netstat -ao or just o .. so that you get process (ID) that is establishing the connection.

or

use TCPview by Systeminternals

Use process explorer (systeminternals) to take a copy of the exe file and either directly send it to avira or check it on virustotal.com to see if avira and others have a detection for it.


Stop using the machine till there is an update and the malware is removed from the machine.