2aa84d21ded02a100d52381d3bc0178b6755d364a21c26e6bd3e221947abb7b8

Analysis

max time kernel
141s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 03:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c2572b49dbcfd8a911c08175a5d2403c.html
Size

222KB
MD5

c2572b49dbcfd8a911c08175a5d2403c
SHA1

2dce7569ef6e0c6d0030d6ddf1b98d1ca4bddbb6
SHA256

2aa84d21ded02a100d52381d3bc0178b6755d364a21c26e6bd3e221947abb7b8
SHA512

71255b6eb49e885d724cbcb7b2f88598b6a6efa3a5cad43a369d81fb8f8ebd6d3e0d9bf07dc21d34b4c358adf7be2606be1a0d02c71c5968c54827125e81ca40
SSDEEP

3072:BrUEvNz//geesR+g1Tat053mhWmhE+mhVNuZhlLy28:NUEvN5WhVhUhr

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D693431-E020-11EE-A2A2-5A791E92BC44} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fffacc0240230f40b575ac5982df49bd00000000020000000000106600000001000020000000047a9a26a34da932f8b32240d620daebbf7168eaff62b42819466f0ad8b19afa000000000e80000000020000200000006100a0d8d38149764fb1b2228f48edb9c97efc6d39d9199c1128d2495d07265c90000000975edc6b7d442b1854d298c922e611f2d25ee7da9f60c66d8e6056d4a7af91508b1dccd1956f9f15b50d9eac7404d4581d53c0af449dd8a41116776ec6f9fc5bfe4b968f285ed1fae3777e9c1df1cb7b886972aa4735b1e22218528b55bc6456c642a6bbbc8588359b8ad6a5fea0543143b0effd8ced74c64d0a1c6084d9c5a6fbaada15f759385cd5c58280a5ae25c740000000d6340cea8dde8d2a49860340e7865961fd460c6eed30b44aa0095cf5c0c6d954b1919d4ba85f9a9e8a47f9e15e2e1862254e27c0375a2003e87575046cd1cd92	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fffacc0240230f40b575ac5982df49bd00000000020000000000106600000001000020000000d144dd3a90910965a305ff6fc3653777d7e81c38b17ac571fa0594996efa35dc000000000e80000000020000200000002ecca20adee54c4eb5782766714fa440ba2862f3feb8fe5a0a4c2c2618e3202b20000000472efee8bf271036ea87edfa564f058d79fc2aab15f7637ff07a72f6183d16bb4000000084f2c76a977f3aa4f4d691045421d1fa925e620823a1d19237640499509010dbf36b0baf3e569bbd234627dbde8ffdb8c09c67bb0fc73a356c9f84c6c819f64a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416375936"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0fc6d562d74da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2904	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2904	iexplore.exe
2904	iexplore.exe
2452	IEXPLORE.EXE
2452	IEXPLORE.EXE
2452	IEXPLORE.EXE
2452	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2452	2904	iexplore.exe	28
PID 2904 wrote to memory of 2452	2904	iexplore.exe	28
PID 2904 wrote to memory of 2452	2904	iexplore.exe	28
PID 2904 wrote to memory of 2452	2904	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c2572b49dbcfd8a911c08175a5d2403c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
cab5a382d03ee5e039b579070e2ac9f6

SHA1
63da724925b43e532f1744dc3eae12bf0e000dd9

SHA256
ce55f9fc88e9c8d230d0a9e588909e8b85b973e37b835f57eeae180c4d0229ca

SHA512
b0075b25beb55ba465f6c882f3f446a19126ad72f74f8c4eb4798f22526062469eddb1d06700cbaf810821ed614b588337ef836a369bf47684ca99a9109c2591

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
1af8374099b88651131ef3c7277ead1f

SHA1
8980ea5863bd87f1774943a2e71fad8f796d0d42

SHA256
dca73b6d5cbc308ade8021c5d37bd2e2ac3661ddf1cd8e37ac7053d293bb7239

SHA512
c265456edafc0508dc6904a42d4abd6dc51e62c890d23cd850657cb788504671ad687249f92f92bc11890f4b4f4c26cbd82f622cfa76cbfc66a00bd4e5c7b6e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7013176a4fe83227c5a16e28750beafb

SHA1
ad6e1ff5e2a0add8cbe0db3af422acf035b9f573

SHA256
7399acf854b40f7566f0ba595250ca54bf6aec7afbf03f682f0e859e838b68b8

SHA512
0c3a2204907668b87d7007b8692b4f0e7afb176a7ea30beca9bde3210dd98caec9c5cdf1032749bb4bf95a8246c80012ee4b46df8941809e1b6fd2952c4c1294

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
184d9bca61fbb3a24cc57630f4f0de72

SHA1
296498b771b46a05bb44f9d7e651cb40633e8c0d

SHA256
1ac90019f884e495b760d56c077173214937062186085e0af196b3e5a3a308af

SHA512
5816b289c1f46318ae831891bbeb50a1e03ed04ef51897e6ea941fa099934e24dce5db0b225291ebd0935b1f359e7871df82643c9efee9b126a69a093be2d612

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
998752462b567ae1e2dfcea209bdcdc3

SHA1
aec9f04e403b82a7981d081238ac57f46f7ec8d4

SHA256
c1fdba9495691dab12884821ee14d10308867e47ff7e9ab254389535c3c4c81f

SHA512
f3393384a21276f61e91374dc8772327784fd3efe994d7ca4be5625429398a100d47da2cb2177659bc8446f7edc2f6f3cdeb3ab40a2b983fa07771a005a7afb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77b0b03a44b5b4eb65e1adde704be236

SHA1
8c6309f8ba00936febb459253ecd61d41c82758d

SHA256
bf2691829f599f6cfcbc29873fb57b91a5beded2ad04502da0642946fc0c9726

SHA512
da57eaa9cfa9a27018d76e0276ee9344c8802ad08aac934d003b5a6b529d5b7c2db48563bd3dae1caf8174bc27261513bc944e91212598ff34c6550f4c4dc80f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
404aaf5c5a7154f79035faaf0edbc9a6

SHA1
690bee2dcee9ceaf7d2568c8cfe223edfc3757f3

SHA256
ea2efce940f59a0bd5942284bcdf80f0bddd555f7d27ef1cfbe851b19fecf572

SHA512
8761c10feaf2db35831351efef064b365187ffab0e26be9b615a496e29d60113753e28b1611f27770385ebef2ac1c9bcac46d1fdc9ecaab885d0d38c7d22b6db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75999dbc4102f9e8e9863aba2fa36c3b

SHA1
4bd2750c6f4c8811b6702059da2f20cacf07a8ac

SHA256
038a58ed6375c2f51cc3f457238bed042317758a9b6ec8656d8d1f39bfa1ba61

SHA512
0e9b3b95fb9a819f36a666366a7d3b7c63b36353bc78274aa0883b8f0eca0e14ec77446388e4d9cdfdadb2b0b21afc30aa8f794cb51f437782bf2e1deb3e998b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13c3ad15ddd2b138659a0f6120126b23

SHA1
73dc546ae7e66c7690353623e164ec673b4c7f5d

SHA256
bcace833bcf1093bf2bbac26ac1c712a890119513e2c6596304dd9710510f751

SHA512
a1cfdf2c46d072f67aec3a6cf9193d7e8f9d82f0f2b5de8e69fd59d62077d2fb4af3d223db28b36575b2a4a5f72be845372ed031dcf792d4ea11e8e04690067f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9335f41f3426cf4fc78fe27a5d33a5f

SHA1
a313a57d3c4f28443328a7f34e38211e994fd123

SHA256
868807202c93cdec31562ec1d395a2b82087810e95fcca0e6f80ebb5ae0c392a

SHA512
2dbbf901f9f2003a91fa3ca724603ba8aef9250f8c795264776392b3655b8ca845af3b75f82e379a81eb1a6d5b94187af922e9044e0debdeee6c4b4978be9d88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5302f878b1777eb340def70c36cc5ace

SHA1
a0abc55d41dabced74f3cb87458b501c907706f9

SHA256
ac7988b1935d6328cbbbaae5027045e2a0ff7b14d7a3dc12f9bf7e66868b9d83

SHA512
9780c8f7fc2fa921f567a015a1d60a2221c366ad40ffb984c0a96da447e2c7590f134032e8c6079883cb7caab22877f728485690891df8ee59393ba1b0937e93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b7a3eb5c6e37d13ddc17ef38c9907e0

SHA1
823eaf90540aefd23f45c644b76eecdcbd7db57e

SHA256
db30300fc166ab433054c980877bc559b1b2471f0c6627a0137a69a5171467b2

SHA512
b80c6747ae0a5d9bb764059e1fccfded5d0f5f8735ee2b8d747bf0e03b74ddfdc50cdcba0cdcb94f48d50af338a72cc54775d61dc71d5e2419b2db6a30c06f56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
a9d7b30a1ba508436595e586dde63934

SHA1
feea12ef445c6e1ec8736ec01ef195157ab76163

SHA256
605311d8197c8df7dbdc0e11b59168182cc3eba219d8cd7e439dd91c9be46880

SHA512
653c6ccce27680c739072c3865b6dfb1bc4d526cbe8b994d3d4eaca907357a6c825940b8645ca13c4c11308a69742d6cfd90dae0553ab228288ff7d5234044b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FF5J0ZJ9\plusone[1].js

Filesize
56KB

MD5
b9dd4bc0c774f6e47fc7f6f84318d3bd

SHA1
71e659af69facf4538bde88422c6ac7574c3bb5c

SHA256
e0f79422a5e14ac8ca345540ab58da18651216e375c4fe02143496bd9dc046dd

SHA512
419b21dd145dab3ab4b543c87fad7fed6281c2300ac7f1cfef1119703e5ee97930f1c07353b2a1274d4879b481bb673ce3566306c9b0b91b1e573ee43486b342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNQNAXHS\cb=gapi[1].js

Filesize
133KB

MD5
c8be3350843695958a33474aeb3ea8f1

SHA1
ad92694d9b189ee479c1be438636e39247b216af

SHA256
22494eb4f5fc2ef8c229b9df2e171990687e4837282655145cca0fa302af1278

SHA512
54ba5d4076fe9fe4c4ac22f45cd7d2ebb4e8027d8b8f82580436dccbcd60fa2adbb948ff1234d9912c663bf1fb33ac834007850f5a3f2abfb96a7a4feb110bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9DD6.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA04D.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit