: Code
1227 |   Code: true
1228 |   Notes: Web file that can execute server-side script, primarily in .NET.
1229 | - Extension: .asax
1230 |   Category: Code
1231 |   Code: true
1232 | - Extension: .ashx
1233 |   Category: Code
1234 |   Code: true
1235 | - Extension: .btm
1236 |   Category: Code
1237 |   Code: true
1238 | - Extension: .cla
1239 |   Category: Code
1240 |   Code: true
1241 | - Extension: .class
1242 |   Category: Code
1243 |   Code: true
1244 |   ChromePlatform: PLATFORM_TYPE_ANY
1245 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1246 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1247 | - Extension: .csh
1248 |   Category: Code
1249 |   Code: true
1250 |   ChromePlatform: PLATFORM_TYPE_ANY
1251 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1252 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1253 | - Extension: .ksh
1254 |   Category: Code
1255 |   Code: true
1256 |   ChromePlatform: PLATFORM_TYPE_ANY
1257 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1258 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1259 | - Extension: .pl
1260 |   Category: Code
1261 |   Code: true
1262 |   ChromePlatform: PLATFORM_TYPE_LINUX
1263 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1264 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1265 | - Extension: .plg
1266 |   Category: Code
1267 |   Code: true
1268 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1269 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1270 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1271 | - Extension: .wml
1272 |   Category: Code
1273 |   Code: true
1274 | - Extension: .xbap
1275 |   Category: Code
1276 |   Code: true
1277 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1278 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1279 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1280 | - Extension: .xdp
1281 |   Category: Code
1282 |   Code: true
1283 | - Extension: .pdf
1284 |   Description: PDF File
1285 |   Category: Document
1286 |   Confidence: High
1287 |   BusinessCase: true
1288 |   WindowsBuiltin: true
1289 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1290 |   ChromeDangerLevel: NOT_DANGEROUS
1291 |   ChromeAutoOpenHint: UNKNOWN
1292 | - Extension: .html
1293 |   Description: HTML file
1294 |   Category: HTML
1295 |   Confidence: High
1296 |   Container: true
1297 |   WindowsBuiltin: true
1298 |   Common: true
1299 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1300 |   ChromeDangerLevel: NOT_DANGEROUS
1301 |   ChromeAutoOpenHint: UNKNOWN
1302 | - Extension: .htm
1303 |   Description: HTML file
1304 |   Category: HTML
1305 |   Confidence: High
1306 |   Container: true
1307 |   WindowsBuiltin: true
1308 |   Common: true
1309 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1310 |   ChromeDangerLevel: NOT_DANGEROUS
1311 |   ChromeAutoOpenHint: UNKNOWN
1312 | - Extension: .ics
1313 |   Category: Office
1314 |   Description: Calendar file format
1315 |   Container: true
1316 |   Exec: true
1317 |   WindowsBuiltin: true
1318 |   Common: true
1319 |   Notes: Used for sharing calendar information. However, be cautious about links or attachments embedded within.
1320 | - Extension: .odt
1321 |   Description: OpenDocument Text Document
1322 |   Category: Office
1323 |   Container: true
1324 |   Notes: A word processing document. Be cautious of embedded macros or scripts, although they're less common than in .doc files.
1325 | - Extension: .oxps
1326 |   Description: Open XML Paper Specification
1327 |   Category: Document
1328 |   WindowsBuiltin: true
1329 |   Container: true
1330 |   Notes: Essentially a PDF alternative from Microsoft. While generally safe, be wary of embedded content.
1331 | - Extension: .rtf
1332 |   Description: Rich Text Format
1333 |   Category: Document
1334 |   WindowsBuiltin: true
1335 |   BusinessCase: true
1336 |   MitreInitialAccess: sometimes
1337 |   Notes: Can potentially contain embedded objects or links that could lead to malicious content or actions when opened.
1338 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1339 |   ChromeDangerLevel: NOT_DANGEROUS
1340 |   ChromeAutoOpenHint: UNKNOWN
1341 | - Extension: .xps
1342 |   Description: XML Paper Specification
1343 |   Category: Document
1344 |   WindowsBuiltin: true
1345 |   BusinessCase: true
1346 |   Notes: Essentially a PDF alternative from Microsoft. While generally safe, be wary of embedded content.
1347 | - Extension: .reg
1348 |   Category: System
1349 |   Description: Windows Registry file
1350 |   Exec: true
1351 |   WindowsBuiltin: true
1352 |   MitreExecution: often
1353 |   Notes: Can make changes to the Windows Registry. Malicious edits can compromise system integrity or security.
1354 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1355 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1356 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1357 | - Extension: .lnk
1358 |   Description: Windows shortcut file
1359 |   Category: System
1360 |   Confidence: High
1361 |   Exec: true
1362 |   MitreInitialAccess: often
1363 |   MitreExecution: sometimes
1364 |   WindowsBuiltin: true
1365 |   Notes: Can point to and execute malicious applications or scripts. Can also have embedded harmful arguments or actions.
1366 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1367 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1368 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1369 | - Extension: .msc
1370 |   Category: System
1371 |   Description: Microsoft Management Console file
1372 |   WindowsBuiltin: true
1373 |   Notes: Provides a UI for managing different aspects of Windows. Maliciously crafted .msc files can be harmful.
1374 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1375 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1376 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1377 | - Extension: .pol
1378 |   Category: System
1379 |   Description: Windows Group Policy file
1380 |   WindowsBuiltin: true
1381 |   Notes: Represents policy settings. While not executable, they can alter system configurations if applied.
1382 | - Extension: .scf
1383 |   Category: Executable
1384 |   Description: Windows Explorer Command
1385 |   Exec: true
1386 |   WindowsBuiltin: true
1387 |   Notes: A Windows Explorer command file. Could pass potentially dangerous commands to Windows Explorer.
1388 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1389 |   ChromeDangerLevel: DANGEROUS
1390 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1391 | - Extension: .shb
1392 |   Category: Executable
1393 |   Description: Windows Document Shortcut
1394 |   Exec: true
1395 |   WindowsBuiltin: true
1396 |   Notes: Can be used to execute documents or applications.
1397 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1398 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1399 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1400 | - Extension: .settingscontent-ms
1401 |   Description: Windows Settings shortcut
1402 |   Category: System
1403 |   Exec: true
1404 |   WindowsBuiltin: true
1405 |   Notes: Can be abused to execute arbitrary code, including shell commands.
1406 | - Extension: .svg
1407 |   Description: Scalable Vector Graphics
1408 |   Category: Browser
1409 |   Tags:
1410 |   - phishing
1411 |   Notes: An XML-based image format that can contain embedded JavaScript, which can download additional file (HTML smuggling)
1412 |   Exec: false
1413 |   WindowsBuiltin: true
1414 |   MitreInitialAccess: sometimes
1415 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1416 |   ChromeDangerLevel: NOT_DANGEROUS
1417 |   ChromeAutoOpenHint: UNKNOWN
1418 | - Extension: .uue
1419 |   Description: Uuencode (Unix-to-Unix encoding) encoded file
1420 |   Notes: Used for encoding binary data to text. While the format itself doesn't execute, the decoded content might be malicious.
1421 |   Category: Encoding
1422 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1423 |   ChromeDangerLevel: NOT_DANGEROUS
1424 |   ChromeAutoOpenHint: UNKNOWN
1425 | - Extension: .b64
1426 |   Description: Base64 encoded file
1427 |   Notes: Used for encoding binary data to text. While the format itself doesn't execute, the decoded content might be malicious.
1428 |   Category: Encoding
1429 |   ChromePlatform: PLATFORM_TYPE_UNKNOWN
1430 |   ChromeDangerLevel: NOT_DANGEROUS
1431 |   ChromeAutoOpenHint: UNKNOWN
1432 | - Extension: .swf
1433 |   Description: Flash file
1434 |   Notes: Flash files downloaded locally can sometimes access the local filesystem
1435 |   Category: Executable
1436 |   Exec: true
1437 |   WindowsBuiltin: false
1438 |   ChromePlatform: PLATFORM_TYPE_ANY
1439 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1440 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1441 | - Extension: .crx
1442 |   Description: Chrome extension
1443 |   Notes: Chrome displays a prompt prior to installation
1444 |   Category: Browser
1445 |   Exec: true
1446 |   ChromePlatform: PLATFORM_TYPE_ANY
1447 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1448 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1449 | - Extension: .oxt
1450 |   Description: OpenOffice extension
1451 |   Notes: OpenOffice extension, can execute arbitrary code.
1452 |   Category: Office
1453 |   Exec: true
1454 |   ChromePlatform: PLATFORM_TYPE_ANY
1455 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1456 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1457 | - Extension: .mda
1458 |   Description: MS Access Add-In
1459 |   Category: Office
1460 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1461 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1462 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1463 | - Extension: .mdb
1464 |   Description: MS Access Database
1465 |   Category: Office
1466 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1467 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1468 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1469 | - Extension: .mde
1470 |   Description: MS Access
1471 |   Category: Office
1472 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1473 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1474 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1475 | - Extension: .mdt
1476 |   Description: MS Access Add-In
1477 |   Category: Office
1478 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1479 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1480 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1481 | - Extension: .mdw
1482 |   Description: MS Access Workgroup Information
1483 |   Category: Office
1484 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1485 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1486 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1487 | - Extension: .mdz
1488 |   Description: MS Access Wizard Template
1489 |   Category: Office
1490 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1491 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1492 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1493 | - Extension: .accdb
1494 |   Description: MS Access Database (like .mdb)
1495 |   Category: Office
1496 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1497 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1498 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1499 | - Extension: .accde
1500 |   Description: MS Access Database (like .mdb)
1501 |   Category: Office
1502 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1503 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1504 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1505 | - Extension: .accdr
1506 |   Description: MS Access Database (like .mdb)
1507 |   Category: Office
1508 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1509 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1510 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1511 | - Extension: .accda
1512 |   Description: MS Access Database (like .mdb)
1513 |   Category: Office
1514 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1515 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1516 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1517 | - Extension: .ops
1518 |   Description: MS Office Profile Settings File
1519 |   Category: Office
1520 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1521 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1522 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1523 | - Extension: .paf
1524 |   Description: Portable Application Installer File
1525 |   Category: System
1526 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1527 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1528 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1529 | - Extension: .pcd
1530 |   Description: MS Visual Test
1531 |   Category: Office
1532 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1533 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1534 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1535 | - Extension: .prf
1536 |   Description: Windows System File
1537 |   Category: System
1538 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1539 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1540 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1541 | - Extension: .prg
1542 |   Description: Program file
1543 |   Category: Misc
1544 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1545 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1546 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1547 | - Extension: .pst
1548 |   Description: Microsoft Exchange Address Book File.
1549 |   Notes: Microsoft Outlook Personal Folder.
1550 |   Category: Office
1551 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1552 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1553 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1554 | - Extension: .eml
1555 |   Description: Outlook file
1556 |   Notes: Opens in Outlook. Not common, but could be exploited (CVE-2015-6172)
1557 |   Category: Office
1558 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1559 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1560 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1561 | - Extension: .cpi
1562 |   Description: Control Panel Item. Executable used for adding icons to Control Panel.
1563 |   Category: System
1564 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1565 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1566 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1567 | - Extension: .partial
1568 |   Description: will open in IE even when chrome is set as default browser
1569 |   Category: Browser
1570 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1571 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1572 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1573 | - Extension: .xrm-ms
1574 |   Description: will open in IE even when chrome is set as default browser
1575 |   Category: Browser
1576 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1577 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1578 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1579 | - Extension: .rels
1580 |   Description: will open in IE even when chrome is set as default browser
1581 |   Category: Browser
1582 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1583 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1584 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1585 | - Extension: .xml
1586 |   Description: will open in IE even when chrome is set as default browser
1587 |   Category: Browser
1588 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1589 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1590 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1591 | - Extension: .xsl
1592 |   Description: will open in IE even when chrome is set as default browser
1593 |   Category: Browser
1594 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1595 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1596 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1597 | - Extension: .xsd
1598 |   Description: will open in IE even when chrome is set as default browser
1599 |   Category: Browser
1600 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1601 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1602 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1603 | - Extension: .url
1604 |   Description: Internet Shortcut
1605 |   Notes: They can point at anything. Dropping a download of this type and opening it automatically can in effect sidestep origin restrictions etc.
1606 |   Category: Browser
1607 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1608 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1609 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1610 | - Extension: .website
1611 |   Description: Internet Shortcut
1612 |   Notes: They can point at anything. Dropping a download of this type and opening it automatically can in effect sidestep origin restrictions etc.
1613 |   Category: Browser
1614 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1615 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1616 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1617 | - Extension: .crt
1618 |   Description: Signed certificate file
1619 |   Category: Certificate
1620 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1621 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1622 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1623 | - Extension: .cer
1624 |   Description: Signed certificate file
1625 |   Category: Certificate
1626 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1627 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1628 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1629 | - Extension: .der
1630 |   Description: Signed certificate file
1631 |   Category: Certificate
1632 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1633 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1634 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1635 | - Extension: .cfg
1636 |   Category: Misc
1637 |   Exec: true
1638 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1639 |   ChromeDangerLevel: DANGEROUS
1640 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1641 | - Extension: .fon
1642 |   Description: Font file
1643 |   Notes: uses Portable Executable or New Executable format. Not supposed to contain executable code.
1644 |   Category: Font
1645 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1646 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1647 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1648 | - Extension: .fxp
1649 |   Description: Microsoft FoxPro Compiled Source.
1650 |   Category: Code
1651 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1652 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1653 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1654 | - Extension: .grp
1655 |   Description: MSProgramGroup (?)
1656 |   Category: Misc
1657 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1658 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1659 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1660 | - Extension: .htt
1661 |   Description: Hypertext Template File
1662 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1663 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1664 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1665 | - Extension: .ins
1666 |   Description: Microsoft IIS Internet Communication Settings.
1667 |   Category: Misc
1668 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1669 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1670 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1671 | - Extension: .inx
1672 |   Description: InstallShield Compiled Script
1673 |   Category: Misc
1674 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1675 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1676 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1677 | - Extension: .isu
1678 |   Description: InstallShield Uninstaller Script
1679 |   Category: Misc
1680 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1681 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1682 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1683 | - Extension: .isp
1684 |   Description: Microsoft IIS Internet Service Provider Settings.
1685 |   Category: Misc
1686 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1687 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1688 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1689 | - Extension: .job
1690 |   Description: Windows Task Scheduler Job file
1691 |   Notes: No handler is registered by default, so this is probably normally not dangerous unless saved into the task scheduler directory.
1692 |   Category: System
1693 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1694 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1695 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1696 | - Extension: .local
1697 | 
1698 |   Notes: .local files affect DLL search path for .exe file with same base name.
1699 |   Category: System
1700 |   Exec: true
1701 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1702 |   ChromeDangerLevel: DANGEROUS
1703 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1704 | - Extension: .manifest
1705 |   Description: Manifest
1706 |   Notes: having a .manifest file with the same basename as .exe file changes the DLL search order for the .exe file
1707 |   Category: System
1708 |   Exec: true
1709 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1710 |   ChromeDangerLevel: DANGEROUS
1711 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1712 | - Extension: .mmc
1713 |   Category: System
1714 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1715 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1716 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1717 | - Extension: .msg
1718 |   Description: Outlook
1719 |   Notes: Opens in Outlook. Not common, but could be exploited (CVE-2015-6172)
1720 |   Category: Office
1721 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1722 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1723 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1724 | - Extension: .rgs
1725 |   Description: Registry Script Windows
1726 |   Category: Misc
1727 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1728 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1729 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1730 | - Extension: .sct
1731 |   Description: Microsoft Windows Script Component. Microsoft FoxPro Screen.
1732 |   Notes: A Script Component is a COM component created using script.
1733 |   Category: Misc
1734 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1735 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1736 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1737 | - Extension: .search-ms
1738 |   Description: Windows Vista Index Search Data, for local file system.
1739 |   Category: System
1740 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1741 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1742 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1743 | - Extension: .settingcontent-ms
1744 |   Description: Used to create shortcuts to various Windows 10 setting pages.
1745 |   Notes: Allows invoking any binary file with any parameters.
1746 |   Category: System
1747 |   Exec: true
1748 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1749 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1750 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1751 | - Extension: .sys
1752 |   Description: System executable
1753 |   Category: Executable
1754 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1755 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1756 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1757 | - Extension: .vdx
1758 |   Description: Visio file
1759 |   Category: Office
1760 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1761 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1762 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1763 | - Extension: .vsx
1764 |   Description: Visio file
1765 |   Category: Office
1766 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1767 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1768 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1769 | - Extension: .vtx
1770 |   Description: Visio file
1771 |   Category: Office
1772 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1773 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1774 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1775 | - Extension: .vsdx
1776 |   Description: Visio file
1777 |   Category: Office
1778 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1779 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1780 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1781 | - Extension: .vssx
1782 |   Description: Visio file
1783 |   Category: Office
1784 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1785 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1786 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1787 | - Extension: .vstx
1788 |   Description: Visio file
1789 |   Category: Office
1790 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1791 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1792 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1793 | - Extension: .vsdm
1794 |   Description: Visio file
1795 |   Category: Office
1796 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1797 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1798 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1799 | - Extension: .vssm
1800 |   Description: Visio file
1801 |   Category: Office
1802 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1803 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1804 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1805 | - Extension: .vstm
1806 |   Description: Visio file
1807 |   Category: Office
1808 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1809 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1810 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1811 | - Extension: .vsmacros
1812 |   Description: Microsoft Visual Studio Binary-based Macro Project.
1813 |   Category: Development
1814 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1815 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1816 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1817 | - Extension: .vss
1818 |   Description: Visio file
1819 |   Category: Office
1820 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1821 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1822 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1823 | - Extension: .vst
1824 |   Description: Visio file
1825 |   Category: Office
1826 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1827 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1828 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1829 | - Extension: .vsw
1830 |   Description: Visio file
1831 |   Category: Office
1832 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1833 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1834 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1835 | - Extension: .xnk
1836 |   Description: Microsoft Exchange Public Folder Shortcut
1837 |   Category: Misc
1838 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1839 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1840 |   ChromeAutoOpenHint: ALLOW_AUTO_OPEN
1841 | - Extension: .diagcfg
1842 |   Description: Windows troubleshooting
1843 |   Category: System
1844 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1845 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1846 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1847 | - Extension: .diagpkg
1848 |   Description: Windows troubleshooting component
1849 |   Category: System
1850 |   ChromePlatform: PLATFORM_TYPE_WINDOWS
1851 |   ChromeDangerLevel: ALLOW_ON_USER_GESTURE
1852 |   ChromeAutoOpenHint: DISALLOW_AUTO_OPEN
1853 | 


--------------------------------------------------------------------------------