Clark

LineageOS sends connectivity checks, time adjustment requests and system webview (chromium by default and not easy to change) data to google servers as far as I know. Are you sure it doesn't send anything to google? On the other hand, there is an app Invizible Pro on FDroid, which is perfect to prevent such connections. Maybe you assume the user will install it?

I wish I could bring it to an expert. Do you know how to find one? Here is the file: https://paste.centos.org/view/5df16fbe Sorry for the delay

I will try it, thank you :)

The answers are good enough for me here

I'm not just trying to get rid of the malware but also understand what it's doing. Besides, wiping the system doesn't help as some viruses can permanently corrupt bios. So before wiping out, I think it's a good idea to know what's going on my pc and where do my data go, if there is a malware. I'm a rookie with network monitoring, that's why I'm trying to learn from more experienced users. Here is the part of the original capture: https://limewire.com/?referrer=pq7i8xx7p2. I will disable tor and close all apps along with some serviced and record again. I will let you know, thanks for your help

No, it wasn't at the time of recording. It was a confirmation later on that tor and network manager were the only apps using the ports with brave opened.

Does also your computer connect to Amazon, Hetzner, 1337 Services GmbH, Evanzo GmbH and ThomasFamilyInvestments without a reason?

Yes, .100 is me. I have a Zyxel router, should it show the intended recipient? I'm running Linux. What do you mean by a high port to a low port? I also think there is a malware.

Thank you for the informations. There were nothing in the foreground but tor was apparently running in the background. But I'm still not sure if these services were all due to Tor. I need to run another record I guess

Thanks for the informations. This clarifies a lot.

i only have these over long term but brave was closed when recording:

Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp ESTAB 0 0 192.168.1.100%wlan0:68 192.168.1.1:67 users:(("NetworkManager",pid=1065,fd=27))
tcp ESTAB 0 0 192.168.1.100:57728 185.246.86.175:9001 users:(("tor",pid=1143,fd=16))
tcp ESTAB 0 0 192.168.1.100:60406 54.36.178.108:443 users:(("brave",pid=5153,fd=27))
tcp ESTAB 0 0 192.168.1.100:40606 89.58.56.112:587 users:(("tor",pid=1143,fd=12))