-
Notifications
You must be signed in to change notification settings - Fork 4
/
demo.cast
763 lines (763 loc) · 83.1 KB
/
demo.cast
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
{"version": 2, "width": 160, "height": 30, "timestamp": 1666104576, "idle_time_limit": 2.0, "env": {"SHELL": "/usr/bin/fish", "TERM": "xterm-256color"}, "title": "yaramail CLI demo"}
[0.009554, "o", "Welcome to fish, the friendly interactive shell\r\nType `help` for instructions on how to use fish\r\n"]
[0.011393, "o", "\u001b[?2004h"]
[0.021498, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m"]
[0.021621, "o", "\r\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[1.525786, "o", "# \r\u001b[41C"]
[1.525895, "o", "Here \r\u001b[46C"]
[1.525955, "o", "are \r\u001b[50C"]
[1.526076, "o", "the \r\u001b[54Csamples \r\u001b[62C"]
[1.526199, "o", "to \r\u001b[65Ctest\r\u001b[69C"]
[1.526269, "o", "\u001b[30D\u001b[38;5;88m# Here are the samples to test\r\u001b[69C\u001b[30m\u001b(B\u001b[m\r\n\u001b[30m\u001b(B\u001b[m"]
[1.526332, "o", "\u001b[?2004l"]
[1.527003, "o", "\u001b]0;# Here are the sampl ~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\r"]
[1.527069, "o", "\u001b[2m⏎\u001b(B\u001b[m \r⏎ \r\u001b[K"]
[1.527178, "o", "\u001b[?2004h"]
[1.532246, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[1.532343, "o", "ls \r\u001b[42C"]
[1.532439, "o", "-R \r\u001b[45C"]
[1.532531, "o", "test/samples\r\u001b[57C"]
[1.532611, "o", "\r\u001b[57C\u001b[18D\u001b[38;5;26mls\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m-R\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m\u001b[4mtest/samples\r\u001b[57C\u001b[30m\u001b(B\u001b[m"]
[2.693855, "o", "\r\u001b[57C\r\n\u001b[30m\u001b(B\u001b[m"]
[2.693964, "o", "\u001b[?2004l"]
[2.694711, "o", "\u001b]0;ls -R test/samples ~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\r"]
[2.747218, "o", "test/samples:\r\n\u001b[0m\u001b[01;34mcredential-harvesting\u001b[0m/ \u001b[01;34msafe\u001b[0m/\r\n\r\ntest/samples/credential-harvesting:\r\n"]
[2.747325, "o", "Invoice.eml\r\n\r\ntest/samples/safe:\r\nsans.eml workday.eml\r\n"]
[2.747408, "o", "\u001b[2m⏎\u001b(B\u001b[m \r⏎ \r\u001b[K"]
[2.747471, "o", "\u001b[?2004h"]
[2.75189, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m"]
[2.751953, "o", "\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[10.701557, "o", "# \r\u001b[41C"]
[10.701684, "o", "Test \r\u001b[46C"]
[10.701766, "o", "the \r\u001b[50Csamples \r\u001b[58C"]
[10.701824, "o", "in \r\u001b[61C"]
[10.701926, "o", "bulk\r\u001b[65C\r\u001b[65C"]
[10.702002, "o", "\u001b[26D\u001b[38;5;88m# Test the samples in bulk\r\u001b[65C\u001b[30m\u001b(B\u001b[m"]
[11.857832, "o", "\r\u001b[65C\r\n\u001b[30m\u001b(B\u001b[m"]
[11.857973, "o", "\u001b[?2004l"]
[11.858689, "o", "\u001b]0;# Test the samples i ~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\r\u001b[2m⏎\u001b(B\u001b[m \r⏎ \r\u001b[K"]
[11.858741, "o", "\u001b[?2004h"]
[11.863144, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m"]
[11.863241, "o", "\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[20.199455, "o", "yaramail \r\u001b[48C"]
[20.199548, "o", "-t \r\u001b[51C"]
[20.19965, "o", "test/samples \r\u001b[64C"]
[20.199777, "o", "--rules\r\u001b[71C\u001b[38;5;240m test | less\r\u001b[71C\u001b[30m\u001b(B\u001b[m\u001b[32D\u001b[38;5;26myaramail\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m-t\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m\u001b[4mtest/samples\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m--rules\u001b[38;5;240m test | less\r\u001b[71C\u001b[30m\u001b(B\u001b[m"]
[20.199924, "o", "\u001b[38;5;39m \u001b[38;5;240mtest | less\r\u001b[72C\u001b[30m\u001b(B\u001b[m\u001b[38;5;39mtest \u001b[38;5;240m| less\r\u001b[77C\u001b[30m\u001b(B\u001b[m"]
[20.199984, "o", "\u001b[38;5;39m|\u001b[38;5;240m less\r\u001b[78C\u001b[30m\u001b(B\u001b[m"]
[20.20006, "o", "\u001b[38;5;39m \u001b[38;5;240mless\r\u001b[79C\u001b[30m\u001b(B\u001b[m\u001b[38;5;39mless\r\u001b[83C\u001b[30m\u001b(B\u001b[m"]
[20.200178, "o", "\u001b[12D \u001b[38;5;39m\u001b[4mtest\u001b[30m\u001b(B\u001b[m \u001b[38;5;28m|\u001b[30m\u001b(B\u001b[m \u001b[38;5;26mless\r\u001b[83C\u001b[30m\u001b(B\u001b[m"]
[22.165817, "o", "\r\u001b[83C\r\n\u001b[30m\u001b(B\u001b[m"]
[22.16592, "o", "\u001b[?2004l"]
[22.16671, "o", "\u001b]0;yaramail -t test/sam ~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\r"]
[22.167436, "o", "\u001b[?1049h\u001b[22;0;0t\u001b[?1h\u001b=\r"]
[22.402354, "o", "{\r\n \"test_failures\": [\r\n {\r\n \"path\": \"test/samples/safe/sans.eml\",\r\n \"verdict\": null,\r\n \"expected\": \"safe\",\r\n \"results\": {\r\n \"matches\": [\r\n {\r\n \"rule\": \"sans_newsletter\",\r\n \"namespace\": \"default\",\r\n \"tags\": [],\r\n \"meta\": {\r\n \"author\": \"Sean Whalen\",\r\n \"date\": \"2022-08-08\",\r\n \"category\": \"safe\",\r\n \"from_domain\": \"email.sans.org\"\r\n },\r\n \"strings\": [\r\n [\r\n 331,\r\n \"$s1\",\r\n \"SANS NewsBites\"\r\n ],\r\n [\r\n 16181,\r\n \"$s1\",\r\n \"SANS NewsBites\"\r\n ],\r\n:\u001b[K"]
[24.542692, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K [\r\n:\u001b[K"]
[25.042866, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K 24948,\r\n:\u001b[K"]
[25.075833, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"$s1\",\r\n:\u001b[K"]
[25.108773, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"SANS NewsBites\""]
[25.108891, "o", "\r\n:\u001b[K"]
[25.141755, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],"]
[25.141864, "o", "\r\n:\u001b[K"]
[25.174799, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K [\r\n:\u001b[K"]
[25.207791, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K 29047,\r\n:\u001b[K"]
[25.240677, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"$s1\",\r\n:\u001b[K"]
[25.273695, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"SANS NewsBites\"\r\n:\u001b[K"]
[25.710759, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],"]
[25.710863, "o", "\r\n:\u001b[K"]
[26.210813, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K [\r\n:\u001b[K"]
[26.2438, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K 31063,\r\n:\u001b[K"]
[26.277066, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"$s2\",\r\n:\u001b[K"]
[26.309754, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"https://www.sans.org/preference-center\""]
[26.309834, "o", "\r\n:\u001b[K"]
[26.342744, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ]\r\n:\u001b[K"]
[26.375852, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],"]
[26.37593, "o", "\r\n:\u001b[K"]
[26.408711, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"warnings\": [\r\n:\u001b[K"]
[26.441664, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"domain-authentication-failed\"\r\n:\u001b[K"]
[26.474692, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n"]
[26.474769, "o", ":\u001b[K"]
[26.507192, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"location\": \"body\"\r\n:\u001b[K"]
[26.540698, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K }\r\n:\u001b[K"]
[26.573652, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[26.606656, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"categories\": [],\r\n:\u001b[K"]
[26.639935, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"msg_from_domain\": {\r\n:\u001b[K"]
[26.672857, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"domain\": \"email.sans.org\",\r\n:\u001b[K"]
[26.705727, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"authenticated\": false,\r\n:\u001b[K"]
[27.277729, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"implicit_safe\": false\r\n:\u001b[K"]
[27.777358, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },"]
[27.777464, "o", "\r\n:\u001b[K"]
[27.810832, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"has_attachment\": true,\r\n:\u001b[K"]
[27.8434, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"verdict\": null"]
[27.843497, "o", "\r\n:\u001b[K"]
[27.876771, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K }\r\n:\u001b[K"]
[27.909318, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K }\r\n:\u001b[K"]
[27.942668, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],"]
[27.942736, "o", "\r\n:\u001b[K"]
[27.975217, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"passed\": 2,\r\n:\u001b[K"]
[28.008301, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"failed\": 1,"]
[28.008379, "o", "\r\n:\u001b[K"]
[28.041741, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"total\": 3\r\n:\u001b[K"]
[28.074579, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K}\r\n:\u001b[K"]
[28.107326, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\u0007\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[28.140788, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[28.173818, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[28.206725, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[28.239185, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[30.54085, "o", "\r\u001b[K\u001b[?1l\u001b>\u001b[?1049l\u001b[23;0;0t"]
[30.54113, "o", "\u001b[2m⏎\u001b(B\u001b[m \r⏎ \r\u001b[K"]
[30.541273, "o", "\u001b[?2004h"]
[30.546221, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[39.115576, "o", "# \r\u001b[41C"]
[39.115762, "o", "Authentication \r\u001b[56C"]
[39.115899, "o", "failed \r\u001b[63Cfor \r\u001b[67C"]
[39.116056, "o", "safe/sans.eml. \r\u001b[82CLe\r\u001b[84C"]
[39.116185, "o", "\u001b[45D\u001b[38;5;88m# Authentication failed for safe/sans.eml. Le\r\u001b[84C\u001b[30m\u001b(B\u001b[m\u001b[38;5;240mt's check the Authentication-Results headers.\r\u001b[84C\u001b[30m\u001b(B\u001b[m"]
[39.116271, "o", "\u001b[38;5;88mt's \u001b[38;5;240mcheck the Authentication-Results headers.\r\u001b[88C\u001b[30m\u001b(B\u001b[m\u001b[38;5;88mcheck \u001b[38;5;240mthe Authentication-Results headers.\r\u001b[94C\u001b[30m\u001b(B\u001b[m"]
[39.116377, "o", "\u001b[38;5;88mthe \u001b[38;5;240mAuthentication-Results headers.\r\u001b[98C\u001b[30m\u001b(B\u001b[m\u001b[38;5;88mAuthentic\u001b[38;5;240mation-Results headers.\r\u001b[107C\u001b[30m\u001b(B\u001b[m"]
[39.116453, "o", "\u001b[38;5;88mation-R\u001b[38;5;240mesults headers.\r\u001b[114C\u001b[30m\u001b(B\u001b[m"]
[39.116609, "o", "\u001b[38;5;88mesults \u001b[38;5;240mheaders.\r\u001b[121C\u001b[30m\u001b(B\u001b[m"]
[39.116699, "o", "\u001b[38;5;88mheaders.\r\u001b[129C\u001b[30m\u001b(B\u001b[m\r\n\u001b[30m"]
[39.116827, "o", "\u001b(B\u001b[m\u001b[?2004l"]
[39.117548, "o", "\u001b]0;# Authentication fai ~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\r\u001b[2m⏎\u001b(B\u001b[m \r⏎ \r\u001b[K"]
[39.117637, "o", "\u001b[?2004h"]
[39.122133, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[39.122233, "o", "cat \r\u001b[43C"]
[39.122338, "o", "test/samples/safe/sans.eml \r\u001b[70C"]
[39.12236, "o", "|\r\u001b[71C"]
[39.122434, "o", " \r\u001b[72C"]
[39.122454, "o", "grep \r\u001b[77C"]
[39.122533, "o", "-A \r\u001b[80C3 \r\u001b[82C"]
[39.122699, "o", "Authentication-Results\r\u001b[104C"]
[39.122804, "o", "\r\u001b[104C\u001b[65D\u001b[38;5;26mcat\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m\u001b[4mtest/samples/safe/sans.eml\u001b[30m\u001b(B\u001b[m \u001b[38;5;28m|\u001b[30m\u001b(B\u001b[m \u001b[38;5;26mgrep\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m-A\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m3\u001b[30m\u001b(B\u001b[m \u001b[38;5;39mAuthentication-Results\r\u001b[104C\u001b[30m\u001b(B\u001b[m"]
[41.310885, "o", "\r\u001b[104C\r\n\u001b[30m\u001b(B\u001b[m"]
[41.310993, "o", "\u001b[?2004l"]
[41.311716, "o", "\u001b]0;cat test/samples/saf ~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\r"]
[41.31308, "o", "\u001b[01;31m\u001b[KAuthentication-Results\u001b[m\u001b[K: spf=fail (sender IP is 216.71.0.0)\r\n smtp.mailfrom=bounce.email.sans.org; dkim=fail (signature did not verify)\r\n header.d=email.sans.org;dmarc=fail action=oreject\r\n header.from=email.sans.org;compauth=none reason=451\r\n\u001b[36m\u001b[K--\u001b[m\u001b[K\r\n\u001b[01;31m\u001b[KAuthentication-Results\u001b[m\u001b[K-Original: esa.hcREDACTED.iphmx.com; spf=Pass\r\n smtp.mailfrom=bounce-11678_HTML-190192032-1159006-7329836-760@bounce.email.sans.org;\r\n dkim=pass (signature verified) header.i=newsbites@email.sans.org; dmarc=pass\r\n (p=reject dis=none) d=sans.org\r\n"]
[41.313261, "o", "\u001b[2m⏎\u001b(B\u001b[m \r⏎ \r\u001b[K"]
[41.313287, "o", "\u001b[?2004h"]
[41.317659, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m"]
[41.317721, "o", "\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[52.661289, "o", "# \r\u001b[41C"]
[52.661457, "o", "This \r\u001b[46Csample \r\u001b[53Cwas \r\u001b[57C"]
[52.66152, "o", "delivered \r\u001b[67C"]
[52.661649, "o", "to \r\u001b[70Ca \r\u001b[72C"]
[52.66173, "o", "gateway \r\u001b[80C"]
[52.661852, "o", "that \r\u001b[85Cadds \r\u001b[90C"]
[52.661952, "o", "an \r\u001b[93C"]
[52.662044, "o", "Authentication-\r\u001b[108C\u001b[69D\u001b[38;5;88m# This sample was delivered to a gateway that adds an Authentication-\r\u001b[108C\u001b[30m\u001b(B\u001b[m\u001b[38;5;240mResults-Origional header.\r\u001b[108C\u001b[30m\u001b(B\u001b[m"]
[52.662157, "o", "\u001b[38;5;88mResults-Origin\u001b[30m\u001b(B\u001b[m\u001b[K\r\u001b[122C"]
[52.662315, "o", "\u001b[38;5;88mal \r\u001b[125C\u001b[30m\u001b(B\u001b[m"]
[52.662421, "o", "\u001b[38;5;88mheader.\r\u001b[132C\u001b[30m\u001b(B\u001b[m\r\n\u001b[30m\u001b(B\u001b[m\u001b[?200"]
[52.662502, "o", "4l"]
[52.663143, "o", "\u001b]0;# This sample was de ~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\r\u001b[2m⏎\u001b(B\u001b[m \r⏎ \r\u001b[K"]
[52.663211, "o", "\u001b[?2004h"]
[52.667831, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[52.667918, "o", "# \r\u001b[41C"]
[52.668009, "o", "Samples \r\u001b[49C"]
[52.668124, "o", "can \r\u001b[53C"]
[52.668213, "o", "be \r\u001b[56Cscanned \r\u001b[64C"]
[52.668274, "o", "individually.\r\u001b[77C\u001b[38D\u001b[38;5;88m# Samples can be scanned individually.\r\u001b[77C\u001b[30m\u001b(B\u001b[m\r\n\u001b[30m\u001b(B\u001b[m\u001b[?2004l"]
[52.668817, "o", "\u001b]0;# Samples can be sca ~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\r\u001b[2m⏎\u001b(B\u001b[m \r⏎ \r\u001b[K"]
[52.668835, "o", "\u001b[?2004h"]
[52.673168, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[52.673274, "o", "# \r\u001b[41C"]
[52.673357, "o", "Add \r\u001b[45C-o \r\u001b[48C"]
[52.673435, "o", "to \r\u001b[51Cthe \r\u001b[55C"]
[52.673512, "o", "CLI \r\u001b[59Cto \r\u001b[62C"]
[52.6736, "o", "use \r\u001b[66C"]
[52.673682, "o", "the \r\u001b[70C"]
[52.673746, "o", "Authentication-Results-Original \r\u001b[102C"]
[52.67383, "o", "header.\r\u001b[109C\r\u001b[109C\u001b[70D\u001b[38;5;88m# Add -o to the CLI to use the Authentication-Results-Original header.\r\u001b[109C\u001b[30m\u001b(B\u001b[m"]
[54.549905, "o", "\r\u001b[109C\r\n"]
[54.550043, "o", "\u001b[30m\u001b(B\u001b[m"]
[54.550134, "o", "\u001b[?2004l"]
[54.550916, "o", "\u001b]0;# Add -o to the CLI ~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\r\u001b[2m⏎\u001b(B\u001b[m \r⏎ \r\u001b[K"]
[54.55099, "o", "\u001b[?2004h"]
[54.555454, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[63.354919, "o", "yaramail \r\u001b[48C"]
[63.355046, "o", "-o \r\u001b[51Ctest/samples\r\u001b[63C"]
[63.35522, "o", "/safe/sa\r\u001b[71C"]
[63.355304, "o", "ns.eml \r\u001b[78C-\r\u001b[79C"]
[63.355379, "o", "-rules \r\u001b[86Ct\r\u001b[87C"]
[63.3555, "o", "est \r\u001b[91C"]
[63.35558, "o", "|\r\u001b[92C"]
[63.355682, "o", " \r\u001b[93C"]
[63.355775, "o", "less\r\u001b[97C\r\u001b[97C"]
[63.355856, "o", "\u001b[58D\u001b[38;5;26myaramail\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m-o\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m\u001b[4mtest/samples/safe/sans.eml\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m--rules\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m\u001b[4mtest\u001b[30m\u001b(B\u001b[m \u001b[38;5;28m|\u001b[30m\u001b(B\u001b[m \u001b[38;5;26mless\r\u001b[97C\u001b[30m\u001b(B\u001b[m"]
[65.363904, "o", "\r\u001b[97C\r\n\u001b[30m\u001b(B\u001b[m"]
[65.364002, "o", "\u001b[?2004l"]
[65.364883, "o", "\u001b]0;yaramail -o test/sam ~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\r"]
[65.3657, "o", "\u001b[?1049h\u001b[22;0;0t\u001b[?1h\u001b=\r"]
[65.552824, "o", "{\r\n \"test/samples/safe/sans.eml\": {\r\n \"matches\": [\r\n {\r\n \"rule\": \"sans_newsletter\",\r\n \"namespace\": \"default\",\r\n \"tags\": [],\r\n \"meta\": {\r\n \"author\": \"Sean Whalen\",\r\n \"date\": \"2022-08-08\",\r\n \"category\": \"safe\",\r\n \"from_domain\": \"email.sans.org\"\r\n },\r\n \"strings\": [\r\n [\r\n 325,\r\n \"$s1\",\r\n \"SANS NewsBites\"\r\n ],\r\n [\r\n 16175,\r\n \"$s1\",\r\n \"SANS NewsBites\"\r\n ],\r\n [\r\n 24942,\r\n \"$s1\",\r\n \"SANS NewsBites\"\r\n ],\r\n:\u001b[K"]
[67.238757, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K [\r\n:\u001b[K"]
[67.738349, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K 29041,\r\n:\u001b[K"]
[67.771799, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"$s1\","]
[67.771876, "o", "\r\n:\u001b[K"]
[67.804779, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"SANS NewsBites\"\r\n:\u001b[K"]
[67.8373, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n"]
[67.837384, "o", ":\u001b[K"]
[67.871104, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K [\r\n:\u001b[K"]
[67.903783, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K 31057,\r\n:\u001b[K"]
[67.936771, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"$s2\",\r\n"]
[67.936845, "o", ":\u001b[K"]
[67.969722, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"https://www.sans.org/preference-center\""]
[67.969815, "o", "\r\n:\u001b[K"]
[68.002158, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ]\r\n:\u001b[K"]
[68.03574, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[68.068681, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"warnings\": [],\r\n:\u001b[K"]
[68.101788, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"location\": \"body\"\r\n:\u001b[K"]
[68.134235, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K }\r\n:\u001b[K"]
[68.167233, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[68.200192, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"categories\": [\r\n:\u001b[K"]
[68.233299, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"safe\""]
[68.233402, "o", "\r\n:\u001b[K"]
[68.26675, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[68.299783, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"msg_from_domain\": {"]
[68.29986, "o", "\r\n:\u001b[K"]
[68.332657, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"domain\": \"email.sans.org\",\r\n:\u001b[K"]
[68.365185, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"authenticated\": true,"]
[68.365255, "o", "\r\n:\u001b[K"]
[68.398203, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"implicit_safe\": false\r\n:\u001b[K"]
[68.431647, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },\r\n:\u001b[K"]
[68.78972, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"has_attachment\": true,\r\n:\u001b[K"]
[69.289897, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"verdict\": \"safe\""]
[69.289995, "o", "\r\n:\u001b[K"]
[69.322859, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K }\r\n:\u001b[K"]
[69.356195, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K}\r\n:\u001b[K"]
[69.388728, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\u0007\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[69.421856, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[69.454649, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[69.487304, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[69.520641, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[69.553729, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[69.586816, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[69.619618, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[69.653291, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[69.685719, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[72.09308, "o", "\r\u001b[K\u001b[?1l\u001b>\u001b[?1049l\u001b[23;0;0t"]
[72.093307, "o", "\u001b[2m⏎\u001b(B\u001b[m \r⏎ \r\u001b[K"]
[72.093392, "o", "\u001b[?2004h"]
[72.098772, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[83.272572, "o", "# \r\u001b[41C"]
[83.272726, "o", "Retest \r\u001b[48C"]
[83.272853, "o", "the \r\u001b[52Csamples \r\u001b[60C"]
[83.272945, "o", "in \r\u001b[63Cbulk \r\u001b[68Cw\r\u001b[69C\u001b[30D\u001b[38;5;88m# Retest the samples in bulk w\r\u001b[69C\u001b[30m\u001b(B\u001b[m\u001b[38;5;240mith the -o option.\r\u001b[69C\u001b[30m\u001b(B\u001b[m"]
[83.273007, "o", "\u001b[38;5;88mith \u001b[38;5;240mthe -o option.\r\u001b[73C\u001b[30m\u001b(B\u001b[m"]
[83.273091, "o", "\u001b[38;5;88mthe \u001b[38;5;240m-o option.\r\u001b[77C\u001b[30m\u001b(B\u001b[m\u001b[38;5;88m-o \u001b[38;5;240moption.\r\u001b[80C\u001b[30m\u001b(B\u001b[m"]
[83.273158, "o", "\u001b[38;5;88moption.\r\u001b[87C\u001b[30m\u001b(B\u001b[m\r\n\u001b[30m\u001b(B\u001b[m"]
[83.273251, "o", "\u001b[?2004l"]
[83.273896, "o", "\u001b]0;# Retest the samples ~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\r"]
[83.273947, "o", "\u001b[2m⏎\u001b(B\u001b[m \r⏎ \r\u001b[K"]
[83.273965, "o", "\u001b[?2004h"]
[83.278317, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[83.27842, "o", "yaramail \r\u001b[48C"]
[83.278481, "o", "-ot \r\u001b[52C"]
[83.278552, "o", "test/samples \r\u001b[65C"]
[83.278649, "o", "--rules \r\u001b[73Ctest\r\u001b[77C"]
[83.278735, "o", "\r\u001b[77C"]
[83.278806, "o", "\u001b[38D\u001b[38;5;26myaramail\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m-ot\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m\u001b[4mtest/samples\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m--rules\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m\u001b[4mtest\r\u001b[77C\u001b[30m\u001b(B\u001b[m"]
[86.028942, "o", "\r\u001b[77C\r\n\u001b[30m\u001b(B\u001b[m"]
[86.029043, "o", "\u001b[?2004l"]
[86.029698, "o", "\u001b]0;yaramail -ot test/sa ~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\r"]
[86.266987, "o", "{\r\n \"test_failures\": [],\r\n \"passed\": 3,\r\n \"failed\": 0,\r\n \"total\": 3\r\n}\r\n"]
[86.281134, "o", "\u001b[2m⏎\u001b(B\u001b[m \r⏎ \r\u001b[K"]
[86.281258, "o", "\u001b[?2004h"]
[86.285945, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[95.766417, "o", "# \r\u001b[41C"]
[95.766561, "o", "Use \r\u001b[45Cthe \r\u001b[49C-v \r\u001b[52C"]
[95.76666, "o", "option \r\u001b[59Cto \r\u001b[62C"]
[95.76678, "o", "get \r\u001b[66C"]
[95.766866, "o", "details \r\u001b[74C"]
[95.766936, "o", "about \r\u001b[80C"]
[95.76703, "o", "details \r\u001b[88C"]
[95.767142, "o", "about \r\u001b[94C"]
[95.767215, "o", "an \r\u001b[97C"]
[95.767345, "o", "email \r\u001b[103Cthat \r\u001b[108C"]
[95.7674, "o", "are \r\u001b[112C"]
[95.767453, "o", "useful \r\u001b[119C"]
[95.76754, "o", "when \r\u001b[124C"]
[95.767623, "o", "writing \r\u001b[132C"]
[95.767724, "o", "rules.\r\u001b[138C\u001b[99D\u001b[38;5;88m# Use the -v option to get details about details about an email that are useful when writing rules.\r\u001b[138C\u001b[30m\u001b(B\u001b[m"]
[97.106091, "o", "\r\n\u001b[30m\u001b(B\u001b[m"]
[97.106219, "o", "\u001b[?2004l"]
[97.106963, "o", "\u001b]0;# Use the -v option ~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\r"]
[97.107044, "o", "\u001b[2m⏎\u001b(B\u001b[m \r⏎ \r\u001b[K\u001b[?2004h"]
[97.111736, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[106.722167, "o", "yaramail \r\u001b[48C"]
[106.722318, "o", "-vo \r\u001b[52C"]
[106.722468, "o", "test/samples/safe/w\r\u001b[71C\u001b[32D\u001b[38;5;26myaramail\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m-vo\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m\u001b[4mtest/samples/safe/w\r\u001b[71C\u001b[30m\u001b(B\u001b[m\u001b[38;5;240morkday.eml --rules test | less\r\u001b[71C\u001b[30m\u001b(B\u001b[m"]
[106.722593, "o", "\u001b[38;5;39m\u001b[4morkday.e\u001b[38;5;240m\u001b[24mml --rules test | less\r\u001b[79C\u001b[30m\u001b(B\u001b[m"]
[106.722693, "o", "\u001b[38;5;39m\u001b[4mml \u001b[38;5;240m\u001b[24m--rules test | less\r\u001b[82C\u001b[30m\u001b(B\u001b[m"]
[106.722771, "o", "\u001b[38;5;39m\u001b[4m--rules \u001b[38;5;240m\u001b[24mtest | less\r\u001b[90C\u001b[30m\u001b(B\u001b[m"]
[106.722852, "o", "\u001b[38;5;39m\u001b[4mtest \u001b[38;5;240m\u001b[24m| less\r\u001b[95C\u001b[30m\u001b(B\u001b[m\u001b[38;5;39m\u001b[4m|\u001b[38;5;240m\u001b[24m less\r\u001b[96C\u001b[30m\u001b(B\u001b[m\u001b[38;5;39m\u001b[4m \u001b[38;5;240m\u001b[24mless\r\u001b[97C\u001b[30m\u001b(B\u001b[m"]
[106.722924, "o", "\u001b[38;5;39m\u001b[4mless\r\u001b[101C\u001b[30m\u001b(B\u001b[m"]
[106.722979, "o", "\u001b[20D \u001b[38;5;39m--rules\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m\u001b[4mtest\u001b[30m\u001b(B\u001b[m \u001b[38;5;28m|\u001b[30m\u001b(B\u001b[m \u001b[38;5;26mless\r\u001b[101C\u001b[30m\u001b(B\u001b[m"]
[109.384, "o", "\r\u001b[101C\r\n\u001b[30m\u001b(B\u001b[m"]
[109.38419, "o", "\u001b[?2004l"]
[109.385002, "o", "\u001b]0;yaramail -vo test/sa ~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\r"]
[109.385896, "o", "\u001b[?1049h\u001b[22;0;0t\u001b[?1h\u001b=\r"]
[109.50671, "o", "{\r\n \"test/samples/safe/workday.eml\": {\r\n \"message-id\": \"<REDACTED.JavaMail.wday@s-f52p182.sys.az1.cust.ash.wd>\",\r\n \"date\": \"2022-08-01T15:47:29\",\r\n \"content-type\": \"text/html; charset=UTF-8\",\r\n \"dkim-signature\": {\r\n \"v\": \"1\",\r\n \"a\": \"rsa-sha256\",\r\n \"c\": \"relaxed/relaxed\",\r\n \"d\": \"myworkday.com\",\r\n \"s\": \"0scbm2p1\",\r\n \"t\": \"1659368849\",\r\n \"h\": [\r\n \"From\",\r\n \"Reply-To\",\r\n \"To\",\r\n \"Subject\",\r\n \"Date\",\r\n \"From\"\r\n ]\r\n },\r\n \"authentication-results\": {\r\n \"spf\": {\r\n \"result\": \"fail\",\r\n \"smtp.mailfrom\": \"myworkday.com\"\r\n },\r\n \"dkim\": {\r\n \"result\": \"pass\",\r\n \"header.d\": \"myworkday.com\"\r\n:\u001b[K"]
[111.449767, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },"]
[111.449877, "o", "\r\n:\u001b[K"]
[111.949528, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"dmarc\": {"]
[111.949638, "o", "\r\n:\u001b[K"]
[111.982311, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"result\": \"pass\","]
[111.982387, "o", "\r\n:\u001b[K"]
[112.015802, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"header.from\": \"myworkday.com\",\r\n:\u001b[K"]
[112.04824, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"disp\": \"none\"\r\n:\u001b[K"]
[112.081771, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },\r\n:\u001b[K"]
[112.114715, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"compauth\": {\r\n:\u001b[K"]
[112.147705, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"result\": \"pass\",\r\n:\u001b[K"]
[112.180715, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"reason\": \"100\""]
[112.180792, "o", "\r\n:\u001b[K"]
[112.213706, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K }\r\n:\u001b[K"]
[112.24667, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },\r\n"]
[112.246745, "o", ":\u001b[K"]
[112.27914, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"mime-version\": \"1.0\",\r\n:\u001b[K"]
[112.312254, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"received\": [\r\n:\u001b[K"]
[112.345799, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K {\r\n"]
[112.345888, "o", ":\u001b[K"]
[112.378808, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"from\": \"wd1-az-mail-nat.myworkday.com 209.177.165.161\",\r\n:\u001b[K"]
[112.411822, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"by\": \"esa3.hcREDACTED.iphmx.com\","]
[112.411934, "o", "\r\n:\u001b[K"]
[112.444908, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"with\": \"ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384\",\r\n:\u001b[K"]
[112.477774, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"date\": \"01 Aug 2022 11:47:30 -0400\",\r\n:\u001b[K"]
[112.98097, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"hop\": 1,\r\n:\u001b[K"]
[113.582709, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"date_utc\": \"2022-08-01 15:47:30\",\r\n:\u001b[K"]
[113.802669, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"delay\": 0"]
[113.802773, "o", "\r\n:\u001b[K"]
[114.30241, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },"]
[114.302519, "o", "\r\n:\u001b[K"]
[114.335338, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K {\r\n:\u001b[K"]
[114.368316, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"from\": \"esa.hcREDACTED.iphmx.com 216.71.0.0\","]
[114.368413, "o", "\r\n:\u001b[K"]
[114.401275, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"by\": \"DM6NAM11FT037.mail.protection.outlook.com 10.13.172.122\","]
[114.401376, "o", "\r\n:\u001b[K"]
[114.434325, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"with\": \"Microsoft SMTP Server version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\",\r\n:\u001b[K"]
[114.467759, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"id\": \"15.20.5482.10\",\r\n:\u001b[K"]
[114.500744, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"via\": \"Frontend Transport\",\r\n:\u001b[K"]
[114.533684, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"date\": \"Mon, 1 Aug 2022 15:47:33 +0000\","]
[114.533756, "o", "\r\n:\u001b[K"]
[114.566671, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"hop\": 2,\r\n:\u001b[K"]
[114.599648, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"date_utc\": \"2022-08-01 15:47:33\",\r\n:\u001b[K"]
[114.966689, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"delay\": 3.0"]
[114.966786, "o", "\r\n:\u001b[K"]
[115.466818, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },"]
[115.466915, "o", "\r\n:\u001b[K"]
[115.499699, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K {"]
[115.499759, "o", "\r\n:\u001b[K"]
[115.532259, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"from\": \"DM6NAM11FT037.eop-nam11.prod.protection.outlook.com 2603:10b6:5:74:cafe::63\",\r\n:\u001b[K"]
[115.565794, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"by\": \"DM6PR07CA0065.outlook.office365.com 2603:10b6:5:74::42\",\r\n:\u001b[K"]
[115.598753, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"with\": \"Microsoft SMTP Server version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\","]
[115.598822, "o", "\r\n:\u001b[K"]
[115.631679, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"id\": \"15.20.5458.23\","]
[115.63176, "o", "\r\n:\u001b[K"]
[115.664661, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"via\": \"Frontend Transport\",\r\n:\u001b[K"]
[115.697694, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"date\": \"Mon, 1 Aug 2022 15:47:33 +0000\",\r\n:\u001b[K"]
[116.07571, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"hop\": 3,"]
[116.075799, "o", "\r\n:\u001b[K"]
[116.575972, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"date_utc\": \"2022-08-01 15:47:33\","]
[116.576068, "o", "\r\n:\u001b[K"]
[116.60873, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"delay\": 0.0\r\n:\u001b[K"]
[116.641748, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },\r\n"]
[116.641841, "o", ":\u001b[K"]
[116.674694, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K {\r\n:\u001b[K"]
[116.707728, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"from\": \"DM6PR07CA0065.namprd07.prod.outlook.com 2603:10b6:5:74::42\",\r\n:\u001b[K"]
[116.740328, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"by\": \"PH0PR04MB7143.namprd04.prod.outlook.com 2603:10b6:510:15::12\","]
[116.740403, "o", "\r\n:\u001b[K"]
[116.77317, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"with\": \"Microsoft SMTP Server version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\","]
[116.773233, "o", "\r\n:\u001b[K"]
[117.25172, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"id\": \"15.20.5482.11\","]
[117.251833, "o", "\r\n:\u001b[K"]
[117.75179, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"date\": \"Mon, 1 Aug 2022 15:47:34 +0000\",\r\n:\u001b[K"]
[117.784748, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"hop\": 4,\r\n:\u001b[K"]
[117.817849, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"date_utc\": \"2022-08-01 15:47:34\","]
[117.817937, "o", "\r\n:\u001b[K"]
[117.850823, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"delay\": 1.0\r\n:\u001b[K"]
[117.8838, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },\r\n:\u001b[K"]
[117.916886, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K {\r\n:\u001b[K"]
[117.949862, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"from\": \"PH0PR04MB7143.namprd04.prod.outlook.com 2603:10b6:510:15::12\",\r\n:\u001b[K"]
[117.982817, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"by\": \"CH2PR04MB6694.namprd04.prod.outlook.com\",\r\n:\u001b[K"]
[118.015199, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"with\": \"HTTPS\",\r\n:\u001b[K"]
[118.048359, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"date\": \"Mon, 1 Aug 2022 15:47:34 +0000\",\r\n:\u001b[K"]
[118.081223, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"hop\": 5,"]
[118.081307, "o", "\r\n:\u001b[K"]
[118.114723, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"date_utc\": \"2022-08-01 15:47:34\","]
[118.114799, "o", "\r\n:\u001b[K"]
[118.5558, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"delay\": 0.0\r\n:\u001b[K"]
[119.055452, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K }"]
[119.055538, "o", "\r\n:\u001b[K"]
[119.088292, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],"]
[119.088378, "o", "\r\n:\u001b[K"]
[119.121303, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"x-msh\": \"v 0.10.1\",\r\n:\u001b[K"]
[119.15465, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"to_domains\": [\r\n:\u001b[K"]
[119.187302, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"redacted.com\""]
[119.187396, "o", "\r\n:\u001b[K"]
[119.220174, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[119.25317, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"to\": ["]
[119.253234, "o", "\r\n:\u001b[K"]
[119.286364, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K {\r\n:\u001b[K"]
[119.319333, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"display_name\": null,"]
[119.319414, "o", "\r\n:\u001b[K"]
[119.94777, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"address\": \"REDACTED@REDACTED.com\",\r\n:\u001b[K"]
[120.44791, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"local\": \"redacted\","]
[120.448025, "o", "\r\n:\u001b[K"]
[120.480915, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"domain\": \"redacted.com\",\r\n:\u001b[K"]
[120.513696, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"sld\": \"redacted.com\"\r\n:\u001b[K"]
[120.546651, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K }\r\n:\u001b[K"]
[120.579298, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],"]
[120.579362, "o", "\r\n:\u001b[K"]
[120.6127, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"reply-to\": ["]
[120.612753, "o", "\r\n:\u001b[K"]
[120.645722, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K [\r\n:\u001b[K"]
[120.678731, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"\",\r\n:\u001b[K"]
[120.711709, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"DoNotReply@REDACTED.com\""]
[120.711767, "o", "\r\n:\u001b[K"]
[120.744699, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ]\r\n:\u001b[K"]
[121.308007, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[121.80742, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"subject\": \"A Task Awaits You: REDACTED\\n Setting & Development Plan Conversation - Due September 30: REDACTED\",\r\n:\u001b[K"]
[121.840288, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"timezone\": \"+0.0\",\r\n:\u001b[K"]
[121.873227, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"received-spf\": [\r\n:\u001b[K"]
[121.906307, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"Fail (protection.outlook.com: domain of myworkday.com does not\\n designate 216.71.0.0 as permitted sender) receiver=protection.outlook.com;\\n client-ip=2 \b:\u001b[K"]
[121.939221, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K16.71.0.0; helo=esa.hcREDACTED.iphmx.com;\",\r\n:\u001b[K"]
[121.972188, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"Pass (esa.hcREDACTED.iphmx.com: domain of\\n REDACTED@myworkday.com designates 209.177.165.161 as\\n permitted sender) identity=mailfrom;\\n client-ip=20 \b:\u001b[K"]
[122.005409, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[122.005511, "o", "9.177.165.161; receiver=esa.hcREDACTED.iphmx.com;\\n envelope-from=\\\"REDACTED@myworkday.com\\\";\\n x-sender=\\\"REDACTED@myworkday.com\\\";\\n x-conformance=spf_only \b:\u001b[K"]
[122.038211, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[122.038247, "o", "; x-record-type=\\\"v=spf1\\\";\\n x-record-text=\\\"v=spf1 ip4:209.177.160.0/20 ip4:37.0.0.0/21\\n -all\\\"\"\r\n:\u001b[K"]
[122.07126, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],"]
[122.071334, "o", "\r\n:\u001b[K"]
[122.104719, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"return-path\": \"REDACTED@myworkday.com\",\r\n:\u001b[K"]
[122.137234, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"authentication-results-original\": {\r\n:\u001b[K"]
[122.17014, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"server\": \"esa.hcredacted.iphmx.com\",\r\n:\u001b[K"]
[122.203197, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"spf\": {\r\n:\u001b[K"]
[122.236205, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"result\": \"pass\",\r\n:\u001b[K"]
[122.855173, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"smtp.mailfrom\": \"redacted@myworkday.com\"\r\n:\u001b[K"]
[123.354345, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },\r\n:\u001b[K"]
[123.387218, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"dkim\": {\r\n:\u001b[K"]
[123.420134, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"result\": \"pass\","]
[123.420196, "o", "\r\n:\u001b[K"]
[123.453123, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"header.i\": \"@myworkday.com\","]
[123.453183, "o", "\r\n:\u001b[K"]
[123.486268, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"header.d\": \"myworkday.com\""]
[123.486365, "o", "\r\n:\u001b[K"]
[123.519195, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },"]
[123.51927, "o", "\r\n:\u001b[K"]
[123.552198, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"dmarc\": {"]
[123.552268, "o", "\r\n:\u001b[K"]
[123.58531, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"result\": \"pass\",\r\n:\u001b[K"]
[123.618239, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"p\": \"reject\",\r\n:\u001b[K"]
[123.651526, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"dis\": \"none\",\r\n:\u001b[K"]
[123.684179, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"header.from\": \"myworkday.com\"\r\n:\u001b[K"]
[123.717207, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K }\r\n:\u001b[K"]
[123.750263, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },\r\n:\u001b[K"]
[123.783133, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"dkim-filter\": \"OpenDKIM Filter v2.11.0 wd1-az-mail-nat.myworkday.com 40D0F10B10CA\",\r\n:\u001b[K"]
[123.816311, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"from\": {\r\n:\u001b[K"]
[123.849317, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"display_name\": \"DoNotReply REDACTED\",\r\n:\u001b[K"]
[123.882261, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"address\": \"REDACTED@myworkday.com\",\r\n:\u001b[K"]
[124.660813, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"local\": \"redacted\",\r\n:\u001b[K"]
[125.160889, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"domain\": \"myworkday.com\","]
[125.160994, "o", "\r\n:\u001b[K"]
[125.193748, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"sld\": \"myworkday.com\"\r\n:\u001b[K"]
[125.226702, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },\r\n:\u001b[K"]
[125.25922, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"content-transfer-encoding\": \"quoted-printable\",\r\n:\u001b[K"]
[125.292425, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"has_defects\": false,\r\n"]
[125.292506, "o", ":\u001b[K"]
[125.32531, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[125.325394, "o", " \"headers_string\": \"Received: from PH0PR04MB7143.namprd04.prod.outlook.com (2603:10b6:510:15::12) by CH2PR04MB6694.namprd04.prod.outlook.com with HTTPS; Mon, \b:\u001b[K"]
[125.358765, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[125.35885, "o", " 1 Aug 2022 15:47:34 +0000\\nReceived: from DM6PR07CA0065.namprd07.prod.outlook.com (2603:10b6:5:74::42) by PH0PR04MB7143.namprd04.prod.outlook.com (2603:10b6:51 \b:\u001b[K"]
[125.391893, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[125.391963, "o", "0:15::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5482.11; Mon, 1 Aug 2022 15:47:34 +0000\\nReceived: \b:\u001b[K"]
[125.424725, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[125.424798, "o", "from DM6NAM11FT037.eop-nam11.prod.protection.outlook.com (2603:10b6:5:74:cafe::63) by DM6PR07CA0065.outlook.office365.com (2603:10b6:5:74::42) with Microsoft SM \b:\u001b[K"]
[125.457287, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[125.457374, "o", "TP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5458.23 via Frontend Transport; Mon, 1 Aug 2022 15:47:33 +0000\\nAuthentication \b:\u001b[K"]
[125.490709, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[125.490803, "o", "-Results: spf=fail (sender IP is 216.71.0.0) smtp.mailfrom=myworkday.com; dkim=pass (signature was verified) header.d=myworkday.com;dmarc=pass action=none heade \b:\u001b[K"]
[125.523717, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[125.523835, "o", "r.from=myworkday.com;compauth=pass reason=100\\nReceived-SPF: Fail (protection.outlook.com: domain of myworkday.com does not designate 216.71.0.0 as permitted se \b:\u001b[K"]
[125.556283, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[125.556388, "o", "nder) receiver=protection.outlook.com; client-ip=216.71.0.0; helo=esa.hcREDACTED.iphmx.com;\\nReceived: from esa.hcREDACTED.iphmx.com (216.71.0.0) by DM6NAM11FT0 \b:\u001b[K"]
[125.589344, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[125.589465, "o", "37.mail.protection.outlook.com (10.13.172.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5482.10 via Fr \b:\u001b[K"]
[125.622673, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[125.622772, "o", "ontend Transport; Mon, 1 Aug 2022 15:47:33 +0000\\nReceived-SPF: Pass (esa.hcREDACTED.iphmx.com: domain of REDACTED@myworkday.com designates 209.177.165.161 as p \b:\u001b[K"]
[125.655165, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[125.655273, "o", "ermitted sender) identity=mailfrom; client-ip=209.177.165.161; receiver=esa.hcREDACTED.iphmx.com; envelope-from=\\\"REDACTED@myworkday.com\\\"; x-sender=\\\"REDACTED@ \b:\u001b[K"]
[125.68814, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[125.688221, "o", "myworkday.com\\\"; x-conformance=spf_only; x-record-type=\\\"v=spf1\\\"; x-record-text=\\\"v=spf1 ip4:209.177.160.0/20 ip4:37.0.0.0/21 -all\\\"\\nAuthentication-Results-Or \b:\u001b[K"]
[125.721717, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[125.721844, "o", "iginal: esa.hcREDACTED.iphmx.com; spf=Pass smtp.mailfrom=REDACTED@myworkday.com; dkim=pass (signature verified) header.i=@myworkday.com; dmarc=pass (p=reject di \b:\u001b[K"]
[126.480115, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[126.480227, "o", "s=none) d=myworkday.com\\nReceived: from wd1-az-mail-nat.myworkday.com ([209.177.165.161]) by esa3.hcREDACTED.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA38 \b:\u001b[K"]
[126.979293, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[126.979413, "o", "4; 01 Aug 2022 11:47:30 -0400\\nX-MSH: v 0.10.1\\nDKIM-Filter: OpenDKIM Filter v2.11.0 wd1-az-mail-nat.myworkday.com 40D0F10B10CA\\nDKIM-Signature: v=1; a=rsa-sha2 \b:\u001b[K"]
[127.012379, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[127.012529, "o", "56; c=relaxed/relaxed; d=myworkday.com; s=0scbm2p1; t=1659368849; bh=c1/LbLPcvCBCGPcDsa7rZLUVxP+fZ5h81n4MEOmhb1Q=; h=From:Reply-To:To:Subject:Date:From; b=HU40D \b:\u001b[K"]
[127.045287, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[127.045441, "o", "KM7vXRZnPqkZOM9+oMMxRpuasR5Wg8M37USGA8bQRBD7plq15XDL+8/4Su6k hgGa0akc1oiFLISXQ8dLTR7HPWia6FKqOvEBGLSPi8Z5EsSubbmGl7LXESzu3u3bEy IO7C2DFPnUFrayGRKm5Fj00EwU7UJ4zR \b:\u001b[K"]
[127.078259, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[127.078402, "o", "jRyBcqyc=\\nFrom: DoNotReply REDACTED <REDACTED@myworkday.com>\\nReply-To: DoNotReply@REDACTED.com\\nTo: REDACTED@REDACTED.com\\nMessage-ID: <REDACTED.JavaMail.wday \b:\u001b[K"]
[127.111253, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[127.11141, "o", "@s-f52p182.sys.az1.cust.ash.wd>\\nSubject: A Task Awaits You: REDACTED\\n Setting & Development Plan Conversation - Due September 30: REDACTED\\nContent-Type: text \b:\u001b[K"]
[127.144261, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[127.144431, "o", "/html; charset=UTF-8\\nContent-Transfer-Encoding: quoted-printable\\nDate: Mon, 1 Aug 2022 15:47:29 +0000 (UTC)\\nReturn-Path: REDACTED@myworkday.com\\nMIME-Versio \b:\u001b[K"]
[127.177305, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[127.177483, "o", "n: 1.0\",\r\n:\u001b[K"]
[127.210317, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[127.210393, "o", " \"body_markdown\": \"Please log into the Workday system to complete this action. \\n\\n \\n\\n\\nBusiness Process: REDACTED \\n\\n \\n\\n\\nSubject: REDACTED \\n\\n \\n\\ \b:\u001b[K"]
[127.243236, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[127.243309, "o", "n\\n \\n\\n\\n \\n\\n\\n[Click Here to view the notification details.](<https://www.myworkday.com/REDACTED/email-universal/inst/779$23022609/rel-task/2997$4086.htmld \b:\u001b[K"]
[127.276265, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[127.276337, "o", ">)\\n\\n \\n\\n\\n\\n\\n \\n\\n\\n \\n\\n\\n**Powered by Workday: A New Day, A Better Way.** \\n \\n--- \\n \\n--- \\n \\n| \\n \b:\u001b[K"]
[128.062786, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[128.062872, "o", "\\nThis email was intended for REDACTED@REDACTED.com \\u00b7 [ Manage Preferences ](< https://www.myworkday.com/REDACTED/d/task/2998$2725.htmld>) \\n \\n---\\n\",\r\n:\u001b[K"]
[128.562785, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"body_urls\": [\r\n:\u001b[K"]
[128.595805, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"https://www.myworkday.com/REDACTED/email-universal/inst/779$23022609/rel-task/2997$4086.htmld\",\r\n:\u001b[K"]
[128.628748, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"http://www.REDACTED.com/images/logo.png\","]
[128.628828, "o", "\r\n:\u001b[K"]
[128.661911, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"https://www.myworkday.com/REDACTED/d/task/2998$2725.htmld\""]
[128.661981, "o", "\r\n:\u001b[K"]
[128.694687, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[128.727711, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"reply_to\": [],\r\n:\u001b[K"]
[128.760736, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"cc\": [],\r\n:\u001b[K"]
[128.793729, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"bcc\": [],\r\n:\u001b[K"]
[130.31175, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"attachments\": [],\r\n:\u001b[K"]
[130.811345, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"filename_safe_subject\": \"A Task Awaits You REDACTED Setting & Development Plan Conversation - Due September 30 REDACTED\",\r\n:\u001b[K"]
[130.844223, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"automatic_reply\": false,\r\n"]
[130.844304, "o", ":\u001b[K"]
[130.877192, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"yaramail\": {\r\n:\u001b[K"]
[130.910262, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"matches\": [\r\n:\u001b[K"]
[130.943209, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K {\r\n:\u001b[K"]
[130.976152, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"rule\": \"workday\",\r\n:\u001b[K"]
[131.009145, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"namespace\": \"default\",\r\n"]
[131.009218, "o", ":\u001b[K"]
[131.042657, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"tags\": [],\r\n:\u001b[K"]
[131.07519, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"meta\": {\r\n:\u001b[K"]
[131.85081, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"author\": \"Sean Whalen\",\r\n:\u001b[K"]
[132.350358, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"date\": \"2022-09-06\",\r\n:\u001b[K"]
[132.383289, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"category\": \"safe\","]
[132.383363, "o", "\r\n:\u001b[K"]
[132.416199, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"from_domain\": \"myworkday.com\",\r\n:\u001b[K"]
[132.449192, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"no_attachments\": true\r\n:\u001b[K"]
[132.482286, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },\r\n:\u001b[K"]
[132.515261, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"strings\": [\r\n:\u001b[K"]
[133.214689, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K [\r\n:\u001b[K"]
[133.541945, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K 344,\r\n:\u001b[K"]
[134.043858, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"$footer\",\r\n:\u001b[K"]
[134.494819, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"Powered by Workday: A New Day, A Better Way.\"\r\n:\u001b[K"]
[134.89776, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],"]
[134.897862, "o", "\r\n:\u001b[K"]
[135.397959, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ["]
[135.398062, "o", "\r\n:\u001b[K"]
[135.430842, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K 184,\r\n:\u001b[K"]
[135.463778, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"$url\",\r\n:\u001b[K"]
[135.49673, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"https://\"\r\n:\u001b[K"]
[135.529794, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[135.562176, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ["]
[135.562271, "o", "\r\n:\u001b[K"]
[135.595678, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K 290,\r\n:\u001b[K"]
[135.628701, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"$url\","]
[135.62878, "o", "\r\n:\u001b[K"]
[135.661217, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"http://\"\r\n:\u001b[K"]
[135.694245, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[135.727652, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ["]
[135.727733, "o", "\r\n:\u001b[K"]
[135.761038, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K 496,\r\n:\u001b[K"]
[135.79334, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"$url\",\r\n:\u001b[K"]
[135.826208, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"https://\""]
[135.826279, "o", "\r\n:\u001b[K"]
[135.8597, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[135.892159, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ["]
[135.892211, "o", "\r\n:\u001b[K"]
[135.925725, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K 290,"]
[135.925808, "o", "\r\n:\u001b[K"]
[136.320783, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"$redacted_url\","]
[136.320873, "o", "\r\n:\u001b[K"]
[136.820318, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"http://www.REDACTED.com/\"\r\n:\u001b[K"]
[136.853842, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[136.886587, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K [\r\n:\u001b[K"]
[136.919722, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K 184,\r\n:\u001b[K"]
[136.952154, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"$workday_url\",\r\n:\u001b[K"]
[136.985148, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"https://www.myworkday.com/REDACTED/\"\r\n:\u001b[K"]
[137.018158, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[137.051109, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K [\r\n:\u001b[K"]
[137.08426, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K 496,"]
[137.084324, "o", "\r\n:\u001b[K"]
[137.117185, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"$workday_url\",\r\n:\u001b[K"]
[137.15021, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"https://www.myworkday.com/REDACTED/\"\r\n:\u001b[K"]
[137.18365, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ]\r\n:\u001b[K"]
[137.216358, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[137.712793, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"warnings\": [],\r\n:\u001b[K"]
[138.212303, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"location\": \"body\""]
[138.212395, "o", "\r\n:\u001b[K"]
[138.245265, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K }\r\n:\u001b[K"]
[138.278806, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[138.311173, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"categories\": [\r\n:\u001b[K"]
[138.344266, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"safe\"\r\n:\u001b[K"]
[138.377141, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],"]
[138.377208, "o", "\r\n:\u001b[K"]
[138.410718, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"msg_from_domain\": {\r\n:\u001b[K"]
[138.443212, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"domain\": \"myworkday.com\","]
[138.443287, "o", "\r\n:\u001b[K"]
[138.47626, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"authenticated\": true,\r\n:\u001b[K"]
[138.509704, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"implicit_safe\": false\r\n:\u001b[K"]
[138.543016, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },\r\n:\u001b[K"]
[138.57529, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"has_attachment\": false,"]
[138.575396, "o", "\r\n:\u001b[K"]
[138.608182, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"verdict\": \"safe\"\r\n:\u001b[K"]
[138.641773, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K }\r\n:\u001b[K"]
[138.67425, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K }"]
[138.674313, "o", "\r\n:\u001b[K"]
[139.108761, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K}"]
[139.108863, "o", "\r\n:\u001b[K"]
[139.608892, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\u0007\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[139.641809, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[139.674773, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[139.707243, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[139.740631, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[139.773244, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[139.806286, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[141.637888, "o", "\r\u001b[K\u001b[?1l\u001b>\u001b[?1049l\u001b[23;0;0t"]
[141.638144, "o", "\u001b[2m⏎\u001b(B\u001b[m \r⏎ \r\u001b[K"]
[141.638245, "o", "\u001b[?2004h"]
[141.643442, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[150.775704, "o", "# \r\u001b[41C"]
[150.775814, "o", "This \r\u001b[46Csample \r\u001b[53C"]
[150.775879, "o", "has \r\u001b[57C"]
[150.775962, "o", "a \r\u001b[59C"]
[150.776064, "o", "malicious \r\u001b[69CPDF \r\u001b[73C"]
[150.776141, "o", "inside \r\u001b[80C"]
[150.776266, "o", "a \r\u001b[82Cnested \r\u001b[89C"]
[150.776369, "o", "p\r\u001b[90C\u001b[51D\u001b[38;5;88m# This sample has a malicious PDF inside a nested p\r\u001b[90C\u001b[30m\u001b(B\u001b[m"]
[150.77646, "o", "\u001b[38;5;88massword-protecte\r\u001b[106C\u001b[30m\u001b(B\u001b[m"]
[150.776583, "o", "\u001b[38;5;88md \r\u001b[108C\u001b[30m\u001b(B\u001b[m"]
[150.776691, "o", "\u001b[38;5;88mZIP \r\u001b[112C\u001b[30m\u001b(B\u001b[m"]
[150.776774, "o", "\u001b[38;5;88mattachment.\r\u001b[123C\u001b[30m\u001b(B\u001b[m"]
[152.203823, "o", "\r\n"]
[152.203912, "o", "\u001b[30m\u001b(B\u001b[m"]
[152.204, "o", "\u001b[?2004l"]
[152.204678, "o", "\u001b]0;# This sample has a ~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\r\u001b[2m⏎\u001b(B\u001b[m \r⏎ \r\u001b[K"]
[152.20479, "o", "\u001b[?2004h"]
[152.20905, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[162.597269, "o", "yaramail \r\u001b[48C"]
[162.597426, "o", "-vo \r\u001b[52C"]
[162.597586, "o", "test/samples/credential-har\r\u001b[79C\u001b[38;5;240mvesting/Invoice.eml --rules test | less\r\u001b[79C\u001b[30m\u001b(B\u001b[m"]
[162.597667, "o", "\u001b[40D\u001b[38;5;26myaramail\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m-vo\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m\u001b[4mtest/samples/credential-har\u001b[38;5;240m\u001b[24mvesting/Invoice.eml --rules test | less\r\u001b[79C\u001b[30m\u001b(B\u001b[m"]
[162.597792, "o", "\u001b[38;5;39m\u001b[4mvesting/Invoice.eml \u001b[38;5;240m\u001b[24m--rules test | less\r\u001b[99C\u001b[30m\u001b(B\u001b[m"]
[162.597869, "o", "\u001b[38;5;39m\u001b[4m--rules \u001b[38;5;240m\u001b[24mtest | less\r\u001b[107C\u001b[30m\u001b(B\u001b[m"]
[162.597935, "o", "\u001b[38;5;39m\u001b[4mtest \u001b[38;5;240m\u001b[24m| less\r\u001b[112C\u001b[30m\u001b(B\u001b[m"]
[162.597988, "o", "\u001b[38;5;39m\u001b[4m|\u001b[38;5;240m\u001b[24m less\r\u001b[113C\u001b[30m\u001b(B\u001b[m\u001b[38;5;39m\u001b[4m \u001b[38;5;240m\u001b[24mless\r\u001b[114C\u001b[30m\u001b(B\u001b[m"]
[162.598052, "o", "\u001b[38;5;39m\u001b[4mless\r\u001b[118C\u001b[30m\u001b(B\u001b[m"]
[162.598146, "o", "\u001b[20D \u001b[38;5;39m--rules\u001b[30m\u001b(B\u001b[m \u001b[38;5;39m\u001b[4mtest\u001b[30m\u001b(B\u001b[m \u001b[38;5;28m|\u001b[30m\u001b(B\u001b[m \u001b[38;5;26mless\r\u001b[118C\u001b[30m\u001b(B\u001b[m"]
[164.497982, "o", "\r\u001b[118C\r\n\u001b[30m\u001b(B\u001b[m"]
[164.498127, "o", "\u001b[?2004l"]
[164.498939, "o", "\u001b]0;yaramail -vo test/sa ~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\r"]
[164.499742, "o", "\u001b[?1049h\u001b[22;0;0t\u001b[?1h\u001b=\r"]
[164.664649, "o", "{\r\n \"test/samples/credential-harvesting/Invoice.eml\": {\r\n \"to\": [\r\n {\r\n \"display_name\": \"Carol Miller\",\r\n \"address\": \"carol.miller@momcorp.com\",\r\n \"local\": \"carol.miller\",\r\n \"domain\": \"momcorp.com\",\r\n \"sld\": \"momcorp.com\"\r\n }\r\n ],\r\n \"mime-version\": \"1.0\",\r\n \"from\": {\r\n \"display_name\": \"Zapp Brannigan\",\r\n \"address\": \"zapp.brannigan@branniganconsulting.com\",\r\n \"local\": \"zapp.brannigan\",\r\n \"domain\": \"branniganconsulting.com\",\r\n \"sld\": \"branniganconsulting.com\"\r\n },\r\n \"content-type\": \"multipart/mixed;\\r\\n boundary=f615736f400a3c7b5ab2d8ab2152c7b5c0e39a006289273c80134a152f518dd3\",\r\n \"attachments\": [\r\n {\r\n \"filename\": \"invoice.zip\",\r\n \"binary\": true,\r\n \"mail_content_type\": \"application/x-zip-compressed\",\r\n \"content-id\": \"\",\r\n \"content-disposition\": \"attachment; filename=invoice.zip\",\r\n \"charset\": null,\r\n \"content_transfer_encoding\": \"base64\",\r\n:\u001b[K"]
[166.280817, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"sha256\": \"98ae9fa3575beed0aa703c7a42d0b3408ec79abe96b43549a2e063715ef5bd24\"\r\n:\u001b[K"]
[166.780293, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K }\r\n:\u001b[K"]
[166.813243, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],"]
[166.813309, "o", "\r\n:\u001b[K"]
[166.846241, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"to_domains\": [\r\n:\u001b[K"]
[167.201762, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"momcorp.com\"\r\n:\u001b[K"]
[167.639771, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],"]
[167.639873, "o", "\r\n:\u001b[K"]
[168.018717, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"subject\": \"Invoice\",\r\n:\u001b[K"]
[168.401699, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"timezone\": \"+0.0\","]
[168.401792, "o", "\r\n:\u001b[K"]
[168.901931, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"date\": \"2022-10-05T01:31:51\","]
[168.902031, "o", "\r\n:\u001b[K"]
[168.934785, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"has_defects\": false,\r\n:\u001b[K"]
[168.967764, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[168.967849, "o", " \"headers_string\": \"Content-Type: multipart/mixed; boundary=f615736f400a3c7b5ab2d8ab2152c7b5c0e39a006289273c80134a152f518dd3\\r\\nFrom: \\\"Zapp Brannigan\\\" <zap \b:\u001b[K"]
[169.000752, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[Kp.brannigan@branniganconsulting.com>\\r\\nTo: \\\"Carol Miller\\\" <carol.miller@momcorp.com>\\r\\nSubject: Invoice\\nMime-Version: 1.0\\r\\nDate: Wed, 05 Oct 2022 01:31:5 \b:\u001b[K"]
[169.033737, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K"]
[169.033841, "o", "1 +0000\",\r\n:\u001b[K"]
[169.066728, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"body_markdown\": \"Please see the attached invoice.\\n\\nPassword: **j{$Xn%9vu <** \\n\\n\",\r\n:\u001b[K"]
[169.099655, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"body_urls\": [],\r\n:\u001b[K"]
[169.132696, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"reply_to\": [],\r\n:\u001b[K"]
[169.165699, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"cc\": [],\r\n:\u001b[K"]
[169.198234, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"bcc\": [],\r\n:\u001b[K"]
[169.231773, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"filename_safe_subject\": \"Invoice\",\r\n:\u001b[K"]
[169.264361, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"automatic_reply\": false,\r\n:\u001b[K"]
[169.297759, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"yaramail\": {\r\n:\u001b[K"]
[169.330719, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"matches\": [\r\n:\u001b[K"]
[169.363648, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K {\r\n:\u001b[K"]
[169.396687, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"rule\": \"robot_devil_pdf\","]
[169.396759, "o", "\r\n:\u001b[K"]
[169.429732, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"namespace\": \"default\",\r\n:\u001b[K"]
[169.462775, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"tags\": ["]
[169.462852, "o", "\r\n:\u001b[K"]
[169.495743, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"zip\"\r\n:\u001b[K"]
[169.528683, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[169.561744, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"meta\": {\r\n:\u001b[K"]
[169.594722, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"author\": \"Sean Whalen\","]
[169.594797, "o", "\r\n:\u001b[K"]
[169.627783, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"date\": \"2022-08-09\",\r\n"]
[169.627854, "o", ":\u001b[K"]
[169.661002, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"category\": \"credential-harvesting\","]
[169.661088, "o", "\r\n:\u001b[K"]
[169.693784, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"description\": \"Robot Devil credential harvesting PDF\"\r\n:\u001b[K"]
[169.726794, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },\r\n:\u001b[K"]
[169.759947, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"strings\": [\r\n:\u001b[K"]
[169.792883, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K [\r\n:\u001b[K"]
[169.82576, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K 0,\r\n:\u001b[K"]
[169.858711, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"$pdf\",\r\n:\u001b[K"]
[169.891845, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"%PDF-\""]
[169.891924, "o", "\r\n:\u001b[K"]
[169.92468, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[171.886759, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K [\r\n:\u001b[K"]
[172.201693, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K 7064,\r\n:\u001b[K"]
[172.701889, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"$s_author\","]
[172.701993, "o", "\r\n:\u001b[K"]
[172.734829, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"Author(The Robot Devil)\"\r\n"]
[172.734908, "o", ":\u001b[K"]
[172.767737, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[172.800823, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ["]
[172.800918, "o", "\r\n:\u001b[K"]
[172.83379, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K 3529,\r\n:\u001b[K"]
[172.866823, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"$s_uri\",\r\n:\u001b[K"]
[172.899737, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"URI(https://www.youtube.com/watch?v=7RswZkSrAQE&t=128s)\""]
[172.899813, "o", "\r\n:\u001b[K"]
[172.93316, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ]"]
[172.933223, "o", "\r\n:\u001b[K"]
[172.965689, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[172.998636, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"warnings\": [],\r\n:\u001b[K"]
[173.031436, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"location\": \"attachment:invoice.zip:zapp-invoice.zip:zapp-invoice.pdf\"\r\n:\u001b[K"]
[173.064711, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K }\r\n:\u001b[K"]
[173.097758, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],"]
[173.097832, "o", "\r\n:\u001b[K"]
[173.130742, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"categories\": [\r\n:\u001b[K"]
[173.163744, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"credential-harvesting\"\r\n:\u001b[K"]
[173.196251, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K ],\r\n:\u001b[K"]
[173.229712, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"msg_from_domain\": {"]
[173.229786, "o", "\r\n:\u001b[K"]
[173.262232, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"domain\": \"branniganconsulting.com\",\r\n:\u001b[K"]
[173.295627, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"authenticated\": false,\r\n:\u001b[K"]
[173.328731, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"implicit_safe\": false\r\n:\u001b[K"]
[173.361656, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K },\r\n:\u001b[K"]
[173.394664, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"has_attachment\": true,\r\n:\u001b[K"]
[173.427651, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K \"verdict\": \"credential-harvesting\"\r\n:\u001b[K"]
[173.460726, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K }"]
[173.460803, "o", "\r\n:\u001b[K"]
[173.493729, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K }\r\n:\u001b[K"]
[173.52678, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K}\r\n:\u001b[K"]
[173.559191, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\u0007\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[173.59279, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[173.625821, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[173.658732, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[173.691639, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[173.724582, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[173.757665, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[173.790626, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[173.823898, "o", "\r\u001b[K \u001b[KESC\b\b\bESC\u001b[KO\bO\u001b[KB\bB\r\u001b[K\r\u001b[K\u001b[7m(END)\u001b[27m\u001b[K"]
[177.478934, "o", "\r\u001b[K\u001b[?1l\u001b>\u001b[?1049l\u001b[23;0;0t"]
[177.479127, "o", "\u001b[2m⏎\u001b(B\u001b[m \r⏎ \r\u001b[K"]
[177.479286, "o", "\u001b[?2004h"]
[177.484526, "o", "\u001b]0;~/d/yaramail\u0007\u001b[30m\u001b(B\u001b[m\u001b[92msean\u001b(B\u001b[m@\u001b(B\u001b[msean-desktop\u001b(B\u001b[m \u001b[32m~/d/yaramail\u001b(B\u001b[m (main)\u001b(B\u001b[m> \u001b[K\r\u001b[39C"]
[181.227774, "o", "\r\n\u001b[30m\u001b(B\u001b[m"]
[181.227937, "o", "\u001b[30m\u001b(B\u001b[m"]
[181.228071, "o", "\u001b[?2004l"]