 Hello! In this video I want to show you how I extract the URLs from this Hansitoer Maldoc from memory. So let's open the document. And as we saw in the previous video, we have WinWord and here the explorer docs.exe child that has the malware running. So let's do a process dump. I create a full dump. Save it here in the demo folder. And now I use my re-search tool to search for URLs. Option F because it's a binary file and option U because I want a unique list for explorer like this. Okay and here you have the IP, if I or URL that is used to check for connectivity and your location. Here the different gates and here the gate that has been used.