Thank you for your response. I cannot see that PC would be infected (using AVAST, Microsoft Defender/Firewall with weekly scheduled scanning for viruses and malware). How could someone got knowledge about private keys? Was the reason that Core node (and wallet) had to be open for several weeks for it to be synchronized?
As the linked mining address cannot be changed for already pending mining assets, I can only hope to be quicker and to withdraw the mining deposit as soon as it comes to another address? Can I still use the same Core version to make new address (in order to make deposit/withdrawal from compromised to a new one) or is it better to download new version?