اختبار شهادة امن المعلومات CompTIA Security+

A security analyst receives an alert categorized as suspicious activity after a standard user downloaded a .pdf file from a marketing website. The following occurred in sequential order:
The .pdf file ran code that created a .zip file and a .ps1 file on the system.
The .ps1 file ran after 60 seconds, which unpacked the .zip file that contained an .exe file.
The .ps1 file ran again after 60 seconds.
The .exe file then queried the LSASS service on the system.
Which of the following best describes this type of attack?