.. / RuntimeBroker.exe

Star

• Image Path: System32 dir
• Parent Process: svchost.exe
• Number of Instances: 1+
• User Account: User's
• Start Time: Varies

RuntimeBroker.exe acts as a proxy between the constrained Universal Windows Platform (UWP) apps (formerly called Metro apps) and the full Windows API. UWP apps have limited capability to interface with hardware and the file system. Broker processes such as RuntimeBroker.exe are therefore used to provide the necessary level of access for UWP apps. Generally, there will be one RuntimeBroker.exe for each UWP app. For example, starting Calculator.exe will cause a corresponding RuntimeBroker.exe process to initiate.

Image Path

Executable’s image path.

%SystemRoot%\System32\RuntimeBroker.exe

Parent Process

A process which spawned the analyzed process.

svchost.exe

Number of Instances

Expected number of processes running which may normally run on Windows.

One or more

User Account

Windows account with which the process was launched. This defines what privileges given process has.

Typically the logged-on user(s)

Start Time

Expected time of process to be launched.

Start times vary greatly