Hackers are all about pass-the-hash (PTH) attacks. PTH attacks can be successful against any operating system and any authentication protocol. The best defense is to prevent the attackers from getting superadmin access in the first place. In Windows, the password hash can be pulled out of memory for the following logon types: interactive, batch, service, unlock, remote interactive, and cached interactive. That may seem like every type of logon you can think of, but it doesn’t include network logons.”]
Source: https://www.csoonline.com/article/2622729/stop-pass-the-hash-attacks-before-they-begin.html