 Hello, I'm going to do the analysis of PDF file that I received, a phishing PDF file. So it's not actually malicious, I mean it doesn't contain malicious code, but it contains a URL and we are going to analyze this with my tools. So with PDF ID, option N so that we can only see the names that I have actually count also that are present and here is our malicious PDF and indeed you can see URI, the name URI appears twice. So with PDF parser we can just extract all the keys from the dictionary that I have the name URI slash URI like this. So and with other malicious PDFs, with other phishing PDFs, you would see the URL here, but here it's different and you see 18, 0, R and this is just a reference, the R stands for reference to a PDF object, object 18 generation 0. So we can just go have a look at that object with PDF parser. I'm using option O to select an object and I select all the objects with ID 18 for my file. Okay, and here you can see the object without any information. So this is because it just contains a string and the string is by default hidden by PDF parser so that it wouldn't display too much information. But with an option, the row option, W option here, row, you can see the row content of that object and then here you see the URL.