Tools:
SCENARIO
You're working as an analyst at a Security Operations Center (SOC) for a Thanksgiving-themed company. One quiet evening, you hear someone knocking at the SOC entrance. As you answer the door, an exhausted mail server technician stumbles in and quickly falls to the floor. He whispers in a shaky voice, "Mail filters are down... Spam everywhere..."
As you help him up, he looks to the sky and yells, "The gates of hell have opened!"The technician immediately collapses again and softly whispers, "The horror... The horror...".
The mail filter outage lasted throughout the next day. Fortunately, very few incidents were reported. But one example caught your eye. During the mail filter outage, one of the company employees decided to play "email roulette." The employee opened one of the malicious emails from his inbox and treated it as a legitimate message.

YOUR ASSIGNMENT
You acquired four malicious emails the employee received. You also received a pcap of traffic from his infected computer. Your task? Figure out which email was used to compromise the system.
Thanks, th3c0rt3x for reviewing the challenge.