Meanwhile I checked the RDP logs on my system in
%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
It shows some entries on Dec 4th which do not exactly match the time of the hack. But there are also messages going back six months. The setting of RDP is turned off
Maybe youve been targeted for a few other things in the past too then.
I think its probably best for you to uninstall and reinstall your os. Maybe even on s differnt hard drive to ensure nothing else is damaged. Its likely they changed the logs during the hack so it wasnt so it wasnt as blatant. Maybe theres more hidden than we know that they got access to...