any assistance available for a "hacked" account?
I setup an install of TeamViewer 14 (fully updated) on a single machine, as a personal install, registered it to a TeamViewer account (also free and personal), and set it up to "Start with Windows" and granted "Easy Access" to the aforementioned account. I also setup Windows to never sleep, so that this machine would always be accessible via TeamViewer.
This worked fine for many months, but a couple of weeks ago some fradulent transfers totaling almost $3,000 were sent from one of my Paypal accounts to some email addresses that I don't at all recognize. Simultaneously on this same computer with "Easy Access", I noticed on that when I pasted text it had this same email address still in the clipboard buffer.
I have no idea how this happened, but somehow someone was able to get access to my TeamViewer account and login to this machine, and from there access my Paypal account (whose credentials were stored in the machine's browser and was which was lacking 2FA).
Anyway, there were a series of admitted security flaws in this setup, which I've since corrected. But that's not the point of this post. The point of this post is I'm trying to assess what other damage may have been done while this "hacker" was connected to my machine.
1. What log files are available to show what an intruder may have done while connected?
Specifically, since I highly doubt anything as detailed as keystrokes and clicks are recorded, I'm wondering if there are any server-side records of file transfer? By server I mean both the TeamViewer server on the machine itself and also the TeamViewer corporate servers?
2. Are there any other logs, perhaps IP logs, that TeamViewer the company can provide me, a free and personal user without a license, with in this case of unlawful intrusion? Technically this was a federal crime, but I'd have to file a police report, etc. I figure that since all the logins are asociated with my account, that I should be entitled to that information if it is available, regardless of whether a crime occurred - if TeamViewer is willing to help me.
3. Perhaps someone can clue me into any logs in Windows that could shine more light on this intrusion?
I found these entries in the "Connections_incoming" log of TeamViewer, which I believe show the intruder (the times and dates correspond to the times of the Paypal transfers, and no Asus-brand computers should be connecting to this machine):
Connections_incoming
**Please do not post TeamViewer IDs** ASUS 22-07-2019 11:14:30 22-07-2019 11:26:29 vedette-diana RemoteControl {28C84073-731E-40E7-888D-A19684D59DEE}
**Please do not post TeamViewer IDs** ASUS 22-07-2019 23:08:58 22-07-2019 23:09:10 vedette-diana RemoteControl {592B82BB-FF79-4E81-BB86-E92C4A61C796}
**Please do not post TeamViewer IDs** ASUS 23-07-2019 07:43:40 23-07-2019 07:45:52 <unknown> RemoteControl {765ED65E-CD26-438D-BB57-E69DF54C8326}
**Please do not post TeamViewer IDs** ASUS 23-07-2019 07:55:18 23-07-2019 08:06:56 Administrator RemoteControl {3B27D7BF-4347-4F45-869E-EEBF758FB3BA}
**Please do not post TeamViewer IDs** ASUS 23-07-2019 08:06:59 23-07-2019 08:44:04 <unknown> RemoteControl {C5F60136-2375-45FE-8D1A-415F3ED5624F}
**Please do not post TeamViewer IDs** ASUS 23-07-2019 08:53:50 23-07-2019 09:02:21 vedette-diana RemoteControl {27174E57-51A3-4CC2-9C79-597E50393103}
**Please do not post TeamViewer IDs** ASUS 24-07-2019 09:08:43 24-07-2019 09:22:41 vedette-diana RemoteControl {11778713-C5E6-4D26-9113-23CE9BE3D8C3}
**Please do not post TeamViewer IDs** ASUS 24-07-2019 09:53:39 24-07-2019 10:03:42 vedette-diana RemoteControl {422CEB1B-7C9C-4A71-91E7-984CAC958153}
**Please do not post TeamViewer IDs** ASUS 25-07-2019 08:39:45 25-07-2019 08:49:48 <unknown> RemoteControl {AA46A18A-4DDA-4766-ABCE-D2AADFC1195E}
(Sensitive data obfuscated)
But unfortunately none of this information helps me at all, other than the connecting hostname telling me the brand of the computer. I've found the same hostname referenced in the "TeamViewer14_Logfile" file, but this file is much larger and more verbose so I'm not sure I should paste it here. Reading through the file, I can't find much that seems useful here either, but perhaps I could use some guidance.
