EncryptedRegView is a free tool which finds, decrypts and displays Registry data

Costea Lestoc By: Costea Lestoc
2 minute read

Home » News » EncryptedRegView is a free tool which finds, decrypts and displays Registry data

Not long ago NirSoft released a free tool named EncryptedRegView, which helps you find, decrypt and display the data in the Registry which is protected by the DPAPI encryption system by Windows. This scheme is not that often used, not even by the products owned by Microsoft, but this program is still able to find details from Microsoft Edge, passwords in Outlook and other interesting things on a PC.

It is really easy to use and to understand. It is recommended that you run it as an administrator. Click OK when the opening dialog box appears and see how  the program will scan your Registry. It will show you every item protected by DPAPI that can be found on the machine, having columns for hash and encryption values, Registry path, decrypted and original values and many others. However, if you’re just a regular user, it won’t mean much to you. You will just see a path there similar to HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{60782261-81D18-4323-9C64-10DE93176363}, for instance, and nothing else.

Even so, there are other things that might seem interesting to you, such as the fact that a test system can have various value names “POP3 Password”. This is in fact an actual email address shown as “Decrypted Value”. Each has a path in Registry and it includes Microsoft\Office\16.0\Outlook\Profiles, which shows for sure that what you’re seeing is an Outlook password.

Of course, this is useful, but the program doesn’t tell you exactly which password belongs to what Outlook account, so you have to further investigate the profile path found in Registry if you want to find out that.

Thankfully, there are lots of other things you can do and explore the program. You can save the items you want as a html report, text or csv if you want to analyze them later on. There is also the option of running an advanced search, which lets you scan external HDD.



Next up

Something went wrong while downloading your template [Fix]

Matthew Adams By: Matthew Adams
3 minute read

MS Office 2013 users can utilize templates for preformatted documents. However, some Office users have said that a Something went wrong while downloading your template […]

Continue Reading

Windows Virtual Desktop is now available for Microsoft 365 Enterprise users

Rabia Noureen avatar. By: Rabia Noureen
2 minute read

The new Windows Virtual Desktop (WVD) product and strategy announced last year in September is here. Well, the Redmond giant planned to offer an early […]

Continue Reading

KB4493132 brings end-of-support notifications to Windows 7 PCs

Rabia Noureen avatar. By: Rabia Noureen
2 minute read

Microsoft just released KB4493132 to Windows 7 computers thus adding end of support notifications.The notifications remind users to upgrade to Windows 10 before January 14th, 2020. The […]

Continue Reading