BCryptDecrypt: 0xc000a002

[Papotito123]

Hello: Win 10 1809 x64, FAKEACCOUNT is a local user account created in March 2020 with Chrome being updated to Version 81.0.4044.138 (Official Build) (64-bit) .

With mimikatz latest standalone 2.2.0 20200502,when using dpapi::chrome /unprotect ,got this:

C:\Users\FAKEACCOUNT\Downloads\mimikatz 2.2.0 20200502 TPM, IF & XOR\mimikatz_trunk\x64>mimikatz.exe

.#####. mimikatz 2.2.0 (x64) #18362 May 2 2020 16:23:51 .## ^ ##. "A La Vie, A L'Amour" - (oe.eo)

/ \ ## /*** Benjamin DELPY gentilkiwi ( benjamin@gentilkiwi.com )

\ / ## > http://blog.gentilkiwi.com/mimikatz

'## v ##' Vincent LE TOUX ( vincent.letoux@gmail.com ) '#####' > http://pingcastle.com / http://mysmartlogon.com ***/

mimikatz # privilege::debug Privilege '20' OK

mimikatz # dpapi::chrome /in:"%localappdata%\Google\Chrome\User Data\Default\Login Data" /unprotect

Encrypted Key found in local state file Encrypted Key seems to be protected by DPAPI

• using CryptUnprotectData API AES Key is: 4525e41a1617d1309e503ead022dc71b34bfb26026d0740ac89499b2ec2ebcfc

URL : https://login.live.com/ ( https://login.live.com/login.srf ) Username: myemial@hotmail.com

• using BCrypt with AES-256-GCM ERROR kuhl_m_dpapi_chrome_decrypt ; BCryptDecrypt: 0xc000a002

Even if I use , C:\Users\FAKEACCOUNT\AppData\Local\Google\Chrome\User Data\Default\Login Data , still give s same error.

In my other user accounts works well. All accounts with Chrome Version 81.0.4044.138 (Official Build) (64-bit).

Thanks.

[Papotito123]

Hello: This error is referenced here: http://www.vbforums.com/showthread.php?865951-Vb6-aes-gcm

[Papotito123]

Hello: Mo worries. I swear I had a Saved login. But found is not.

mimikatz works well.