samdump2 NTLM hash

[miccee]

Hi,

I was trying to extract Windows 10 hash from SYSTEM and SAM using Samdump2 but for some reason I'm not able to recover the known password. 

I didn't use The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Live during boot, I basically ran cmd in admin mode.

Code:

reg save hklm\sam c:\ sam

Code:

reg save hklm\system c:\system

Transferred both files to shared The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux folder for VM (/media/shared)

In The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) 

Code:

samdump2 -o winhash /media/shared/system /media/shared/sam

Transferred winhash back to windows hashcat folder

On Hashcat

Code:

hashcat64 -m 1000 winhash -a 3 ?a?a?a?a?a?a?a?a

But no luck. 
When I tried an NTLM generator online, the hash was different from winhash too... 

Appreciate the help. Thanks