Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

5,4,1,3962 7.69%
5,0,3,1614 15.38%
4,6,6,8360 23.08%
4,6,4,8136 23.08%
4,6,3,8096 23.08%
4,6,2,7927 7.69%

Relationships

Parent process
Child processes
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegOpenKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, RegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, GetTokenInformation, CheckTokenMembership, CreateWellKnownSid, CopySid, GetLengthSid, DeregisterEventSource, RegisterEventSourceW, ReportEventW, RegDeleteKeyW
comctl32.dll
ImageList_Destroy, ImageList_GetImageCount, _TrackMouseEvent, ImageList_GetIcon, ImageList_Draw, ImageList_DrawEx, ImageList_GetIconSize, DestroyPropertySheetPage, ImageList_Create, ImageList_DrawIndirect, PropertySheetW, ImageList_AddMasked, ImageList_ReplaceIcon, ImageList_LoadImageW, ImageList_GetImageInfo, CreatePropertySheetPageW, InitCommonControlsEx
comdlg32.dll
GetSaveFileNameW, GetFileTitleW, GetOpenFileNameW, ChooseFontW, ChooseColorW, PageSetupDlgW, PrintDlgExW
credui.dll
CredUIPromptForCredentialsW
encrashrep.dll
EnCrashRepSetInfo, EnCrashRepExceptionFilter
enfatink.dll
_ENInkHTMLExporterCreate@16, _ENInkHTMLExporterDelete@4, _ENInkHTMLExporterGetAttach@12, _ENInkCtrlClassNameW@0
fpdfemb.dll
FPDFEMB_CreateDIB, FPDFEMB_GetSearchPos, FPDFEMB_CloseDocument, FPDFEMB_GetPageCount, FPDFEMB_LoadPage, FPDFEMB_ClosePage, FPDFEMB_GetPageSize, FPDFEMB_DeviceToPagePoint, FPDFEMB_PageToDevicePoint, FPDFEMB_StartParse, FPDFEMB_Text_LoadPage, FPDFEMB_Text_CloseTextPage, FPDFEMB_Text_GetCharIndexAtPos, FPDFEMB_Text_CountChars, FPDFEMB_GetDIBData, FPDFEMB_Text_GetFontSize, FPDFEMB_Text_GetMatrix, FPDFEMB_Text_CountRects, FPDFEMB_Text_GetRect, FPDFEMB_Text_GetText, FPDFEMB_Text_GetBoundedText, FPDFEMB_Text_GetFont, FPDFEMB_Font_GetAscent, FPDFEMB_Font_GetDescent, FPDFEMB_FindFrom, FPDFEMB_FindNext, FPDFEMB_FindPrev, FPDFEMB_Text_GetOrigin, FPDFEMB_CountFoundRects, FPDFEMB_GetFoundRect, FPDFEMB_InitEx, FPDFEMB_Exit, FPDFEMB_StartLoadDocument, FPDFEMB_DestroyDIB, FPDFEMB_StartRender
gdi32.dll
SetDIBits, GetEnhMetaFileHeader, CreateEnhMetaFileW, CloseEnhMetaFile, SetViewportOrgEx, SelectClipRgn, SetWindowExtEx, SetMapMode, CreateDCW, OffsetWindowOrgEx, PlayEnhMetaFile, GetMapMode, CreateRectRgn, SetRectRgn, EnumFontFamiliesExW, RestoreDC, SaveDC, GetBkColor, SetStretchBltMode, SetBrushOrgEx, GetTextExtentPoint32W, CreateFontW, RoundRect, GetDIBits, CreateDIBitmap, ExtCreateRegion, RectVisible, GetTextMetricsW, CombineRgn, CreateRectRgnIndirect, ExcludeClipRect, GetCurrentObject, GetPixel, SetDIBColorTable, CreateDIBSection, StretchBlt, GetDIBColorTable, LPtoDP, DPtoLP, PatBlt, BitBlt, GetClipBox, CreateCompatibleBitmap, SetWindowOrgEx, CreateCompatibleDC, CreateBitmap, CreatePatternBrush, TextOutW, LineTo, MoveToEx, GetDeviceCaps, Polygon, Rectangle, CreatePen, CreateSolidBrush, ExtTextOutW, SetBkColor, GetStockObject, CreateFontIndirectW, GetObjectW, SetTextColor, SetBkMode, DeleteDC, DeleteObject, SetViewportExtEx, DeleteEnhMetaFile, SelectObject
gdiplus.dll
GdipGetImageHeight, GdiplusShutdown, GdipFree, GdipAlloc, GdipDeleteGraphics, GdipDisposeImage, GdipGetImagePixelFormat, GdipGetImagePaletteSize, GdipGetImagePalette, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromScan0, GdipBitmapLockBits, GdipBitmapUnlockBits, GdiplusStartup, GdipGetImageGraphicsContext, GdipDrawImageI, GdipCloneImage, GdipDrawRectangle, GdipFillRectangle, GdipDrawImage, GdipCloneBrush, GdipSaveImageToStream, GdipCreateBitmapFromHBITMAP, GdipGetImageWidth, GdipRotateWorldTransform, GdipTranslateWorldTransform, GdipResetWorldTransform, GdipCreateLineBrushFromRect, GdipDeletePen, GdipCreatePen1, GdipDeleteBrush, GdipSetSmoothingMode, GdipCreateFromHDC, GdipGetImageEncodersSize, GdipGetImageEncoders, GdipCreateBitmapFromFile, GdipCreateBitmapFromFileICM, GdipSaveImageToFile
kernel32.dll
DllMain
libcef.dll
cef_string_utf16_clear, cef_string_utf16_cmp, cef_string_utf16_set, cef_string_wide_to_utf16, cef_string_list_free, cef_string_utf8_to_utf16, cef_string_utf8_clear, cef_drag_data_create, cef_post_data_element_create, cef_string_list_copy, cef_post_data_create, cef_string_list_size, cef_string_list_value, cef_string_multimap_size, cef_string_multimap_key, cef_string_multimap_value, cef_string_map_size, cef_string_map_key, cef_string_map_value, cef_string_multimap_append, cef_string_map_append, cef_string_list_append, cef_v8context_get_entered_context, cef_v8context_get_current_context, cef_v8context_in_context, cef_stream_reader_create_for_handler, cef_stream_reader_create_for_data, cef_stream_reader_create_for_file, cef_v8value_create_function, cef_v8value_create_array, cef_v8value_create_object_with_accessor, cef_v8value_create_string, cef_v8value_create_date, cef_v8value_create_double, cef_v8value_create_int, cef_v8value_create_bool, cef_v8value_create_null, cef_v8value_create_undefined, cef_domrange_create, cef_edit_command_group_create, cef_register_plugin, cef_get_web_plugin_info_byname, cef_get_web_plugin_info, cef_register_extension, cef_create_url, cef_post_delayed_task, cef_post_task, cef_visit_storage, cef_register_scheme_handler_factory, cef_build_revision, cef_initialize, cef_parse_url, cef_set_storage_path, cef_delete_storage, cef_set_storage, cef_register_custom_scheme, cef_string_utf16_to_utf8, cef_browser_create, cef_browser_create_sync, cef_string_list_alloc, cef_cookie_manager_get_global_manager, cef_cookie_manager_create_manager, cef_string_userfree_utf16_free, cef_string_multimap_free, cef_string_multimap_alloc, cef_request_create, cef_shutdown, cef_do_message_loop_work, cef_run_message_loop, cef_quit_message_loop, cef_set_cache_mode, cef_set_browser_defaults, cef_clear_cross_origin_whitelist, cef_clear_scheme_handler_factories, cef_currently_on, cef_get_web_plugin_count, cef_add_cross_origin_whitelist_entry, cef_remove_cross_origin_whitelist_entry
libhunspell.dll
hunspell_uninitialize, hunspell_spell, hunspell_add, hunspell_add_with_affix, hunspell_initialize, hunspell_get_dic_encoding, hunspell_free_list, hunspell_suggest
libpcre.dll
regfree, regexec, regcomp, pcre_config
libsqlite.dll
sqlite3_bind_parameter_index, sqlite3_column_double, sqlite3_bind_null, sqlite3_table_column_metadata, sqlite3_open, sqlite3_close, sqlite3_busy_timeout, sqlite3_bind_blob, sqlite3_bind_int64, sqlite3_exec, sqlite3_free, sqlite3_column_bytes, sqlite3_column_int64, sqlite3_last_insert_rowid, sqlite3_bind_double, sqlite3_bind_text, sqlite3_step, sqlite3_bind_int, sqlite3_column_text, sqlite3_column_int, sqlite3_column_blob, sqlite3_changes, sqlite3_create_function, sqlite3_user_data, sqlite3_get_auxdata, sqlite3_set_auxdata, sqlite3_result_int, sqlite3_result_int64, sqlite3_result_double, sqlite3_result_text, sqlite3_result_blob, sqlite3_result_null, sqlite3_result_error, sqlite3_value_bytes, sqlite3_value_blob, sqlite3_value_int, sqlite3_value_text, sqlite3_create_collation, sqlite3_prepare_v2, sqlite3_get_autocommit, sqlite3_reset, sqlite3_clear_bindings, sqlite3_finalize, sqlite3_db_handle, sqlite3_errmsg, sqlite3_column_count
libxml2.dll
xmlSetExternalEntityLoader, xmlReaderForMemory, xmlTextReaderSetErrorHandler, xmlTextReaderRead, xmlTextReaderIsValid, xmlTextReaderLocatorBaseURI, xmlFreeTextReader, xmlNewInputFromFile, xmlNewStringInputStream, xmlNoNetExternalEntityLoader, xmlTextReaderLocatorLineNumber
msimg32.dll
TransparentBlt, AlphaBlend, GradientFill
ole32.dll
CoCreateGuid, CoUninitialize, ReleaseStgMedium, CoInitializeEx, DoDragDrop, StringFromGUID2, RegisterDragDrop, RevokeDragDrop, PropVariantClear, CreateStreamOnHGlobal, CoTaskMemFree, CoCreateInstance, CoTaskMemRealloc, CoTaskMemAlloc, OleUninitialize, OleInitialize, CLSIDFromProgID
psapi.dll
GetProcessMemoryInfo
shell32.dll
SHGetDesktopFolder, ShellExecuteExW, SHBrowseForFolderW, SHFileOperationW, SHGetFileInfoW, SHGetSpecialFolderPathW, ShellExecuteW, SHGetSpecialFolderLocation, CommandLineToArgvW, SHGetPathFromIDListW
shlwapi.dll
PathFindFileNameW, UrlCombineW, AssocQueryStringW, PathFindExtensionW, PathIsURLW, UrlCanonicalizeW, PathCombineW, PathGetDriveNumberW, PathIsNetworkPathW, PathBuildRootW, PathCreateFromUrlW, UrlEscapeW, SHStrDupW, PathIsRootW
user32.dll
DllMain
uxtheme.dll
SetWindowTheme, GetThemeInt, DrawThemeBackground, OpenThemeData, CloseThemeData
version.dll
GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
wininet.dll
InternetCanonicalizeUrlW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, HttpSendRequestA, InternetErrorDlg, HttpQueryInfoA, InternetSetCookieW, InternetAttemptConnect, InternetOpenA, InternetSetStatusCallbackA, InternetConnectA, HttpAddRequestHeadersA, InternetGetLastResponseInfoA, InternetOpenUrlA, InternetOpenUrlW, InternetSetOptionW, InternetReadFile, HttpQueryInfoW, InternetQueryDataAvailable, InternetOpenW, InternetCloseHandle, InternetGetConnectedState, InternetQueryOptionW, HttpOpenRequestA, InternetCrackUrlW
winmm.dll
timeGetTime
winspool.drv
GetPrinterW, ClosePrinter, OpenPrinterW
wintrust.dll
WinVerifyTrust

Evernote.exe

Evernote by EVERNOTE CORPORATION (Signed)

Remove Evernote.exe
Version:   4,6,3,8096
MD5:   327af7bf165975088f1251d30a1a9457
SHA1:   f90b27d9d563299a313ab3d7a0e56008743d5d0a
SHA256:   11ad2f42946748f377443b253500ae6efe9098ab524b7ae5912bed7663adf38f

Overview

evernote.exe executes as a process with the local user's privileges usually within the context of Windows Explorer. It is installed with a couple of know programs including Evernote v. 4.2.3 published by Evernote Corp., Evernote v. 4.6.3 from Evernote Corp. and Evernote v. 4.6.3 by Evernote Corp.. The file is digitally signed by EVERNOTE CORPORATION which was issued by the Thawte certificate authority (CA).

DetailsDetails

File name:evernote.exe
Publisher:Evernote Corp., 305 Walnut Street, Redwood City, CA 94063
Product name:Evernote®
Description:Evernote
Typical file path:C:\Program Files\evernote\evernote\evernote.exe
File version:4,6,3,8096
Size:11.42 MB (11,977,568 bytes)
Certificate
Issued to:EVERNOTE CORPORATION
Authority (CA):Thawte
Effective date:Sunday, September 18, 2011
Expiration date:Thursday, November 7, 2013
Digital DNA
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Evernote v.
 Evernote Corp.
1% remove
Evernote is a suite of software and services designed for notetaking and archiving. A "note" can be a piece of formatted text, a full webpage or webpage excerpt, a photograph, a voice memo, or a handwritten "ink" note. Notes can also have file attachments. Web clipping support is installed by default on the Internet Explorer and Safari browsers when the Evernote software is installed under Windows. The Evernote email-clipper is automat...
Network connections
  • [TCP] www.evernote.com (204.154.94.81:443)

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00040268%
    0.028634%
    Kernel CPU:0.00024638%
    0.013761%
    User CPU:0.00015630%
    0.014873%
    Kernel CPU time:8,461,297 ms/min
    100,923,805ms/min
    CPU cycles:17,213,668/sec
    17,470,203/sec
    Memory
    Private memory:69.95 MB
    21.59 MB
    Private (maximum):84.38 MB
    Private (minimum):31.7 MB
    Non-paged memory:69.95 MB
    21.59 MB
    Virtual memory:369.34 MB
    140.96 MB
    Virtual memory (peak):410.41 MB
    169.69 MB
    Working set:63.48 MB
    18.61 MB
    Working set (peak):107.22 MB
    37.95 MB
    Page faults:399,589/min
    2,039/min
    I/O
    I/O read transfer:23.8 MB/sec
    1.02 MB/min
    I/O read operations:870/sec
    343/min
    I/O write transfer:60.85 KB/sec
    274.99 KB/min
    I/O write operations:246/sec
    227/min
    I/O other transfer:23.04 KB/sec
    448.09 KB/min
    I/O other operations:2,395/sec
    1,671/min
    Resource allocations
    Threads:20
    12
    Handles:634
    600
    GUI GDI count:952
    103
    GUI GDI peak:972
    142
    GUI USER count:483
    49
    GUI USER peak:500
    71

    BehaviorsProcess properties

    Integrety level:Medium
    Platform:64-bit
    Command lines:
    • "C:\Program Files\evernote\evernote\evernote.exe"
    • C:\users\user\appdata\local\apps\evernote\evernote\evernote.exe
    Owner:User
    Parent process:explorer.exe (Windows Explorer by Microsoft Corporation)

    ResourcesThreads

    Averages
     
    Evernote.exe (main module)
    Total CPU:0.01558167%
    0.272967%
    Kernel CPU:0.01345957%
    0.107585%
    User CPU:0.00212210%
    0.165382%
    CPU cycles:1,756,110/sec
    5,741,424/sec
    Memory:11.46 MB
    1.16 MB
    wow64cpu.dll
    Total CPU:0.00023129%
    Kernel CPU:0.00011937%
    User CPU:0.00011191%
    CPU cycles:9,023/sec
    Memory:32 KB
    ntdll.dll
    Total CPU:0.00006296%
    Kernel CPU:0.00004444%
    User CPU:0.00001852%
    CPU cycles:5,652/sec
    Memory:1.66 MB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Premium 38.46%
    Windows 8 Pro 30.77%
    Windows 7 Professional 15.38%
    Windows 8 7.69%
    Windows Vista Home Premium 7.69%

    Distribution by countryDistribution by country

    United States installs about 76.92% of Evernote®.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Hewlett-Packard 31.25%
    Acer 12.50%
    Lenovo 12.50%
    ASUS 12.50%
    Dell 12.50%
    Toshiba 12.50%
    GIGABYTE 6.25%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE