92b6463e1010aee1783de6f22554756378aa7abdce7157c2fef13dee59a75973

Analysis

max time kernel
138s
max time network
146s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01-08-2024 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81c1ce3cfec7320f449b2437f25cf50c_JaffaCakes118.html
Size

56KB
MD5

81c1ce3cfec7320f449b2437f25cf50c
SHA1

c016e0b92d09d622da618309d06cfb9c0b1f710d
SHA256

92b6463e1010aee1783de6f22554756378aa7abdce7157c2fef13dee59a75973
SHA512

7740f8462a6fc2ffea70666f711bb6f711a1a102809375b0db22e6b16c1d379202e8db68b4a67a203ba7276bdf9e1693876621d110395b2703e7990ad446825d
SSDEEP

768:Zcd9QZBC7mOdMxnpC5I9nC4X0obKVi/HUURPd:gQZBCCOdI0IxC81x/pRPd

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9079142754e4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50F2ACA1-5047-11EF-8BC1-6AE4CEDF004B} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000d52ed900f0215bfa5717cf6e97fcddf2e3972b33c5177408ae6e12b24af2242a000000000e800000000200002000000087dae6cb40c125d6c71be535492a52f76796b4560d91de34ba472f09462821482000000007e26ed69b9c51a4066f2daf6f9c2f54a5ec4c77354b611f2858e315027d665e40000000e86ba5bba2d0461b97d821f05b299412f861b42432362de99a0ddb147b56c300b27060ea21f80d40014237302134e372854142f26d1f7d3bfcfaef50bd0f260c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000864889b98a80860f81e499916a97e6affb559fef1af3052e6a11be68dbad45a1000000000e80000000020000200000004ab61d1054193e4d747d9bcdaad80d4dec0b5850b9800a992a791a4ed597ed2590000000bfb227f09fcc734eca6b46a5975215821be6dda71b02d0c34154a182f65e0f4afae6afbde80d511093ec03425bc9874d3ad137a327ee302c262b1ac61d44315c7f9d8664e165f530f27d8e0302f08441ddeff43f38de18133110c39c640ec1c6a89479b2ede4d25bd58f7f13056fbd84c8e4db775094a385d66beffe765e63a7ecd689e323d4862c80f379c0767d2e214000000061c63ae81c7dcb43538cae8a9fa0f51d9aeace47a409cf49c130d31e34da98169fc18bfad7bf05f313c0e024fc622176199012051920da6bb258d7ae494a2c14	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428707137"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2352	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2352	iexplore.exe
2352	iexplore.exe
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2712	2352	iexplore.exe	30
PID 2352 wrote to memory of 2712	2352	iexplore.exe	30
PID 2352 wrote to memory of 2712	2352	iexplore.exe	30
PID 2352 wrote to memory of 2712	2352	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\81c1ce3cfec7320f449b2437f25cf50c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2888d9e645bf626726062be95894241b

SHA1
b950590fd4017f99716b252c9a034ce5d39db3ed

SHA256
3ec04862e7091a8da10da3fb1dcb38af098317799cd04f80b390daf2bcf80fcb

SHA512
a63a39a3a45f74507129f66272eecb386643c07d11440b8e7ed080a64f1ef37024749fcd9799144d1aeb3bb088e0072fdc5605c62dc782baeab8eb689d241787

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07b03fedffe8c66ef68caa6a8a935b59

SHA1
4d1f1e42332aa73d3c4165dcf6f5bfd620bf45ea

SHA256
deaf9feee1bf61dba8fb9e7dd4c506d770b10caf003bd76fa81d5f131b1cf57e

SHA512
210fb1ec18fa96cb3dc7b7a24ec3d4de143bf133bf94983a52071f94e615201b9fd29530b05c0583ba06839b11e9c6cc8d25e2d6b7090d90ff094e1e8c5dd315

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
364faaa4caa9f1f408ae7242017ce08f

SHA1
c777f687226b8ee5da9f6e7fa1f058b00941800f

SHA256
e13d08c0d61816150f426baae96dbd872e47419f9878d793b7fdc02b5eb9a436

SHA512
173712cdc5438def6fb30403aed3dfe9437ca0fc70ff6cfcd18a089ddf581d17286bb14acf2e978980534ab25a75edda89e5819770d5f55b69514c68387f8629

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d0bbc02860826c433f8317244d9317e

SHA1
97b50c93f7a44b2a3eda84a4a1d0f3a01ce83522

SHA256
d2a4c63412c04fd1442364a95406acb0583f944a6b05288228c7c3ac6943a42d

SHA512
bfe72bc375ee7761695c6c59c12147925dbb707dd796b988ec23e59e3fd7347b8c18b206617c08d68c90f9741bc0c19dcad857da1be26232e9507407b36e8dd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c1be09bf467a4498e4bf63b70e65818

SHA1
e8cc7b80d5685f45941ec1a775391bec3a608453

SHA256
e0d8dfa1d514aeed15a9ccd9d7db8ced9143382d7d31e106b161014d36f9bef1

SHA512
c3786fc03d82e389ead615833366351b513f6e81d56eadd9bbb848e84b266a0edb6b2d85137d9ef81ad2d407d9af93a4e555c36b0498f4b6794d595da966ae78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
322401f7b1d6477008a3938bce6578ba

SHA1
0aeefcf7a6c73d85e3d13384efe1730de110cb06

SHA256
8d08d684081dbe8a4feeb76ae130e2ed30e20859731c8483c4efaf921edfdd8f

SHA512
b1d1161a175cf3431785d86e9f13a3cd14a7fa642a3f738886e437ee1b014549a5a6bf0e2263b71f83a69410f748215c93fdb5c95dbc981a4d47d1a001832eb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bb849ce689c439569de5eb104152b47

SHA1
2dce1127607666d682ae2120e5dc8c5ac8c6de44

SHA256
5a0ad98445649c0df4a89127f866776d8464d6ab653d4308055a619f6bbe6d2f

SHA512
0ec452b4518e7209e11e0fc73a6999256810915a42048930f6a0590c1b84a9fe2bc0a8a0f6262952d000a445d2c54820c8855eda8f9ab8f1d3f9ca0b8474e214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e98592aacc1c5e435e0ece65f17406eb

SHA1
cee1e055597952a02e8990fbd5b7a14d8a146bbc

SHA256
05280537fbea821ec8d58be9e84bb2d37f794e45afcc28ea2303337fae707f4d

SHA512
8d6c5a7567ab0e5eef7b43bd5f5762b8b10e5f25966df4a6bbf1fffa90890a6a2756348404c29f80e90db663f45392c795a07d9c95fb0e8fe8f7581b664441df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f09c97167ccfb89401e0ecfd6848acb6

SHA1
64c30cec79c6123878c25ad21a57245f020a5137

SHA256
20f6db202846c9caa84dda086637ba43825a0e8ca20c4f32c4b1f52ecd2c68bd

SHA512
0f9d54a905ef4e0c1e9110fdb391501830fbcd7fac5e79ac2c667a366e2d2e0138799cd2ded426e1edca1416f8359b3bbef973f249b5a3ee637172f704130b63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c41578fdd52cc75378540ab988487470

SHA1
a336172471e91bf337e9830744d0adedb5e5787e

SHA256
67966db68429bf9ff85b91f18fa58a6030443e73b6b3b3a7fc4b7002b805ee49

SHA512
fa2dbcb62ad35c003df392f065d58dd1a1599c0d015ff95322df2a3b86340eb03903b8df5750a27243b1f50b7efb2948035510a1a27320fa5d2a1f30482ed4db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03c77750d8e04eb8b5e1066610584046

SHA1
5460431c45dad1abc82737111d308d2c969ab20f

SHA256
80bbc226b0fe3868d6a699d672c30f621013b10158a7cdf70a16f73817f70daf

SHA512
c9ab088617520d8105ba27df43da1541d2e751faf67ac5c49748cd6c4acb665f4638fc1777599864f249ad836023d1f39f89b1c9a55a87a53691a68e6b89c3e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dc7c0c75385a79db6105c77d6c3c619

SHA1
bf3676455768f5e472a0fe66d3e3c9485ce08353

SHA256
7a4a2c7bc70c62a9fb1aed8baed35be3221ac6fd7e9c9028eaab41a9adb45183

SHA512
39889ecfdc223ad143cf7e6004630fea816d0c628c6221615829af5e74174bf7cf17fc6c071c447dcb5195e40d27e36615752b8835bb7d87756eb746af7c253d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f81bb642b9b448432d77b11726dff06

SHA1
80d07a71a9a3d7303c931a5242e4b878ce7f9125

SHA256
80084cb94f77774fc65959b60fb4eb745511a4edfe18101f588c3208ef6e7315

SHA512
b8d36edbf6a91de358b15b1e486d7ebc4d659eec62962a37c284b61615809606b563b40bff2b0cd23028dad0a2e3294f9306fdf7dea72d32266ee7bd98bda724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3443a2fabf7cf5c2ff0310bcf4c092d

SHA1
ab57d64f2569794fe3369300055648a3c0164997

SHA256
2092a35b5117e099c24c51d041605119a4fd398af10867d0707e2a1942b4064e

SHA512
43a4f38d2f193d5bbb1b38857939306d318a5143749ae0113b2ea4412c12f266eaa4de720c7ab703bda44114f44235d675805d4751dd01d48b5d25ea4e0b8402

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bca3b1e6ca453d562119e953f2b1fca

SHA1
69f96a7173ee806dd21cc0a2193b46c5e84f6bb5

SHA256
3530520435f5386cc0283393150eb8a816232723f429b62cc7144fb7213a1e70

SHA512
6b1d79361f8605f6a80894db40c2cf47cd39932f00e1433e9ccb9001018d071c7692bf7bb00ee40bfc9cfa095461f99a23940785039e0eb3a8d5106ff25efb96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f371bcc322b974f938afecd7c7201252

SHA1
bcb8b7313756b75a4a4a02a7588a2600e2a0bd5e

SHA256
f2f2e3881f59e4a5ed907122564a48f216450cf12ef10fe88dfdde02f1678f8a

SHA512
cf1f9044d8f3fc1d2abc94730e777ac658be520e14cb0ae5cbd42f3339027cc3d099ae33b927ab1cfb5c754f3bf2ffa78ac6186e4405424d8f8758378064be4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef7b1d57f11f7a36652dc495cfa441a3

SHA1
d1b1cac6f99546541a1ed4ab124435fa73a66020

SHA256
94e9fddb52ef603daf8fbd7fa1e956bdd620a263d7716875bc9506106c0cd817

SHA512
44086bb6206d85500b76946cecc108d74df0661d30021fff04d2a3b49e27a4542e15b1437995aae6e27d8c22549e2d4b25212d03840d7f0c2c5c07ec19484e6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9A30.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9AB0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit