Skip to content

Instantly share code, notes, and snippets.

@josehelps

josehelps/loldriver_lql_gen.py

Created August 14, 2023 23:39
Show Gist options
  • Save josehelps/f4b66f38f681b25d5cb3e9f2826d55be to your computer and use it in GitHub Desktop.
Save josehelps/f4b66f38f681b25d5cb3e9f2826d55be to your computer and use it in GitHub Desktop.
Download ZIP
generates lql policy from loldriver malicious hashes
Raw
loldriver_lql_gen.py
import requests
import textwrap
def fetch_hashes(url):
response = requests.get(url)
if response.status_code != 200:
print("Error fetching data.")
return None
return response.text.strip().split("\n")
def generate_lql(hashes):
hashes_condition = "\n OR ".join(f"files.FILEDATA_HASH = '{hash_}'" for hash_ in hashes)
query = textwrap.dedent(f"""\
queryId: LOLDriver_Malicious_Hashes
queryText: |-
{{
source {{
LW_HE_FILES files
}}
filter {{
{hashes_condition}
}}
return distinct {{
files.FILEDATA_HASH,
files.FILE_ACCESSED_TIME,
files.FILE_CREATED_TIME,
files.FILE_MODIFIED_TIME,
files.FILE_NAME,
files.FILE_PERMISSIONS,
files.FILE_TYPE,
files.HARD_LINK_COUNT,
files.LINK_ABS_DEST_PATH,
files.LINK_DEST_PATH,
files.MID,
files.OWNER_GID,
files.OWNER_UID,
files.OWNER_USERNAME,
files.PATH,
files.RECORD_CREATED_TIME,
files.SIZE
}}
}}""")
with open('LOLDriver_Malicious_Hashes.yaml', 'w') as file:
file.write(query)
print("Query saved to 'LOLDriver_Malicious_Hashes.yaml'.")
url = 'https://raw.githubusercontent.com/magicsword-io/LOLDrivers/main/detections/hashes/samples_malicious.sha256'
hashes = fetch_hashes(url)
if hashes:
generate_lql(hashes)
@josehelps
Copy link
Author

Run lacework query run --start "-120d@d" --end "@h" -f LOLDriver_Malicious_Hashes.yaml

Generated LQL policy:

queryId: LOLDriver_Malicious_Hashes
queryText: |-
    {
        source {
            LW_HE_FILES files
        }
        filter {
            files.FILEDATA_HASH = 'f936ec4c8164cbd31add659b61c16cb3a717eac90e74d89c47afb96b60120280'
        OR files.FILEDATA_HASH = 'c8ae217860f793fce3ad0239d7b357dba562824dd7177c9d723ca4d4a7f99a12'
        OR files.FILEDATA_HASH = '7662187c236003308a7951c2f49c0768636c492f8935292d02f69e59b01d236d'
        OR files.FILEDATA_HASH = '9b1b15a3aacb0e786a608726c3abfc94968915cedcbd239ddf903c4a54bfcf0c'
        OR files.FILEDATA_HASH = 'e858de280bd72d7538386a73e579580a6d5edba87b66b3671dc180229368be19'
        OR files.FILEDATA_HASH = 'e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d'
        OR files.FILEDATA_HASH = '083a311875173f8c4653e9bbbabb689d14aa86b852e7fa9f5512fc60e0fd2c43'
        OR files.FILEDATA_HASH = 'c4fb31e3f24e40742a1b9855a2d67048fe64b26d8d2dbcec77d2d5deeded2bcc'
        OR files.FILEDATA_HASH = 'b2486f9359c94d7473ad8331b87a9c17ca9ba6e4109fd26ce92dff01969eaa09'
        OR files.FILEDATA_HASH = 'b0b80a11802b4a8ca69c818a03e76e7ef57c2e293de456439401e8e6073f8719'
        OR files.FILEDATA_HASH = 'af7ca247bf229950fb48674b21712761ac650d33f13a4dca44f61c59f4c9ac46'
        OR files.FILEDATA_HASH = 'e7af7bcb86bd6bab1835f610671c3921441965a839673ac34444cf0ce7b2164e'
        OR files.FILEDATA_HASH = '47356707e610cfd0be97595fbe55246b96a69141e1da579e6f662ddda6dc5280'
        OR files.FILEDATA_HASH = 'b34e2d9f3d4ef59cf7af18e17133a6a06509373e69e33c8eecb2e30501d0d9e4'
        OR files.FILEDATA_HASH = '23e89fd30a1c7db37f3ea81b779ce9acf8a4294397cbb54cff350d54afcfd931'
        OR files.FILEDATA_HASH = '60ee78a2b070c830fabb54c6bde0d095dff8fad7f72aa719758b3c41c72c2aa9'
        OR files.FILEDATA_HASH = '2faf95a3405578d0e613c8d88d534aa7233da0a6217ce8475890140ab8fb33c8'
        OR files.FILEDATA_HASH = 'a74e8f94d2c140646a8bb12e3e322c49a97bd1b8a2e4327863d3623f43d65c66'
        OR files.FILEDATA_HASH = '2fd43a749b5040ebfafd7cdbd088e27ef44341d121f313515ebde460bf3aaa21'
        OR files.FILEDATA_HASH = '2ce4f8089b02017cbe86a5f25d6bc69dd8b6f5060c918a64a4123a5f3be1e878'
        OR files.FILEDATA_HASH = '62036cdf3663097534adf3252b921eed06b73c2562655eae36b126c7d3d83266'
        OR files.FILEDATA_HASH = 'f461414a2596555cece5cfee65a3c22648db0082ca211f6238af8230e41b3212'
        OR files.FILEDATA_HASH = '81c7bb39100d358f8286da5e9aa838606c98dfcc263e9a82ed91cd438cb130d1'
        OR files.FILEDATA_HASH = 'ece76b79feafb38ae4371e104b6dcbb4253ff3b2acbe5bd14ce6e47525c24f4a'
        OR files.FILEDATA_HASH = '4734a0a5d88f44a4939b8d812364cab6ca5f611b9b8ceebe27df6c1ed3a6d8a4'
        OR files.FILEDATA_HASH = '4999541c47abd4a7f2a002c180ae8d31c19804ce538b85870b8db53d3652862b'
        OR files.FILEDATA_HASH = 'e8ec06b1fa780f577ff0e8c713e0fd9688a48e0329c8188320f9eb62dfc0667f'
        OR files.FILEDATA_HASH = 'c7bccc6f38403def4690e00a0b31eda05973d82be8953a3379e331658c51b231'
        OR files.FILEDATA_HASH = '9a67626fb468d3f114c23ac73fd8057f43d06393d3eca04da1d6676f89da2d40'
        OR files.FILEDATA_HASH = '822982c568b6f44b610f8dc4ab5d94795c33ae08a6a608050941264975c1ecdb'
        OR files.FILEDATA_HASH = '30061ef383e18e74bb067fbca69544f1a7544e8dc017d4e7633d8379aff4c3c3'
        OR files.FILEDATA_HASH = '5bc3994612624da168750455b363f2964e1861dba4f1c305df01b970ac02a7ae'
        OR files.FILEDATA_HASH = '93aa3066ae831cdf81505e1bc5035227dc0e8f06ebbbb777832a17920c6a02fe'
        OR files.FILEDATA_HASH = '7a84703552ae032a0d1699a081e422ed6c958bbe56d5b41839c8bfa6395bee1d'
        OR files.FILEDATA_HASH = '52d5c35325ce701516f8b04380c9fbdb78ec6bcc13b444f758fdb03d545b0677'
        OR files.FILEDATA_HASH = '469713c76c7a887826611b8c7180209a8bb6250f91d0f1eb84ac4d450ef15870'
        OR files.FILEDATA_HASH = '497a836693be1b330993e2be64f6c71bf290c127faca1c056abd0dc374654830'
        OR files.FILEDATA_HASH = '008fa89822b7a1f91e5843169083202ea580f7b06eb6d5cae091ba844d035f25'
        OR files.FILEDATA_HASH = '139f8412a7c6fdc43dcfbbcdba256ee55654eb36a40f338249d5162a1f69b988'
        OR files.FILEDATA_HASH = '2456a7921fa8ab7b9779e5665e6b42fccc019feb9e49a9a28a33ec0a4bb323c4'
        OR files.FILEDATA_HASH = 'e6f764c3b5580cd1675cbf184938ad5a201a8c096607857869bd7c3399df0d12'
        OR files.FILEDATA_HASH = 'cf9451c9ccc5509b9912965f79c2b95eb89d805b2a186d7521d3a262cf5a7a37'
        OR files.FILEDATA_HASH = 'dfc80e0d468a2c115a902aa332a97e3d279b1fc3d32083e8cf9a4aadf3f54ad1'
        OR files.FILEDATA_HASH = 'd7aa8abdda8a68b8418e86bef50c19ef2f34bc66e7b139e43c2a99ab48c933be'
        OR files.FILEDATA_HASH = '6839fcae985774427c65fe38e773aa96ec451a412caa5354ad9e2b9b54ffe6c1'
        OR files.FILEDATA_HASH = 'c42c1e5c3c04163bf61c3b86b04a5ec7d302af7e254990cef359ac80474299da'
        OR files.FILEDATA_HASH = '06a0ec9a316eb89cb041b1907918e3ad3b03842ec65f004f6fa74d57955573a4'
        OR files.FILEDATA_HASH = '21617210249d2a35016e8ca6bd7a1edda25a12702a2294d56010ee8148637f5a'
        OR files.FILEDATA_HASH = '41ad660820c41fc8b1860b13dc1fea8bc8cb2faceb36ed3e29d40d28079d2b1f'
        OR files.FILEDATA_HASH = '5b932eab6c67f62f097a3249477ac46d80ddccdc52654f8674060b4ddf638e5d'
        OR files.FILEDATA_HASH = '07beac65e28ee124f1da354293a3d6ad7250ed1ce29b8342acfd22252548a5af'
        OR files.FILEDATA_HASH = '7f4555a940ce1156c9bcea9a2a0b801f9a5e44ec9400b61b14a7b1a6404ffdf6'
        OR files.FILEDATA_HASH = '50819a1add4c81c0d53203592d6803f022443440935ff8260ff3b6d5253c0c76'
        OR files.FILEDATA_HASH = '89698cad598a56f9e45efffd15d1841e494a2409cc12279150a03842cd6bb7f3'
        OR files.FILEDATA_HASH = '618b15970671700188f4102e5d0638184e2723e8f57f7e917fa49792daebdadb'
        OR files.FILEDATA_HASH = '6d68d8a71a11458ddf0cbb73c0f145bee46ef29ce03ad7ece6bd6aa9d31db9b7'
        OR files.FILEDATA_HASH = '793b78e70b3ae3bb400c5a8bc4d2d89183f1d7fc70954aed43df7287248b6875'
        OR files.FILEDATA_HASH = '02ebf848fa618eba27065db366b15ee6629d98f551d20612ac38b9f655f37715'
        OR files.FILEDATA_HASH = '85b9d7344bf847349b5d58ebe4d44fd63679a36164505271593ef1076aa163b2'
        OR files.FILEDATA_HASH = '15cf366f7b3ee526db7ce2b5253ffebcbfaa4f33a82b459237c049f854a97c0c'
        OR files.FILEDATA_HASH = 'e6a7b0bc01a627a7d0ffb07faddb3a4dd96b6f5208ac26107bdaeb3ab1ec8217'
        OR files.FILEDATA_HASH = 'c8f9e1ad7b8cce62fba349a00bc168c849d42cfb2ca5b2c6cc4b51d054e0c497'
        OR files.FILEDATA_HASH = '4136f1eb11cc463a858393ea733d5f1c220a3187537626f7f5d63eccf7c5a03f'
        OR files.FILEDATA_HASH = '1d23ab46ad547e7eef409b40756aae9246fbdf545d13946f770643f19c715e80'
        OR files.FILEDATA_HASH = 'fd223833abffa9cd6cc1848d77599673643585925a7ee51259d67c44d361cce8'
        OR files.FILEDATA_HASH = 'f6157e033a12520c73dcedf8e49cd42d103e5874c34d6527bb9de25a5d26e5ad'
        OR files.FILEDATA_HASH = '7a7e8df7173387aec593e4fe2b45520ea3156c5f810d2bb1b2784efd1c922376'
        OR files.FILEDATA_HASH = '4af8192870afe18c77381dfaf8478f8914fa32906812bb53073da284a49ae4c7'
        OR files.FILEDATA_HASH = '6661320f779337b95bbbe1943ee64afb2101c92f92f3d1571c1bf4201c38c724'
        OR files.FILEDATA_HASH = '1485c0ed3e875cbdfc6786a5bd26d18ea9d31727deb8df290a1c00c780419a4e'
        OR files.FILEDATA_HASH = '0aab2deae90717a8876d46d257401d265cf90a5db4c57706e4003c19eee33550'
        OR files.FILEDATA_HASH = '0d676baac43d9e2d05b577d5e0c516fba250391ab0cb11232a4b17fd97a51e35'
        OR files.FILEDATA_HASH = 'deade507504d385d8cae11365a2ac9b5e2773ff9b61624d75ffa882d6bb28952'
        OR files.FILEDATA_HASH = 'f6c316e2385f2694d47e936b0ac4bc9b55e279d530dd5e805f0d963cb47c3c0d'
        OR files.FILEDATA_HASH = '36c65aeb255c06898ffe32e301030e0b74c8bca6fe7be593584b8fdaacd4e475'
        OR files.FILEDATA_HASH = '05b146a48a69dd62a02759487e769bd30d39f16374bc76c86453b4ae59e7ffa4'
        OR files.FILEDATA_HASH = '897f2bbe81fc3b1ae488114b93f3eb0133a85678d061c7a6f718507971f33736'
        OR files.FILEDATA_HASH = '14b89298134696f2fd1b1df0961d36fa6354721ea92498a349dc421e79447925'
        OR files.FILEDATA_HASH = '7824931e55249a501074a258b4f65cd66157ee35672ba17d1c0209f5b0384a28'
        OR files.FILEDATA_HASH = '56066ed07bad3b5c1474e8fae5ee2543d17d7977369b34450bd0775517e3b25c'
        OR files.FILEDATA_HASH = 'af4f42197f5ce2d11993434725c81ecb6f54025110dedf56be8ffc0e775d9895'
        OR files.FILEDATA_HASH = 'b0f1fbadc1d7a77557d3d836f7698bd986a3ec9fc5d534ad3403970f071176f7'
        OR files.FILEDATA_HASH = 'd50cb5f4b28c6c26f17b9d44211e515c3c0cc2c0c4bf24cd8f9ed073238053ad'
        OR files.FILEDATA_HASH = '443c0ba980d4db9213b654a45248fd855855c1cc81d18812cae9d16729ff9a85'
        OR files.FILEDATA_HASH = '0d10c4b2f56364b475b60bd2933273c8b1ed2176353e59e65f968c61e93b7d99'
        OR files.FILEDATA_HASH = '9a42fa1870472c38a56c0a70f62e57a3cdc0f5bc142f3a400d897b85d65800ac'
        OR files.FILEDATA_HASH = 'bcb774b6f6ff504d2db58096601bc5cb419c169bfbeaa3af852417e87d9b2aa0'
        OR files.FILEDATA_HASH = 'b9dad0131c51e2645e761b74a71ebad2bf175645fa9f42a4ab0e6921b83306e3'
        OR files.FILEDATA_HASH = '29d765e29d2f06eb511ee88b2e514c9df1a9020a768ddd3d2278d9045e9cdb4a'
        OR files.FILEDATA_HASH = 'd41e39215c2c1286e4cd3b1dc0948adefb161f22bc3a78756a027d41614ee4ff'
        OR files.FILEDATA_HASH = '6908ebf52eb19c6719a0b508d1e2128f198d10441551cbfb9f4031d382f5229f'
        OR files.FILEDATA_HASH = 'f9f2091fccb289bcf6a945f6b38676ec71dedb32f3674262928ccaf840ca131a'
        OR files.FILEDATA_HASH = '4f02aed3750bc6a924c75e774404f259f721d8f4081ed68aa01cf73ca5430f85'
        OR files.FILEDATA_HASH = 'f8236fc01d4efaa48f032e301be2ebba4036b2cd945982a29046eca03944d2ae'
        OR files.FILEDATA_HASH = '82b7fa34ad07dbf9afa63b2f6ed37973a1b4fe35dee90b3cf5c788c15c9f08f7'
        OR files.FILEDATA_HASH = '087270d57f1626f29ba9c25750ca19838a869b73a1f71af50bdf37d6ff776212'
        OR files.FILEDATA_HASH = '5295080de37d4838e15dec4e3682545033d479d3d9ac28d74747c086559fb968'
        OR files.FILEDATA_HASH = 'a78c9871da09fab21aec9b88a4e880f81ecb1ed0fa941f31cc2f041067e8e972'
        OR files.FILEDATA_HASH = '575e58b62afab094c20c296604dc3b7dd2e1a50f5978d8ee24b7dca028e97316'
        OR files.FILEDATA_HASH = 'fefc070a5f6a9c0415e1c6f44512a33e8d163024174b30a61423d00d1e8f9bf2'
        OR files.FILEDATA_HASH = '1a5c08d40a5e73b9fe63ea5761eaec8f41d916ca3da2acbc4e6e799b06af5524'
        OR files.FILEDATA_HASH = 'd25b5e4d07f594c640dcd93cfc8ab3f0a38348150bd0bfae89f404fbb0d811c6'
        OR files.FILEDATA_HASH = '6994b32e3f3357f4a1d0abe81e8b62dd54e36b17816f2f1a80018584200a1b77'
        OR files.FILEDATA_HASH = 'a1e6b431534258954db07039117b3159e889c6b9e757329bbd4126383c60c778'
        OR files.FILEDATA_HASH = 'a85d3fd59bb492a290552e5124bfe3f9e26a3086d69d42ccc44737b5a66673ec'
        OR files.FILEDATA_HASH = '8dafe5f3d0527b66f6857559e3c81872699003e0f2ffda9202a1b5e29db2002e'
        OR files.FILEDATA_HASH = 'd032001eab6cad4fbef19aab418650ded00152143bd14507e17d62748297c23f'
        OR files.FILEDATA_HASH = 'd7c81b0f3c14844f6424e8bdd31a128e773cb96cccef6d05cbff473f0ccb9f9c'
        OR files.FILEDATA_HASH = 'b0eb4d999e4e0e7c2e33ff081e847c87b49940eb24a9e0794c6aa9516832c427'
        OR files.FILEDATA_HASH = '0440ef40c46fdd2b5d86e7feef8577a8591de862cfd7928cdbcc8f47b8fa3ffc'
        OR files.FILEDATA_HASH = 'ea50f22daade04d3ca06dedb497b905215cba31aae7b4cab4b533fda0c5be620'
        OR files.FILEDATA_HASH = '569fe70bedd0df8585689b0e88ad8bd0544fdf88b9dbfc2076f4bdbcf89c28aa'
        OR files.FILEDATA_HASH = 'aafa642ca3d906138150059eeddb6f6b4fe9ad90c6174386cfe13a13e8be47d9'
        OR files.FILEDATA_HASH = '19dfacea1b9f19c0379f89b2424ceb028f2ce59b0db991ba83ae460027584987'
        OR files.FILEDATA_HASH = '49c827cf48efb122a9d6fd87b426482b7496ccd4a2dbca31ebbf6b2b80c98530'
        OR files.FILEDATA_HASH = '8922be14c657e603179f1dd94dc32de7c99d2268ac92d429c4fdda7396c32e50'
        OR files.FILEDATA_HASH = 'beef40f1b4ce0ff2ee5c264955e6b2a0de6fe4089307510378adc83fad77228b'
        OR files.FILEDATA_HASH = '0740359baef32cbb0b14a9d1bd3499ea2e770ff9b1c85898cfac8fd9aca4fa39'
        OR files.FILEDATA_HASH = '8578bff36e3b02cc71495b647db88c67c3c5ca710b5a2bd539148550595d0330'
        OR files.FILEDATA_HASH = 'a0931e16cf7b18d15579e36e0a69edad1717b07527b5407f2c105a2f554224b2'
        OR files.FILEDATA_HASH = '6964a5d85639baee288555797992861232e75817f93028b50b8c6d34aa38b05b'
        OR files.FILEDATA_HASH = 'bed4285d0f8d18f17ddaa53a98a475c87c04c4d167499e24c770da788e5d45f4'
        OR files.FILEDATA_HASH = '083f821d90e607ed93221e71d4742673e74f573d0755a96ad17d1403f65a2254'
        OR files.FILEDATA_HASH = '0f98492c92e35042b09032e3d9aedc357e4df94fc840217fa1091046f9248a06'
        OR files.FILEDATA_HASH = '773b4a1efb9932dd5116c93d06681990759343dfe13c0858d09245bc610d5894'
        OR files.FILEDATA_HASH = '88076e98d45ed3adf0c5355411fe8ca793eb7cec1a1c61f5e1ec337eae267463'
        OR files.FILEDATA_HASH = 'b0a27ac1a8173413de13860d2b2e34cb6bc4d1149f94b62d319042e11d8b004c'
        OR files.FILEDATA_HASH = '62764ddc2dce74f2620cd2efd97a2950f50c8ac5a1f2c1af00dc5912d52f6920'
        OR files.FILEDATA_HASH = 'fa9abb3e7e06f857be191a1e049dd37642ec41fb2520c105df2227fcac3de5d5'
        OR files.FILEDATA_HASH = 'a42f4ae69b8755a957256b57eb3d319678eab81705f0ffea0d649ace7321108f'
        OR files.FILEDATA_HASH = 'ad938d15ecfd70083c474e1642a88b078c3cea02cdbddf66d4fb1c01b9b29d9a'
        OR files.FILEDATA_HASH = '06c5ebd0371342d18bc81a96f5e5ce28de64101e3c2fd0161d0b54d8368d2f1f'
        OR files.FILEDATA_HASH = '36f45a42ebf2de6962db92aaf8845d7f9fd6895bedc31422adcf31c59a79602d'
        OR files.FILEDATA_HASH = '24c900024d213549502301c366d18c318887630f04c96bf0a3d6ba74e0df164f'
        OR files.FILEDATA_HASH = '94c71954ac0b1fd9fa2bd5c506a16302100ba75d9f84f39ee9b333546c714601'
        OR files.FILEDATA_HASH = '4bd4715d2a7af627da11513e32fab925c872babebdb7ff5675a75815fbf95021'
        OR files.FILEDATA_HASH = '18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7'
        OR files.FILEDATA_HASH = 'e8743094f002239a8a9d6d7852c7852e0bb63cd411b007bd8c194bcba159ef15'
        OR files.FILEDATA_HASH = 'f3ec3f22639d45b3c865bb1ed7622db32e04e1dbc456298be02bf1f3875c3aac'
        OR files.FILEDATA_HASH = '32882949ea084434a376451ff8364243a50485a3b4af2f2240bb5f20c164543d'
        OR files.FILEDATA_HASH = '40556dd9b79b755cc0b48d3d024ceb15bd2c0e04960062ab2a85cd7d4d1b724a'
        OR files.FILEDATA_HASH = '29348ebe12d872c5f40e316a0043f7e5babe583374487345a79bad0ba93fbdfe'
        OR files.FILEDATA_HASH = 'baf7fbc4743a81eb5e4511023692b2dfdc32ba670ba3e4ed8c09db7a19bd82d3'
        OR files.FILEDATA_HASH = '7b846b0a717665e4d9fb313f25d1f6a5b782e495387aea45cf87ad3c049ac0db'
        OR files.FILEDATA_HASH = '673bbc7fa4154f7d99af333014e888599c27ead02710f7bc7199184b30b38653'
        OR files.FILEDATA_HASH = '87565ff08a93a8ff41ea932bf55dec8e0c7e79aba036507ea45df9d81cb36105'
        OR files.FILEDATA_HASH = 'e4b2c0aa28aac5e197312a061b05363e2e0387338b28b23272b5b6659d29b1d8'
        OR files.FILEDATA_HASH = '8b32fc8b15363915605c127ccbf5cbe71778f8dfbf821a25455496e969a01434'
        OR files.FILEDATA_HASH = 'f9b01406864ab081aa77eef4ad15cb2dd2f830d1ef54f52622a59ff1aeb05ba5'
        OR files.FILEDATA_HASH = '82b0e1d7a27b67f0e6dc39dc41e880bdaef5d1f69fcec38e08da2ed78e805ef9'
        OR files.FILEDATA_HASH = 'e99580e25f419b5ad90669e0c274cf63d30efa08065d064a863e655bdf77fb59'
        OR files.FILEDATA_HASH = 'c4c9c84b211899ceb0d18a839afa497537a7c7c01ab481965a09788a9e16590c'
        OR files.FILEDATA_HASH = '9e56e96df36237e65b3d7dbc490afdc826215158f6278cd579c576c4b455b392'
        OR files.FILEDATA_HASH = 'accb1a6604efb1b3ce9345c9fd62fe717a84c3e089e09c638e461df89193ef01'
        OR files.FILEDATA_HASH = '704c6ffe786bc83a73fbdcd2edd50f47c3b5053da7da6aa4c10324d389a31db4'
        OR files.FILEDATA_HASH = 'f03f0fb3a26bb83e8f8fa426744cf06f2e6e29f5220663b1d64265952b8de1a1'
        OR files.FILEDATA_HASH = 'c7cd14c71bcac5420872c3d825ff6d4be6a86f3d6a8a584f1a756541efff858e'
        OR files.FILEDATA_HASH = '95e5b5500e63c31c6561161a82f7f9373f99b5b1f54b018c4866df4f2a879167'
        OR files.FILEDATA_HASH = 'be70be9d84ae14ea1fa5ec68e2a61f6acfe576d965fe51c6bac78fba01a744fb'
        OR files.FILEDATA_HASH = '9c2f3e9811f7d0c7463eaa1ee6f39c23f902f3797b80891590b43bbe0fdf0e51'
        OR files.FILEDATA_HASH = '888491196bd8ff528b773a3e453eae49063ad31fb4ca0f9f2e433f8d35445440'
        OR files.FILEDATA_HASH = 'a906251667a103a484a6888dca3e9c8c81f513b8f037b98dfc11440802b0d640'
        OR files.FILEDATA_HASH = '749b0e8c8c8b7dda8c2063c708047cfe95afa0a4d86886b31a12f3018396e67c'
        OR files.FILEDATA_HASH = '406b844f4b5c82caf26056c67f9815ad8ecf1e6e5b07d446b456e5ff4a1476f9'
        OR files.FILEDATA_HASH = 'e5ddfa39540d4e7ada56cdc1ebd2eb8c85a408ec078337488a81d1c3f2aaa4ff'
        OR files.FILEDATA_HASH = '8684aec77b4c3cafc1a6594de7e95695fa698625d4206a6c4b201875f76a5b38'
        OR files.FILEDATA_HASH = '82ac05fefaa8c7ee622d11d1a378f1d255b647ab2f3200fd323cc374818a83f2'
        OR files.FILEDATA_HASH = '818787057fc60ac8b957aa37d750aa4bace8e6a07d3d28b070022ee6dcd603ab'
        OR files.FILEDATA_HASH = '492113a223d6a3fc110059fe46a180d82bb8e002ef2cd76cbf0c1d1eb8243263'
        OR files.FILEDATA_HASH = 'd43520128871c83b904f3136542ea46644ac81a62d51ae9d3c3a3f32405aad96'
        OR files.FILEDATA_HASH = '31b66a57fae0cc28a6a236d72a35c8b6244f997e700f9464f9cbf800dbf8bee6'
        OR files.FILEDATA_HASH = '8206ce9c42582ac980ff5d64f8e3e310bc2baa42d1a206dd831c6ab397fbd8fe'
        OR files.FILEDATA_HASH = '751e9376cb7cb9de63e1808d43579d787d3f6d659173038fe44a2d7fdb4fd17e'
        OR files.FILEDATA_HASH = '3ca5d47d076e99c312578ef6499e1fa7b9db88551cfc0f138da11105aca7c5e1'
        OR files.FILEDATA_HASH = '8b30b2dc36d5e8f1ffc7281352923773fb821cdf66eb6516f82c697a524b599b'
        OR files.FILEDATA_HASH = 'c4f041de66ec8cc5ab4a03bbc46f99e073157a4e915a9ab4069162de834ffc5c'
        OR files.FILEDATA_HASH = '12b0000698b79ea3c8178b9e87801cc34bad096a151a8779559519deafd4e3f0'
        OR files.FILEDATA_HASH = 'efa56907b9d0ec4430a5d581f490b6b9052b1e979da4dab6a110ab92e17d4576'
        OR files.FILEDATA_HASH = '082a79311da64b6adc3655e79aa090a9262acaac3b917a363b9571f520a17f6a'
        OR files.FILEDATA_HASH = 'b7956e31c2fcc0a84bcedf30e5f8115f4e74eed58916253a0c05c8be47283c57'
        OR files.FILEDATA_HASH = '4d42678df3917c37f44a1506307f1677b9a689efcf350b1acce7e6f64b514905'
        OR files.FILEDATA_HASH = '3033ff03e6f523726638b43d954bc666cdd26483fa5abcf98307952ff88f80ee'
        OR files.FILEDATA_HASH = '30e083cd7616b1b969a92fd18cf03097735596cce7fcf3254b2ca344e526acc2'
        OR files.FILEDATA_HASH = 'ddf427ce55b36db522f638ba38e34cd7b96a04cb3c47849b91e7554bfd09a69a'
        OR files.FILEDATA_HASH = 'c13f5bc4edfbe8f1884320c5d76ca129d00de41a1e61d45195738f125dfe60a7'
        OR files.FILEDATA_HASH = '94ba4bcbdb55d6faf9f33642d0072109510f5c57e8c963d1a3eb4f9111f30112'
        OR files.FILEDATA_HASH = '86047bb1969d1db455493955fd450d18c62a3f36294d0a6c3732c88dfbcc4f62'
        OR files.FILEDATA_HASH = '42ff11ddb46dfe5fa895e7babf88ee27790cde53a9139fc384346a89e802a327'
        OR files.FILEDATA_HASH = '26bea3b3ab2001d91202f289b7e41499d810474607db7a0893ceab74f5532f47'
        OR files.FILEDATA_HASH = '0181d60506b1f3609217487c2c737621d637e1232f243f68c662d045f44d4873'
        OR files.FILEDATA_HASH = 'ee7b8eb150df2788bb9d5fe468327899d9f60d6731c379fd75143730a83b1c55'
        OR files.FILEDATA_HASH = '1ef7afea0cf2ef246ade6606ef8b7195de9cd7a3cd7570bff90ba1e2422276f6'
        OR files.FILEDATA_HASH = '4b97d63ebdeda6941bb8cef5e94741c6cca75237ca830561f2262034805f0919'
        OR files.FILEDATA_HASH = 'bc49cb96f3136c3e552bf29f808883abb9e651040415484c1736261b52756908'
        OR files.FILEDATA_HASH = '770f33259d6fb10f4a32d8a57d0d12953e8455c72bb7b60cb39ce505c507013a'
        OR files.FILEDATA_HASH = '4dc24fd07f8fb854e685bc540359c59f177de5b91231cc44d6231e33c9e932b1'
        OR files.FILEDATA_HASH = '6b5cf41512255237064e9274ca8f8a3fef820c45aa6067c9c6a0e6f5751a0421'
        OR files.FILEDATA_HASH = 'a2d32c28eb5945b85872697d7cfbe87813c09a0e1be28611563755f68b9cb88b'
        OR files.FILEDATA_HASH = '627e13da6a45006fff4711b14754f9ccfac9a5854d275da798a22f3a68dd1eaa'
        OR files.FILEDATA_HASH = '8e035beb02a411f8a9e92d4cf184ad34f52bbd0a81a50c222cdd4706e4e45104'
        OR files.FILEDATA_HASH = 'bb2422e96ea993007f25c71d55b2eddfa1e940c89e895abb50dd07d7c17ca1df'
        OR files.FILEDATA_HASH = '0f58e09651d48d2b1bcec7b9f7bb85a2d1a7b65f7a51db281fe0c4f058a48597'
        OR files.FILEDATA_HASH = 'f0474e76cfd36e37e32cfe5c0a9e05ddee17dd5014d7aa8817ea3634a3540a3f'
        OR files.FILEDATA_HASH = 'b8807e365be2813b7eccd2e4c49afb0d1e131086715638b7a6307cd7d7e9556c'
        OR files.FILEDATA_HASH = '80e4c83cfa9d675a6746ab846fa5da76d79e87a9297e94e595a2d781e02673b3'
        OR files.FILEDATA_HASH = '26ef7b27d1afb685e0c136205a92d29b1091e3dcf6b7b39a4ec03fbbdb57cb55'
        OR files.FILEDATA_HASH = '2c14bea0d85c9cad5c5f5c8d0e5442f6deb9e93fe3ad8ea5e8e147821c6f9304'
        OR files.FILEDATA_HASH = '200f98655d1f46d2599c2c8605ebb7e335fee3883a32135ca1a81e09819bc64a'
        OR files.FILEDATA_HASH = 'aaf04d89fd15bc61265e545f8e1da80e20f59f90058ed343c62ee24358e3af9e'
        OR files.FILEDATA_HASH = '28f5aa194a384680a08c0467e94a8fc40f8b0f3f2ac5deb42e0f51a80d27b553'
        OR files.FILEDATA_HASH = '96bf3ee7c6673b69c6aa173bb44e21fa636b1c2c73f4356a7599c121284a51cc'
        OR files.FILEDATA_HASH = '06ddf49ac8e06e6b83fccba1141c90ea01b65b7db592c54ffe8aa6d30a75c0b8'
        OR files.FILEDATA_HASH = '7433f14b40c674c5e87b6210c330d5bcaf2f6f52d632ae29e9b7cf3ca405665b'
        OR files.FILEDATA_HASH = '5f6fec8f7890d032461b127332759c88a1b7360aa10c6bd38482572f59d2ba8b'
        OR files.FILEDATA_HASH = '4c89c907b7525b39409af1ad11cc7d2400263601edafc41c935715ef5bd145de'
        OR files.FILEDATA_HASH = 'eab9b5b7e5fab1c2d7d44cd28f13ae8bb083d9362d2b930d43354a3dfd38e05a'
        OR files.FILEDATA_HASH = 'b169a5f643524d59330fafe6e3e328e2179fc5116ee6fae5d39581467d53ac03'
        OR files.FILEDATA_HASH = '52f3905bbd97dcd2dbd22890e5e8413b9487088f1ee2fa828030a6a45b3975fd'
        OR files.FILEDATA_HASH = '8d9a2363b757d3f127b9c6ed8f7b8b018e652369bc070aa3500b3a978feaa6ce'
        OR files.FILEDATA_HASH = '3b2cd65a4fbdd784a6466e5196bc614c17d1dbaed3fd991d242e3be3e9249da6'
        OR files.FILEDATA_HASH = '51805bb537befaac8ce28f2221624cb4d9cefdc0260bc1afd5e0bc97bf1f9f93'
        OR files.FILEDATA_HASH = 'ac5fb90e88d8870cd5569e661bea98cf6b001d83ab7c65a5196ea3743146939a'
        OR files.FILEDATA_HASH = '0f7bfa10075bf5c193345866333d415509433dbfe5a7d45664b88d72216ff7c3'
        OR files.FILEDATA_HASH = 'a32dc2218fb1f538fba33701dfd9ca34267fda3181e82eb58b971ae8b78f0852'
        OR files.FILEDATA_HASH = 'a7a665a695ec3c0f862a0d762ad55aff6ce6014359647e7c7f7e3c4dc3be81b7'
        OR files.FILEDATA_HASH = '42b22faa489b5de936db33f12184f6233198bdf851a18264d31210207827ba25'
        OR files.FILEDATA_HASH = '2da2b883e48e929f5365480d487590957d9e6582cc6da2c0b42699ba85e54fe2'
        OR files.FILEDATA_HASH = 'da70fa44290f949e9b3e0fcfe0503de46e82e0472e8e3c360da3fd2bfa364eee'
        OR files.FILEDATA_HASH = '07759750fbb93c77b5c3957c642a9498fcff3946a5c69317db8d6be24098a4a0'
        OR files.FILEDATA_HASH = 'd37996abc8efb29f1ccbb4335ce9ba9158bec86cc4775f0177112e87e4e3be5c'
        OR files.FILEDATA_HASH = '69866557566c59772f203c11f5fba30271448e231b65806a66e48f41e3804d7f'
        OR files.FILEDATA_HASH = '10ad50fcb360dcab8539ea322aaf2270565dc835b7535790937348523d723d6b'
        OR files.FILEDATA_HASH = 'bcca03ce1dd040e67eb71a7be0b75576316f0b6587b2058786fda8b6f0a5adfd'
        OR files.FILEDATA_HASH = '5c1585b1a1c956c7755429544f3596515dfdf928373620c51b0606a520c6245a'
        OR files.FILEDATA_HASH = '9bb09752cf3a464455422909edef518ac18fe63cf5e1e8d9d6c2e68db62e0c87'
        OR files.FILEDATA_HASH = '4bca0a401b364a5cc1581a184116c5bafa224e13782df13272bc1b748173d1be'
        OR files.FILEDATA_HASH = 'ec96b15ce218f97ec1d8f07f13b052d274c4c8438f31daf246ccfaaee5e1bebd'
        OR files.FILEDATA_HASH = '64d4370843a07e25d4ceb68816015efcaeca9429bb5bb692a88e615b48c7da96'
        OR files.FILEDATA_HASH = '9dc7beb60a0a6e7238fc8589b6c2665331be1e807b4d2b3ddd1c258dbbd3e2f7'
        OR files.FILEDATA_HASH = 'c0d88db11d0f529754d290ed5f4c34b4dba8c4f2e5c4148866daabeab0d25f9c'
        OR files.FILEDATA_HASH = 'ee525b90053bb30908b5d7bf4c5e9b8b9d6b7b5c9091a26fa25d30d3ad8ef5d0'
        OR files.FILEDATA_HASH = 'b8c71e1844e987cd6f9c2baf28d9520d4ccdd8593ce7051bb1b3c9bf1d97076a'
        }
        return distinct {
            files.FILEDATA_HASH,
            files.FILE_ACCESSED_TIME,
            files.FILE_CREATED_TIME,
            files.FILE_MODIFIED_TIME,
            files.FILE_NAME,
            files.FILE_PERMISSIONS,
            files.FILE_TYPE,
            files.HARD_LINK_COUNT,
            files.LINK_ABS_DEST_PATH,
            files.LINK_DEST_PATH,
            files.MID,
            files.OWNER_GID,
            files.OWNER_UID,
            files.OWNER_USERNAME,
            files.PATH,
            files.RECORD_CREATED_TIME,
            files.SIZE
        }
    }%

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment