I see the following connection initiated by RoyalTS.exe and RoyalTS_Chromium_WP.exe.
This behavior is detected by Sophos Intercept X end-point-protection solution as a WIN-MITRE-Behavioral-TA0005-T1055.012 threat.
"C:\Users\user.name\AppData\Local\Temp\Royal TS V6\Plugins\f008c2f0-5fb3-4c5e-a8eb-8072c1183088\RoyalTS_Chromium_WP.exe" --eoim --eo_init_data=eo.ipc.temp.220.127.116.11.15540.1.2
Could you confirm or deny if this is normal or abnormal behavior?
The RoyalTS_Chromium_WP.exe is the chromium worker process which is started through Royal TS. It's similar to what the chrome browser does. My guess is, that this is normal behavior but I can't really tell what the purpose of this connection is. You might want to ask this the chromium project owners: https://www.chromium.org/Home/
I do know that there are delayed downloads (like media codecs and plugins) which are downloaded/update during runtime. There's a good chance that this is something like that.