EncryptedRegView 1.05 Free Download and offline installer for Windows XP, Vista, 7, 8, 10, 11. Scans the Registry of your current running system or the Registry of external hard drive you choose and searches for data encrypted with DPAPI.
Overview of EncryptedRegView (Decrypt DPAPI data stored in Windows Registry)
EncryptedRegView - Decrypt DPAPI data stored in Windows Registry
EncryptedRegView is a tool for Windows that scans the Registry of your current running system or the Registry of external hard drive you choose and searches for data encrypted with DPAPI (Data Protection API). When it finds encrypted data in the Registry, it tries to decrypt it and displays the decrypted data in the main window of EncryptedRegView. With this tool, you may find passwords and other secret data stored in the Registry by Microsoft products as well as by 3-party products.
Columns Description:
Registry Key Path: The full path of the Registry key.
Value Name: The name of the Registry value where the DPAPI encrypted data was found.
Decryption Result: Result of the decryption - Succeeded or Failed.
Decrypted Value: If the decrypted data contains a simple string then it's displayed in this column. The entire decrypted data is displayed in the lower pane.
Encrypted Data Length: Total length of the encrypted data.
Decrypted Data Length: Total length of the decrypted data.
Hash Algorithm: Hash algorithm used in the DPAPI encrypted data. In Windows 7 and later it's usually SHA512.
Encryption Algorithm: Encryption algorithm used in the DPAPI encrypted data. In Windows 7 and later it's usually AES256.
Name: The name of the DPAPI encrypted data block.
Key File: Name of the key file that was used to encrypt the data. The key file is located in a 'Protect' folder (e.g: C:\Users\admin\AppData\Roaming\Microsoft\Protect )