Manalyze report for 866611996ec65da839bcfab1347158fe

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Mar-13 06:29:51
Detected languages	English - United States
Debug artifacts	c:\jenkins\workspace\Client\Client\Windows\launcher\Bin\Release\NewZoomWebLauncher.pdb
Comments	Zoom Opener
CompanyName	Zoom Video Communications, Inc.
FileDescription	Zoom Opener
FileVersion	`6,0,0,32`
InternalName	Zoom Opener
LegalCopyright	© Zoom Video Communications, Inc. All rights reserved.
LegalTrademarks	Zoom Opener
OriginalFilename	Zoom Opener
ProductName	Zoom Opener
ProductVersion	`6,0,0,32`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe` `Contains domain names: .devgov.zipow.com .meetzoom.net .zipow.com .zoom.com .zoom.com.cn .zoom.us .zoomdev.us .zoomgov.com .zoomgovdev.com .zoomus.cn devgov.zipow.com https://support.zoom.us https://support.zoom.us/hc/en-us/articles/201362003-Zoom-Video-Communications-Technical-Support https://zoom.com https://zoom.com.cn https://zoom.com.cn/ https://zoom.us https://zoomgov.com meetzoom.net support.zoom.us zipow.com zoom.com.cn zoomdev.us zoomgov.com zoomgovdev.com zoomus.cn`
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryExW LoadLibraryExA GetProcAddress` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot FindWindowW FindWindowA` `Code injection capabilities (PowerLoader): FindWindowW GetWindowLongA FindWindowA` `Can access the registry: RegOpenKeyExA RegQueryValueExA RegCloseKey` `Possibly launches other programs: CreateProcessA ShellExecuteW` `Uses Microsoft's cryptographic API: CryptVerifySignatureA CryptAcquireContextA CryptCreateHash CryptHashData CryptDestroyHash CryptReleaseContext CryptDestroyKey CryptStringToBinaryA CryptImportPublicKeyInfo CryptDecodeObjectEx` `Can create temporary files: CreateFileA GetTempPathA CreateFileW` `Uses functions commonly found in keyloggers: AttachThreadInput GetForegroundWindow` `Functions related to the privilege level: OpenProcessToken DuplicateTokenEx CheckTokenMembership` `Manipulates other processes: OpenProcess Process32NextW Process32FirstW`
Info	The PE is digitally signed.	`Signer: Zoom Video Communications` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1`
Safe	VirusTotal score: 0/72 (Scanned on 2024-04-26 07:04:14)	`All the AVs think this file is safe.`

Hashes

MD5	`866611996ec65da839bcfab1347158fe`
SHA1	`de49568a3de6e6fcd541975d09d6fdefc069774c`
SHA256	`d5a7b20be8272d8889db8cf821c58f07cdba0a516053c20524471873517b14e3`
SHA3	`972e06cebd0e77ef5e0fae01518e3b9373b204781d5d075e32044e1612f31aaa`
SSDeep	`3072:8+5xjqwOvDKL8gDAbz5tJecueMGHV1NwKXHInW2WSW2s:8WjHOa8gDAbz9uGKymLq`
Imports Hash	`67b6f5499a39b721334072c9b360215b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2024-Mar-13 06:29:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x10e00`
SizeOfInitializedData	`0xac00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000067E0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x12000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x1f000`
SizeOfHeaders	`0x400`
Checksum	`0x23eb2`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`eed58e22feb349cc94acc02796869972`
SHA1	`86a5b1e894d10fe5b3376013dbf2531c4739d12e`
SHA256	`b23fb73a8a0390546de07dc5c8c5e7695ee9ea2d88a1301c63299ec1b23d6803`
SHA3	`566c1bb445fc8a7ee18460956a8ae0ef4bd78dc9223a6bce22c97080839c8093`
VirtualSize	`0x10dcb`
VirtualAddress	`0x1000`
SizeOfRawData	`0x10e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.49971`

.rdata

MD5	`1ca4d9e9b7009765aae6269c1a59191c`
SHA1	`8ed57a8ee1ffcb7c25adcaf483c1ebc11f43b5ea`
SHA256	`1378f31aee68343f52f623793b3cd1fbbc3fd9451e0e7f346fd3b26f056ea799`
SHA3	`e2cc0934a288858d6f8fe9b08b328a20bd9a0b758dd5be789b2b47134fb9112a`
VirtualSize	`0x74ac`
VirtualAddress	`0x12000`
SizeOfRawData	`0x7600`
PointerToRawData	`0x11200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.20452`

.data

MD5	`b68d2958f8a9d5ee1a051e9a21dfaf1b`
SHA1	`1e0545447071d5d2d9f2eee2802318ceddd29b96`
SHA256	`f770de82e1b764ce804972c283a2be4db9f726ffe4728f2ca94f73a9a79e8569`
SHA3	`8974da7bbc9eb6c835c398af29a064ff118d7b9b6d8eccf7f352f5fcc7283833`
VirtualSize	`0xdac`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x800`
PointerToRawData	`0x18800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.92164`

.didat

MD5	`c298b37d0fee9fea0041bc97b3acedee`
SHA1	`c3f133549bd7d7317c151bf40e221d6f421e95ef`
SHA256	`cb09592d3facda3bda45138367437a3c91e96b3ec41d453b31c43e385e0e49c8`
SHA3	`bcbb1ed284ddd99adaf06e318379b1f80e80d2ea5413512965839364268cb905`
VirtualSize	`0x28`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x19000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.423967`

.rsrc

MD5	`97c653cb07f6e9d8df84ef73df9a204e`
SHA1	`d1422e39bfa2052b040c09a511e511eafeea94f0`
SHA256	`e767c5af4524d05a4c8d15d5b22d37377c2442f2e1b55600d3f37230067f3490`
SHA3	`830498260bd9afd60288a1ab44460416736b6acd08c2ca4b4110b7173d73d05b`
VirtualSize	`0xee8`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x19200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.10303`

.reloc

MD5	`3a5b802fcf09b43a9674898851a27406`
SHA1	`06d1a88aee7e7af69a6a3c765470a749789cc8dd`
SHA256	`f3e4455761b6b06993a0557cd3da0402edaa6c4eec48a53293c23605d23b864e`
SHA3	`8eaa25b68938b2fed1c4d6e6f005bc63d18eabf3b4e90d03185313fa04362b74`
VirtualSize	`0x149c`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x1a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.53353`

Imports

SHLWAPI.dll	`#155` `StrCmpNIW` `StrStrA` `PathAppendW` `PathIsRelativeW`
KERNEL32.dll	`GetSystemTime` `GetFileTime` `ExpandEnvironmentStringsA` `GetFileAttributesA` `CreateDirectoryA` `SetUnhandledExceptionFilter` `GetTickCount` `GetSystemDirectoryW` `LoadLibraryW` `ExitProcess` `LoadLibraryExW` `HeapLock` `HeapWalk` `GetVersion` `HeapUnlock` `ReleaseSemaphore` `CreateSemaphoreA` `VerifyVersionInfoA` `GetCommandLineA` `GetWindowsDirectoryA` `GetStartupInfoA` `VerSetConditionMask` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSection` `ExitThread` `TerminateThread` `CreateThread` `DeleteCriticalSection` `CompareFileTime` `WriteFile` `SetFilePointer` `SetEndOfFile` `SystemTimeToFileTime` `FlushFileBuffers` `ReleaseMutex` `GetLocalTime` `QueryPerformanceCounter` `GetSystemTimeAsFileTime` `IsProcessorFeaturePresent` `UnhandledExceptionFilter` `TerminateProcess` `GetTempFileNameA` `VerifyVersionInfoW` `GetFileAttributesW` `OpenProcess` `QueryDosDeviceW` `K32GetProcessImageFileNameW` `CreateToolhelp32Snapshot` `Process32NextW` `Process32FirstW` `GetWindowsDirectoryW` `GetModuleHandleW` `GetProcessTimes` `MultiByteToWideChar` `RaiseException` `CreateProcessA` `WideCharToMultiByte` `GetModuleHandleExW` `GetStringTypeW` `GetCPInfo` `GetOEMCP` `GetACP` `IsValidCodePage` `LCMapStringW` `TlsSetValue` `FreeLibrary` `TlsGetValue` `IsDebuggerPresent` `LoadLibraryExA` `VirtualQuery` `VirtualProtect` `GetSystemInfo` `GetProcessHeap` `GetCurrentProcessId` `GetProcAddress` `HeapAlloc` `CloseHandle` `FileTimeToSystemTime` `DeleteFileA` `CreateFileA` `MoveFileExA` `OpenMutexA` `GetLastError` `CopyFileA` `GetTempPathA` `Sleep` `GetModuleHandleA` `GetCurrentThreadId` `WaitForSingleObject` `CreateMutexA` `FindClose` `GetCurrentProcess` `SetLastError` `HeapFree` `FindFirstFileA` `GetModuleFileNameA` `LocalFree` `CreateFileW` `RtlUnwind`
USER32.dll	`FindWindowW` `GetDesktopWindow` `GetWindowThreadProcessId` `LoadCursorA` `InflateRect` `SetWindowPos` `SetActiveWindow` `GetSystemMetrics` `DrawTextA` `MapWindowPoints` `GetWindowLongA` `FrameRect` `AttachThreadInput` `GetForegroundWindow` `SetFocus` `FillRect` `PostMessageA` `FindWindowA` `PostQuitMessage` `LoadIconA` `RegisterClassExA` `SetForegroundWindow` `IsIconic` `LoadStringA` `RegisterClassA` `GetClassInfoA` `UnregisterClassA` `IsWindowVisible` `SetWindowLongA` `IntersectRect` `ShowWindowAsync` `SetPropA` `GetWindowRect` `DestroyWindow` `ShowWindow` `IsWindow` `MoveWindow` `GetPropA` `DefWindowProcA` `CreateWindowExA` `GetClientRect` `UpdateWindow` `InvalidateRect` `BeginPaint` `EndPaint` `PostThreadMessageA` `GetMessageA` `DispatchMessageA` `SetTimer` `TranslateMessage` `PeekMessageA` `KillTimer` `SendMessageA`
GDI32.dll	`SetBkMode` `CreateFontIndirectA` `DeleteObject` `SetTextColor` `SelectObject` `CreateSolidBrush` `GetStockObject` `GetObjectA`
ADVAPI32.dll	`CryptVerifySignatureA` `OpenProcessToken` `GetUserNameA` `RegOpenKeyExA` `RegQueryValueExA` `RegCloseKey` `DuplicateTokenEx` `CheckTokenMembership` `FreeSid` `AllocateAndInitializeSid` `CryptAcquireContextA` `CryptCreateHash` `CryptHashData` `CryptDestroyHash` `CryptReleaseContext` `CryptDestroyKey`
SHELL32.dll	`ShellExecuteW` `SHGetFolderPathA`
ole32.dll	`CoUninitialize` `CoInitialize` `CoCreateInstance`
OLEAUT32.dll	`VariantInit` `VariantClear` `SysAllocString` `SysFreeString`
CRYPT32.dll (delay-loaded)	`CertGetNameStringW` `CryptStringToBinaryA` `CryptImportPublicKeyInfo` `CryptDecodeObjectEx`

Delayed Imports

Attributes	`0x1`
Name	`CRYPT32.dll`
ModuleHandle	`0x1a9ac`
DelayImportAddressTable	`0x1b000`
DelayImportNameTable	`0x18284`
BoundDelayImportTable	`0x18380`
UnloadDelayImportTable	`0`
TimeStamp	`1970-Jan-01 00:00:00`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x528`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.12622`
MD5	`3af1e3a67d8cf3612cf28caec535362d`
SHA1	`16026b2634bcf959bb7f332e14626c19101f449f`
SHA256	`eb9a0863db6a926aa3522823469bef5f74f19db582c40b13ec7ec68de76ce0f2`
SHA3	`8d88cf99d6761210115cd94beae69192e6c5cc0575c89dd84b57b40445364612`

7

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.77789`
MD5	`6255e834070b7c811cdd89698109136f`
SHA1	`895143845c163082c9421689dc6d81eb7681ec04`
SHA256	`7b1435e38c8caf28dc7aadd7f31216d84cae473ac60c9c7810da3a0169900924`
SHA3	`3bc7f937026bb83170a33ab884e98f795c6b23635cae3647005b70b4ac70184e`

32

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x174`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.12836`
MD5	`14dc7e105dc6d9467445ea8ff4aece75`
SHA1	`424faf8414a4f19f92489b6216cbb02d8b26fe00`
SHA256	`3eadcef5a5af32b36406dfc2d54adbe258313621ae0f3a01e0f86910b3d02535`
SHA3	`038e1a3083b1ec58821e86720eca1aebcd5481c1ff410c76b22edc80aa703130`

33

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x26c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31934`
MD5	`c9dbbbbc0bf91f1a7d623734dedab3b5`
SHA1	`3e72ef0155d18d411424a780990353d9012b6409`
SHA256	`23e2f529a8d301c9551e35e199c9affa09f86731b90313c33c51ad84a5c08867`
SHA3	`084266e3667fbe6ea7d05b03f157bfb6c8f5065ed47f45f9d6d91541d4d6b187`

2

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`b69dc23d3ea72983aa6ea1fa20b55a4e`
SHA1	`73ad2216041a377ef83f00e2ec490f570e3d339c`
SHA256	`2c4c2b78ef6fdc2a57e69df2dfbd262db2c3db30f339f0bf7626e9386d0438e2`
SHA3	`b1878f16c16d5bc53f313db9b0605d4d5748189865197ba828911207b3d2d9fd`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x39c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33227`
MD5	`2935debb2fbec6609f40b0d347752775`
SHA1	`af82bd0ca802f842a2d0ea36fa41bcac75268053`
SHA256	`eec02cb199b1e447e059f3b811f1270b3413780cbb9a5d974e2b9f1c05226595`
SHA3	`e773a6b90dcd9ae822c65e56b7135434c25121763252e6ca4b659527937e6fe0`

String Table contents

zlaunchermain
Retry
Please contact Zoom Support for help.
An unknown error has occurred
Join from browser
Installing Zoom Workplace...
Please do not close this window
Network Connection failed
Please check your network and try again.
Yes
No
Are you sure you want to close this window? Installation will be canceled.
Your disk is full
Free up storage and try again
zlauncheraskleave
Get support
Installing Zoom Workplace requires TLS 1.1&&1.2
Open Internet Options > Advanced to enable. Then click Retry to continue.
Open Internet Options

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.0.0.32
ProductVersion	6.0.0.32
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	Zoom Opener
CompanyName	Zoom Video Communications, Inc.
FileDescription	Zoom Opener
FileVersion (#2)	6,0,0,32
InternalName	Zoom Opener
LegalCopyright	© Zoom Video Communications, Inc. All rights reserved.
LegalTrademarks	Zoom Opener
OriginalFilename	Zoom Opener
ProductName	Zoom Opener
ProductVersion (#2)	6,0,0,32

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Mar-13 06:29:51
Version	`0.0`
SizeofData	`111`
AddressOfRawData	`0x17d20`
PointerToRawData	`0x16f20`
Referenced File	c:\jenkins\workspace\Client\Client\Windows\launcher\Bin\Release\NewZoomWebLauncher.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2024-Mar-13 06:29:51
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x17d90`
PointerToRawData	`0x16f90`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Mar-13 06:29:51
Version	`0.0`
SizeofData	`672`
AddressOfRawData	`0x17da4`
PointerToRawData	`0x16fa4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2024-Mar-13 06:29:51
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xbc`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x41a008`
SEHandlerTable	`0x417d00`
SEHandlerCount	`2`
GuardCFCheckFunctionPointer	`4268828`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xef90b65`
Unmarked objects	`0`
C objects (CVTCIL) (VS2017 v14.15 compiler 26715)	`1`
Imports (VS2017 v14.15 compiler 26715)	`17`
Total imports	`228`
C++ objects (30034)	`12`
C objects (30034)	`12`
ASM objects (30034)	`9`
C++ objects (VS2017 v14.15 compiler 26715)	`65`
C objects (VS2017 v14.15 compiler 26715)	`2`
C objects (LTCG) (30153)	`34`
Resource objects (30153)	`1`
Linker (30153)	`1`

866611996ec65da839bcfab1347158fe

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.didat

.rsrc

.reloc

Imports

Delayed Imports

1

7

32

33

2

1 (#2)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors