Credential Dumping - Data Protection API (DPAPI) Secrets
Windows stores and encrypts many credentials for applications on the system with the DPAPI encryption keys. Examples of such secrets are credentials stored in browsers, passwords for scheduled tasks, Remote Desktop, and service account passwords. Attackers with administrative privileges can extract the DPAPI keys and then decrypt the secrets stored across the system to extract the cleartext passwords.
Attackers who obtain cleartext credentials or NTLM hashes can directly login with those credentials. The credentials retrieved allow an attacker to move laterally across the environment.