When it detects encrypted data in register, tries to decrypt them, then displays the decrypted data in its main window EncryptedRegView. With this tool, you can find passwords and other confidential data stored in the registry from various Microsoft products as well as third-party applications.
Works well on Windows XP up to Windows 10 and supports 32 and 64-bit systems.
The "Advanced Options" window will open, allowing you to select the registry scan settings.
By default, the EncryptedRegView offers the ability to scan your current system and current user registry without using Run As Administrator.
If you check the "Run as administrator to decrypt protected data" option, the EncryptedRegView will run with Administrator privileges and decrypt protected system data that cannot be decrypted with simple user privileges.
Press the 'OK' key and EncryptedRegView will start scanning the Registry and looking for DPAPI encrypted data.
When it detects encrypted data, it tries to decrypt it. When it successfully decrypts them, 'Succeeded' will appear in the 'Decryption Result' column with a green icon.
You can see all the decrypted information in Hex-Dump format in the lower part of the window by selecting the desired item in the upper part of the window. If the decrypted information is a string, it also appears at the top of the window in the 'Decrypted Value' column.
If the decryption process fails, 'Failed' will appear in the 'Decryption Result' column with a red icon.
The EncryptedRegView It also lets you scan the registry of an external hard drive connected to your computer.
To easily scan the registry on the external hard drive, select 'Scan the Registry of external drive', then select or enter the path of the external drive. Then click on the 'Automatic Fill' button.
The EncryptedRegView will automatically discover the correct folders on the external drive (Registry Hives Folder, User registry file, User classes registry file, Protect Folders). Mention that EncryptedRegView selects the user profile (c: \ users \ [Profile Name]) last used since the modification time. So if you want another user you have to manually add the path.
Also, to decrypt a user's encrypted data on an external drive (usually stored under the HKEY_CURRENT_USER key), you must provide the correct user login password.
You do not need to have a password to decrypt encrypted system data on an external drive (usually stored under the HKEY_LOCAL_MACHINE key).
Beware, many times Nirsoft tools display false positives in known antivirus software.