It is really easy to use and to understand. It is recommended that you run it as an administrator. Click OK when the opening dialog box appears and see how the program will scan your Registry. It will show you every item protected by DPAPI that can be found on the machine, having columns for hash and encryption values, Registry path, decrypted and original values and many others. However, if you’re just a regular user, it won’t mean much to you. You will just see a path there similar to HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token{60782261-81D18-4323-9C64-10DE93176363}, for instance, and nothing else. Even so, there are other things that might seem interesting to you, such as the fact that a test system can have various value names “POP3 Password”. This is in fact an actual email address shown as “Decrypted Value”. Each has a path in Registry and it includes Microsoft\Office\16.0\Outlook\Profiles, which shows for sure that what you’re seeing is an Outlook password. Of course, this is useful, but the program doesn’t tell you exactly which password belongs to what Outlook account, so you have to further investigate the profile path found in Registry if you want to find out that. Thankfully, there are lots of other things you can do and explore the program. You can save the items you want as a html report, text or csv if you want to analyze them later on. There is also the option of running an advanced search, which lets you scan external HDD. RELATED STORIES TO CHECK OUT:
Manage Event Log channels with Nirsoft’s EventLogChannelsView release NirSoft releases FullEventLogView and EventLogChannelsView apps Outlook 2016 with dark theme reduces power consumption
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ