EncryptedRegView is a new tool for Windows that scans the Registry of your current running system or the Registry of external hard drive you choose and searches for data encrypted with DPAPI (Data Protection API). When it finds encrypted data in the Registry, it tries to decrypt it and displays the decrypted data in the main window of EncryptedRegView. With this tool, you may find passwords and other secret data stored in the Registry by Microsoft products as well as by 3-party products.
You can download this new tool from this Web page.
Stian says:
Very interesting 🙂
I got a number of entries like this:
HKEY_CURRENT_USER\System\GameConfigStore\Children
With a value of “league of legends.exe” even though I’ve never had that installed. Also wow.exe dota.exe and so on. Never played those games either. Apparently related to Windows 10 XBox integration or something so probably no big deal.
A problem though: The font of the bottom hex editor part is really small, and I run with 150% DPI scaling. The list font is fine however.
Also, apparently Avast AV like to store encrypted stuff under:
November 21, 2016, 10:45 amHKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\avast! SSL Scanner Cache\Certificates
which fails decryption.