If it's a persistent process you may be able to identify it with a netsh trace capture, etl2pcapng and Wireshark. This only provides the process ID. If it's an ephemeral process you would need to track the running processes during the capture to get process name.
Some articles mention blocking outbound ICMP with a firewall loaded on the client and checking the logs for process information. I found when testing that ICMP from nmap was not blocked or logged.