hxxps://go-link[.]ru/jAGQM

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go-link.ru/jAGQM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546408423263080"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

848 chrome.exe
848 chrome.exe
3584 chrome.exe
3584 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

848 chrome.exe
848 chrome.exe
848 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe
Token: SeShutdownPrivilege	848	chrome.exe
Token: SeCreatePagefilePrivilege	848	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 848 wrote to memory of 4424	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 4424	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 2116	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 552	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 552	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe
PID 848 wrote to memory of 3808	848	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://go-link.ru/jAGQM
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1cce9758,0x7ffe1cce9768,0x7ffe1cce9778
2⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1900,i,6542072825626304719,6381502665206486003,131072 /prefetch:2
2⤵
PID:2116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1900,i,6542072825626304719,6381502665206486003,131072 /prefetch:8
2⤵
PID:552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1900,i,6542072825626304719,6381502665206486003,131072 /prefetch:8
2⤵
PID:3808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1900,i,6542072825626304719,6381502665206486003,131072 /prefetch:1
2⤵
PID:2848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1900,i,6542072825626304719,6381502665206486003,131072 /prefetch:1
2⤵
PID:4060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4008 --field-trial-handle=1900,i,6542072825626304719,6381502665206486003,131072 /prefetch:1
2⤵
PID:524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1900,i,6542072825626304719,6381502665206486003,131072 /prefetch:8
2⤵
PID:4084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 --field-trial-handle=1900,i,6542072825626304719,6381502665206486003,131072 /prefetch:8
2⤵
PID:3748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2388 --field-trial-handle=1900,i,6542072825626304719,6381502665206486003,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3584

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2580

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
648B

MD5
cd08c4f658e2792593383be69a3ee45a

SHA1
e3dfa8a8cb795fe6a8a2e499440e475a10e9ed46

SHA256
13b346eafba284d2561730721050fd80953be7230c892de606e9dfc2255b7cb4

SHA512
cf4ed924ddf1268cbb4d8f525edd60aa228e725115267fa3fe9fea8e5a6324968215bca0597644a2c3a34558d751601fb9b763f954e84bd2cc3a465c05899e47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
11d5bdc96c1e316dd7dfaeb473d6f872

SHA1
9000a4532eb87b8f04f32884765a8198c1920e97

SHA256
fb0cd81103fe648d37c3c9094265b0d66bfab2cffb0776cc497abc2ffe5c953f

SHA512
38f71db4113144710d097d009ed7220f10ea8939a114f067d3ae0e5cdf8d4806c1ce03000afd2ea82795a728742876929ae4800342286b9b27c8ca3ab38709d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
35027d752eda5231aad876972d1c74db

SHA1
72b597e13cf591e77e9f6742e58b993080400e25

SHA256
313d77861182e0a809d1546f0f343ba875fbf1b3a833c5ef019752989c9a0b3f

SHA512
afced1148b640929e094c515dfae59024c4693aff868f7d909a9ad3497baabd6fe0298968f3b8dda3df2a1778020fefd113741db3ae99204acbe7fa8aca8ae67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
e05fc3eeff2c93eda27610b85341a668

SHA1
e6e4097dc81104d1df3616314697b31f90dfc7e3

SHA256
f119f179d7725b894e26b605c5639881e82e51933c739ff1f3222b9624adba8e

SHA512
872e32e389ac4dd0331a76ba3891880d6037a328ce45909abc521ccfeed817ab3ee17a30ccea1971dc925586fea81529201b34dc2181be82158ff953b8a1b5ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
20cbcbc78ab91419a62f2ad337ec5aac

SHA1
08dd2d04e7d495956dea1c0f5075ae22253d497c

SHA256
7b72cab445bc3dd7dc7cb03b12a1af034b229576cb80a4ef84529fbe2bda46d3

SHA512
25f5c808aeadbfe2a5734b45c94b632bf075e0c09c38a2a0919d56680244e322da77e9b9057c7fbbc6ae5c6f105e0cb7666eeab67b8722c75f1384ff6030aa0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c095195fdb0591699cce1c44fb748f1e

SHA1
e45b63e2e485bb0013eb988ff51bdb0ac9b6c6af

SHA256
23c2b59ae7cb9c002b269ec983daa1bab31074776837fdd4ec84aca580e914a5

SHA512
0ffa15094901613f30607419d256fa1886fd5266feb360582e4cb1c194b4d5470e32ede5522794e1340fdff71ad4031ef7b70cd2edc70b35d0ec2dd1f6ea6852

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
90bf338271b2d603e1df535f601a93b0

SHA1
308f9529f9930ffb45881c9c823e03e75992f89f

SHA256
1533f26fbc2640381979f910bb5fe22da70800895559d3bf60097dd42c4f5342

SHA512
7f2af545cf09a078354c2b22cc8bff781e0caed0ee4fb4859dff0f66ae458fe66dc4e1335a13bbb7afb1998339bc72898181863cccb79ca104b3588e52fcd8f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_848_XDCHCKSXEOILSCBQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit