The exploit creator generates malicious documents, such as Word and PDF documents, Excel workbooks, CHM compiled help files and HTML pages. Most of these serve as downloaders, with the final payload stored on a website that is then downloaded and executed by the malicious code. In some cases, the generated document contains the entire payload. Therefore, there is no need to access an external website, as the malicious content is extracted from the document and executed from there.