So just an update for the records of the internet (unless someone has something to add)
I kept getting attacked from other host locations in India and Nigeria. Finally they got in but I believe after wasted hours I am now clean.
It is still unknown if they'll attack any service or the specifically begin with the vmware-related one, from research of open source programs of similar nature they escalate privilege up to system then hide, normally spying, stealing or installing cryptominers,
Thanks again for that one reply, amd as a final word, blocking all incoming traffic in windows firewall is a single click and 99% of the time you wont notice the difference at all. You could do it to a friend and they'd never ever notice.
-Website Data-
Category: Compromised
Domain:
IP Address: 196.31.28.114
Port: 445
Type: Inbound
File: System
-Website Data-
Category: Compromised
Domain:
IP Address: 211.214.17.201
Port: 135
Type: Inbound
File: C:\Windows\System32\svchost.exe
Who examples of migration to more critical systems.
[SUGGESTED READING] Official Malware Removal Guide : techsupport useful recourse (kill.exe is a tiny 2 second download that actually works btw, it takes 10 seconds and gives you a small readable log on the desktop)
Stay safe out there, I still have to call these companies because 0/3 replies to e-mails.