 Hello again. About a week ago I showed you this command to analyze a malicious word document that contained a VBM macro. So with my only dumb command here is a malicious word document. You select string 7 and extract and decompress the VBM macro. And when we saw that VBM macro we saw that it contained several CHRW concatenations to form up a URL. Now I showed with PCRGRAP and regular expression and then transforming that list of CHRWs into a Python program and then executing that you could recover the URL like this. So this was this complex pipe of commands to recover the URL in this obfuscated VBM macro. Now since then I've been working on OliDump and I included the possibility to have plugins. And one of the plugins that I developed is exactly a plugin that will find such CHRW concatenations and extracts the URLs for you. So what you have to do is you run OliDump and the plugin that I designed you call it with minus p in the plugin. Name is plugin HTTP heuristics and then you just give it the word document. And here you see the streams, the stream with the macro, the plugin that runs for this stream of macros and it decodes the URL.