A serious security flaw has been found in Windows 10

If this is an offline account, the system stores the user name, NTLM, SHA1 password hashes along with some other private information to the LSA secret named this is a Microsoft account, then (Windows 1607 and earlier) 1703 and later) secret is created. After the PC is rebooted, the system identifies the TBAL token and decrypts the DPAPI primary key using either a SHA1 hash of the user (for an offline account) or a 96-byte key if it is a Microsoft account. The problem for a user is that after the system is shut down, anyone who has physical access to the PC can use the stored TBAL secret to decrypt the DPAPI primary key and, as a consequence, all the user’s data that is encrypted using DPAPI.

Source: www.passcape.com