On Windows, the file C:\windows\system32\config\SAM contains the users and passwords known to the local machine. hivex can process this file to reveal the usernames and password (hashes):
$ virt-win-reg WinGuest HKLM\\SAM > sam.reg
For each local user you’ll see a key like this:
With typical technical brilliance Microsoft developers have written a zero-length key with the type field (0x3e9) overloaded as a key to use in another part of the registry:
[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000003E9] "F"=hex(3):omitted... "UserPasswordHint"=str(3):"usual" "V"=hex(3):omitted...
(Apparently the number 0x3e9 is called the “RID” in Microsoft parlance).
My password hint is the “usual”. The “F” key is a dumped C structure containing the last login date amongst other things. The “V” key is another C structure containing my full name, home directory, the password hash and a bunch of other stuff.
With a bit of effort it looks like you could read and even modify these entries.