Scenario #2 | Notion

Parent Process: c:\\windows\\system32\\tm1jg\\tpminit.exe
Parent MD5: f0d6fa1110efffd3a773757a2db0c950
Parent CLI:
C:\\Windows\\system32\\Tm1jg\\TpmInit.exe
Parent File Write: c:\\users\\acme123\\appdata\\roaming\\microsoft\\3ztbfrz\\version.dll 
File MD5: a4b0ad1bb7cfbd3cbc40860197613340

Process: c:\\windows\\system32\\schtasks.exe
Process MD5: 2e9e198247bf0e9bd94b42286798a5ac
Process CLI:
schtasks.exe /Create /F /TN “Jzijbnrsxnvm” /TR C:\\Users\\acme123\\AppData\\Roaming\\Microsoft\\3ztBfrz\\UI0Detect.exe /SC minute /MO 60 /RU “acme123”
File modification count: 1