Open sudo-joe opened 8 months ago
I believe you're expecting the same information to be acquired from the registry and form the lsass but those are two different things which while do have some relation with one another ultimately don't store the same information.
Hello dumped lsass with taskmgr as admin on a Windows7.
[The file is located at:] [c:\Users\test\App Data\Local\Temp\lsass.DMP]
pypykatz lsa minidumd lsass.DMP
Surprisingly the output shows only the hash of one Windows7 user (the one i am mostly using) and it's password in cleartext The other Windows7 users are not listed.
If I am using ' pypykatz registry....´ all Windows users are listed...
Question: Any idea why Pypykatz 069 does only list one user?
Thanks a lot in advance for any feedback!
PS: No idea why the lsass.DMP is writtern to user test [c:\Users\test\App Data\Local\Temp\lsass.DMP] and not to user Admin..... since I logged into Windows as Admin