Teamviewer Microsoft Scam

[Donkerg]

Hi fellow members.

We recently had a Microsoft Scam via Teamviewer and are analysing the logs.
One of the things we try to figure out is what happened in the teamviewer session.

Was the person on our end the one who inititiated the teamviewer session of was he requested to answer the teamviewer session.

The logs state:
CommandHandlerRouting[12]::CreateActiveSession(): outgoing session to 158289069 via server24602.teamviewer.com, protocol Port443

Is it possible that the server was already open ?

Also this line strikes me as strange.

7076  6896 D2   tvdesktop::GrabScreen::CDesktop_Win::EnumTopWindowsProcWin - window class $$$Secure UAP Background Fake Client Window Class; style 79691776