EvernoteNw.exe

File Path: C:\Program Files (x86)\Evernote\Evernote\NodeWebKit\EvernoteNw.exe

Hashes

Type	Hash
MD5	`ACD2770AD42EAB8841DE64251F2507DC`
SHA1	`AC54E34309C7D5E71A39B9E37A2D7B2F64D22652`
SHA256	`EAFCA585E0F4FE1191445587B4D4087CD395F9B88096A7C3B3524A69B1F05856`
SHA384	`75816B1C4CE415E2A4D910292411EC212D798BD4F0BFCA041E6087BE9C4F5E9117446D294795A1A48CAED1B3987B08AC`
SHA512	`D938CF00A4090A10B012DCEDD172193C02BA486A8A39430E377E0271EA865E205E547072F887DC25F8B1CD45BF0C764579E389BC61617F1295FE2C0623F971AE`
SSDEEP	`786432:0XA0NfKaOpeKMlcM1btVA/j9+F8ZeqiWpA8:0w0NiaOpeKkntVA/j9+FGHdW8`
IMP	`DCE79AFC8B09FF9BA281193880BBAEDA`
PESHA1	`BAC099868361A078095FF0ACD393B548164A09ED`
PE256	`82C135D4F3A65BF82D61FD96DDA96FD126DBC7D05D06F428C59BB2033904AED0`

Runtime Data

Child Processes:

EvernoteNw.exe EvernoteNw.exe

Open Handles:

Path	Type
(R–) C:\Users\user\AppData\Local\EvernoteNW\lockfile	File
(R-D) C:\Windows\Fonts\StaticCache.dat	File
(R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui	File
(RW-) C:\Program Files (x86)\Evernote\Evernote\NodeWebKit\icudtl.dat	File
(RW-) C:\Program Files (x86)\Evernote\Evernote\NodeWebKit\nw.pak	File
(RW-) C:\Users\user\AppData\Local\EvernoteNW\Cache\80e4b36ea78e905f_0	File
(RW-) C:\Users\user\AppData\Local\EvernoteNW\cookies	File
(RW-) C:\Users\user\AppData\Local\EvernoteNW\Local Storage\file__0.localstorage	File
(RW-) C:\Users\user\AppData\Local\EvernoteNW\Web Data	File
(RW-) C:\Windows	File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627	File
(RW-) C:\xCyclopedia	File
(RWD) C:\Users\user\AppData\Local\EvernoteNW\GPUCache\data_0	File
(RWD) C:\Users\user\AppData\Local\EvernoteNW\GPUCache\data_1	File
(RWD) C:\Users\user\AppData\Local\EvernoteNW\GPUCache\data_2	File
(RWD) C:\Users\user\AppData\Local\EvernoteNW\GPUCache\data_3	File
(RWD) C:\Users\user\AppData\Local\EvernoteNW\GPUCache\index	File
(RWD) C:\Windows\System32\drivers\etc	File
\BaseNamedObjects__ComCatalogCache__	Section
\BaseNamedObjects\C:ProgramDataMicrosoftWindowsCaches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000003.db	Section
\BaseNamedObjects\C:ProgramDataMicrosoftWindowsCaches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db	Section
\BaseNamedObjects\C:ProgramDataMicrosoftWindowsCaches*cversions.2	Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0	Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0	Section
\BaseNamedObjects\windows_shell_global_counters	Section
\Sessions\1\BaseNamedObjects\1fb4HWNDInterface:710624	Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters	Section
\Sessions\1\Windows\Theme2547664911	Section
\Windows\Theme3854699184	Section

Loaded Modules:

Path
C:\Program Files (x86)\Evernote\Evernote\NodeWebKit\EvernoteNw.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

Status: Signature verified.
Serial: 0F6C6C76C237FDBD4775DF1EEC48E4E7
Thumbprint: AC51E96E30DB8C8AB1657078805399F405626259
Issuer: CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US
Subject: CN=Evernote Corporation, O=Evernote Corporation, L=Redwood City, S=CA, C=US

File Metadata

Original Filename:
Product Name:
Company Name:
File Version:
Product Version:
Language:
Legal Copyright:
Machine Type: 32-bit

File Scan

VirusTotal Detections: 0/70
VirusTotal Link: https://www.virustotal.com/gui/file/eafca585e0f4fe1191445587b4d4087cd395f9b88096a7c3b3524a69b1f05856/detection/