Binaries should not be called salesreports.doc or timesheet.pdf. If a file with a document extension is executing then it’s most likely bad. Like rulllll bad. So on a Mac, you can check what’s running in that context by piping ps output to grep and using the \| as an OR statement to check for files that match a few known document types, as follows:
ps aux | grep ‘.doc\|.pdf\|.png\|.docx\|.mpkg\|.pkg\|.xls\|.ods\|.xlsx\|.odt\|.key\|.htm\|.txt\|.csv\|.xml\|.json\|.pdf\|.ogg\|.rtf\|.dmp\|.aac\|.mp3\|.psg\|.mp4\|.m4a\|.gz\|.png\|.html\|.jpg\|.rss\|.jpeg\|.vb\|.wav\|.svg\|.bmp\|.pps\|.ppt\|.php\|.pptx\|.tiff\|.tif\|.gzip\|.wmv\|.zip\|.rar\|.bin\|.iso\|.sql\|.ico’