-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdpapi-example-graph.json
More file actions
54 lines (54 loc) · 1.81 KB
/
dpapi-example-graph.json
File metadata and controls
54 lines (54 loc) · 1.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
{
"metadata": {
"source_kind": "DPAPI"
},
"graph": {
"nodes": [
{
"id": "encrypted.out",
"kinds": [
"DPAPIBlob",
"DPAPI"
],
"properties": {
"name": "encrypted.out",
"modified_at": "2025-12-31 00:02:20",
"size_bytes": 162,
"extension": ".out",
"created_at": "2025-12-30 23:53:06",
"full_path": "C:\\dev\\training\\dpapi\\tmp\\encrypted.out"
}
},
{
"id": "e327752c-b394-4444-a8f9-9309e6087316",
"kinds": [
"DPAPIMasterKey",
"DPAPI"
],
"properties": {
"Username": "MACHINE\\sample.user",
"Owner_SID": "S-1-5-21-1487982659-1829050783-2281216199-1107",
"Version": 2,
"Iterations": 6422573,
"Salt_Hex": "65003300320037003700350032006300",
"Created_At": "2025-12-30 22:27:56",
"Full_Path": "C:\\Users\\sample.user\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1487982659-1829050783-2281216199-1107\\e327752c-b394-4444-a8f9-9309e6087316",
"GUID": "e327752c-b394-4444-a8f9-9309e6087316"
}
}
],
"edges": [
{
"kind": "EncryptedWith",
"start": {
"value": "encrypted.out"
},
"end": {
"value": "e327752c-b394-4444-a8f9-9309e6087316"
},
"properties": {
}
}
]
}
}