The template switches from RFQ to order, but the trap is the same: arj attachment with BAT/VBS, which downloads and executes malware. Data is exfiltrated via SMTP to an email.
Two emails convey as many attachments, theoretically different but in reality the same. They are two loaders that download the malware. One works and the other not.