10Şub
How lssas.exe store users hash?
Does lssas.exe store local and domain account user hashs and if lssas.exe store hash on memory, when I reboot computer attacker could not get older login user hashs right? But when I dump lssas.exe with crackmapexe I got domain admin hash but I was logged in 20 days ago and I rebooted machine a few days ago. How that happens. windows only store hash from sam, lssas.exe and ntds.dit? Is there another place to store it?
