Manalyze report for 58f43fc45053912f5e0798b278b1cbca936a2b0c343b59c01fa2f8a999ebfed5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Apr-13 18:08:17
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.
Debug artifacts	D:\dbs\el\omr\Target\x64\ship\postc2r\x-none\onenotem.pdb
CompanyName	Microsoft Corporation
FileDescription	Send to OneNote Tool
FileVersion	`16.0.19822.20182`
InternalName	QuickLauncher
LegalTrademarks1	MicrosoftÂ® is a registered trademark of Microsoft Corporation.
LegalTrademarks2	WindowsÂ® is a registered trademark of Microsoft Corporation.
OriginalFilename	OneNoteM.exe
ProductName	Microsoft OneNote
ProductVersion	`16.0.19822.20182`

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .c2r`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress LoadLibraryExW LoadLibraryExA` `Can access the registry: RegQueryValueExW RegOpenKeyExW RegSetValueExW RegCreateKeyExW RegCloseKey RegGetValueW` `Possibly launches other programs: CreateProcessW` `Manipulates other processes: OpenProcess`
Info	The PE is digitally signed.	`Signer: Microsoft Corporation` `Issuer: Microsoft Windows Code Signing PCA 2024`
Safe	VirusTotal score: 0/72 (Scanned on 2026-04-14 18:29:13)	`All the AVs think this file is safe.`

Hashes

MD5	`19109b1d6c0c4e78266fd3ddc5727441`
SHA1	`356dc977d19fec2f91437dda910756dc7202557c`
SHA256	`58f43fc45053912f5e0798b278b1cbca936a2b0c343b59c01fa2f8a999ebfed5`
SHA3	`2856748cae5d6a899adedc2d22a3ffd5355f2374a61a13d2da646b4d11a3a70e`
SSDeep	`12288:oPYhjImJk7XAYZKnSue7dtZxOH6ivWfkzCm:bhMgkcYZKn1e7dtZAaivkkmm`
Imports Hash	`ec303895e418fc252e2445f83cf92854`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2026-Apr-13 18:08:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x2dc00`
SizeOfInitializedData	`0x6b800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000002BCF0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`0.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0xa4000`
SizeOfHeaders	`0x400`
Checksum	`0xa6d71`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`99d50799bc4934d1f66de8843d674650`
SHA1	`08750d5b2f17f50e6862edc35225fecd0b54891c`
SHA256	`8c0f17bcd031cbed904561ef88d128e3348e1f565f93469f470a7b744b61eb1d`
SHA3	`92f69bbf2de709edee0dc0a0a5a93cb64790e74d3622e31303bf7b5180fece28`
VirtualSize	`0x2db87`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2dc00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.35289`

.rdata

MD5	`c95bec0c41142917557212063bd7e833`
SHA1	`bbd07a5585e8a76220c79c67466b94c6371979b9`
SHA256	`c694507c870fc60dbb8751ac2156abe2a28b4a9595800c9305923b6f5d39fde9`
SHA3	`c844fc816b946e3d35ab303e3a7b0d6221c2a8462cfbbf25906987264abbdcb4`
VirtualSize	`0x4bfd1`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x4c000`
PointerToRawData	`0x2e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.66762`

.data

MD5	`5dfca9af53c0ffce3da6527b2d80bdd2`
SHA1	`509c34dbee9987a8ae4f1226a5948dc093206256`
SHA256	`faaa75852f6f588368b51b24cf7b713a39d4a2c102a580626883fdee40a38905`
SHA3	`bbfeb6d066b231baa2482e6f7711a60392fc11f31e0114c9e030f5e766bcf0ce`
VirtualSize	`0x80d0`
VirtualAddress	`0x7b000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x7a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.715`

.pdata

MD5	`b5bdd2e98d5cf8086df57c8bb1e93593`
SHA1	`b7a7a646683cde268f3a90993619a1cdb783e43d`
SHA256	`e7fff414b0af66ae0dd025b093b3a8b71b5b075baf3236e27b04fefa702d712d`
SHA3	`07e73113428538898b1a0a981884da5a2023a3f71ab00e2b124d79d15831ed4d`
VirtualSize	`0x2874`
VirtualAddress	`0x84000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x7c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.36675`

.didat

MD5	`3c88009a8fa28a3de02c25577519068d`
SHA1	`c740b637b8d8586332e2639395e702aa526d73da`
SHA256	`8d937133140ba552fb62cace1d880ee114506e7c048654153a0292ae973045e0`
SHA3	`560314fc76904893a9435407c3068adcb0a85019b43c50cd511a0017282e2c21`
VirtualSize	`0x380`
VirtualAddress	`0x87000`
SizeOfRawData	`0x400`
PointerToRawData	`0x7f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.07034`

.c2r

MD5	`98f35b21dae3c20a6addc6c12f8583d3`
SHA1	`23a7fae3aa5ad4b9d4db5775d7866085a0979248`
SHA256	`5754ff1ec48b475061148067d305e7c4d5eddfd1ff83189c2dc27d82c38d1ffa`
SHA3	`46e4e2d1f48f8ea939abc9b049c85fb6ea44fc65bc2d1f390053e3c65c752d89`
VirtualSize	`0x150`
VirtualAddress	`0x88000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.32031`

.rsrc

MD5	`dc5a17dcb538af8d079782f8cb277ef6`
SHA1	`195e1cde4fd136c04d4a7869b6a29a424599ca15`
SHA256	`ff83c9893885c2d66df1b63aeded1b47c4ba4d46899667a9869c4da7e1b7eb65`
SHA3	`0eca719893754301aace470894fd9fd0c694f9222a909b6ff9ff37ce78cef552`
VirtualSize	`0x167cc`
VirtualAddress	`0x89000`
SizeOfRawData	`0x16800`
PointerToRawData	`0x7f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.0149`

.reloc

MD5	`33ad25f89ed0e36017daa79cf4d0efaf`
SHA1	`73ffab4209e39f7ca922daa76fb36085f79eee05`
SHA256	`7e91c7283a018a48e4baa9b8ab4d2b2a95c9fd805b4b94e2e39e2c15ce6428d3`
SHA3	`2d0ea1b11067e482b97c9148e1e51ce7a5eeaf24cad3fac7f5dab553f5b4efed`
VirtualSize	`0x3874`
VirtualAddress	`0xa0000`
SizeOfRawData	`0x3a00`
PointerToRawData	`0x96000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.42484`

Imports

AppVIsvSubsystems64.dll	`#1`
KERNEL32.dll	`CreateActCtxW` `ActivateActCtx` `SetLastError` `EnterCriticalSection` `GetCommandLineW` `GetCurrentProcess` `GetModuleHandleExW` `OutputDebugStringA` `GetModuleFileNameW` `LeaveCriticalSection` `FindActCtxSectionStringW` `InitializeCriticalSectionEx` `WaitForSingleObject` `GetCurrentThreadId` `GetVersionExW` `DeactivateActCtx` `OpenProcess` `CreateEventW` `QueryActCtxW` `Sleep` `GetLastError` `GlobalSize` `SetEvent` `GlobalAlloc` `GlobalFree` `CloseHandle` `RaiseException` `LoadLibraryW` `HeapCompact` `DecodePointer` `GetProcAddress` `GlobalLock` `DeleteCriticalSection` `GetProcessHeap` `CreateProcessW` `FreeLibrary` `LocaleNameToLCID` `SetProcessWorkingSetSize` `CreateFileMappingW` `GlobalUnlock` `RegisterApplicationRestart` `LoadLibraryExW` `SetUnhandledExceptionFilter` `CreateMutexW` `ReleaseMutex` `OpenFileMappingW` `UnmapViewOfFile` `MapViewOfFile` `EncodePointer` `TlsAlloc` `FlsFree` `TlsFree` `CompareStringEx` `GetLocaleInfoEx` `MultiByteToWideChar` `WideCharToMultiByte` `GetUserDefaultLocaleName` `IsValidCodePage` `FileTimeToSystemTime` `GetStringTypeExW` `HeapFree` `HeapAlloc` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `TerminateProcess` `GetModuleFileNameA` `GetShortPathNameA` `FindResourceW` `SizeofResource` `LoadResource` `GetModuleHandleW` `LockResource` `LoadLibraryExA` `IsDebuggerPresent` `OutputDebugStringW` `AcquireSRWLockExclusive` `VirtualQuery` `VirtualProtect` `GetSystemInfo` `InitOnceComplete` `InitOnceBeginInitialize` `AcquireSRWLockShared` `ReleaseSRWLockShared` `GetFileInformationByHandleEx` `AreFileApisANSI` `GetFileAttributesExW` `FindNextFileW` `FindFirstFileExW` `FindFirstFileW` `FindClose` `CreateFileW` `FormatMessageA` `WakeAllConditionVariable` `SleepConditionVariableSRW` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `InitializeSListHead` `GetStartupInfoW` `LocalFree` `ReleaseSRWLockExclusive`
OLEAUT32.dll	`LoadRegTypeLib` `VariantInit` `LoadTypeLib` `SysFreeString` `SysAllocString` `SysStringLen`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__current_exception_context` `__current_exception` `memset` `memmove` `wcschr` `_purecall` `__C_specific_handler_noexcept` `_CxxThrowException` `memcpy` `memcmp` `wcsstr` `__std_exception_copy` `__std_exception_destroy` `__C_specific_handler` `__std_terminate`
MSVCP140.dll	`_Thrd_id` `_Mtx_lock` `_Mtx_init_in_situ` `?_Throw_Cpp_error@std@@YAXH@Z` `?_Syserror_map@std@@YAPEBDH@Z` `?_Winerror_map@std@@YAHH@Z` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xbad_alloc@std@@YAXXZ` `_Mtx_unlock`
api-ms-win-crt-heap-l1-1-0.dll	`free` `_set_new_mode` `malloc`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vsnwprintf_s` `__stdio_common_vswprintf_s` `__p__commode` `_set_fmode`
api-ms-win-crt-runtime-l1-1-0.dll	`abort` `_invoke_watson` `terminate` `_seh_filter_exe` `_crt_atexit` `_register_onexit_function` `_initialize_onexit_table` `_register_thread_local_exe_atexit_callback` `_c_exit` `_cexit` `_set_app_type` `_exit` `exit` `_initterm_e` `_initterm` `_get_narrow_winmain_command_line` `_initialize_narrow_environment` `_configure_narrow_argv`
api-ms-win-crt-string-l1-1-0.dll	`wcscat_s` `wcsncpy_s` `wcsncat_s` `wcscpy_s` `wcscmp` `isdigit` `_wcsicmp` `wcsnlen`
api-ms-win-crt-math-l1-1-0.dll	`_fdclass` `log10` `round` `floor` `_dclass` `pow` `__setusermatherr`
api-ms-win-crt-convert-l1-1-0.dll	`_wtoi` `_i64tow_s`
api-ms-win-crt-locale-l1-1-0.dll	`___lc_codepage_func` `_configthreadlocale` `__initialize_lconv_for_unsigned_char`
ADVAPI32.dll (delay-loaded)	`RegQueryValueExW` `RegOpenKeyExW` `RegSetValueExW` `RegCreateKeyExW` `RegCloseKey` `ReportEventW` `RegisterEventSourceW` `DeregisterEventSource` `EventWriteTransfer` `EventRegister` `EventUnregister` `EventSetInformation` `RegGetValueW`

Delayed Imports

Attributes	`0x1`
Name	`ADVAPI32.dll`
ModuleHandle	`0x7d710`
DelayImportAddressTable	`0x87000`
DelayImportNameTable	`0x72808`
BoundDelayImportTable	`0`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

MICROSOFTEDPENLIGHTENEDAPPINFO

Type	`EDPENLIGHTENEDAPPINFOID`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1`
MD5	`25daad3d9e60b45043a70c4ab7d3b1c6`
SHA1	`0e356ba505631fbf715758bed27d503f8b260e3a`
SHA256	`47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254`
SHA3	`47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc`

MICROSOFTEDPPERMISSIVEAPPINFO

Type	`EDPPERMISSIVEAPPINFOID`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1`
MD5	`25daad3d9e60b45043a70c4ab7d3b1c6`
SHA1	`0e356ba505631fbf715758bed27d503f8b260e3a`
SHA256	`47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254`
SHA3	`47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc`

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xb5db`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98344`
Detected Filetype	PNG graphic file
MD5	`912fe3196c29135476f1cb905f60f9f8`
SHA1	`37e699e2c4ffc7cd7da2976fc9d24d799d5cf86e`
SHA256	`e26223b8a6f3d6a2ec709f9238243a310a4f9a57dd0a666cba85e27d1dac7d1f`
SHA3	`590e8465ec4ee36f91ec3343afff5c5fb6ec13bacd73d0359c829435c55042ba`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x12a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9348`
Detected Filetype	PNG graphic file
MD5	`18e3d64283373d60660d49198dc3fba2`
SHA1	`d7e52ec2da2432c50f20ae99e7a76cce479822aa`
SHA256	`d6ec4576024623c7748fc166d89feab319db87ad86fc1e533df491a6ffd8c116`
SHA3	`84f22b9466f943babe034be9cecbc8ab1aad39453e2b76e9f573efaeee1d8b3b`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xbfa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.91083`
Detected Filetype	PNG graphic file
MD5	`1c9307ffeed341a05fa1866321387e9b`
SHA1	`27163696b38c135123e1c061e98b80efc4149346`
SHA256	`f9d04848ce5dd8c00dcc2d4ae03619f3f150aeeff92ac687516c9ef6d7b3d763`
SHA3	`797c0e5d94d115fd70395308dadba005cc99c2df859840f2e66e21b447bd0ada`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8da`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.88982`
Detected Filetype	PNG graphic file
MD5	`b6a9f919c827e2036c1506b92b28c8f0`
SHA1	`0048c091ce001938b6efe9109a7b1a9f5cc166d9`
SHA256	`8ad23fefd1c6ef84daf147b1c55d49f62a6a16c87c00c584e8e29e20aa547a18`
SHA3	`d3fd65eb79615d5c481784a3884397f3e8dc039a5157b8eadfb891ed0a4c59f0`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.84013`
Detected Filetype	PNG graphic file
MD5	`c7b8fcbb9005b4a02940b9b96cc76aa5`
SHA1	`b7d12e2670f0b4554771b58ea50d4bf8d10db7bc`
SHA256	`8644a30e3b3c7f555b10ecd54237cfc10a513d0a3400361cd161680a901a2333`
SHA3	`ac1ce48b519c8656333da3845a1625be5166827d89e4fa50439af49dd3297b18`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x481`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.74762`
Detected Filetype	PNG graphic file
MD5	`96ab5bd339bb5cb2b1c7382c05e4b944`
SHA1	`ee55d1d032d6214b4f0b04f3bd6555d85494d4a1`
SHA256	`8f1d40afa4ab0864290af5d87cad842b4bf891d4ee22e82573c770275d23edfe`
SHA3	`7d5c9f5cdbe93a683ea52e3e69a1291f505521532fdbd8287c2e4421e5af9a3a`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x397`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.69354`
Detected Filetype	PNG graphic file
MD5	`17c6a57e80a81d08cd70458b2fb0f61e`
SHA1	`ce27e0c7932bdcc2a5685f4da6512bdb67127070`
SHA256	`b1e7eba900381abec9838bcbce07cc89a20d6e6783aac4ec90d4c3c0b79771b5`
SHA3	`1b27ad79b53dd4db5044e0673bca09224aac0f192c50a2189f63a034157ad290`

8

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x31e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.60322`
Detected Filetype	PNG graphic file
MD5	`c2bfd5652e01baaa32a947bd1ba850b1`
SHA1	`40c9c5149e748ec6490437cd3fa338f001d9a95b`
SHA256	`cb3845d3076f5593562cf7d9a0c9ed3862d3f2c524141c52db23019531358214`
SHA3	`b357972c053e65d6df801f688bf9b2f16417650f282744d8556a789725e86d0f`

9

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64375`
MD5	`c922df860af2863aea13db1498f80d68`
SHA1	`c8a70c0de6504a1d379e999b6f110f591e4abc3b`
SHA256	`158bf5645edf761ffdf5877fd105cb5dbaa8f2b1e0a1aae368ce842fcadee6b8`
SHA3	`664cdae18f57752c2d9607f844feddc57b3953c9ab68079cf85752f9ae4ecc22`

10

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77192`
MD5	`2cacd92b6e0d362d28b62555b47c74e2`
SHA1	`cd450ea0c9cf2785a7ddc203a5a2070e95e7da20`
SHA256	`2e932b31da4c0832b5a3008fed2679c0e7f78536caea1cc7e7d68c0eac09a989`
SHA3	`683f29597298271d84b58317d94cfc070f16c95ba95eda0c017c393bc4bec797`

11

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96865`
MD5	`15ff214550c10f3dcec9b9c6a95f265c`
SHA1	`9b7f4502b09c6df0bc01339b6f8cce46ff53a13d`
SHA256	`f195216215849b2c40a9e1c75181a58a29a2207067d3ef4a0ba368f65f8bc513`
SHA3	`27030c3a69971e6db24d9684cea82fbba9568662ac2a89c2a86a1f4984857dff`

12

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35078`
MD5	`9f457f4b8f21736631e6adc5e914548d`
SHA1	`5d6949cd26c0a5a380d2b44ffc56438035113827`
SHA256	`cf33b5a0baa428e56764c5cec3b083d86e801b21de127b9d3512a157433a447f`
SHA3	`aac12255bd0b91a81ef5fe0ffa7716a3b3cf8f2a4d45a0ab2b94ee15752e739a`

13

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42321`
MD5	`24bd7c274999ae4ca7b31dacc934a3cf`
SHA1	`d5962b4ef998a9be66d1b3887be76e4af79a7b4f`
SHA256	`db8f4ba4efb9bfb7f479ee54cd6f5022f842448035aa6a2ede00e4be0a98234a`
SHA3	`7ca87b4ec296457dead3c008d4931ad9e6f006c46b250b441197a448259db03b`

14

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95952`
MD5	`0ad28afb4715f066f71bb0ba8e13062a`
SHA1	`8e967eac8a773c2c4ce6c542571f2a5c980f7cd8`
SHA256	`7bfce8195822eee339f7f1ad81886cbd38f3a385c602a1521d48ff3a8599d2dc`
SHA3	`20277d7ae85f4c6c3fac37c85d4ed82e4b418292b761a48893ab06d4e51a3865`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.97494`
Detected Filetype	Icon file
MD5	`acc8dc8397c6c70c1e5034a47661d2d5`
SHA1	`536f08a16c98da4a88211804bfd0233655051c53`
SHA256	`14f50028c1e1b19da7f66a084bfe45f68d9c79fe05092c96565df757b3c15bea`
SHA3	`08e0230148d0b9b608fe7869d8cae6b8f8ce10bc0ab5114502c0d9ec55b3a9a3`

2 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.95307`
Detected Filetype	Icon file
MD5	`aa734e97443a903a0c6724ab9e09bb11`
SHA1	`829289b08a8acc252d5db984e7d981d638302a53`
SHA256	`6c48b1a5ab282a8e994090b7d035cfbedeb2cbe44dbd1b08fcd53d33734bb119`
SHA3	`16674abf7cccbb8ed36b2c9f5c783499966d8ea608819b572634f217b5cc0aa5`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x834`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.00167`
MD5	`afccf86bbf2fbb1c5e305fd45e6d4f6d`
SHA1	`481d94b55f363810b72f711a74386b9b284cb5a0`
SHA256	`10f343d32be3f9d3eb0d27bcecb2ec3a645c4e63d762c6762572574e5689bb5a`
SHA3	`1d75918c2bd206c49a9e33f2609088f246c6d20100e28d8809f682631415465d`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.32571`
MD5	`af0e8e58dddc787c193adf8dba27de4b`
SHA1	`3d8a9bc79d8f44c973bb47e762712a155b8597bc`
SHA256	`a4d335271a3f41f2aa904c3bb79f0b8cb974260052eae957110f8175f17f8157`
SHA3	`a658e3d0df8e16a9a967fc3d92b5ead9823e545b99238c85cd641f06e057aade`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	16.0.19822.20182
ProductVersion	16.0.19822.20182
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Microsoft Corporation
FileDescription	Send to OneNote Tool
FileVersion (#2)	16.0.19822.20182
InternalName	QuickLauncher
LegalTrademarks1	MicrosoftÂ® is a registered trademark of Microsoft Corporation.
LegalTrademarks2	WindowsÂ® is a registered trademark of Microsoft Corporation.
OriginalFilename	OneNoteM.exe
ProductName	Microsoft OneNote
ProductVersion (#2)	16.0.19822.20182

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Apr-13 18:08:17
Version	`0.0`
SizeofData	`280`
AddressOfRawData	`0x747d0`
PointerToRawData	`0x737d0`
Referenced File	D:\dbs\el\omr\Target\x64\ship\postc2r\x-none\onenotem.pdb

IMAGE_DEBUG_TYPE_RESERVED

Characteristics	`0`
TimeDateStamp	2026-Apr-13 18:08:17
Version	`576.35719`
SizeofData	`4`
AddressOfRawData	`0x748e8`
PointerToRawData	`0x738e8`

TLS Callbacks

StartAddressOfRawData	`0x140071ed0`
EndAddressOfRawData	`0x14007201c`
AddressOfIndex	`0x14007dd44`
AddressOfCallbacks	`0x14002f788`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES`
Callbacks	`0x000000014002C520` `0x000000014002C590`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14007b040`
GuardCFCheckFunctionPointer	`5368903176`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x48f22590`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`16`
Imports (35207)	`6`
ASM objects (35207)	`4`
C objects (35207)	`10`
ASM objects (33136)	`3`
C objects (33136)	`8`
C objects (CVTCIL) (33136)	`2`
Imports (33136)	`5`
Total imports	`594`
C++ objects (35207)	`48`
C++ objects (LTCG) (35214)	`242`
Resource objects (35214)	`1`
151	`1`
Linker (35214)	`1`

Errors

Leave a comment

No comments yet.