In order to find phishing payloads, one needs to understand how executable filetypes on Windows are handled, finding which ones can be delivered to mail clients, thus users, without being caught by mail defences in between and without requesting multiple validation steps from that user for execution once clicked on.
Other filetypes are also relevant for phishing even if they are not executable per-se, they are also mentionned in this article.
I am pretty sure all presented filetypes have been documented before but the method used below may be applicable for future Microsoft systems or constrained Windows environments to understand why certain filetypes are blocked. Divin’n’phishin with executable filetypes on Windows
Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer