Attacker remoted in, see above.
Launched crib sheet in FireFox for total export of Chrome saved passwords
I had attempted to hit print, but I had pulled out the network cable...
The interesting next is where they had been locally on Chrome
https://dl.dropboxusercontent.com/u/1745534/general_share/2016-08-03_work_pc_hack/History.pdf
NOTE: They are straight after my localbitcoins account...
Fortunately everything is 2FA apart from Amazon because in the UK they don't yet offer 2FA, but they have in the US like AWS services.
And my domain registrar. 123-reg - "arseholes".
Advice sort on finding the hole.
Suspects:
- teamviewer - nothing in logs
- Reverse VNC - unable to find logs
Chrome plugs - suspects
- Chrome Remote Desktop - not used for several month
- Splashtop - unable to find logs
- BitBrowser Bitcoin Wallet
My only get out of jail card. Keepass left not open....
Any advice to track how it happened appreciated.
Cheers MX
10 down, 511 to go...