https://dl.dropboxusercontent.com/u/...2018_09_22.png
Attacker remoted in, see above.
Launched crib sheet in FireFox for total export of Chrome saved passwords
I had attempted to hit print, but I had pulled out the network cable...
The interesting next is where they had been locally on Chrome
https://dl.dropboxusercontent.com/u/...ck/History.pdf
NOTE: They went straight after my localbitcoins account...
Fortunately everything is 2FA apart from Amazon because in the UK they don't yet offer 2FA, but they have in the US like AWS services.
And my domain registrar. 123-reg - "arseholes".
Advice sort on finding the hole.
Suspects:
teamviewer - nothing in logs
Reverse VNC - unable to find logs
Chrome plugs - suspects
Chrome Remote Desktop - not used for several month
Splashtop (Viewer) - unable to find logs
BitBrowser Bitcoin Wallet
My only get out of jail card. Keepass left not open....
Any advice to track how it happened appreciated.
Cheers MX