looks like i've been victim of DarkComet backdoor, RAT, and my own stupidity. But, this was targeted attack to cloack users as I got infected when downloading newer cloak wallet, following link from this forum page 1. Looks like i've been spoofed to fake Mega download of cloak wallet which contained trojan. I still have that link, now pointing to a Mega url saying that file has been removed.
I downloaded fake wallet on january 5th, attack happened about 16:00 CET, january 6th.
It's just my version of what it seems to happened, giving all the evidence I collected. I have some logs, maybe IP addresses, can this be traced somehow?
Anyone involved with crypto should have a good defense installed on their PC. I recommend MalewareBytes. Below is a link to Trend Micro's page on the "DarkComet" Trojan:
This hack is not specific to CLOAK or any other crypto but acts as a remote control portal allowing others to take control of your computer. You could have picked it up anywhere.