Start a new topic

why RoyalTS_Chromium_WP.exe connecting to

Hello there,
I see the following connection initiated by
RoyalTS.exe and RoyalTS_Chromium_WP.exe.
This behavior is detected by Sophos Intercept X end-point-protection solution as a WIN-MITRE-Behavioral-TA0005-T1055.012 threat.

"C:\Users\\AppData\Local\Temp\Royal TS V6\Plugins\f008c2f0-5fb3-4c5e-a8eb-8072c1183088\RoyalTS_Chromium_WP.exe" --eoim --eo_init_data=eo.ipc.temp.

Could you confirm or deny if this is normal or abnormal behavior?



1 Comment

Hi Vladimir!

The RoyalTS_Chromium_WP.exe is the chromium worker process which is started through Royal TS. It's similar to what the chrome browser does. My guess is, that this is normal behavior but I can't really tell what the purpose of this connection is. You might want to ask this the chromium project owners:

I do know that there are delayed downloads (like media codecs and plugins) which are downloaded/update during runtime. There's a good chance that this is something like that.


Login or Signup to post a comment