EncryptedRegView is a free tool which finds, decrypts and displays Registry data

By: Costea Lestoc
2 minute read

Not long ago NirSoft released a free tool named EncryptedRegView, which helps you find, decrypt and display the data in the Registry which is protected by the DPAPI encryption system by Windows. This scheme is not that often used, not even by the products owned by Microsoft, but this program is still able to find details from Microsoft Edge, passwords in Outlook and other interesting things on a PC.

It is really easy to use and to understand. It is recommended that you run it as an administrator. Click OK when the opening dialog box appears and see how  the program will scan your Registry. It will show you every item protected by DPAPI that can be found on the machine, having columns for hash and encryption values, Registry path, decrypted and original values and many others. However, if you’re just a regular user, it won’t mean much to you. You will just see a path there similar to HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{60782261-81D18-4323-9C64-10DE93176363}, for instance, and nothing else.

Even so, there are other things that might seem interesting to you, such as the fact that a test system can have various value names “POP3 Password”. This is in fact an actual email address shown as “Decrypted Value”. Each has a path in Registry and it includes Microsoft\Office\16.0\Outlook\Profiles, which shows for sure that what you’re seeing is an Outlook password.

Of course, this is useful, but the program doesn’t tell you exactly which password belongs to what Outlook account, so you have to further investigate the profile path found in Registry if you want to find out that.

Thankfully, there are lots of other things you can do and explore the program. You can save the items you want as a html report, text or csv if you want to analyze them later on. There is also the option of running an advanced search, which lets you scan external HDD.


Next up

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading

Windows 7 KB4457139 makes it easier to upgrade to Windows 10

By: Madeleine Dean
2 minute read

Microsoft released a new Windows 7 update to the general public. Update KB4457139 is actually a preview of the upcoming monthly rollup update and allows users […]

Continue Reading