{"id":52360,"date":"2016-09-16T15:35:11","date_gmt":"2016-09-16T22:35:11","guid":{"rendered":"https:\/\/blogs.mcafee.com\/?p=52360"},"modified":"2025-06-02T18:55:43","modified_gmt":"2025-06-03T01:55:43","slug":"locky-ransomware-hides-inside-packed-dll","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/","title":{"rendered":"Locky Ransomware Hides Inside Packed .DLL"},"content":{"rendered":"

McAfee Labs has seen a huge increase in Locky ransomware in recent months (discussed in an earlier blog).<\/a>\u00a0Locky is aggressively distributed via a JavaScript-based downloader sent as an attachment in spam emails. Since its first variant Locky has taken advantage of compromised domains to download its\u00a0malicious executable. Recently it has downloaded a malicious dynamic link library (DLL). By tracking these campaigns, we have noticed that Locky\u2019s authors use a seed parameter (\u201c323\u201d in this variant) from its JavaScript downloader to execute the malicious DLL.<\/p>\n

At first, the file looks like highly obfuscated JavaScript and is tough to understand. The script\u00a0(hash:<\/span> E833713599E6014DFD808DA08BD8A452)\u00a0looks like this:<\/p>\n

\"1\"<\/p>\n

We tried to deobfuscate by modifying the original script a bit. After the deobfuscation, we finally obtained more visible code. For easier\u00a0understanding we have arranged a\u00a0major part of the script in this sequence:<\/p>\n

\"2\"<\/p>\n

In the first four lines of the\u00a0script we can see the URLs of four compromised websites, from which the script tries to download the payload. The\u00a0script will try the next URL if the previous download fails.\u00a0If successful, it downloads the encoded payload, which at first looks like a junk file (hash: 5C5D55C1AEB06CA131EEF5BC19C3C1CD):<\/p>\n

\"3\"<\/p>\n

The decoded routine from the JavaScript decodes the junk file, resulting in a packed DLL. The characteristics of the decoded packed DLL:<\/p>\n

\"4\"<\/p>\n

The packed DLL has an export function “_WinMainExp@16.”<\/p>\n

\"5\"<\/p>\n

While unpacking the DLL we came across following technique for obscuring virtual machines. In this technique the malware author checks the time difference between two API calls, GetProcessHeap () and CloseHandle (). At runtime it takes the address of CloseHandle () API by using LoadLibrary () and GetProcAddress (), as shown below:<\/p>\n

\"11\"<\/p>\n

In general, on a real system, CloseHandle () should be faster to execute than GetProcessHeap (). The author checks the time difference between these two APIs for validating the virtualization. The following code snippet explains:<\/p>\n

\"12\"<\/p>\n

\"13\"<\/p>\n

We unpacked the malicious DLL, which shows the export function “qwerty.”<\/p>\n

\"7\"<\/p>\n

In line number\u00a06\u00a0the\u00a0ExpandEnvironmentStrings () method gets the %TEMP% location to store the downloaded DLL with a random name. The script also verifies the architecture of the machine from lines 11 to 18 by using an if-else statement:<\/p>\n

\"8\"<\/p>\n

According to the architecture of the machine, the script will run the DLL using Rundll32.exe. In line 22 we can see the process to run the DLL:<\/p>\n

\"9\"<\/p>\n

The malware author uses the seed parameter to bypass execution in a sandbox. If the DLL is executed with the proper export function name (\u201cqwerty\u201d for this variant) and the required parameter (hardcoded \u201c323\u201d for this variant), only then will the DLL behave maliciously. Thus the\u00a0author is verifying the DLL is executed by the malicious parent JavaScript file. If parameters other than those\u00a0expected are passed, then the DLL will do nothing malicious and traditional sandboxes will fail to execute the DLL.<\/p>\n

We can see the hardcoded parameter \u201c323\u201d in the following snippet:<\/p>\n

\"10\"<\/p>\n

 <\/p>\n

\"14\"<\/p>\n

McAfee’s Advice<\/h2>\n

]McAfee advises users to keep their antimalware signatures up to date at all times. McAfee products detect this malicious JavaScript, encoded payload, and packed DLL as JS\/Nemucod, Ransomware-Locky.d!enc, and Ransomware-FRO![Partial Hash], respectively, with DAT Versions 8270 and later.<\/p>\n

This post was prepared with the invaluable assistance of Girish Kulkarni and G N Sivagnanam.<\/em><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

McAfee Labs has seen a huge increase in Locky ransomware in recent months (discussed in an earlier blog).\u00a0Locky is aggressively…<\/p>\n","protected":false},"author":674,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1814,76,338,180,4549],"coauthors":[3973],"class_list":["post-52360","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-computer-security","tag-cybercrime","tag-endpoint-protection","tag-malware","tag-ransomware"],"acf":[],"yoast_head":"\nLocky Ransomware Hides Inside Packed .DLL | McAfee Blog<\/title>\n<meta name=\"description\" content=\"McAfee Labs has seen a huge increase in Locky ransomware in recent months (discussed in an earlier blog).\u00a0Locky is aggressively distributed via a\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Locky Ransomware Hides Inside Packed .DLL | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"McAfee Labs has seen a huge increase in Locky ransomware in recent months (discussed in an earlier blog).\u00a0Locky is aggressively distributed via a\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-09-16T22:35:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-03T01:55:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/1-7.png\" \/>\n\t<meta property=\"og:image:width\" content=\"894\" \/>\n\t<meta property=\"og:image:height\" content=\"330\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"McAfee\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/\"},\"author\":{\"name\":\"McAfee\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\"},\"headline\":\"Locky Ransomware Hides Inside Packed .DLL\",\"datePublished\":\"2016-09-16T22:35:11+00:00\",\"dateModified\":\"2025-06-03T01:55:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/\"},\"wordCount\":557,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/1-7.png\",\"keywords\":[\"computer security\",\"cybercrime\",\"endpoint protection\",\"malware\",\"ransomware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/\",\"name\":\"Locky Ransomware Hides Inside Packed .DLL | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/1-7.png\",\"datePublished\":\"2016-09-16T22:35:11+00:00\",\"dateModified\":\"2025-06-03T01:55:43+00:00\",\"description\":\"McAfee Labs has seen a huge increase in Locky ransomware in recent months (discussed in an earlier blog).\u00a0Locky is aggressively distributed via a\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/1-7.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/1-7.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Locky Ransomware Hides Inside Packed .DLL\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\",\"name\":\"McAfee\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"caption\":\"McAfee\"},\"description\":\"We're here to make life online safe and enjoyable for everyone.\",\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/x.com\/McAfee\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Locky Ransomware Hides Inside Packed .DLL | McAfee Blog","description":"McAfee Labs has seen a huge increase in Locky ransomware in recent months (discussed in an earlier blog).\u00a0Locky is aggressively distributed via a","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Locky Ransomware Hides Inside Packed .DLL | McAfee Blog","og_description":"McAfee Labs has seen a huge increase in Locky ransomware in recent months (discussed in an earlier blog).\u00a0Locky is aggressively distributed via a","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2016-09-16T22:35:11+00:00","article_modified_time":"2025-06-03T01:55:43+00:00","og_image":[{"width":894,"height":330,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/1-7.png","type":"image\/png"}],"author":"McAfee","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/"},"author":{"name":"McAfee","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa"},"headline":"Locky Ransomware Hides Inside Packed .DLL","datePublished":"2016-09-16T22:35:11+00:00","dateModified":"2025-06-03T01:55:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/"},"wordCount":557,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/1-7.png","keywords":["computer security","cybercrime","endpoint protection","malware","ransomware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/","name":"Locky Ransomware Hides Inside Packed .DLL | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/1-7.png","datePublished":"2016-09-16T22:35:11+00:00","dateModified":"2025-06-03T01:55:43+00:00","description":"McAfee Labs has seen a huge increase in Locky ransomware in recent months (discussed in an earlier blog).\u00a0Locky is aggressively distributed via a","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/1-7.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/1-7.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/locky-ransomware-hides-inside-packed-dll\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Locky Ransomware Hides Inside Packed .DLL"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa","name":"McAfee","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","caption":"McAfee"},"description":"We're here to make life online safe and enjoyable for everyone.","sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/x.com\/McAfee"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/52360","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/674"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=52360"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/52360\/revisions"}],"predecessor-version":[{"id":214920,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/52360\/revisions\/214920"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=52360"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=52360"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=52360"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=52360"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}