EncryptedRegView is a free tool which finds, decrypts and displays Registry data

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Not long ago NirSoft released a free tool named EncryptedRegView, which helps you find, decrypt and display the data in the Registry which is protected by the DPAPI encryption system by Windows. This scheme is not that often used, not even by the products owned by Microsoft, but this program is still able to find details from Microsoft Edge, passwords in Outlook and other interesting things on a PC.

It is really easy to use and to understand. It is recommended that you run it as an administrator. Click OK when the opening dialog box appears and see how  the program will scan your Registry. It will show you every item protected by DPAPI that can be found on the machine, having columns for hash and encryption values, Registry path, decrypted and original values and many others. However, if you’re just a regular user, it won’t mean much to you. You will just see a path there similar to HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{60782261-81D18-4323-9C64-10DE93176363}, for instance, and nothing else.

Even so, there are other things that might seem interesting to you, such as the fact that a test system can have various value names “POP3 Password”. This is in fact an actual email address shown as “Decrypted Value”. Each has a path in Registry and it includes Microsoft\Office\16.0\Outlook\Profiles, which shows for sure that what you’re seeing is an Outlook password.

Of course, this is useful, but the program doesn’t tell you exactly which password belongs to what Outlook account, so you have to further investigate the profile path found in Registry if you want to find out that.

Thankfully, there are lots of other things you can do and explore the program. You can save the items you want as a html report, text or csv if you want to analyze them later on. There is also the option of running an advanced search, which lets you scan external HDD.