hxxps://cdn[.]discordapp[.]com/attachments/1240682864694001694/1240699622998151350/release[.]rar?ex=66478311&is=66463191&hm=2657e701badbf323e0818efae6036a40e0e64958104b5a356934fd7bda4928d8&

Resubmissions

Analysis

max time kernel
53s
max time network
55s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16-05-2024 20:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1240682864694001694/1240699622998151350/release.rar?ex=66478311&is=66463191&hm=2657e701badbf323e0818efae6036a40e0e64958104b5a356934fd7bda4928d8&

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133603638670566525"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4544	chrome.exe
4544	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe
Token: SeShutdownPrivilege	4544	chrome.exe
Token: SeCreatePagefilePrivilege	4544	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe
4544	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4544 wrote to memory of 4372	4544	chrome.exe	72
PID 4544 wrote to memory of 4372	4544	chrome.exe	72
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 2872	4544	chrome.exe	74
PID 4544 wrote to memory of 1084	4544	chrome.exe	75
PID 4544 wrote to memory of 1084	4544	chrome.exe	75
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76
PID 4544 wrote to memory of 4088	4544	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1240682864694001694/1240699622998151350/release.rar?ex=66478311&is=66463191&hm=2657e701badbf323e0818efae6036a40e0e64958104b5a356934fd7bda4928d8&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc22aa9758,0x7ffc22aa9768,0x7ffc22aa9778
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1844,i,7115516256266818064,1057872891468398196,131072 /prefetch:2
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1844,i,7115516256266818064,1057872891468398196,131072 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1844,i,7115516256266818064,1057872891468398196,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1844,i,7115516256266818064,1057872891468398196,131072 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1844,i,7115516256266818064,1057872891468398196,131072 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1844,i,7115516256266818064,1057872891468398196,131072 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1600 --field-trial-handle=1844,i,7115516256266818064,1057872891468398196,131072 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=1844,i,7115516256266818064,1057872891468398196,131072 /prefetch:8
  2⤵
  PID:472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4900 --field-trial-handle=1844,i,7115516256266818064,1057872891468398196,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1584 --field-trial-handle=1844,i,7115516256266818064,1057872891468398196,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=1844,i,7115516256266818064,1057872891468398196,131072 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3340 --field-trial-handle=1844,i,7115516256266818064,1057872891468398196,131072 /prefetch:8
  2⤵
  PID:3144

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2bda1c0ab74dcfea3c224eb00747d2dd

SHA1
973da203f4f67ac3d88c24663cf14a5e8aaaef60

SHA256
51e746966431db7fdd54c126456789fe46b085189dd9ddc2bddbd53e6cc5e14c

SHA512
74cbff1f3a4ebc14a53dd2e44b9a81340f7e575fb55425a62ca20e16a9e154b512e8f46f7e9371e8f17f9782ae4043a54c8b7d43adef1f39385855f0ad9f10af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
defd2fc6bc9d72d892cd9a5b1e2b8d2b

SHA1
916a9962610970afdde9795df4e5c85fbdabcbff

SHA256
483bff16e5d0285bd7ed7af5bb35c2482c0e8ee74176c5a16eeedbdfd04e5d21

SHA512
e755452563b35e15ed7089e01371608eed9bf6ad232be1136d71fb2d4b95e7f6c6b195b8155f4e62eddce26b70060b8ff4c0993b2f147c1d1ba790d7e616b758

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4ba3cb2eb4ce9b5a3bb37d7f85ef82d9

SHA1
7a37f6f4e1cfce1f915f42100f55bb1d0f2f667f

SHA256
d4d08a637faec4e378f85ccc237796a0f9c75f51f45f2dca7a69dd5802d4dfcf

SHA512
1aaa8027e5d22487dc5268cda8a7562ea97dd1afb9fe6e2686984892bf06d505c4af1c449740089a01708faff9e14e103c71fd7976ec064c571a8e7cdb33b640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
19d24a34cb748b54fc4796d843a96f34

SHA1
d1d2edf5d02035aac0369f59e5003610b971b11d

SHA256
0179c55b61befe09543c6e6927bbc0d22ffc6fbf2587105afc81811cc688e7d4

SHA512
8788b47fc88fad29ae7b95fd866f78de043b0b353d6f040d33a80717403624105298c648208bd88d8c0abc4e3e5c998572c545af0dfeb96e36d12530cf0cfdcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
d566238b9685b8018080a7bb2ca32a19

SHA1
a522e4f259c39938e543271fe32eb901c38ef0f3

SHA256
1974bf751dfffb06b4347da3c279a11eea507a54cae14d4657daacf18ecc7fb6

SHA512
4feb510ae46f7c93e1e60a8968471271e8b227682f0eaab88569ed6e228dd3c30943b2cae9b76ba9490e520d097645064b8e02fbd5d1e22af5e7b616c0dc9241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\release.rar.crdownload

Filesize
11.6MB

MD5
a00f6a3ae47a253b051861ae5558ff0c

SHA1
0092974c6a6035fd549d76a16d95cff589e4afdc

SHA256
677f95b513c0e4a65806e8beaa86bd8133ea10702c1043311e910e6cdcf83495

SHA512
61ebd619af60833fd317501345b8144dfe33bdefde017d909705c90089d2d761940acdffa38e24aa9bd2ca610ce53bc0fcfb613a3d6b845ebea3ba1effae4122

Download Submit