Why does the computer try to access 95.214.181.39 once a second?

[puzzled2]

When using Wireshark I noticed ongoing connections to 95.214.181.39 and blocked them in the firewall. Now the log shows this kind of entry once a second:
2025-12-12 16:56:17 DROP TCP 192.168.8.107 95.214.181.39 54929 4782 0 - 0 0 0 - - - SEND

The source port counts up one each time - inthe quoted line from the log it is 54929 - and the destination port is always 4782

I have looked for telltale signs of Quasar RAT - just in case, because that is known to connect via port 4782 - but I haven't found any evidence. I found a directory associated with WebView2 - an application that I have no knowledge of otherwise - that had files with time signatures of about 10 minutes ago, and I deleted the whole directory to see if it is being reestablished.

Any sugestions? Thanks in advance!

 

[puzzled2]

Replying to my own post:
Did some more research and found evidence that does suggest an infecion with the Quasar RAT. The firewall takes care of that for the time being, and later in the day, when I have timem I will try to get rid of the unwanted guest, as per the instructions on this page: www[dot]pcrisk[dot]com/removal-guides/15612-quasar-rat
Will let you know if that works...

 

[puzzled2]

Update:
One step forward (?): I found out that the application trying to access the IP address 95.214.181.39 on port 4782 is "regsvr32.exe" - apparently (from what I read on the web) various kinds of malware have over the years used this application as a tool to get their bad jobs done while themselves staying below the radar.

The website I mentioned in my previous post explains how to use a tool called "Autoruns" to get a list of active applications and then gives the instruction "locate the malware filey you want to eliminate", apparently based on the assumption that the malware is in the "Startup" folder - on my computer, however, the "Startup" folder is empty, so that's that.

​