TeamViewer Forensic Case Study

TeamViewer Forensic Case Study

  • Connected time 2021-09-02 12:16 PM (+5:30). Have connected two times. In some logs have omitted first connection details due to long number of log lines. Main considered connected time is 12:16 PM
  • Just installed with default configuration. No settings changed. 
  • Both applications installed both around 11.xx AM


Source Computer

OS : Windows 10 Pro VM

Hostname : DESKTOP-E76EAE6

TeamViewer Your ID : 333 748 143

TeamViwer Version : 15.21.6 (64 bit)

TeamViwer Licence : Free





C:\Program Files\TeamViewer\Connections_incoming.txt

There is no such a file. No one is connected to this computer.

C:\Program Files\TeamViewer\TeamViewer15_Logfile.txt

  • Time is displayed in +5:30. Not UTC.
  • This is a big file. Have lots of log lines.
  • SHA256 fingerprint shows on both computers.
2021/09/02 12:16:13.059  3428  6472 S0   NegotiateEncryptionV2::CreateEncryption: handshake successful, local fingerprint: SHA256:MErFjGu2SXqeGsDH3OHFYzGg2k8jcWBqajWjS3NX54U, remote fingerprint SHA256:uoOzI8s3jH8IGt6jH4sjPdkYBAzZbglUsRXnpuYf3mY

Entries containing destination's TeamViewr ID 333 730 993

2021/09/02 12:16:31.371  7576  7568 G1   VoIP: Receiver: Added session 191254531. Meeting id is WIN-1QGVVFCIKNE (333 730 993). Our participant id is "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531].

2021/09/02 12:16:31.371  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]: VoIPBCommandReceiver: Created for session 191254531

2021/09/02 12:16:31.371  7576  7568 G1   VoIP: Receiver: Session 191254531: Channel created for participant [333730993,122264081] called "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]

2021/09/02 12:16:31.371  7576  2108 G1   VoIP: Sender: Session 191254531: VoIP streams: Participant added: "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]

2021/09/02 12:16:31.371  7576  2108 G1   DC: Presenter role assigned to [333730993,122264081] (WIN-1QGVVFCIKNE (333 730 993))

2021/09/02 12:16:31.700  7576  8044 G1   VoIP: Sender: Session 191254531: VoIP streams: Participant added: "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]

2021/09/02 12:16:31.700  7576  8044 G1   VoIP: Sender: Session 191254531: VoIP streams: Partner "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] subscribed VoIPV1 control stream. We have to send an init command.

2021/09/02 12:16:33.796  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]: VoIPBCommandReceiver: Partner registered VoIPV3 audio stream 16

2021/09/02 12:16:33.796  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]: VoIPBCommandReceiver: We subscribed VoIPV3 audio stream 16

2021/09/02 12:16:33.796  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]: VoIPBCommandReceiver: Partner registered VoIPV3 control stream 17

2021/09/02 12:16:33.796  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]: VoIPBCommandReceiver: We subscribed VoIPV3 control stream 17 (waiting for init command)

2021/09/02 12:16:33.796  7576  8044 G1   VoIP: Sender: Session 191254531: VoIP streams: Partner "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] subscribed VoIPV3 control stream. We have to send an init command.

2021/09/02 12:16:37.638  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]: VoIPBCommandReceiver: Partner sent init command on stream 17

2021/09/02 12:16:37.638  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]: Initialize to version V3

2021/09/02 12:16:37.638  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] (V3): Building pipeline finished

2021/09/02 12:16:37.638  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] (V3): JitterBufferB: Set latency-mode = LowLatency

2021/09/02 12:16:37.638  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] (V3): Added to mixer

2021/09/02 12:16:37.638  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] (V3): Incoming shut status changed to shut = 1

2021/09/02 12:16:37.638  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] (V3): Initialized

2021/09/02 12:16:42.590  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] (V3): Removed from mixer

2021/09/02 12:16:42.605  7576  7568 G1   VoIP: Receiver: Session 191254531: Channel removed for participant [333730993,122264081] called "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]

2021/09/02 12:16:42.605  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] (V3): JitterBuffer statistics block (JBS V7) (StreamId=16): -------------------

2021/09/02 12:16:42.605  7576  7568 G1   JBS ("WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]): Start of logging sequence!

2021/09/02 12:16:42.605  7576  7568 G1   JBS ("WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]): No data. JitterBuffer was permanently shut!


Entries containing destination's host name WIN-1QGVVFCIKNE

2021/09/02 12:16:31.371  3428  6472 S0   CPersistentParticipantManager::AddParticipant: [333730993,122264081] type=3 name=WIN-1QGVVFCIKNE

2021/09/02 12:16:31.371  3428  6472 S0   CParticipantManagerBase participant WIN-1QGVVFCIKNE (ID [333730993,122264081]) was added with the role 3

2021/09/02 12:16:31.371  7576  2108 G1   CParticipantManagerBase participant WIN-1QGVVFCIKNE (ID [333730993,122264081]) was added with the role 3

2021/09/02 12:16:31.371  7576  2108 G1   New Participant added in CParticipantManager WIN-1QGVVFCIKNE ([333730993,122264081])

2021/09/02 12:16:31.371  7576  7568 G1   VoIP: Receiver: Added session 191254531. Meeting id is WIN-1QGVVFCIKNE (333 730 993). Our participant id is "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531].

2021/09/02 12:16:31.371  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]: VoIPBCommandReceiver: Created for session 191254531

2021/09/02 12:16:31.371  7576  7568 G1   VoIP: Receiver: Session 191254531: Channel created for participant [333730993,122264081] called "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]

2021/09/02 12:16:31.371  7576  2108 G1   VoIP: Sender: Session 191254531: VoIP streams: Participant added: "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]

2021/09/02 12:16:31.371  7576  2108 G1   DC: Presenter role assigned to [333730993,122264081] (WIN-1QGVVFCIKNE (333 730 993))

2021/09/02 12:16:31.700  7576  8044 G1   VoIP: Sender: Session 191254531: VoIP streams: Participant added: "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]

2021/09/02 12:16:31.700  7576  8044 G1   VoIP: Sender: Session 191254531: VoIP streams: Partner "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] subscribed VoIPV1 control stream. We have to send an init command.

2021/09/02 12:16:33.796  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]: VoIPBCommandReceiver: Partner registered VoIPV3 audio stream 16

2021/09/02 12:16:33.796  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]: VoIPBCommandReceiver: We subscribed VoIPV3 audio stream 16

2021/09/02 12:16:33.796  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]: VoIPBCommandReceiver: Partner registered VoIPV3 control stream 17

2021/09/02 12:16:33.796  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]: VoIPBCommandReceiver: We subscribed VoIPV3 control stream 17 (waiting for init command)

2021/09/02 12:16:33.796  7576  8044 G1   VoIP: Sender: Session 191254531: VoIP streams: Partner "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] subscribed VoIPV3 control stream. We have to send an init command.

2021/09/02 12:16:37.638  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]: VoIPBCommandReceiver: Partner sent init command on stream 17

2021/09/02 12:16:37.638  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]: Initialize to version V3

2021/09/02 12:16:37.638  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] (V3): Building pipeline finished

2021/09/02 12:16:37.638  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] (V3): JitterBufferB: Set latency-mode = LowLatency

2021/09/02 12:16:37.638  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] (V3): Added to mixer

2021/09/02 12:16:37.638  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] (V3): Incoming shut status changed to shut = 1

2021/09/02 12:16:37.638  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] (V3): Initialized

2021/09/02 12:16:42.590  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] (V3): Removed from mixer

2021/09/02 12:16:42.605  7576  7568 G1   VoIP: Receiver: Session 191254531: Channel removed for participant [333730993,122264081] called "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]

2021/09/02 12:16:42.605  7576  7568 G1   VoIP: Receiver: Participant channel "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081] (V3): JitterBuffer statistics block (JBS V7) (StreamId=16): -------------------

2021/09/02 12:16:42.605  7576  7568 G1   JBS ("WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]): Start of logging sequence!

2021/09/02 12:16:42.605  7576  7568 G1   JBS ("WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081]): No data. JitterBuffer was permanently shut!

C:\Users\john\AppData\Roaming\TeamViewer\Connections.txt

Only these 2 lines are in the log file. I have connected from this computer for two times with TeamViewer.


333730993                       02-09-2021 05:47:29             02-09-2021 05:48:12             john                            RemoteControl                   {56ca28af-53d3-42e0-ba16-8fda211c2105}
333730993                       02-09-2021 06:46:07             02-09-2021 06:46:42             john                            RemoteControl                   {a7652d5b-19f8-4566-90b5-8ec6d92a0428}


This log is in UTC time. Need to add 5:30 to get Sri Lankan time stamp





Destination Computer

OS : Windows Server 2016 Datacenter VM

Hostname : WIN-1QGVVFCIKNE

TeamViewer Your ID : 333 730 993

TeamViwer Version : 15.21.6 (64 bit)

TeamViwer Licence : Free



C:\Program Files\TeamViewer\TeamViewer15_Logfile.txt

  • Time is displayed in +5:30. Not UTC.
  • This is a big file. Have lots of log lines.
  • 11.xx AM is installed time
  • SHA256 fingerprint shows on both computers.


2021/09/02 12:16:12.641  4172  4216 S0   NegotiateEncryptionV2::CreateEncryption: handshake successful, local fingerprint: SHA256:uoOzI8s3jH8IGt6jH4sjPdkYBAzZbglUsRXnpuYf3mY, remote fingerprint SHA256:MErFjGu2SXqeGsDH3OHFYzGg2k8jcWBqajWjS3NX54U

2021/09/02 12:16:30.775  1436  3536 D1   AuthenticationPasswordLogin_Passive::RunAuthenticationMethod: authentication using dynamic password was successful


Entries containing source's host name TeamViewer ID 333 748 143

2021/09/02 12:16:31.628  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]: VoIPBCommandReceiver: Created for session 122264081

2021/09/02 12:16:31.628  4104  2488 G1   VoIP: Receiver: Session 122264081: Channel created for participant [333748143,191254531] called "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]

2021/09/02 12:16:32.452  4104  4068 G1   VoIP: Sender: Added session 122264081. Meeting id is DESKTOP-E76EAE6 (333 748 143). Our participant id is "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081].

2021/09/02 12:16:32.452  4104  4068 G1   VoIP: Sender: Session 122264081: VoIP streams: Participant added: "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]

2021/09/02 12:16:32.453  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]: VoIPBCommandReceiver: Partner registered VoIPV3 audio stream 6

2021/09/02 12:16:32.453  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]: VoIPBCommandReceiver: We subscribed VoIPV3 audio stream 6

2021/09/02 12:16:32.453  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]: VoIPBCommandReceiver: Partner registered VoIPV3 control stream 7

2021/09/02 12:16:32.453  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]: VoIPBCommandReceiver: We subscribed VoIPV3 control stream 7 (waiting for init command)

2021/09/02 12:16:32.498  4104  3300 G1   VoIP: Sender: Session 122264081: VoIP streams: Participant added: "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]

2021/09/02 12:16:32.503  4104  3300 G1   VoIP: Sender: Session 122264081: VoIP streams: Participant added: "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]

2021/09/02 12:16:32.503  4104  3300 G1   VoIP: Sender: Session 122264081: VoIP streams: Partner "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] subscribed VoIPV1 control stream. We have to send an init command.

2021/09/02 12:16:37.205  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]: VoIPBCommandReceiver: Partner sent init command on stream 7

2021/09/02 12:16:37.205  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]: Initialize to version V3

2021/09/02 12:16:37.238  4104  3300 G1   VoIP: Sender: Session 122264081: VoIP streams: Partner "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] subscribed VoIPV3 control stream. We have to send an init command.

2021/09/02 12:16:37.242  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] (V3): Building pipeline finished

2021/09/02 12:16:37.242  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] (V3): JitterBufferB: Set latency-mode = LowLatency

2021/09/02 12:16:37.242  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] (V3): Added to mixer

2021/09/02 12:16:37.242  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] (V3): Incoming shut status changed to shut = 1

2021/09/02 12:16:37.242  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] (V3): Initialized

2021/09/02 12:16:42.720  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] (V3): Removed from mixer

2021/09/02 12:16:42.720  4104  2488 G1   VoIP: Receiver: Session 122264081: Channel removed for participant [333748143,191254531] called "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]

2021/09/02 12:16:42.720  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] (V3): JitterBuffer statistics block (JBS V7) (StreamId=6): -------------------

2021/09/02 12:16:42.720  4104  2488 G1   JBS ("DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]): Start of logging sequence!

2021/09/02 12:16:42.720  4104  2488 G1   JBS ("DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]): No data. JitterBuffer was permanently shut!


Entries containing source's host name DESKTOP-E76EAE6

2021/09/02 12:16:31.056  4172  4216 S0   CPersistentParticipantManager::AddParticipant: [333748143,191254531] type=6 name=DESKTOP-E76EAE6

2021/09/02 12:16:31.581  4172  4264 S0   CParticipantManagerBase participant DESKTOP-E76EAE6 (ID [333748143,191254531]) was added with the role 6

2021/09/02 12:16:31.623  1436  3896 D1   CParticipantManagerBase participant DESKTOP-E76EAE6 (ID [333748143,191254531]) was added with the role 6

2021/09/02 12:16:31.623  1436  3896 D1   New Participant added in CParticipantManager DESKTOP-E76EAE6 ([333748143,191254531])

2021/09/02 12:16:31.628  4104  3300 G1   CParticipantManagerBase participant DESKTOP-E76EAE6 (ID [333748143,191254531]) was added with the role 6

2021/09/02 12:16:31.628  4104  3300 G1   New Participant added in CParticipantManager DESKTOP-E76EAE6 ([333748143,191254531])

2021/09/02 12:16:31.628  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]: VoIPBCommandReceiver: Created for session 122264081

2021/09/02 12:16:31.628  4104  2488 G1   VoIP: Receiver: Session 122264081: Channel created for participant [333748143,191254531] called "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]

2021/09/02 12:16:32.452  4104  4068 G1   VoIP: Sender: Added session 122264081. Meeting id is DESKTOP-E76EAE6 (333 748 143). Our participant id is "WIN-1QGVVFCIKNE (333 730 993)" [333730993,122264081].

2021/09/02 12:16:32.452  4104  4068 G1   VoIP: Sender: Session 122264081: VoIP streams: Participant added: "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]

2021/09/02 12:16:32.453  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]: VoIPBCommandReceiver: Partner registered VoIPV3 audio stream 6

2021/09/02 12:16:32.453  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]: VoIPBCommandReceiver: We subscribed VoIPV3 audio stream 6

2021/09/02 12:16:32.453  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]: VoIPBCommandReceiver: Partner registered VoIPV3 control stream 7

2021/09/02 12:16:32.453  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]: VoIPBCommandReceiver: We subscribed VoIPV3 control stream 7 (waiting for init command)

2021/09/02 12:16:32.498  4104  3300 G1   VoIP: Sender: Session 122264081: VoIP streams: Participant added: "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]

2021/09/02 12:16:32.503  4104  3300 G1   VoIP: Sender: Session 122264081: VoIP streams: Participant added: "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]

2021/09/02 12:16:32.503  4104  3300 G1   VoIP: Sender: Session 122264081: VoIP streams: Partner "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] subscribed VoIPV1 control stream. We have to send an init command.

2021/09/02 12:16:37.205  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]: VoIPBCommandReceiver: Partner sent init command on stream 7

2021/09/02 12:16:37.205  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]: Initialize to version V3

2021/09/02 12:16:37.238  4104  3300 G1   VoIP: Sender: Session 122264081: VoIP streams: Partner "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] subscribed VoIPV3 control stream. We have to send an init command.

2021/09/02 12:16:37.242  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] (V3): Building pipeline finished

2021/09/02 12:16:37.242  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] (V3): JitterBufferB: Set latency-mode = LowLatency

2021/09/02 12:16:37.242  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] (V3): Added to mixer

2021/09/02 12:16:37.242  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] (V3): Incoming shut status changed to shut = 1

2021/09/02 12:16:37.242  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] (V3): Initialized

2021/09/02 12:16:42.720  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] (V3): Removed from mixer

2021/09/02 12:16:42.720  4104  2488 G1   VoIP: Receiver: Session 122264081: Channel removed for participant [333748143,191254531] called "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]

2021/09/02 12:16:42.720  4104  2488 G1   VoIP: Receiver: Participant channel "DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531] (V3): JitterBuffer statistics block (JBS V7) (StreamId=6): -------------------

2021/09/02 12:16:42.720  4104  2488 G1   JBS ("DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]): Start of logging sequence!

2021/09/02 12:16:42.720  4104  2488 G1   JBS ("DESKTOP-E76EAE6 (333 748 143)" [333748143,191254531]): No data. JitterBuffer was permanently shut!


    C:\Program Files\TeamViewer\Connections_incoming.txt

    Only these 2 lines are in the log file. I have connected to this computer for two times with TeamViewer.

    333748143 DESKTOP-E76EAE6 02-09-2021 05:47:34 02-09-2021 05:48:12 Administrator RemoteControl {56ca28af-53d3-42e0-ba16-8fda211c2105}

    333748143 DESKTOP-E76EAE6 02-09-2021 06:46:11 02-09-2021 06:46:42 Administrator RemoteControl {a7652d5b-19f8-4566-90b5-8ec6d92a0428}


    https://medium.com/mii-cybersec/digital-forensic-artifact-of-teamviewer-application-cfd6290dc0a7

    This log is in UTC time. Need to add 5:30 to get Sri Lankan time stamp



    Nothing useful files found in C:\Users\Administrator\AppData\Roaming\TeamViewer


    Labels: , , , , , , ,

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)