Start a new topic

why RoyalTS_Chromium_WP.exe connecting to 104.26.2.6

Hello there,
I see the following connection initiated by
RoyalTS.exe and RoyalTS_Chromium_WP.exe.
This behavior is detected by Sophos Intercept X end-point-protection solution as a WIN-MITRE-Behavioral-TA0005-T1055.012 threat.

"C:\Users\user.name\AppData\Local\Temp\Royal TS V6\Plugins\f008c2f0-5fb3-4c5e-a8eb-8072c1183088\RoyalTS_Chromium_WP.exe" --eoim --eo_init_data=eo.ipc.temp.22.0.30.0.15540.1.2

Could you confirm or deny if this is normal or abnormal behavior?


Thanks,

Vladimir

1 Comment

Hi Vladimir!


The RoyalTS_Chromium_WP.exe is the chromium worker process which is started through Royal TS. It's similar to what the chrome browser does. My guess is, that this is normal behavior but I can't really tell what the purpose of this connection is. You might want to ask this the chromium project owners: https://www.chromium.org/Home/


I do know that there are delayed downloads (like media codecs and plugins) which are downloaded/update during runtime. There's a good chance that this is something like that.


Regards,
Stefan

Login or Signup to post a comment