EncryptedRegView is a tool for Windows that scans your system Registry or register which is stored on an external hard drive and looks for data encrypted with DPAPI (Data Protection API).
When it detects encrypted data in register, tries to decrypt them, then displays the decrypted data in the EncryptedRegView main window. With this tool, you can find passwords and other secret data stored in the registry by various producthers Microsoft but also from applications third party manufacturers.
Works well on Windows XP up to Windows 10 and supports 32 and 64-bit systems.
EncryptedRegView does not require installation or additional DLL files. To use it, simply run the EncryptedRegView.exe executable file.
The "Advanced Options" window will open, allowing you to select the registry scan settings.
By default, EncryptedRegView offers the ability to scan your current system and current user registry without using Run As Administrator.
If you check "Run as administrator to decrypt protected data", EncryptedRegView will run with Administrator privileges and decrypt protected system data that cannot be decrypted with simple user privileges.
Press 'OK' and EncryptedRegView will start scanning the Registry and looking for encrypted DPAPI data.
When it detects encrypted data, it tries to decrypt it. When it successfully decrypts them, it will show 'Succeeded' in the 'Decryption Result' column with a green icon.
You can see the entire decrypted information in Hex-Dump format in the lower part of the window by selecting the desired item in the upper part of the window. If the decrypted information is a string, it is also displayed in the upper part of the window in the 'Decrypted Value' column.
If the decryption process fails, 'Failed' will be displayed in the 'Decryption Result' column with a red icon.
EncryptedRegView also allows you to scan the registry of an external hard drive that is connected to your computer.
To scan the registry on external hard drive easily, select the option 'Scan the Registry of external drive' then select or type the path of the external drive. Then click the 'Automatic Fill' button.
EncryptedRegView will automatically detect the correct folders on the external drive (Registry Hives Folder, User registry file, User classes registry file, Protect Folders). Note that EncryptedRegView selects the user profile (c: \ users \ [Profile Name]) that was last used at the time of the modification. So if you want another user you have to manually add the path.
Also, to decrypt a user's encrypted data on an external drive (usually stored under the HKEY_CURRENT_USER key), you must provide the correct user login password.
You do not need to have a password to decrypt encrypted system data on an external drive (usually stored under the HKEY_LOCAL_MACHINE key).
Beware, many times Nirsoft tools display false positives in known antivirus software.