SmartHawk

10.8

0-day

该样本未表现出任何异常！

重新分析

下载样本

b9b3033b6239948f7c78b380508bc0674f94fb93fdd19b9b39176b5a52161683

825c05ad04d175f2bcf884ac508772e9.exe

分析耗时

97s

最近分析

文件大小

6.6MB

静态报毒动态报毒 TEAMVIEWER

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

Queries for the computername (8 个事件)

Time & API	Arguments	Status	Return
1620846513.423751 GetComputerNameW	computer_name: OSKAR-PC	success	1
1620846526.392751 GetComputerNameW	computer_name: OSKAR-PC	success	1
1620846527.454751 GetComputerNameW	computer_name: OSKAR-PC	success	1
1620846527.485751 GetComputerNameW	computer_name: OSKAR-PC	success	1
1620846527.517751 GetComputerNameW	computer_name: OSKAR-PC	success	1
1620846527.532751 GetComputerNameW	computer_name: OSKAR-PC	success	1
1620846527.907751 GetComputerNameW	computer_name: OSKAR-PC	success	1
1620846529.032751 GetComputerNameW	computer_name: OSKAR-PC	success	1

Checks if process is being debugged by a debugger (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620846528.485751 IsDebuggerPresent		failed	0	0

This executable is signed

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620808821.46875 GlobalMemoryStatusEx		success	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.ndata

Starts servers listening (13 个事件)

Time & API	Arguments	Status	Return
1620846527.673751 bind	ip_address: 127.0.0.1 socket: 1356 port: 6039	success	0
1620846527.673751 listen	socket: 1356 backlog: 2147483647	success	0
1620846528.501751 bind	ip_address: 0.0.0.0 socket: 1548 port: 0	success	0
1620846529.313751 bind	ip_address: 0.0.0.0 socket: 1612 port: 0	success	0
1620846529.813751 bind	ip_address: 0.0.0.0 socket: 1788 port: 0	success	0
1620846530.517751 bind	ip_address: 0.0.0.0 socket: 1772 port: 0	success	0
1620846530.892751 bind	ip_address: 0.0.0.0 socket: 1788 port: 0	success	0
1620846531.329751 bind	ip_address: 0.0.0.0 socket: 2072 port: 0	success	0
1620846532.032751 bind	ip_address: 0.0.0.0 socket: 2028 port: 0	success	0
1620846534.657751 bind	ip_address: 127.0.0.1 socket: 2148 port: 0	success	0
1620846534.657751 listen	socket: 2148 backlog: 2147483647	success	0
1620846534.657751 accept	ip_address: socket: 2148 port: 0	success	2164
1620846536.532751 bind	ip_address: 0.0.0.0 socket: 2276 port: 0	success	0

Performs some HTTP requests (1 个事件)

request

GET https://client.teamviewer.com/taf/index.aspx?language=zhCN&tvModul=2&tvVersion=11.0.53254%20QS&os=Win&osVersion=Win7&accId=0&clientId=1006350534&cType=0&license=10000&dps=%5B%201%2C%202%2C%203%2C%207%2C%208%20%5D&jVer=2&oem=&canupdate=1&hadcomcon=0&clientic=-1123106131

Allocates read-write-execute memory (usually to unpack itself) (3 个事件)

Time & API	Arguments	Status
1620808823.48475 NtProtectVirtualMemory	process_identifier: 2864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x10004000	success
1620846513.407751 NtAllocateVirtualMemory	process_identifier: 2632 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ef0000	success
1620846528.501751 NtProtectVirtualMemory	process_identifier: 2632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x05cd0000	success

Steals private information from local Internet browsers (1 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\Opera\Opera\operaprefs.ini

Creates executable files on the filesystem (13 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_w32.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nso80A6.tmp\nsis7z.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_w32.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_StaticRes.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_x64.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_Resource_ko.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\uninstall.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_x64.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nso80A6.tmp\TvGetVersion.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nso80A6.tmp\System.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe

Drops a binary and executes it (1 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer.exe

Drops an executable to the user AppData folder (11 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nso80A6.tmp\System.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nso80A6.tmp\nsis7z.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\nso80A6.tmp\TvGetVersion.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_w32.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_StaticRes.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\uninstall.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_w32.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_Resource_ko.dll

Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620846526.235751 GetAdaptersAddresses	flags: 256 family: 0	failed	111	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620846527.673751 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1	0

Communicates with host for which no DNS query was performed (3 个事件)

host	172.217.24.14
host	203.208.41.65
host	203.208.41.66

A process attempted to delay the analysis task. (1 个事件)

description

TeamViewer.exe tried to sleep 5456326 seconds, actually delayed analysis time by 5456326 seconds

Attempts to create or modify system certificates (1 个事件)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob

Performs 52 file moves indicative of a ransomware file encryption process (50 out of 52 个事件)

Time & API	Arguments	Status
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer.exe newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_2021-05-13-03-08-03.exe newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\TeamViewer_2021-05-13-03-08-03.exe flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\TeamViewer.exe	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_Service_2021-05-13-03-08-03.exe newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\TeamViewer_Service_2021-05-13-03-08-03.exe flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop_2021-05-13-03-08-03.exe newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop_2021-05-13-03-08-03.exe flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_w32.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_w32_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\tv_w32_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\tv_w32.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_w32.exe newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_w32_2021-05-13-03-08-03.exe newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\tv_w32_2021-05-13-03-08-03.exe flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\tv_w32.exe	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_x64.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_x64_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\tv_x64_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\tv_x64.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_x64.exe newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_x64_2021-05-13-03-08-03.exe newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\tv_x64_2021-05-13-03-08-03.exe flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\tv_x64.exe	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_StaticRes.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_StaticRes_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_StaticRes_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_StaticRes.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_de.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_de_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_de_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_de.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_en.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_en_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_en_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_en.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_da.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_da_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_da_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_da.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_es.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_es_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_es_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_es.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_fi.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_fi_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_fi_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_fi.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_fr.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_fr_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_fr_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_fr.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_it.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_it_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_it_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_it.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ja.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ja_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ja_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ja.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_nl.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_nl_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_nl_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_nl.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_no.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_no_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_no_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_no.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_pl.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_pl_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_pl_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_pl.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_pt.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_pt_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_pt_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_pt.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sv.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sv_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sv_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sv.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_tr.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_tr_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_tr_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_tr.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ru.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ru_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ru_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ru.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ko.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ko_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ko_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ko.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_cs.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_cs_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_cs_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_cs.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ar.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ar_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ar_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ar.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zh.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zh_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zh_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zh.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zhCN.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zhCN_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zhCN_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zhCN.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_bg.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_bg_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_bg_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_bg.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_el.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_el_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_el_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_el.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_he.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_he_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_he_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_he.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_hr.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_hr_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_hr_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_hr.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_hu.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_hu_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_hu_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_hu.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_id.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_id_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_id_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_id.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_lt.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_lt_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_lt_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_lt.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ro.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ro_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ro_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ro.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sk.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sk_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sk_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sk.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sr.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sr_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sr_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sr.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_th.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_th_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_th_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_th.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_uk.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_uk_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_uk_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_uk.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_vi.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_vi_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_vi_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_vi.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zhTW.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zhTW_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zhTW_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zhTW.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\logo.png newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\logo_2021-05-13-03-08-03.png newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\logo_2021-05-13-03-08-03.png flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\logo.png	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\teamviewer.ini newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\teamviewer_2021-05-13-03-08-03.ini newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\teamviewer_2021-05-13-03-08-03.ini flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\teamviewer.ini	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\teamviewer.json newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\teamviewer_2021-05-13-03-08-03.json newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\teamviewer_2021-05-13-03-08-03.json flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\teamviewer.json	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\teamviewer.sig newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\teamviewer_2021-05-13-03-08-03.sig newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\teamviewer_2021-05-13-03-08-03.sig flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\teamviewer.sig	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\disclaimer.txt newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\disclaimer_2021-05-13-03-08-03.txt newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\disclaimer_2021-05-13-03-08-03.txt flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\disclaimer.txt	failed
1620808823.54675 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\install.exe newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\install_2021-05-13-03-08-03.exe newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\install_2021-05-13-03-08-03.exe flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\install.exe	failed
1620808823.54675 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\install64.exe newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\install64_2021-05-13-03-08-03.exe newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\install64_2021-05-13-03-08-03.exe flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\install64.exe	failed
1620808823.54675 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Lizenz.txt newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Lizenz_2021-05-13-03-08-03.txt newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Lizenz_2021-05-13-03-08-03.txt flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Lizenz.txt	failed

Appends a new file extension or content to 52 files indicative of a ransomware file encryption process (50 out of 52 个事件)

Time & API	Arguments	Status
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer.exe newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_2021-05-13-03-08-03.exe newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\TeamViewer_2021-05-13-03-08-03.exe flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\TeamViewer.exe	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_Service_2021-05-13-03-08-03.exe newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\TeamViewer_Service_2021-05-13-03-08-03.exe flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop_2021-05-13-03-08-03.exe newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop_2021-05-13-03-08-03.exe flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_w32.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_w32_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\tv_w32_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\tv_w32.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_w32.exe newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_w32_2021-05-13-03-08-03.exe newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\tv_w32_2021-05-13-03-08-03.exe flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\tv_w32.exe	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_x64.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_x64_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\tv_x64_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\tv_x64.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_x64.exe newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\tv_x64_2021-05-13-03-08-03.exe newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\tv_x64_2021-05-13-03-08-03.exe flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\tv_x64.exe	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_StaticRes.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_StaticRes_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_StaticRes_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_StaticRes.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_de.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_de_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_de_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_de.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_en.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_en_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_en_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_en.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_da.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_da_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_da_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_da.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_es.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_es_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_es_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_es.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_fi.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_fi_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_fi_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_fi.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_fr.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_fr_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_fr_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_fr.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_it.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_it_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_it_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_it.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ja.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ja_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ja_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ja.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_nl.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_nl_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_nl_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_nl.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_no.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_no_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_no_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_no.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_pl.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_pl_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_pl_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_pl.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_pt.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_pt_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_pt_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_pt.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sv.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sv_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sv_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sv.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_tr.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_tr_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_tr_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_tr.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ru.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ru_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ru_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ru.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ko.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ko_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ko_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ko.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_cs.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_cs_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_cs_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_cs.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ar.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ar_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ar_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ar.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zh.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zh_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zh_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zh.dll	failed
1620808823.51575 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zhCN.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zhCN_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zhCN_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zhCN.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_bg.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_bg_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_bg_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_bg.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_el.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_el_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_el_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_el.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_he.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_he_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_he_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_he.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_hr.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_hr_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_hr_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_hr.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_hu.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_hu_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_hu_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_hu.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_id.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_id_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_id_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_id.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_lt.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_lt_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_lt_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_lt.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ro.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ro_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ro_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_ro.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sk.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sk_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sk_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sk.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sr.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sr_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sr_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_sr.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_th.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_th_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_th_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_th.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_uk.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_uk_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_uk_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_uk.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_vi.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_vi_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_vi_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_vi.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zhTW.dll newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zhTW_2021-05-13-03-08-03.dll newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zhTW_2021-05-13-03-08-03.dll flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Teamviewer_resource_zhTW.dll	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\logo.png newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\logo_2021-05-13-03-08-03.png newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\logo_2021-05-13-03-08-03.png flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\logo.png	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\teamviewer.ini newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\teamviewer_2021-05-13-03-08-03.ini newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\teamviewer_2021-05-13-03-08-03.ini flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\teamviewer.ini	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\teamviewer.json newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\teamviewer_2021-05-13-03-08-03.json newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\teamviewer_2021-05-13-03-08-03.json flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\teamviewer.json	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\teamviewer.sig newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\teamviewer_2021-05-13-03-08-03.sig newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\teamviewer_2021-05-13-03-08-03.sig flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\teamviewer.sig	failed
1620808823.53075 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\disclaimer.txt newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\disclaimer_2021-05-13-03-08-03.txt newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\disclaimer_2021-05-13-03-08-03.txt flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\disclaimer.txt	failed
1620808823.54675 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\install.exe newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\install_2021-05-13-03-08-03.exe newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\install_2021-05-13-03-08-03.exe flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\install.exe	failed
1620808823.54675 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\install64.exe newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\install64_2021-05-13-03-08-03.exe newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\install64_2021-05-13-03-08-03.exe flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\install64.exe	failed
1620808823.54675 MoveFileWithProgressW	oldfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Lizenz.txt newfilepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\TeamViewer\Lizenz_2021-05-13-03-08-03.txt newfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Lizenz_2021-05-13-03-08-03.txt flags: 2 oldfilepath_r: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\TeamViewer\Lizenz.txt	failed

Creates known TeamViewer mutexes and/or registry changes. (3 个事件)

mutex	TeamViewer_Win32_Instance_Mutex
regkey	HKEY_LOCAL_MACHINE\Software\TeamViewer\DefaultSettings\
regkey	HKEY_LOCAL_MACHINE\SOFTWARE\TeamViewer3

Detects VirtualBox through the presence of a device (2 个事件)

file	\??\VBoxGuest
file	\??\VBoxMiniRdrDN

Detects VirtualBox through the presence of a file (1 个事件)

dll	C:\Windows\system32\VBoxMRXNP.dll

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.78:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2014-10-07 12:40:20

Imports

Library KERNEL32.dll:

• 0x407060 CompareFileTime

• 0x407064 SearchPathW

• 0x407068 SetFileTime

• 0x40706c CloseHandle

• 0x407070 GetShortPathNameW

• 0x407074 MoveFileW

• 0x407078 SetCurrentDirectoryW

• 0x40707c GetFileAttributesW

• 0x407080 GetLastError

• 0x407084 GetFullPathNameW

• 0x407088 CreateDirectoryW

• 0x40708c Sleep

• 0x407090 GetTickCount

• 0x407094 CreateFileW

• 0x407098 GetFileSize

• 0x40709c GetModuleFileNameW

• 0x4070a0 GetCurrentProcess

• 0x4070a4 CopyFileW

• 0x4070a8 ExitProcess

• 0x4070ac SetEnvironmentVariableW

• 0x4070b0 GetWindowsDirectoryW

• 0x4070b4 SetFileAttributesW

• 0x4070b8 ExpandEnvironmentStringsW

• 0x4070bc SetErrorMode

• 0x4070c0 LoadLibraryW

• 0x4070c4 lstrlenW

• 0x4070c8 lstrcpynW

• 0x4070cc GetDiskFreeSpaceW

• 0x4070d0 GlobalUnlock

• 0x4070d4 GlobalLock

• 0x4070d8 CreateThread

• 0x4070dc CreateProcessW

• 0x4070e0 RemoveDirectoryW

• 0x4070e4 lstrcmpiA

• 0x4070e8 GetTempFileNameW

• 0x4070ec lstrcpyA

• 0x4070f0 lstrcpyW

• 0x4070f4 lstrcatW

• 0x4070f8 GetSystemDirectoryW

• 0x4070fc GetVersion

• 0x407100 GetProcAddress

• 0x407104 LoadLibraryA

• 0x407108 GetModuleHandleA

• 0x40710c GetModuleHandleW

• 0x407110 lstrcmpiW

• 0x407114 lstrcmpW

• 0x407118 WaitForSingleObject

• 0x40711c GlobalFree

• 0x407120 GlobalAlloc

• 0x407124 LoadLibraryExW

• 0x407128 GetExitCodeProcess

• 0x40712c FreeLibrary

• 0x407130 WritePrivateProfileStringW

• 0x407134 GetCommandLineW

• 0x407138 GetTempPathW

• 0x40713c GetPrivateProfileStringW

• 0x407140 FindFirstFileW

• 0x407144 FindNextFileW

• 0x407148 DeleteFileW

• 0x40714c SetFilePointer

• 0x407150 ReadFile

• 0x407154 FindClose

• 0x407158 MulDiv

• 0x40715c MultiByteToWideChar

• 0x407160 WriteFile

• 0x407164 lstrlenA

• 0x407168 WideCharToMultiByte

Library USER32.dll:

• 0x40718c EndDialog

• 0x407190 ScreenToClient

• 0x407194 GetWindowRect

• 0x407198 RegisterClassW

• 0x40719c EnableMenuItem

• 0x4071a0 GetSystemMenu

• 0x4071a4 SetClassLongW

• 0x4071a8 IsWindowEnabled

• 0x4071ac SetWindowPos

• 0x4071b0 GetSysColor

• 0x4071b4 GetWindowLongW

• 0x4071b8 SetCursor

• 0x4071bc LoadCursorW

• 0x4071c0 CheckDlgButton

• 0x4071c4 GetMessagePos

• 0x4071c8 LoadBitmapW

• 0x4071cc CallWindowProcW

• 0x4071d0 IsWindowVisible

• 0x4071d4 CloseClipboard

• 0x4071d8 SetClipboardData

• 0x4071dc wsprintfW

• 0x4071e0 CreateWindowExW

• 0x4071e4 SystemParametersInfoW

• 0x4071e8 AppendMenuW

• 0x4071ec CreatePopupMenu

• 0x4071f0 GetSystemMetrics

• 0x4071f4 SetDlgItemTextW

• 0x4071f8 GetDlgItemTextW

• 0x4071fc MessageBoxIndirectW

• 0x407200 CharPrevW

• 0x407204 CharNextA

• 0x407208 wsprintfA

• 0x40720c DispatchMessageW

• 0x407210 PeekMessageW

• 0x407214 ReleaseDC

• 0x407218 EnableWindow

• 0x40721c InvalidateRect

• 0x407220 SendMessageW

• 0x407224 DefWindowProcW

• 0x407228 BeginPaint

• 0x40722c GetClientRect

• 0x407230 FillRect

• 0x407234 DrawTextW

• 0x407238 GetClassInfoW

• 0x40723c DialogBoxParamW

• 0x407240 CharNextW

• 0x407244 ExitWindowsEx

• 0x407248 DestroyWindow

• 0x40724c CreateDialogParamW

• 0x407250 SetTimer

• 0x407254 SetWindowTextW

• 0x407258 PostQuitMessage

• 0x40725c GetDC

• 0x407260 SetWindowLongW

• 0x407264 LoadImageW

• 0x407268 SendMessageTimeoutW

• 0x40726c FindWindowExW

• 0x407270 EmptyClipboard

• 0x407274 OpenClipboard

• 0x407278 TrackPopupMenu

• 0x40727c EndPaint

• 0x407280 ShowWindow

• 0x407284 GetDlgItem

• 0x407288 IsWindow

• 0x40728c SetForegroundWindow

Library GDI32.dll:

• 0x40703c SelectObject

• 0x407040 SetBkMode

• 0x407044 CreateFontIndirectW

• 0x407048 SetTextColor

• 0x40704c DeleteObject

• 0x407050 GetDeviceCaps

• 0x407054 CreateBrushIndirect

• 0x407058 SetBkColor

Library SHELL32.dll:

• 0x407170 SHGetSpecialFolderLocation

• 0x407174 SHGetPathFromIDListW

• 0x407178 SHBrowseForFolderW

• 0x40717c SHGetFileInfoW

• 0x407180 ShellExecuteW

• 0x407184 SHFileOperationW

Library ADVAPI32.dll:

• 0x407000 RegCloseKey

• 0x407004 RegOpenKeyExW

• 0x407008 RegDeleteKeyW

• 0x40700c RegDeleteValueW

• 0x407010 RegEnumValueW

• 0x407014 RegCreateKeyExW

• 0x407018 RegSetValueExW

• 0x40701c RegQueryValueExW

• 0x407020 RegEnumKeyW

Library COMCTL32.dll:

• 0x407028 ImageList_Create

• 0x40702c ImageList_AddMasked

• 0x407030 ImageList_Destroy

• 0x407034

Library ole32.dll:

• 0x4072a4 CoCreateInstance

• 0x4072a8 CoTaskMemFree

• 0x4072ac OleInitialize

• 0x4072b0 OleUninitialize

Library VERSION.dll:

• 0x407294 GetFileVersionInfoSizeW

• 0x407298 GetFileVersionInfoW

• 0x40729c VerQueryValueW

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
client.teamviewer.com	CNAME client-teamviewer-com.trafficmanager.net CNAME client-tv-com-eastasia-v2.cloudapp.net A 13.75.119.102	13.75.119.102
DE-FRA-IBM-R003.teamviewer.com	A 161.156.67.100	161.156.67.100
clients2.google.com	A 172.217.160.78 CNAME clients.l.google.com	142.250.66.110
ping3.teamviewer.com	A 188.172.203.62 A 188.172.201.158 A 37.252.244.158 A 213.227.167.158 A 37.252.229.190	37.252.244.158
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
master2.teamviewer.com	A 185.188.32.2	185.188.32.2
teredo.ipv6.microsoft.com

TCP

Source	Source Port	Destination	Destination Port
192.168.56.101	49200	13.75.119.102 client.teamviewer.com	443
192.168.56.101	49198	161.156.67.100 DE-FRA-IBM-R003.teamviewer.com	5938
192.168.56.101	49191	185.188.32.2 master2.teamviewer.com	5938
192.168.56.101	49193	185.188.32.2 master2.teamviewer.com	5938
192.168.56.101	49194	185.188.32.2 master2.teamviewer.com	5938
192.168.56.101	49195	185.188.32.2 master2.teamviewer.com	5938
192.168.56.101	49205	185.188.32.2 master2.teamviewer.com	5938
192.168.56.101	49190	188.172.203.62 ping3.teamviewer.com	5938
192.168.56.101	49192	188.172.203.62 ping3.teamviewer.com	5938
192.168.56.101	49197	192.168.56.1	139
192.168.56.101	49204	192.168.56.1	139

UDP

Source	Source Port	Destination	Destination Port
192.168.56.1	137	192.168.56.101	137
192.168.56.1	138	192.168.56.101	138
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	51378	114.114.114.114	53
192.168.56.101	53380	114.114.114.114	53
192.168.56.101	54991	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	57367	114.114.114.114	53
192.168.56.101	58070	114.114.114.114	53
192.168.56.101	60221	114.114.114.114	53
192.168.56.101	63429	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49713	224.0.0.252	5355
192.168.56.101	50568	224.0.0.252	5355
192.168.56.101	51963	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.