@neonprimetime Yeah I agree, I have also seen some accreditation recommendations for implementation of systems that denotes that, certain files (.js, .hta etc. etc. )are default opened with benign programs like notepad, usually pushed via domain GPO’s.