8805ab94-bde6-10a1-3b61-f0523121e152edf2aa1f-920f-462a-b97f-600a4ca76422 1 5 4 1 0 0x8000000000000000 1447 Microsoft-Windows-Sysmon/Operational EC2AMAZ-UGL8NO0 - 2026-05-20 09:56:26.290 2835B818-854A-6A0D-4F05-000000004303 5416 C:\Users\user\AppData\Local\Temp\2\ffmpeg.exe - - - - - "C:\Users\user\AppData\Local\Temp\2\ffmpeg.exe" -f dshow -vcodec mjpeg -i "video= Integrated Webcam (video)" -vframes 1 screenshot.jpg C:\Users\user\AppData\Local\Temp\2\ EC2AMAZ-UGL8NO0\user 2835B818-838F-6A0D-C3CE-030000000000 0x3cec3 2 Medium MD5=382B6FBB0FAFD73C9D0DEF3422F271CA,SHA256=2540436EED3AC57414EC1402E22A39C8E440D6AA600A2F0A7D1CC7C071605035,IMPHASH=EE6386E4ECD30461DE330194FC844B65 2835B818-840A-6A0D-CC00-000000004303 6628 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "PowerShell.exe" -noexit -command Set-Location -literalPath 'C:\Users\user\AppData\Local\Temp\2' EC2AMAZ-UGL8NO0\user 8805ab94-bde6-10a1-3b61-f0523121e152a9f46d4a-fa3c-413f-a3a8-d34b28d7fad4 1 5 4 1 0 0x8000000000000000 947 Microsoft-Windows-Sysmon/Operational EC2AMAZ-UGL8NO0 - 2026-05-20 09:52:36.112 2835B818-8464-6A0D-4B05-000000004303 5424 C:\Users\user\AppData\Local\Temp\2\ffmpeg.exe - - - - - "C:\Users\user\AppData\Local\Temp\2\ffmpeg.exe" -hide_banner -list_devices -f dshow -i dummy C:\Users\user\AppData\Local\Temp\2\ EC2AMAZ-UGL8NO0\user 2835B818-838F-6A0D-C3CE-030000000000 0x3cec3 2 Medium MD5=382B6FBB0FAFD73C9D0DEF3422F271CA,SHA256=2540436EED3AC57414EC1402E22A39C8E440D6AA600A2F0A7D1CC7C071605035,IMPHASH=EE6386E4ECD30461DE330194FC844B65 2835B818-840A-6A0D-CC00-000000004303 6628 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "PowerShell.exe" -noexit -command Set-Location -literalPath 'C:\Users\user\AppData\Local\Temp\2' EC2AMAZ-UGL8NO0\user