Those are the categories of viruses that antivirus and various Windows defenders “do not see”. Generally, if you install the program yourself and allow the antivirus / defender to install it. And there already, it can do what it wants to do: merge your data or extract the cryptographic currency and use it as a proxy by hackers. It is impossible to track this programmatically, and antiviruses are wrong.
But the utility netstat can’t be cheated! Reboot your computer and immediately open PowerShell (administrator) (right-click on the start menu in Win 10) or the command line with administrator rights and type:
Click Enter and see the list of active connections.
With these running processes, you can see which application is initiating the connection. All you have to do is go to a search engine and type “what mDNSResponder.exe process” and see the result. It is impossible to describe all the processes, so my advice is to go to the search engine here correctly.
Example, svchost.exe is a service process, and the above mDNSResponder was installed with the Apple Windows program. This way, you can calculate the “left” program that makes connections on your computer.
Well, you can find out from the ip address some country (company) it belongs to. This is done through any whois ip service.