Overview
overview
10Static
static
101acfdefd7d...c4.exe
windows7-x64
101acfdefd7d...c4.exe
windows10-2004-x64
1020de026bf4...60.exe
windows7-x64
1020de026bf4...60.exe
windows10-2004-x64
10353b1a5ced...52.exe
windows7-x64
10353b1a5ced...52.exe
windows10-2004-x64
1037a4514026...30.exe
windows7-x64
1037a4514026...30.exe
windows10-2004-x64
1060121ea2ab...3e.exe
windows7-x64
1060121ea2ab...3e.exe
windows10-2004-x64
96ac062d21f...22.exe
windows7-x64
106ac062d21f...22.exe
windows10-2004-x64
76db9f96b1c...da.exe
windows7-x64
106db9f96b1c...da.exe
windows10-2004-x64
1071f510c40f...cf.exe
windows7-x64
1071f510c40f...cf.exe
windows10-2004-x64
1074e40db78f...83.exe
windows7-x64
1074e40db78f...83.exe
windows10-2004-x64
108245c3b357...fe.exe
windows7-x64
108245c3b357...fe.exe
windows10-2004-x64
1099829d5483...fd.exe
windows7-x64
799829d5483...fd.exe
windows10-2004-x64
79d07b89cd6...7e.exe
windows7-x64
109d07b89cd6...7e.exe
windows10-2004-x64
10b8665cf00d...53.exe
windows7-x64
10b8665cf00d...53.exe
windows10-2004-x64
10ce7606cfdf...c3.exe
windows7-x64
10ce7606cfdf...c3.exe
windows10-2004-x64
10da4a56f9db...1a.exe
windows7-x64
10da4a56f9db...1a.exe
windows10-2004-x64
10f1ee32e471...c2.exe
windows7-x64
10f1ee32e471...c2.exe
windows10-2004-x64
10General
-
Target
4d75581c954c918a546ab2c8b2c6eba6_JaffaCakes118
-
Size
1.9MB
-
Sample
240516-22746sdb7s
-
MD5
4d75581c954c918a546ab2c8b2c6eba6
-
SHA1
98f03205c26eeea5ecca2d4cf19d53bbfb4c79c4
-
SHA256
edf98c8d92926d258cf70c2348ab4c68d31b377cd273b0686f12e3545089030b
-
SHA512
2d9311355319b84cf04dffee6e9d29f6fd308d397eb5da5c2de4511cd02df9166dd7dfc59eb71bf03b8d27939158aee60f0c7e9441b83a7a916d1a5a05b631fa
-
SSDEEP
49152:kOGFuSYku/CreuhEk3l5N52D4U7Q9XUedCLZAx4xeb:k9xbr13lj+Ux4Ab
Behavioral task
behavioral1
Sample
1acfdefd7d823688159e6369f5f32ec4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1acfdefd7d823688159e6369f5f32ec4.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
20de026bf4998364c894a00f7a97df60.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
20de026bf4998364c894a00f7a97df60.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
353b1a5ced1e9c3341cf45160576b852.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
353b1a5ced1e9c3341cf45160576b852.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
37a4514026f67eeebd5a8f6786a92e30.exe
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
37a4514026f67eeebd5a8f6786a92e30.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
60121ea2ab380455f7e143cd9438443e.exe
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
60121ea2ab380455f7e143cd9438443e.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
6ac062d21f08f139d9f3d1e335e72e22.exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
6ac062d21f08f139d9f3d1e335e72e22.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
6db9f96b1c56bcb56bc88904683465da.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
6db9f96b1c56bcb56bc88904683465da.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
71f510c40fe511bbc6296101698124cf.exe
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
71f510c40fe511bbc6296101698124cf.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
74e40db78ff482c904336c92e5702683.exe
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
74e40db78ff482c904336c92e5702683.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
8245c3b357c4dfcce7e058464c58c5fe.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
8245c3b357c4dfcce7e058464c58c5fe.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
99829d5483ef57c05af928322bd5d6fd.exe
Resource
win7-20231129-en
Behavioral task
behavioral22
Sample
99829d5483ef57c05af928322bd5d6fd.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
9d07b89cd606bf2379ecc25fd4a4667e.exe
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
9d07b89cd606bf2379ecc25fd4a4667e.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
b8665cf00d32352ee83ceb189595a753.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
b8665cf00d32352ee83ceb189595a753.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
ce7606cfdfc05f9d4b336df2c78a46c3.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
ce7606cfdfc05f9d4b336df2c78a46c3.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral29
Sample
da4a56f9db3ccef32e88ad2e5c616a1a.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
da4a56f9db3ccef32e88ad2e5c616a1a.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
f1ee32e471a4581b7274c00459397cc2.exe
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
f1ee32e471a4581b7274c00459397cc2.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
C:\PerfLogs\# How to Decrypt Files-EE7LY.html
Extracted
C:\PerfLogs\# How to Decrypt Files-P2IW9.html
Extracted
C:\PerfLogs\# How to Decrypt Files.html
Extracted
C:\Users\Admin\3D Objects\# How to Decrypt Files.html
Extracted
C:\PerfLogs\# How to Decrypt Files-BGOZ7.html
Extracted
C:\Users\Admin\3D Objects\# How to Decrypt Files-YKTRY.html
Extracted
C:\PerfLogs\# How to Decrypt Files-ZTF3Z.html
Extracted
C:\PerfLogs\# How to Decrypt Files-CLHUM.html
Extracted
tofsee
43.231.4.7
lazystax.ru
Extracted
C:\Users\Admin\3D Objects\# How to Decrypt Files-EZMXI.html
Targets
-
-
Target
1acfdefd7d823688159e6369f5f32ec4.vir
-
Size
197KB
-
MD5
1acfdefd7d823688159e6369f5f32ec4
-
SHA1
12431515b0bed686a64f27f536644c0d7b8415a8
-
SHA256
a33dab6d7adb83691bd14c88d7ef47fa0e5417fec691c874e5dd3918f7629215
-
SHA512
58fdde7a44db2f789bc28beae582c49a3708b5df5f147f2f3ceebf0ae1e6003ebf68738af3d1708bfd59dc23c7e4938cb1b0495b91a8b8910b96a9db250bb3d1
-
SSDEEP
3072:71Vr386ETFhDhJ6jOhrPOwMeEaUZ66loC1bI6RCXFt8NtNEi+OZhgahY:71Vr3iHbPOwMek66lo9t8NtNEi+OZNh
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
20de026bf4998364c894a00f7a97df60.vir
-
Size
99KB
-
MD5
20de026bf4998364c894a00f7a97df60
-
SHA1
9db4857e4894082aa77c5f5b82009f2028f8fc51
-
SHA256
7f8cb81aabb63a3bb8806b9c055582bec59ef104362316dc164dd686128b9246
-
SHA512
10894d234217ba24391d5de14e40908cfb13ae367e943b34fafad9c6bd5caa937501f1db04ee43127171d40d7d185fa09cf3de8f765b89aa706272ee6c0596dc
-
SSDEEP
1536:R33ZAoU8Ed7fzXfQFlj8+6a+Vpvy/eKaO/VChHWNvw0+pDi8P19Exk:hZ3EZf6A+6a+Vpvy/ead22KHDDPEa
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
-
-
Target
353b1a5ced1e9c3341cf45160576b852.vir
-
Size
90KB
-
MD5
353b1a5ced1e9c3341cf45160576b852
-
SHA1
c86dfcef3b348d59391d8e4a724b6328a4cc97ea
-
SHA256
cae152c9d91c26c1b052c82642670dfb343ce00004fe0ca5d9ebb4560c64703b
-
SHA512
92329753aa2158cce3bd662bf31674022ba29eb19a880be26531966068a6808789f034dc1358fcb10d815570940b2c13d40f4f7c2bbb26e27bbf550db1d234fc
-
SSDEEP
1536:oMv7odcxk1p242SAlFkJ2M8xR5AnbFDPWrRBHoiVUhsoEjqZ4S5sgUgb6XY8r88W:dtI52SAlF82M82EFVdVUhsoEjqZ4S+OD
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
37a4514026f67eeebd5a8f6786a92e30.vir
-
Size
90KB
-
MD5
37a4514026f67eeebd5a8f6786a92e30
-
SHA1
937d554ef099cf95ed6004a677998c8dba0a1d98
-
SHA256
6c4a1f74de712ee096140aba680c37ed6b7cce8c412f1e2defaee84a556c163a
-
SHA512
66373fc7ffc0a3b1b6aa147523aeb18ecf04a768ee3791a13e3b0e9dfa7fb261284b748adfeeccaf8cbdb275d61cf56e8c9696c1ca0428fac487ca734f07af61
-
SSDEEP
1536:fMv7odcxk1p242SAlFkJ2M8LROAnbFLPWrRBdo7VUhsoEjqZ4S5sgUgb6XY8r884:gtI52SAlF82M8RAFz0VUhsoEjqZ4S+Od
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
60121ea2ab380455f7e143cd9438443e.vir
-
Size
98KB
-
MD5
60121ea2ab380455f7e143cd9438443e
-
SHA1
091fd74c5caebd9f53c34781ad6b0241883fe698
-
SHA256
b8f7c90cd170ba8c79c472997c17509e2d241a54a9cef7efea4dac23b043afe8
-
SHA512
3f42a0756999d6441721f8d4663c8af677c895c4e11ddff25d7a1216b3b4a015b7d3763c0e06f616f73eb5e9df3b42e07baf8d5ec910632f3e275c8d2fd388e6
-
SSDEEP
1536:AnTUL9I230W6mN+ZGCHMNzKR1iFAGGR10p67LsJmFMbchiRO1mbF8VrdCKcl:skC2++p6/PMbcskdhY
Score10/10-
Clears Windows event logs
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-
-
-
Target
6ac062d21f08f139d9f3d1e335e72e22.vir
-
Size
98KB
-
MD5
6ac062d21f08f139d9f3d1e335e72e22
-
SHA1
9e967a759e894a83c4b693e81c031d7214a8e699
-
SHA256
564154a2e3647318ca40a5ffa68d06b1bd40b606cae1d15985e3d15097b512cd
-
SHA512
0a02068f6e22a41f4037d01882e32fc7bacf515818cf4f721960b987393da6b1d32ff4aa1b5fa73d546908cb85ded211061b37f4731ed643b8182909008a6892
-
SSDEEP
1536:0bPX/gJxDFgu02gM+LXbtQ5IxWwbglROAnbFmYVKCKclF:0cxz1gxXSNwbYcYVKhYF
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
-
-
Target
6db9f96b1c56bcb56bc88904683465da.vir
-
Size
87KB
-
MD5
6db9f96b1c56bcb56bc88904683465da
-
SHA1
dd832f01d83be81a1d3afe8344fe0d0f9c02ae76
-
SHA256
047de76c965b9cf4a8671185d889438e4b6150326802e87470d20a3390aad304
-
SHA512
8deac0c28648d9d5a018cdb3a68e889214df6599f327a09f5d30f5d3d78a8cacbff6c37d6048e6fb362c028c6310c848fb08a1917387bc1960b4ee0f368052d5
-
SSDEEP
1536:onTG2LbwZSWG/Ib9hrsg/KNj1zmymisF6PSovbFyxjRB2GuxaOzD4DuypgWRxmY:on11Ab9hogydlmyEAnvb6Y85pg8o
Score10/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
71f510c40fe511bbc6296101698124cf.vir
-
Size
85KB
-
MD5
71f510c40fe511bbc6296101698124cf
-
SHA1
e9e13458cff0f31263d802b1b31fc0630aef35fa
-
SHA256
61396539d9392ae08b2c9836dd19a58efb541cf0381ea6fef28637aae63084ed
-
SHA512
6ad376423ddc083b002d8b712637834eb671ecce59dda81e8230fee6b97c6f7e2ab2da66cdfc3313619bfa7aa337d861362e8004976f5509579a3a538511f6a5
-
SSDEEP
1536:8061QgflMyFL1yxvBW65jddjG3PbzztFRO1nbFDFQtqCKcl:806QKlJE0qdgPbzzMgtqhY
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
74e40db78ff482c904336c92e5702683.vir
-
Size
92KB
-
MD5
74e40db78ff482c904336c92e5702683
-
SHA1
f658ff3be7916158ac27ded4a9e15586c794a7fc
-
SHA256
42be9bd6089404ffe72b9f728a9e01902e87844215735e71e62207ea9939875a
-
SHA512
7d73191a4294ab6a23ba405f760aba3ba04f9085b2a1565135b07446d402eec83e729c3620bd56c42e07fc568acadfa2d4076460396038affc71c98944d94a70
-
SSDEEP
1536:Eu9ZnfCDXBTambyG5WzWwbBIRBxnbFswTWGKcl:EwCDxH9wbUhW1Y
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
8245c3b357c4dfcce7e058464c58c5fe.vir
-
Size
99KB
-
MD5
8245c3b357c4dfcce7e058464c58c5fe
-
SHA1
82c5f666ac6e8ef1f886c058d3761c50d9b90567
-
SHA256
d5f21ec21489e4ec2809672b6981fb9b21dca30952fb1ed18a0907b54912aa9e
-
SHA512
f489655ee4cbc5f16ce0d1ba2dda8ad9fd58ff8d0f48631a44d8a6f07d8988995026cc455107a17ad34230eb3dd8f1fd4c1450e45573d51f4304311aba027c6b
-
SSDEEP
1536:RWpoiWXY7wb9Zn6jhKV53LuHxp4mmkrkrTpwJx2FrNSjlxVgpo:4dWxj6AV53Lu0mmkrCwR9
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
-
-
Target
99829d5483ef57c05af928322bd5d6fd.vir
-
Size
106KB
-
MD5
99829d5483ef57c05af928322bd5d6fd
-
SHA1
345692e03227cc66634b6ad401dd11b7fcf243ed
-
SHA256
d316611df4b9b68d71a04ca517dbd94615a77a87f7a8c270d100ef9729a4e122
-
SHA512
293c2f47f1e10c2cf014e38b18acdb5ddb8c7781c8bdc0eb0060518e58d312030e72d89357b7d8b4bca1ddac7fd22e68268c8e41a2e2b758525e715e10db724d
-
SSDEEP
1536:8Egk+8Ot8UrBFFJW7pBcJN/LRdasLLZD5O3IbjiLRB2guxaOXu/4D0UgWRxmY:8E7+84nFA7KN/3j3fbjekO8Xg8o
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
-
-
Target
9d07b89cd606bf2379ecc25fd4a4667e.vir
-
Size
96KB
-
MD5
9d07b89cd606bf2379ecc25fd4a4667e
-
SHA1
24683738ef9c5d7cff30c17ec6df6575a62859d7
-
SHA256
7260452e6bd05725074ba92b9dc8734aec12bbf4bbaacd43eea9c8bbe591be27
-
SHA512
6cd84cfa1b43cf32035ea31cef4e42222f9c72fa9a0a3806f08beaa166cbd1cf7fa883cabc136d4831c7e57588a753570e1112d55888ff7fd05d1d852b0b82cd
-
SSDEEP
1536:5B6sO7n0oShAiUIauVEe/DbplvRB2GuxaOLcb1AWRxmY:55oB0LAuVzDbpnCcBA8o
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
b8665cf00d32352ee83ceb189595a753.vir
-
Size
91KB
-
MD5
b8665cf00d32352ee83ceb189595a753
-
SHA1
669605b2968e3eca80c9366f973dc589057227e5
-
SHA256
7e0ee0e707db426eaf25bd0924631db969bb03dd9b13addffbcc33311a3b9aa7
-
SHA512
de6ec58e018a8db2538c0e5ae3942ea3ec370a9724e2f734e5c3898d8867213f25116a7793309e87c04548d1180aeb7d57bda37c0d60c4f3d2fa390e509f1a28
-
SSDEEP
1536:AbPX/gJxDFgu02gM+LXbtQ5IxWwbglROAnbFmYVKCKcl:Acxz1gxXSNwbYcYVKhY
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
ce7606cfdfc05f9d4b336df2c78a46c3.vir
-
Size
96KB
-
MD5
ce7606cfdfc05f9d4b336df2c78a46c3
-
SHA1
5ed4b6bd93f026000aa05b373c1580c7290714b8
-
SHA256
2b2607c435b76bca395e4ef4e2a1cae13fe0f56cabfc54ee3327a402c4ee6d6f
-
SHA512
079a0cf08cb1531a287b752801288680ddfc7714df28f3db553b72405ac4f62dbcc68d9ec1e36ef236c78fea6fcec1fac98ea879e90d1b5098ee8d7fcf6870cb
-
SSDEEP
1536:ckhkYEtQf2tQIlzXD2y4aeS+koDbbVpRB2GuxaOTLZAWRxmY:56Eyvx4LSIDbVEA8o
Score10/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
da4a56f9db3ccef32e88ad2e5c616a1a.vir
-
Size
99KB
-
MD5
da4a56f9db3ccef32e88ad2e5c616a1a
-
SHA1
8a6379a31a9d80614fbcb05dbbc454aec169b114
-
SHA256
00a857cd58005ee7f9aaa14d28852b66e833375bc18f7329f955a36d271ebdee
-
SHA512
2d61ebb6c2c4ef87ac9bcab3558179b58ecf2e24011841876f55765023069eb48055e5b52d007bb681658a7fcc669b24bebe31a5bf91e42366f265ae1e6bead2
-
SSDEEP
1536:RDCxOjokD33SiCTjvEmalf++kz2u3IT7lX6Z+Hnsi73nC:p4CdDSi+Emj+vusNsi73nC
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
-
-
Target
f1ee32e471a4581b7274c00459397cc2.vir
-
Size
106KB
-
MD5
f1ee32e471a4581b7274c00459397cc2
-
SHA1
3edaac2012d7582682df588f63bf78c222b7f348
-
SHA256
469f89209d7d8cc0188654e3734fba13766b6d9723028b4d9a8523100642a28a
-
SHA512
e519ab8a24677324f671339a29d2cb56a4be633cb72633f2cf16a395844ce54d51e2d649a01d0a7911c4190fbdb90b645e36278abd380af864d4cc6e6d470465
-
SSDEEP
1536:0xTC2tbOdlQYfvaBy9w0mpOjv5pdj8Qy6woTZbIXapROAnbF+KCKcl:MTC2tUl/fv9mBMRpdjTdbIiIKhY
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
System Services
3Service Execution
3Windows Management Instrumentation
2Persistence
Create or Modify System Process
6Windows Service
6Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Privilege Escalation
Create or Modify System Process
6Windows Service
6Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Defense Evasion
Impair Defenses
5Disable or Modify Tools
2Disable or Modify System Firewall
3Modify Registry
7Indicator Removal
3File Deletion
2