Analysis

  • max time kernel
    147s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/01/2025, 11:40

General

  • Target

    $PLUGINSDIR/iwintoolbarinst.exe

  • Size

    1.3MB

  • MD5

    812c78e2353600e2d02428f8ca340b2c

  • SHA1

    94e477d80f9f3e48acb92ee4f1362315b45be8f9

  • SHA256

    e9fe09ce34aa626fae85aa4f39d595fdcdbe0904cb2cf152cbc74d543aa8d0ea

  • SHA512

    a2aa3082b86a41193bbdff8d27560817640e49454d35856ffa790ee37e1d9136af43e5be8444f6eb0d96f818377dc082fd435e783a998c59a27af78c3a7041cc

  • SSDEEP

    24576:bk9MoABRFXCwW4HtDBx0TPOFevdoXIOAPAdUhD5xMHjnxbYtwXghDQ:bkrABRNCwVHeTPiTX00UBLMHbxywwh0

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 13 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Modifies registry class 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\iwintoolbarinst.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\iwintoolbarinst.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Users\Admin\AppData\Local\Temp\GLBC60D.tmp
      C:\Users\Admin\AppData\Local\Temp\GLBC60D.tmp 4736 C:\Users\Admin\AppData\Local\Temp\$PLUGI~1\IWINTO~2.EXE
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:788
      • C:\PROGRA~1\INTERN~1\iexplore.exe
        "C:\PROGRA~1\INTERN~1\iexplore.exe" http://iWin.OurToolbar.com/SetupFinish
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2468
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2
          4⤵
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          PID:2644

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRA~2\iWin\toolbar.cfg

          Filesize

          16B

          MD5

          db5e44981103b391040809f6e80886f5

          SHA1

          599d026c862449e4be99efaf0d7184558ed52157

          SHA256

          469fa324e20c314515f4b036bce0e4ad7eb2a5efb69d0cd30b2434a8a742a5c9

          SHA512

          e758bd98a29f7800425a96ab64bc1959b92f4144937bfa49b47e5382ee2324adbd8e2ae7e91ac53e2827afe3dad6f6e06b33a3eb907b7f706cf95a877dd78a8b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          252B

          MD5

          5a9f40602f9eff75bab7270861c0957a

          SHA1

          0bca399851dd39da761554bb0a695ab709da8087

          SHA256

          5e61a399c9e457ec5405c5cbbc6d01f3047605a73edd8b3a3f2e0ebc12856030

          SHA512

          8f9a28e70161dc1a5e0f31571011af72c6ea6a4f5b616f38df1d33e098cf207377cf74bac9644d91b49d560dc46c17e649368ae79e149f95dc86d8bb6a5dc805

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          29181c8921d62f45cbdc1bbdcc422fcc

          SHA1

          a4bf8db3e0cd139300d58fae0eee1ae5cc4accbe

          SHA256

          39265cafc430cc7ea9cb582ca1518b1949ae94789d4a3790eba469513d508b97

          SHA512

          60eb81268a0736155efdc2c6b094330a1956b3cee1f8abff1bbf962bc24a1a671d3877daf9c61a41a67f0a8485aba678eba288d6c5f2cecde244b94ae8d5881f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          dede1501def90865fb068d752f843a45

          SHA1

          8fe1fa006de648b94e3a065e7fd4151b3285a2b8

          SHA256

          4479f542817f51d88cfef0a5473ccf6294f75b17288b97bbc8663413dae0e1ce

          SHA512

          c43b714235de68b10a4216281c4f218abc6c083576884184262d5cb82860903eee10d11f751c79f895169043ca5d1bcf9927d545b2c854a3a5eb5b10d191ef13

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          469ac084ce7a38e1407244a7371bf163

          SHA1

          98535734395faf7ad1a81c9d38598af57cda9af8

          SHA256

          8c6aad0c39003736f09f2020f48e2f2724ef8a8d0823efe80168a3333af8baac

          SHA512

          e5a3448cf387b10b4f3ea3833ac82b4f562f1db55075b99f2a479562bc6501fcafa335d4e797922deb72ced4110bd7c594e7dfc772a3c68184fdeb0248735bbf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8f6f430440e04625181835c635bdc282

          SHA1

          5eea419c590f731de23a2d685442c51481a24714

          SHA256

          7647dc1e53909cbb6d799dc44049365e8da836190e4e58a04e078f41c2abc0e8

          SHA512

          15f3597cacc45619ee6b377e815dceb0ae9280cbdbffe40f7c6d7c9f7a7780361431157838868ccb79b644eb9d3a2409d715fe25282eb19df721492cf919b175

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          85b8a14d488d7d36ab2dc6f5240a1efe

          SHA1

          a56d626d3861def63d08bf87ce0fad0e3fdc9f4d

          SHA256

          68beffe5981f5bfc0b1a14937a86ba582969897bd7aef4c545ce232aceab9396

          SHA512

          be186360bef20e89c157a2860a39f6d61572b9476c2835b0c7b47fbaf125f1ee9c7bf7265998fa97196cac20f1c7752a1b90c6a30f27092463c669533af0fbc8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ba6a5547e2cceaa93ba314e4eab2099f

          SHA1

          464b6520df151eaf44ce2322ab9ac162cd168c1d

          SHA256

          cb4acbe6d0513e31ec26991451a1d018258d0a2f5a5a7a14cf38452ce845a585

          SHA512

          9f3c886722fcfd6770aeab47fcf64f8863ed47c4ca6762eb81991dfb5b33a35837c45372b66ec1a93816c04cde51619413f8f407b1d11050be83827a4681e9f2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          10e0046f94397bf5deedd2919cdbd6bd

          SHA1

          9cea71600335fce77ae5ab8c91fbd02b08c7c308

          SHA256

          dec675fad20c19a80ee248f37116a593dd27614ae02079418b29099cc6457e26

          SHA512

          7c18c9a5bcec4864fe6c3b3ab5a2d6bbdf0d8161203faf527ae21ec0106918baf918a213f990f272e8c03eb9dd76105d2acfd631d3277776615eb0153c1b5ed0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b9f662a0539d663f94bba082d08a6da2

          SHA1

          bcfa4252b38e98ca45b58014facccf4a4eee7837

          SHA256

          255bf8d9724d5a7c94840ecb7b62ac29c53208c84bb5c374c91feefa876cd305

          SHA512

          13758fca3de6adee1e88ab362cf565f8e9a8c4bff1cb5a235d8bf0932d4c866bc03bc3221576ed4df580ad4fc66cc724cc8eb3af673c4cf2d8f5acb9494010da

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0ea6ad3f23bfff461a259ecca4a87428

          SHA1

          d6625a948e2c60bf75e8f86631705cc2215dd2f0

          SHA256

          f0b58f6000a831b6bb71ca491ab3362a2b154d8246208a85fa651bca80926f4f

          SHA512

          31240c1bf595892da71963709c863f85e7a88a5ca863b60e281c3c346bb1abc46cad0af8f9ad1f6ffe57e2a900f4fb638f94a26296c9bea445b06a94c4b27fbc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          07e668d206043b6801959eccf4535476

          SHA1

          07e46981272fb7d1121d900b208ee14611ac7129

          SHA256

          f83df3c81f5b5bce100ebac01cd4e880deb20befdc07c9c1ccb808183eb11b43

          SHA512

          5ea3792bbc1aae5575ae112dd21e12252de862e4d298f522edda899d0981054d6a50da1f8b4469a7a2206f4eb74af4bc519ce44a84215f61dc17940922e40b9e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fa53e171a085e02a7ee59e468d4ec665

          SHA1

          ef1157865570de13a3108f76ced6239682d41d53

          SHA256

          0668d1191fee722f1eda2476087409e67cc8e0d044bf0beca321a5274e3b024f

          SHA512

          7ecb86beb0d1ae524d8242a8f83718fa33895f6086efcd20d17e200f631000966feca55112ba350d4ad4cc83ccc9b03ee8de8870347bbd286a6fd3f8acba7860

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e9fd8fd06d8cf9e06eb8829dd3a27536

          SHA1

          b500bd94136d25c51bf43344428693bfe11b257b

          SHA256

          53b1795a2d30bbf62af48c7e6ea37b93cfa3e88bd2d9cc9ea4d025c2c12a6259

          SHA512

          6ea8ca9c7f2648ad3ee0706cce3eb3a346228252f02ead46d948fe8d1023704fe90c8f15bfc160917e4615646a65d3c9fc8bf2be6a41dfd59c3d074b7048e42f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          de406c4308e8cc4e7a7cc14f4dc21bbb

          SHA1

          25d597ed9011e4974ce0dbf84cc35f0436408449

          SHA256

          c4a013c621626a775b93c2d656545358c26d5e9ad17e1bfc9a87667958479bf6

          SHA512

          210c2f2963080bc2960f22142768670f9265a4f04f030c315aa74669bf3acf249c7b71706ed5f873d1fc73cdfd7c251e1ec9bd780ee1537eb86e5fedd5751482

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          629486bda57bc70a6faa8c193f700c9a

          SHA1

          7e3ae41a587fbe70cab4317d26a91b25dc4e3f4a

          SHA256

          e899e6f4f53d53388c1daaeddbdcbc5ae46acee29c5bec894534433a3e88fe0c

          SHA512

          26b20ad9d96a0f29fdc3a74dc1dee272a0323d2c1b55624247fe58e7391a51e02519502fca14916a614ef28d792d8198e82ecf2dc3090a79b087c02b928161b0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          396083943825a01a222b1ea36511c66e

          SHA1

          72443ea0e35ada7cbdaa003c78bfcd7ffbb47cc0

          SHA256

          d46d6ad9324d30b5a277ab8778073b9babb79890ccb616c2f3d9a6ed8aed0786

          SHA512

          aa810552c51342273ee51df50f14d83bdd1643df10c6001c1cc64d65446c0ed296c7d3e45120e2918a6d6b6d9af920b4dc2b0282fe8a98722971d676d8d70f6e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8fee33ce04147dacdda6e6f19661a49e

          SHA1

          d3e0acb2276c507181e6308950189043d49ccea6

          SHA256

          209869765d775260cd0b4512f220158a7eefee37389c96e363bbbbd191b258c2

          SHA512

          e761eacfa8c2c85d95142e9a0282e0a120296ac61c25e4031f0bbdf7a0ecf7fa2ba2f0cb5e75b50b9fc058a6eac5b9db81bddad36a3091cb86e8e161b59359e6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          70dd76187d9f489f5c01c195f39c7ced

          SHA1

          69debb98a5c5a866590a99bfd340d350c860eb8f

          SHA256

          d57c521dd418c2402260eec6e90e2c7f212162d8caf2879b161c3b8cf29ad3e1

          SHA512

          cd03cf5072c7768b3ccaa4e9cb5cf1c51d77d4808158baafc30724f942dfec38463c7e0b2396ac389885aa41ebc4754f724948ed407c2df0fb4b0a4070b77fd3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          aff0b29c18d8328a688da2d1b17b0f5f

          SHA1

          0b73b306e58b1edccf8673edc310e9b0360b3c6c

          SHA256

          bf1cfd0e3511b4f617e4916f1d7dab367826eee9692fa180905664fd67c55c61

          SHA512

          aaa5c316cfadf912ccf44a22595c0fa5527a809edfd583877e32c40f396001dc1abf8243b5ea41d243d3029ced5a2d22650cfdc00524032a39cd696d06611c29

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          242B

          MD5

          1559ea1727a9ae28754260f1666b27f4

          SHA1

          f90f0534b5cc43884e4a0898484cb44afefbcea4

          SHA256

          d8b5d909b8d5e440b60be0e225e7cc942bdb4234b04a6d2d1b73997fef5ba618

          SHA512

          a73945dda1b0847c33becc1b3a89faf1f329be897a6ac3e47168e1513e9ef7f1f88ca76d78efd5edcc63a2ca469653cd32b0ae6fd7fabf4c59019bc2d51c5bfd

        • C:\Users\Admin\AppData\Local\Temp\Cab9A3.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\GLBC60D.tmp

          Filesize

          70KB

          MD5

          129809893b55085066d87b46f26c995a

          SHA1

          929a1826a14df6b51afa30827e6e0be812750524

          SHA256

          bf24083f39506d92458d4d1c3d3edf0f6fd76bc2e88f17b99d64d5f9e3da8c37

          SHA512

          69175e301e84cd57d19dc14386e0064372e4f62e46afe0b62cf6dfb7706d9e93fcc161b043ea6e83fc288e48f3761ad2dc8a4db21d64ea0a4d227dae4a2384a1

        • C:\Users\Admin\AppData\Local\Temp\TarA42.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • \PROGRA~2\iWin\IWINTO~1.EXE

          Filesize

          37KB

          MD5

          75568ac665c46fcbcb1516b0ee4c88f8

          SHA1

          347174b695105f1d64321dafc3497bf1ad4cd4e6

          SHA256

          693bd052006f539de10122c189642d9d2ee959d622f48c583852ce86b689f370

          SHA512

          ca77f8eeebc1feed53c93ad6502dd8934d0b15b570baa6df9a2eb0d7797d7416f5a3666b2be8eddae4e8c0af210ce5f57701d22dd93085bcce998831160ad1b6

        • \PROGRA~2\iWin\UNWISE.EXE

          Filesize

          149KB

          MD5

          973567b98cdfc147df4e60471d9df072

          SHA1

          3c4735750c99c63e6861170a8c459a608594211e

          SHA256

          69b9dd6160524e0eb44905224f5b1747dfce43243c00c11c87f5c2ec55102876

          SHA512

          e891e3a413691eddd895a31293117aec8d151ecf18f84d3aa73bc1c4eb95582df1dfe04d51b7011eb55b5e754e2240de4c6269f9547f3cab3519985da1e07294

        • \PROGRA~2\iWin\tbiWin.dll

          Filesize

          1.7MB

          MD5

          23ae0fe0e1c5e8e9e4bfc64563db9027

          SHA1

          7b15b45aea509952495f03be35706d1169968fd8

          SHA256

          10a757922df3e3fc104538ae76fa388c3696a63f220e2c72458b85ac4a16e135

          SHA512

          2f32eb91285cdfda24844926d07e66c73c6fa07037bf9b27c2fdb0bf93c2b37403a89d59210e4b03f86c022de324f00d29c631afc08d7477203bedaf1db8264c

        • \Program Files (x86)\Conduit\Community Alerts\Alert.dll

          Filesize

          458KB

          MD5

          73f03e72aee5a85545befa0dc7a90f82

          SHA1

          60fac1a13b251193c01a1e17137d27edff6e7c15

          SHA256

          3cfcdbf44c3332c3b47b48de28c721da09f910977c771f30216551ce5982d5fd

          SHA512

          dd489d7b57fca25707b8577d86958414ad343e8937a92624c03c0f51a920d749fddae146274da5f698cd00ae74abe56b15f71be54d353dfbbb4151fd9130fc1f

        • \Users\Admin\AppData\Local\Temp\GLCC63C.tmp

          Filesize

          161KB

          MD5

          8c97d8bb1470c6498e47b12c5a03ce39

          SHA1

          15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7

          SHA256

          a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a

          SHA512

          7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f

        • memory/788-41-0x0000000003370000-0x0000000003525000-memory.dmp

          Filesize

          1.7MB

        • memory/788-48-0x00000000023E0000-0x0000000002457000-memory.dmp

          Filesize

          476KB

        • memory/2468-56-0x00000000026D0000-0x00000000026E0000-memory.dmp

          Filesize

          64KB