Windows Analysis Report
01142025.eml

{
  "risk_score": 9,
  "reasoning": [
    "Return-path domain (oxvrim.sambuh.com) doesn't match the DKIM signing domain (wakemed.org)",
    "DKIM authentication failed according to authentication results",
    "Suspicious return-path domain appears to be randomly generated (oxvrim.sambuh.com)",
    "Mismatch between SPF pass for wakemed.org but email actually from oxvrim.sambuh.com",
    "Presence of extensive Microsoft Antispam headers suggests this email triggered security checks",
    "Suspicious boundary string format in content-type header",
    "Authentication results show DMARC permerror, indicating potential spoofing attempt",
    "Multiple authentication inconsistencies suggest a sophisticated spoofing attempt"
  ]
}

Date: Fri, 10 Jan 2025 18:32:06 +0000
Key: mime-version
Value: 1.0
Key: return-path
Value: Conin.260@oxvrim.sambuh.com
Key: x-microsoft-antispam-message-info
Value:  sT8yr6VtZhH1jEUMitpNKJzMEZyjc9UM87FMa9hkRE2yJZ8RDi8EMdR0fKwwy3EFfTky+ta0isiN6MK2k8Ku0RNxmB+XqPsYPXzA0K6X74Gq74bDz+gZvo9/UKA5KkSs7lfcoZbDXFijAWgrRrQZsZMqcBbLxxA/7QRjs6AWozPYfdl99JvNOyJww1jdIVOTJFeOG40kTVDGN3cQExtGgcFHPTJAdSwuypKKrrCbAoJvAEzUx1pEhvgAONgWFp1b6iSCOq4x4sr903dZGmbsiTMjgtGNqmuuszcl2RO01sWZx3vRZdmRUnXIENXY3ZkCrZbfj/B2Ri3wUkLLPetQsvg0MQR1TQYuoD3+tGpZugcsxpluEM4GIiahYBwnlq6EaXyHHYrwCwl+6vPDBRmGtoJxPqAcKHuA4XWKtweynGReidV35hNIeY9bHMDKo/2aaShOxeq9HRYud7oGJJ4lhJ6MEzSaJjYSh6RWM9oSNt8ZEgMRCxB8TGaiHvXAll6BmaJYJVDjdNGtw68sf55lH/l/ohkMoKqyUTKBHkm2OLrFQP/uqibC0cUDWLLcNlfQFaXDQwfaszPfSCQV4cg0lGTkMWss7lW+cA9PMPeAC6DirELLArgAA7npYqtg+AwcAnlMlJ66oRAE6vS7fkk6US0QpZpe3gymYc5nv0RUnU1S6nx/vGM8E2vDtp0XhodqyyQgc+YgXH+PshHohHPAHJVYxxWPjFI069+5d+sDAuvddZTMIi8OlG7qkX5a/Iz0+Iz9mYWBmeCNFmj7De2NuY/xqwv8Cx3de7yD15W708V/NdC1PfvqWiub8v8lQ/7P9OCTMVIygvgv4/hDqouKP/8BAuso/aOqnjEoAaOFPhgbA6VLN3VY1xRq6mUbPbNfiIbqq5nR6HDXc2G+/+QgYnMAo3xbO7HdyuQW6hAYDTDrfJNIYWnp7GpshTROmU4xKfrmFmcVWq23wEQIEh3JXuUpOYpvgbAWQBPZXSqVlOf/IZgLEQJ3TlCWl43L4r6rT4YypwKNp00RWqvvC2OouZlK2sNEltQtPXD/3YatWTUJoIFvgh9kXL8fvbGObiBkM5eyXBhk4XX/S0Bl7EUQSAZO7GxdEU26F9HgSfemqWFGXyyXD8uLI2ep+5QbEm9TwqqwqJskQoZXXp/pZq7qISgw62/SWoYe/mIAVlb5Ns3h2pHoEENhltsEOpRxgLmqu5Eo5vm4EmFKBG8+5IdBE40ArXaAffD3tw0hsTVLCjKmaquc98+9LFVTJerLan2cfGXDnHktC/6vLpmzwDIGR6nxo9IeyppcmMTRLpi6ClddbHXe4rsKYZTscWQ6OydRzsSrhoNowYG8G9wf83c+8QJPL4xM51m5qk52mL5/PliCSAw7XKpP5Jn7+S3MaebRIG9ewTiM8GWQYGNpGIVbGhkWMXv55YvV5fUS/jlmfc877j+z/H3H0U64MdKtqKTqyGUif5Rp9moxlOPP088pu58EaJJESe1Ld8yMESsBUk47nhqWoqDWmQFJIi5GWdo0Wlp2CCY2fIAkhP9oGofhtvb5QK2UJy1z1vVcToCeYz15a0ij5tH4E1siV2ae1Fiiku77Yw0P7Ui8jrf2dGfh7SUcs7+2POuTjN7UWmwAXSWUmRUg86x4JuR8pzCVM6vunOIOJdBSBruw+iRZjAjwma1M/jhdG8vPDqAzvaXvyBBDN95YuVZ1zV+O8+PKsYTugS4QbVoscz5DxovOt1Un8QloStU+9JgXZikBj8uCpx2osvgb37P0pL9/U4qqvgQxEG64gOJodIdsp610fx+iyOQXTHbJXGdJmrm/MmVzy+feiuBVJn1BItw44VMWlrsaB1Hgv9GZPNUf/edeODMGct3UATTaDjl6+vLymsSv8r1RUlZ+An0KTcuZPhU21EeM8DPkWAZaWJQwQYAOnfAlG30zM7Q+7gJTB659lJcf6zi3Y3dY/89DhGtVrY4QxlHgeJy5p73EnauywiRwD+MrHznfQE/oUr9tFPhtTpSfmqLg839rfNc6EZLpEnqggs+eIuAAF/cVXZ6wl4euIRV4QO15873XfV5knJ7px5pkillPuAfZ1fZdFpRzkv1weaRD3U42zdd0oFvvG0W57H0reTEus/IxBuL1YONADx2AVvI=
Key: received-spf
Value: Pass (protection.outlook.com: domain of wakemed.org designates 205.220.177.47 as permitted sender) receiver=protection.outlook.com; client-ip=205.220.177.47; helo=mx0b-00589901.pphosted.com; pr=C
Key: x-proofpoint-virus-version
Value: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-06_09,2024-09-06_01,2024-09-02_01
Key: message-id
Value:  <CH2PR02MB69676FC3A7524rpeysxp4nez92E0917A02C5BC31C2@CH2PR02MB6967.namprd02.prod.outlook.com>
Key: authentication-results
Value: spf=pass (sender IP is 40.107.215.67) smtp.mailfrom=oxvrim.sambuh.com; dkim=fail (signature did not verify) header.d=wakemed.org;dmarc=permerror action=none header.from=oxvrim.sambuh.com;compauth=pass reason=111
Key: x-ms-exchange-senderadcheck
Value: 1
Key: x-proofpoint-spam-details
Value: rule=outbound_notspam policy=outbound score=0 mlxscore=0 phishscore=0 lowpriorityscore=0 impostorscore=0 mlxlogscore=999 priorityscore=1501 adultscore=0 spamscore=0 bulkscore=0 clxscore=1015 malwarescore=0 suspectscore=0 classifier=scan_limit adjust=0 reason=mlx scancount=1 engine=8.19.0-2411120000 definitions=main-2501100104
Key: received
Value: from CH2PR02MB6967.namprd02.prod.outlook.com ([fe80::f319:3b55:a859:f5f7]) by CH2PR02MB6967.namprd02.prod.outlook.com ([fe80::f319:3b55:a859:f5f7%4]) with mapi id 15.20.8335.011; Fri, 10 Jan 2025 13:18:55 +0000
Key: x-ms-exchange-crosstenant-authas
Value: Anonymous
Key: x-ms-exchange-crosstenant-originalarrivaltime
Value: 10 Jan 2025 18:32:15.2664 (UTC)
Key: content-transfer-encoding
Value: 7bit
Key: content-type
Value: multipart/mixed; boundary="----sinikael-?=_1-17365401903820.9719856144485943"
Key: dkim-signature
Value: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wakemed.org; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8aUNYqzIpUh/mLxJUPmQ2KjGnHTPM7Y2a5JrOzB5wOs=; b=4naW+TsZLIhXgxwlLaM2ooHa4Zp4Uf+EStdR/9L7PanmFciaR6gkGmXbaYarGRAUrXlAJwRNyyh+1T0omKCS5lhfAre9K1V+sQbSgySsVGA2nohVA812qgITuxU9bkhxOFhj2ftc8d52CB0iBJ6AgoBpbpkI09wvn2sWtyFIsq4=
Key: x-forefront-antispam-report
Value:  CIP:40.107.215.67;CTRY:SG;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:APC01-SG2-obe.outbound.protection.outlook.com;PTR:mail-sg2apc01on2067.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(4073199012)(5073199012)(35042699022)(4076899003)(8096899003);DIR:INB;
Key: x-ms-exchange-organization-scl
Value: 1
Key: x-microsoft-antispam
Value:  BCL:0;ARA:13230040|4073199012|5073199012|35042699022|4076899003|8096899003;

{
    "explanation": [
        "The email contains suspicious sender domain 'oxvrim.sambuh.com' that doesn't match the claimed United Health Care sender",
        "The subject line and body contain random character strings (#y572e#qn8an) typical of spam/phishing",
        "The email contains suspicious URLs with domain 'goyangterus.store' and appears to be injecting unrelated weather alert content to appear legitimate"
    ],
    "phishing": true,
    "confidence": 9,
    "generated_by_ai": false
}

{
    "date": "Fri, 10 Jan 2025 18:32:06 +0000", 
    "subject": "FW: United Health Care Medicare Kit #y572e#qn8an", 
    "communications": [
        " CONGRATS....Medicare Kit Reward Has Arrived...Good morning, Please see several updates below. If anyone has identified any concerns as their preparedness activities have progressed and the forecast has changed to more ice, please reach out directly to us. We will not hold a coordination call today as many of you will be on internal and external calls with various groups. The AM weather briefing is attached. Increase to snow/ice amounts with potential of ice accumulations in excess of 0.25 possible.The State Emergency Operations Center (SEOC) will be Activated from 0700 on 10 January 2025 through 1900 on January 12, 2025.CapRAC On-Call  919-350-7887 Key Messages from weather briefing:1.Light to moderate snow will move into central NC from SW to NE between 3 PM and 8 PMFriday. Triad: 3 4 PM, Triangle/Fayetteville: 5 7 PM, Rocky Mount: 7 9 PM. Some very lightsnow accumulations may be possible as early as 12 1PM in the Triad.2.Dont focus so much on the exact snow and ice amounts that are forecast, but rather focuson the hazards and impacts. To that point, there will be enough snow and iceaccumulations to result in hazardous travel conditions beginning Friday afternoon andlasting into Saturday.3.Due to very cold ground temperatures, the snow/ice is highly likely to stick and freezeimmediately and enable rapid accumulation. Black ice will be a subsequent concern Sundaymorning and Monday morning.4.There is still a large amount of uncertainty on location and amounts of greatest iceaccumulations. Large changes in the forecast will be possible over the next 12 hours.Residents of central NC should have preparations complete by this afternoon and plan toavoid/delay travel Friday night into early Saturday morning. Thank you,Janis-----Janis Cox Brown, MPASupervisor, CapRAC Healthcare Preparedness CoalitionWakeMed Health & Hospitals919.350.6265 (o)919.630.6764 (m) -----Original Message-----From: nws.raleigh@noaa.gov <nws.raleigh@noaa.gov> Sent: Friday, January 10, 2025 8:00 AMTo: nws.raleigh@noaa.govSubject: NWS Raleigh - Weather Briefing Update January 10 08:00:01 AM WARNING: This email originated from outside WakeMed Health & Hospitals. Do not click on links or open attachments unless you are sure you recognize the sender and you know the contents are safe. The Original Sender of this email is nws.er.rah.partners+bncbcypzihbxebrbw5tqs6amgqefcyhtaa@noaa.gov A new briefing that addresses Central North Carolina Weather has been issued. To view this briefing see the attached file, or please click this link: https://urldefense.com/v3/__http://www.weather.gov/media/rah/briefing/NWSRaleighLatestBriefing.pdf__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognCbC3M5g$ As always, if you have any questions, don't hesitate to call us. Useful links:NWS Raleigh web page: https://urldefense.com/v3/__http://weather.gov/Raleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmH7ibqyw$ NWS Raleigh on Facebook: https://urldefense.com/v3/__https://www.facebook.com/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogkyLxLE2Q$ NWS Raleigh on Twitter: https://urldefense.com/v3/__https://twitter.com/nwsraleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmta6sqOg$ NWS Raleigh on YouTube: https://urldefense.com/v3/__https://www.youtube.com/user/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognrAEZ8dA$ CONGRATS....Medicare Kit Reward Has Arrived...Good morning, Please see several updates below. If anyone has identified any concerns as their preparedness activities have progressed and the forecast has changed to more ice, please reach out directly to us. We will not hold a coordination call today as many of you will be on internal and external calls with various groups. The AM weather briefing is attached. Increase to snow/ice amounts with potential of ice accumulations in excess of 0.25 possible.The State Emergency Operations Center (SEOC) will be Activated from 0700 on 10 January 2025 through 1900 on January 12, 2025.CapRAC On-Call  919-350-7887 Key Messages from weather briefing:1.Light to moderate snow will move into central NC from SW to NE between 3 PM and 8 PMFriday. Triad: 3 4 PM, Triangle/Fayetteville: 5 7 PM, Rocky Mount: 7 9 PM. Some very lightsnow accumulations may be possible as early as 12 1PM in the Triad.2.Dont focus so much on the exact snow and ice amounts that are forecast, but rather focuson the hazards and impacts. To that point, there will be enough snow and iceaccumulations to result in hazardous travel conditions beginning Friday afternoon andlasting into Saturday.3.Due to very cold ground temperatures, the snow/ice is highly likely to stick and freezeimmediately and enable rapid accumulation. Black ice will be a subsequent concern Sundaymorning and Monday morning.4.There is still a large amount of uncertainty on location and amounts of greatest iceaccumulations. Large changes in the forecast will be possible over the next 12 hours.Residents of central NC should have preparations complete by this afternoon and plan toavoid/delay travel Friday night into early Saturday morning. Thank you,Janis-----Janis Cox Brown, MPASupervisor, CapRAC Healthcare Preparedness CoalitionWakeMed Health & Hospitals919.350.6265 (o)919.630.6764 (m) -----Original Message-----From: nws.raleigh@noaa.gov <nws.raleigh@noaa.gov> Sent: Friday, January 10, 2025 8:00 AMTo: nws.raleigh@noaa.govSubject: NWS Raleigh - Weather Briefing Update January 10 08:00:01 AM WARNING: This email originated from outside WakeMed Health & Hospitals. Do not click on links or open attachments unless you are sure you recognize the sender and you know the contents are safe. The Original Sender of this email is nws.er.rah.partners+bncbcypzihbxebrbw5tqs6amgqefcyhtaa@noaa.gov A new briefing that addresses Central North Carolina Weather has been issued. To view this briefing see the attached file, or please click this link: https://urldefense.com/v3/__http://www.weather.gov/media/rah/briefing/NWSRaleighLatestBriefing.pdf__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognCbC3M5g$ As always, if you have any questions, don't hesitate to call us. Useful links:NWS Raleigh web page: https://urldefense.com/v3/__http://weather.gov/Raleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmH7ibqyw$ NWS Raleigh on Facebook: https://urldefense.com/v3/__https://www.facebook.com/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogkyLxLE2Q$ NWS Raleigh on Twitter: https://urldefense.com/v3/__https://twitter.com/nwsraleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmta6sqOg$ NWS Raleigh on YouTube: https://urldefense.com/v3/__https://www.youtube.com/user/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognrAEZ8dA$ CONGRATS....Medicare Kit Reward Has Arrived...Good morning, Please see several updates below. If anyone has identified any concerns as their preparedness activities have progressed and the forecast has changed to more ice, please reach out directly to us. We will not hold a coordination call today as many of you will be on internal and external calls with various groups. The AM weather briefing is attached. Increase to snow/ice amounts with potential of ice accumulations in excess of 0.25 possible.The State Emergency Operations Center (SEOC) will be Activated from 0700 on 10 January 2025 through 1900 on January 12, 2025.CapRAC On-Call  919-350-7887 Key Messages from weather briefing:1.Light to moderate snow will move into central NC from SW to NE between 3 PM and 8 PMFriday. Triad: 3 4 PM, Triangle/Fayetteville: 5 7 PM, Rocky Mount: 7 9 PM. Some very lightsnow accumulations may be possible as early as 12 1PM in the Triad.2.Dont focus so much on the exact snow and ice amounts that are forecast, but rather focuson the hazards and impacts. To that point, there will be enough snow and iceaccumulations to result in hazardous travel conditions beginning Friday afternoon andlasting into Saturday.3.Due to very cold ground temperatures, the snow/ice is highly likely to stick and freezeimmediately and enable rapid accumulation. Black ice will be a subsequent concern Sundaymorning and Monday morning.4.There is still a large amount of uncertainty on location and amounts of greatest iceaccumulations. Large changes in the forecast will be possible over the next 12 hours.Residents of central NC should have preparations complete by this afternoon and plan toavoid/delay travel Friday night into early Saturday morning. Thank you,Janis-----Janis Cox Brown, MPASupervisor, CapRAC Healthcare Preparedness CoalitionWakeMed Health & Hospitals919.350.6265 (o)919.630.6764 (m) -----Original Message-----From: nws.raleigh@noaa.gov <nws.raleigh@noaa.gov> Sent: Friday, January 10, 2025 8:00 AMTo: nws.raleigh@noaa.govSubject: NWS Raleigh - Weather Briefing Update January 10 08:00:01 AM WARNING: This email originated from outside WakeMed Health & Hospitals. Do not click on links or open attachments unless you are sure you recognize the sender and you know the contents are safe. The Original Sender of this email is nws.er.rah.partners+bncbcypzihbxebrbw5tqs6amgqefcyhtaa@noaa.gov A new briefing that addresses Central North Carolina Weather has been issued. To view this briefing see the attached file, or please click this link: https://urldefense.com/v3/__http://www.weather.gov/media/rah/briefing/NWSRaleighLatestBriefing.pdf__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognCbC3M5g$ As always, if you have any questions, don't hesitate to call us. Useful links:NWS Raleigh web page: https://urldefense.com/v3/__http://weather.gov/Raleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmH7ibqyw$ NWS Raleigh on Facebook: https://urldefense.com/v3/__https://www.facebook.com/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogkyLxLE2Q$ NWS Raleigh on Twitter: https://urldefense.com/v3/__https://twitter.com/nwsraleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmta6sqOg$ NWS Raleigh on YouTube: https://urldefense.com/v3/__https://www.youtube.com/user/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognrAEZ8dA$ CONGRATS....Medicare Kit Reward Has Arrived... http://.y572e.goyangterus.store/4TSOlP3644SAFm324xzrydobulw260SYTMRVMWDLYVDGS52958EPJO15865N17 http://.y572e.goyangterus.store/4RnAJB3644APmC324ubgjxeszbk260KOCTHTKZWJWVFBC52958FMZU15865n17 Good morning, Please see several updates below. If anyone has identified any concerns as their preparedness activities have progressed and the forecast has changed to more ice, please reach out directly to us. We will not hold a coordination call today as many of you will be on internal and external calls with various groups. The AM weather briefing is attached. Increase to snow/ice amounts with potential of ice accumulations in excess of 0.25 possible.The State Emergency Operations Center (SEOC) will be Activated from 0700 on 10 January 2025 through 1900 on January 12, 2025.CapRAC On-Call  919-350-7887 Key Messages from weather briefing:1.Light to moderate snow will move into central NC from SW to NE between 3 PM and 8 PMFriday. Triad: 3 4 PM, Triangle/Fayetteville: 5 7 PM, Rocky Mount: 7 9 PM. Some very lightsnow accumulations may be possible as early as 12 1PM in the Triad.2.Dont focus so much on the exact snow and ice amounts that are forecast, but rather focuson the hazards and impacts. To that point, there will be enough snow and iceaccumulations to result in hazardous travel conditions beginning Friday afternoon andlasting into Saturday.3.Due to very cold ground temperatures, the snow/ice is highly likely to stick and freezeimmediately and enable rapid accumulation. Black ice will be a subsequent concern Sundaymorning and Monday morning.4.There is still a large amount of uncertainty on location and amounts of greatest iceaccumulations. Large changes in the forecast will be possible over the next 12 hours.Residents of central NC should have preparations complete by this afternoon and plan toavoid/delay travel Friday night into early Saturday morning. Thank you,Janis-----Janis Cox Brown, MPASupervisor, CapRAC Healthcare Preparedness CoalitionWakeMed Health & Hospitals919.350.6265 (o)919.630.6764 (m) -----Original Message-----From: nws.raleigh@noaa.gov <nws.raleigh@noaa.gov> Sent: Friday, January 10, 2025 8:00 AMTo: nws.raleigh@noaa.govSubject: NWS Raleigh - Weather Briefing Update January 10 08:00:01 AM WARNING: This email originated from outside WakeMed Health & Hospitals. Do not click on links or open attachments unless you are sure you recognize the sender and you know the contents are safe. The Original Sender of this email is nws.er.rah.partners+bncbcypzihbxebrbw5tqs6amgqefcyhtaa@noaa.gov A new briefing that addresses Central North Carolina Weather has been issued. To view this briefing see the attached file, or please click this link: https://urldefense.com/v3/__http://www.weather.gov/media/rah/briefing/NWSRaleighLatestBriefing.pdf__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognCbC3M5g$ As always, if you have any questions, don't hesitate to call us. Useful links:NWS Raleigh web page: https://urldefense.com/v3/__http://weather.gov/Raleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmH7ibqyw$ NWS Raleigh on Facebook: https://urldefense.com/v3/__https://www.facebook.com/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogkyLxLE2Q$ NWS Raleigh on Twitter: https://urldefense.com/v3/__https://twitter.com/nwsraleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmta6sqOg$ NWS Raleigh on YouTube: https://urldefense.com/v3/__https://www.youtube.com/user/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognrAEZ8dA$    /* Font Definitions */ @font-face {font-family:Wingdings; panose-1:5 0 0 0 0 0 0 0 0 0;} @font-face {font-family:\"Cambria Math\"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:userbri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; font-size:11.0pt; font-family:\"userbri\",sans-serif; mso-ligatures:standardcontextual;} p.MsoPlainText, li.MsoPlainText, div.MsoPlainText {mso-style-priority:99; mso-style-link:\"Plain Text Char\"; margin:0in; font-size:11.0pt; font-family:\"userbri\",sans-serif; mso-ligatures:standardcontextual;} span.PlainTextChar {mso-style-name:\"Plain Text Char\"; mso-style-priority:99; mso-style-link:\"Plain Text\"; font-family:\"userbri\",sans-serif;} .MsoChpDefault {mso-style-type:export-only;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} /* List Definitions */ @list l0 {mso-list-id:2131775933; mso-list-type:hybrid; mso-list-template-ids:187725676 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;} @list l0:level1 {mso-level-number-format:bullet; mso-level-text:\\F0B7; mso-level-tab-stop:none; mso-level-number-position:left; text-indent:-.25in; font-family:Symbol;} @list l0:level2 {mso-level-number-format:bullet; mso-level-text:o; mso-level-tab-stop:none; mso-level-number-position:left; text-indent:-.25in; font-family:\"Courier New\";} @list l0:level3 {mso-level-number-format:bullet; mso-level-text:\\F0A7; mso-level-tab-stop:none; mso-level-number-position:left; text-indent:-.25in; font-family:Wingdings;} @list l0:level4 {mso-level-number-format:bullet; mso-level-text:\\F0B7; mso-level-tab-stop:none; mso-level-number-position:left; text-indent:-.25in; font-family:Symbol;} @list l0:level5 {mso-level-number-format:bullet; mso-level-text:o; mso-level-tab-stop:none; mso-level-number-position:left; text-indent:-.25in; font-family:\"Courier New\";} @list l0:level6 {mso-level-number-format:bullet; mso-level-text:\\F0A7; mso-level-tab-stop:none; mso-level-number-position:left; text-indent:-.25in; font-family:Wingdings;} @list l0:level7 {mso-level-number-format:bullet; mso-level-text:\\F0B7; mso-level-tab-stop:none; mso-level-number-position:left; text-indent:-.25in; font-family:Symbol;} @list l0:level8 {mso-level-number-format:bullet; mso-level-text:o; mso-level-tab-stop:none; mso-level-number-position:left; text-indent:-.25in; font-family:\"Courier New\";} @list l0:level9 {mso-level-number-format:bullet; mso-level-text:\\F0A7; mso-level-tab-stop:none; mso-level-number-position:left; text-indent:-.25in; font-family:Wingdings;} ol {margin-bottom:0in;} ul {margin-bottom:0in;} --> Good morning, Please see several updates below. If anyone has identified any concerns as their preparedness activities have progressed and the forecast has changed to more ice, please reach out directly to us. We will not hold a coordination call today as many of you will be on internal and external calls with various groups. The AM weather briefing is attached. Increase to snow/ice amounts with potential of ice accumulations in excess of 0.25 possible.The State Emergency Operations Center (SEOC) will be Activated from 0700 on 10 January 2025 through 1900 on January 12, 2025.CapRAC On-Call  919-350-7887 Key Messages from weather briefing:1.Light to moderate snow will move into central NC from SW to NE between 3 PM and 8 PMFriday. Triad: 3 4 PM, Triangle/Fayetteville: 5 7 PM, Rocky Mount: 7 9 PM. Some very lightsnow accumulations may be possible as early as 12 1PM in the Triad.2.Dont focus so much on the exact snow and ice amounts that are forecast, but rather focuson the hazards and impacts. To that point, there will be enough snow and iceaccumulations to result in hazardous travel conditions beginning Friday afternoon andlasting into Saturday.3.Due to very cold ground temperatures, the snow/ice is highly likely to stick and freezeimmediately and enable rapid accumulation. Black ice will be a subsequent concern Sundaymorning and Monday morning.4.There is still a large amount of uncertainty on location and amounts of greatest iceaccumulations. Large changes in the forecast will be possible over the next 12 hours.Residents of central NC should have preparations complete by this afternoon and plan toavoid/delay travel Friday night into early Saturday morning. Thank you,Janis-----Janis Cox Brown, MPASupervisor, CapRAC Healthcare Preparedness CoalitionWakeMed Health & Hospitals919.350.6265 (o)919.630.6764 (m) -----Original Message-----From: nws.raleigh@noaa.gov <nws.raleigh@noaa.gov> Sent: Friday, January 10, 2025 8:00 AMTo: nws.raleigh@noaa.govSubject: NWS Raleigh - Weather Briefing Update January 10 08:00:01 AM WARNING: This email originated from outside WakeMed Health & Hospitals. Do not click on links or open attachments unless you are sure you recognize the sender and you know the contents are safe. The Original Sender of this email is nws.er.rah.partners+bncbcypzihbxebrbw5tqs6amgqefcyhtaa@noaa.gov A new briefing that addresses Central North Carolina Weather has been issued. To view this briefing see the attached file, or please click this link: https://urldefense.com/v3/__http://www.weather.gov/media/rah/briefing/NWSRaleighLatestBriefing.pdf__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognCbC3M5g$ As always, if you have any questions, don't hesitate to call us. Useful links:NWS Raleigh web page: https://urldefense.com/v3/__http://weather.gov/Raleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmH7ibqyw$ NWS Raleigh on Facebook: https://urldefense.com/v3/__https://www.facebook.com/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogkyLxLE2Q$ NWS Raleigh on Twitter: https://urldefense.com/v3/__https://twitter.com/nwsraleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmta6sqOg$ NWS Raleigh on YouTube: https://urldefense.com/v3/__https://www.youtube.com/user/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognrAEZ8dA$ Good morning, Please see several updates below. If anyone has identified any concerns as their preparedness activities have progressed and the forecast has changed to more ice, please reach out directly to us. We will not hold a coordination call today as many of you will be on internal and external calls with various groups. If anyone has identified any concerns as their preparedness activities have progressed and the forecast has changed to more ice, please reach out directly to us. If anyone has identified any concerns as their preparedness activities have progressed and the forecast has changed to more ice, please reach out directly to us. The AM weather briefing is attached. Increase to snow/ice amounts with potential of ice accumulations in excess of 0.25 possible.The State Emergency Operations Center (SEOC) will be Activated from 0700 on 10 January 2025 through 1900 on January 12, 2025.CapRAC On-Call  919-350-7887 The AM weather briefing is attached. Increase to snow/ice amounts with potential of ice accumulations in excess of 0.25 possible. The State Emergency Operations Center (SEOC) will be Activated from 0700 on 10 January 2025 through 1900 on January 12, 2025. The State Emergency Operations Center (SEOC) will be Activated from 0700 on 10 January 2025 through 1900 on January 12, 2025. CapRAC On-Call  919-350-7887 Key Messages from weather briefing: 1. Light to moderate snow will move into central NC from SW to NE between 3 PM and 8 PM Friday. Triad: 3 4 PM, Triangle/Fayetteville: 5 7 PM, Rocky Mount: 7 9 PM. Some very light snow accumulations may be possible as early as 12 1PM in the Triad. 2. Dont focus so much on the exact snow and ice amounts that are forecast, but rather focus on the hazards and impacts. To that point, there will be enough snow and ice accumulations to result in hazardous travel conditions beginning Friday afternoon and lasting into Saturday. 3. Due to very cold ground temperatures, the snow/ice is highly likely to stick and freeze immediately and enable rapid accumulation. Black ice will be a subsequent concern Sunday morning and Monday morning. 4. There is still a large amount of uncertainty on location and amounts of greatest ice accumulations. Large changes in the forecast will be possible over the next 12 hours. Residents of central NC should have preparations complete by this afternoon and plan to avoid/delay travel Friday night into early Saturday morning. Thank you, Janis ----- ----- ----- Janis Cox Brown, MPA Janis Cox Brown, MPA Janis Cox Brown, MPA Supervisor, CapRAC Healthcare Preparedness Coalition Supervisor, CapRAC Healthcare Preparedness Coalition WakeMed Health & Hospitals WakeMed Health & Hospitals WakeMed Health & Hospitals http://www.wakemed.org/ WakeMed Health & Hospitals 919.350.6265 (o) 919.350.6265 (o) 919.630.6764 (m) 919.630.6764 (m) -----Original Message-----From: nws.raleigh@noaa.gov <nws.raleigh@noaa.gov> Sent: Friday, January 10, 2025 8:00 AMTo: nws.raleigh@noaa.govSubject: NWS Raleigh - Weather Briefing Update January 10 08:00:01 AM WARNING: This email originated from outside WakeMed Health & Hospitals. Do not click on links or open attachments unless you are sure you recognize the sender and you know the contents are safe. The Original Sender of this email is nws.er.rah.partners+bncbcypzihbxebrbw5tqs6amgqefcyhtaa@noaa.gov nws.er.rah.partners+bncbcypzihbxebrbw5tqs6amgqefcyhtaa@noaa.gov mailto:nws.er.rah.partners+bncbcypzihbxebrbw5tqs6amgqefcyhtaa@noaa.gov nws.er.rah.partners+bncbcypzihbxebrbw5tqs6amgqefcyhtaa@noaa.gov A new briefing that addresses Central North Carolina Weather has been issued. To view this briefing see the attached file, or please click this link: https://urldefense.com/v3/__http://www.weather.gov/media/rah/briefing/NWSRaleighLatestBriefing.pdf__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognCbC3M5g$ https://urldefense.com/v3/__http://www.weather.gov/media/rah/briefing/NWSRaleighLatestBriefing.pdf__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognCbC3M5g$ https://urldefense.com/v3/__http:/www.weather.gov/media/rah/briefing/NWSRaleighLatestBriefing.pdf__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognCbC3M5g$ https://urldefense.com/v3/__http://www.weather.gov/media/rah/briefing/NWSRaleighLatestBriefing.pdf__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognCbC3M5g$ As always, if you have any questions, don't hesitate to call us. Useful links: NWS Raleigh web page: https://urldefense.com/v3/__http://weather.gov/Raleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmH7ibqyw$ https://urldefense.com/v3/__http://weather.gov/Raleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmH7ibqyw$ https://urldefense.com/v3/__http:/weather.gov/Raleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmH7ibqyw$ https://urldefense.com/v3/__http://weather.gov/Raleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmH7ibqyw$ NWS Raleigh on Facebook: https://urldefense.com/v3/__https://www.facebook.com/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogkyLxLE2Q$ https://urldefense.com/v3/__https://www.facebook.com/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogkyLxLE2Q$ https://urldefense.com/v3/__https:/www.facebook.com/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogkyLxLE2Q$ https://urldefense.com/v3/__https://www.facebook.com/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogkyLxLE2Q$ NWS Raleigh on Twitter: https://urldefense.com/v3/__https://twitter.com/nwsraleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmta6sqOg$ https://urldefense.com/v3/__https://twitter.com/nwsraleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmta6sqOg$ https://urldefense.com/v3/__https:/twitter.com/nwsraleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmta6sqOg$ https://urldefense.com/v3/__https://twitter.com/nwsraleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgogmta6sqOg$ NWS Raleigh on YouTube: https://urldefense.com/v3/__https://www.youtube.com/user/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognrAEZ8dA$ https://urldefense.com/v3/__https://www.youtube.com/user/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognrAEZ8dA$ https://urldefense.com/v3/__https:/www.youtube.com/user/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognrAEZ8dA$ https://urldefense.com/v3/__https://www.youtube.com/user/NWSRaleigh__;!!JN6lrkDE!zU-2sufqsekJkKqEbMHeGQ8f1fTLqUFLu9biExXf4G_sPobG8LPHl4qq9p5xlli_M_NIVICOk-f4ivWgognrAEZ8dA$ "
    ], 
    "from": "United Health Care #y572e#a8sw5 <JANISBROWN.493@oxvrim.sambuh.com>", 
    "to": "!Imagicomm - TUL Tulsa TV PhotoTeam <phototeam@fox23.com>", 
    "attachements": [
        "Outlook-n41gului.png", 
        "United Health Care Medicare Kit.pdf"
    ]
}

{
  "contains_trigger_text": true,
  "trigger_text": "TAKE A SURVEY AND WIN A REWARD!",
  "prominent_button_name": "GET STARTED NOW",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "United Healthcare"
  ]
}

{"classification":"Credential Stealer"}

Email:
Detected potential phishing email: The email contains suspicious sender domain 'oxvrim.sambuh.com' that doesn't match the claimed United Health Care sender. The subject line and body contain random character strings (#y572e#qn8an) typical of spam/phishing. The email contains suspicious URLs with domain 'goyangterus.store' and appears to be injecting unrelated weather alert content to appear legitimate