{"id":79170,"date":"2017-10-31T06:00:27","date_gmt":"2017-10-31T13:00:27","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=79170"},"modified":"2025-06-01T20:22:17","modified_gmt":"2025-06-02T03:22:17","slug":"expiro-infects-encrypts-files-to-complicate-repair","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/","title":{"rendered":"Expiro Malware Is Back and Even Harder to Remove"},"content":{"rendered":"

File infector malware adds malicious code to current files. This makes removal tricky because deleting infections results in the loss of legitimate files. Although file infectors were more popular in the 1990s and early 2000s, they still pose a significant threat. The complex disinfection process is usually leveraged by malware authors to ensure systems stay infected for a long period. This may explain why complex file infectors such as W32\/VirRansom, W32\/Sality, W32\/Xpaj, and Expiro are still active today.<\/p>\n

The Expiro virus is has been around for more than a decade, and the authors continue to update it with more features. Expiro is unique in that it infiltrates executable files on both 32- and 64-bit Windows systems by appending its viral code to the host. It can be used to install malicious browser extensions, lower browser security settings, and steal account credentials.<\/p>\n

Recently we discovered a new variant of Expiro with a significant change in its infection routine. In previous variants, Expiro modified and stole code at the entry point and appended the viral payload only at the end of the original file, typical of an appender virus.<\/p>\n

The new variant, however, changes the size of the base relocation table and encrypts the addresses inside, causing traditional appender virus repair routines to corrupt files unless they correctly restore the original base relocation table. By adding the encryption, Expiro increases the complexity of analysis and requires a customized repair routine, which makes it hard to combat.<\/p>\n

The following screenshots demonstrate this point: The base relocation table of a file infected by the old variant of Expiro is unaffected and the contents are untouched.<\/p>\n

\"\"<\/a>Figure 1: The relocation table remains intact when infected by the old Expiro variant.<\/em><\/p>\n

\"\"<\/a><\/p>\n

Figure 2: The relocation table contents are not modified by the old Expiro variant.<\/em><\/p>\n

The new variant reduces the size of the base relocation table and encrypts portions of it (outlined in red).<\/p>\n

\"\"<\/a><\/p>\n

Figure 3: The latest Expiro variant reduces the size of the relocation table.<\/em><\/p>\n

\"\"<\/a><\/p>\n

Figure 4: The relocation table encrypted by the latest Expiro variant.<\/em><\/p>\n

To fix relocations prior to the execution of the original file\u2019s code, the Expiro virus first executes its own malicious payload. It then decrypts the relocation table and dynamically reloads all addresses to make sure the original file can run correctly.<\/p>\n

Decryption involves a simple XOR operation with a key hardcoded within the sample.<\/p>\n

\"\"<\/a><\/p>\n

Figure 5: Relocation table being decrypted using a hardcoded XOR key.<\/em><\/p>\n

After the decryption, the rest of original base relocation table is recovered.<\/p>\n

\"\"<\/a><\/p>\n

Figure 6: The EDI register now contains decrypted relocation data.<\/em><\/p>\n

In recovery step 2, Expiro computes the address that contains the relocation address using the formula Relocation_Address = NewImageBase + Offset + VirtualAddress.<\/p>\n

\"\"<\/a><\/p>\n

Figure 7: Calculation of the address to be relocated in Expiro\u2019s code.<\/em><\/p>\n

As we see in the following screenshot, the formula leads to Relocation_Address = 0x950000 + 0x354 + 0x1000, so the address in 0x951354 should be relocated (stored in eax).<\/p>\n

\"\"<\/a><\/p>\n

Figure 8: Relocation address being calculated.<\/em><\/p>\n

In recovery step 3, Expiro computes the relocation value using the formula Relocation_Value = OldValue + (NewImageBase \u2013 OldImagebase).<\/p>\n

\"\"<\/a><\/p>\n

Figure 9: Relocation value being computed by Expiro.<\/em><\/p>\n

In this case, the formula is Relocation _Value = 0x01001354 + (0x00950000 \u2013 0x01000000), so the relocation value is 0x00951354.<\/p>\n

\"\"<\/a><\/p>\n

Figure 10: Expiro performing relocations on its own.<\/em><\/p>\n

Using this technique, we can decrypt and repair the entire relocation table of the files infected by Expiro. This also helps us to calculate and replace the relocation table size in an executable\u2019s optional header with the correct values. These changes ensure the infected files can run properly after removing the malicious payload.<\/p>\n

 <\/p>\n

McAfee products detect Expiro as W32\/Expiro.gen.rd and W64\/Expiro.d and repair infected files from DAT Version 8665. Users can find additional information at this McAfee Labs Threat Advisory<\/a>.<\/p>\n

SHA-256 hash<\/strong><\/h2>\n
    \n
  • f15b8fc3ca117ab38e3074adc6208666b2189259e447db8202ef85b9bbfc4537<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

    File infector malware adds malicious code to current files. This makes removal tricky because deleting infections results in the loss…<\/p>\n","protected":false},"author":930,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[4452,338,180],"coauthors":[5136],"class_list":["post-79170","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-cybersecurity","tag-endpoint-protection","tag-malware"],"acf":[],"yoast_head":"\nExpiro Infects, Encrypts Files to Complicate Repair<\/title>\n<meta name=\"description\" content=\"The Expiro virus is has been around for more than a decade, and the authors continue to update it with more features.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Expiro Infects, Encrypts Files to Complicate Repair\" \/>\n<meta property=\"og:description\" content=\"The Expiro virus is has been around for more than a decade, and the authors continue to update it with more features.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-10-31T13:00:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-02T03:22:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171030-Expiro-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1336\" \/>\n\t<meta property=\"og:image:height\" content=\"841\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Xiaobing Lin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiaobing Lin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/\"},\"author\":{\"name\":\"Xiaobing Lin\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c37fe7abb0d82dac55d844171aaa775c\"},\"headline\":\"Expiro Malware Is Back and Even Harder to Remove\",\"datePublished\":\"2017-10-31T13:00:27+00:00\",\"dateModified\":\"2025-06-02T03:22:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/\"},\"wordCount\":648,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171030-Expiro-1.png\",\"keywords\":[\"cybersecurity\",\"endpoint protection\",\"malware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/\",\"name\":\"Expiro Infects, Encrypts Files to Complicate Repair\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171030-Expiro-1.png\",\"datePublished\":\"2017-10-31T13:00:27+00:00\",\"dateModified\":\"2025-06-02T03:22:17+00:00\",\"description\":\"The Expiro virus is has been around for more than a decade, and the authors continue to update it with more features.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171030-Expiro-1.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171030-Expiro-1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Expiro Malware Is Back and Even Harder to Remove\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c37fe7abb0d82dac55d844171aaa775c\",\"name\":\"Xiaobing Lin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/3b3a6813ef4a423e0b8050d103d27260\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/72bbcc4a74b07e10e4a1db775bbe4b33?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/72bbcc4a74b07e10e4a1db775bbe4b33?s=96&d=mm&r=g\",\"caption\":\"Xiaobing Lin\"},\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/xiaobing-lin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Expiro Infects, Encrypts Files to Complicate Repair","description":"The Expiro virus is has been around for more than a decade, and the authors continue to update it with more features.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Expiro Infects, Encrypts Files to Complicate Repair","og_description":"The Expiro virus is has been around for more than a decade, and the authors continue to update it with more features.","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2017-10-31T13:00:27+00:00","article_modified_time":"2025-06-02T03:22:17+00:00","og_image":[{"width":1336,"height":841,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171030-Expiro-1.png","type":"image\/png"}],"author":"Xiaobing Lin","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"Xiaobing Lin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/"},"author":{"name":"Xiaobing Lin","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c37fe7abb0d82dac55d844171aaa775c"},"headline":"Expiro Malware Is Back and Even Harder to Remove","datePublished":"2017-10-31T13:00:27+00:00","dateModified":"2025-06-02T03:22:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/"},"wordCount":648,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171030-Expiro-1.png","keywords":["cybersecurity","endpoint protection","malware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/","name":"Expiro Infects, Encrypts Files to Complicate Repair","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171030-Expiro-1.png","datePublished":"2017-10-31T13:00:27+00:00","dateModified":"2025-06-02T03:22:17+00:00","description":"The Expiro virus is has been around for more than a decade, and the authors continue to update it with more features.","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171030-Expiro-1.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171030-Expiro-1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/expiro-infects-encrypts-files-to-complicate-repair\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Expiro Malware Is Back and Even Harder to Remove"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c37fe7abb0d82dac55d844171aaa775c","name":"Xiaobing Lin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/3b3a6813ef4a423e0b8050d103d27260","url":"https:\/\/secure.gravatar.com\/avatar\/72bbcc4a74b07e10e4a1db775bbe4b33?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/72bbcc4a74b07e10e4a1db775bbe4b33?s=96&d=mm&r=g","caption":"Xiaobing Lin"},"url":"https:\/\/www.mcafee.com\/blogs\/author\/xiaobing-lin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/79170","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/930"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=79170"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/79170\/revisions"}],"predecessor-version":[{"id":214761,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/79170\/revisions\/214761"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=79170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=79170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=79170"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=79170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}