wingetCollections
  • Auto
  • Search
  • Awesome Collections
  • Awesome Programs
  • My Favorite Collections
  • My Collections
  • Account / Settings
  • Terms of Service
  • Privacy
  • About

© 2025 winget.ragerworks.com

Loading...
Install Process Monitor using Winget - wingetCollections
  1. Go back
  2. Packages
  3. Process Monitor
Process Monitor logo

Process Monitor Sysinternals

Sysinternals file-system filemon process process-monitor procmon registry regmon sysinternals thread
Use this command to install Process Monitor:
winget install --id=Microsoft.Sysinternals.ProcessMonitor -e

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such as session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit. Process Monitor includes powerful monitoring and filtering capabilities, including: - More data captured for operation input and output parameters - Non-destructive filters allow you to set filters without losing data - Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation - Reliable capture of process details, including image path, command line, user and session ID - Configurable and moveable columns for any event property - Filters can be set for any data field, including fields not configured as columns - Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data - Process tree tool shows relationship of all processes referenced in a trace - Native log format preserves all data for loading in a different Process Monitor instance - Process tooltip for easy viewing of process image information - Detail tooltip allows convenient access to formatted data that doesn't fit in the column - Cancellable search - Boot time logging of all operations

Related Programs

Process Explorer logo

Process Explorer

Sysinternals
Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded. The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded. The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
learn.microsoft.com
Link Shell Extension logo

Link Shell Extension

Hermann Schinagl
Link Shell Extension (LSE) provides for the creation of Hardlinks, Junctions, Volume Mountpoints, and Symbolic Links, (herein referred to collectively as Links) a folder cloning process that utilises Hardlinks or Symbolic Links and a copy process taking care of Junctions, Symbolic Links, and Hardlinks. LSE, as its name implies is implemented as a Shell extension and is accessed from Windows Explorer, or similar file/folder managers. The extension allows the user to select one or many files or folders, then using the mouse, complete the creation of the required Links - Hardlinks, Junctions or Symbolic Links or in the case of folders to create Clones consisting of Hard or Symbolic Links. LSE is supported on all Windows versions that support NTFS, Windows 7/8/10. Hardlinks, Junctions and Symbolic Links are NOT supported on FAT file systems, and nor is the Cloning and Smart Copy process supported on FAT file systems.
schinagl.priv.at
Everything Lite logo

Everything Lite

voidtools
Everything is search engine that locates files and folders by filename instantly for Windows. Unlike Windows search Everything initially displays every file and folder on your computer (hence the name Everything). You type in a search filter to limit what files and folders are displayed.
www.voidtools.com
Remote Desktop Connection Manager logo

Remote Desktop Connection Manager

Sysinternals
RDCMan manages multiple remote desktop connections. It is useful for managing server labs where you need regular access to each machine such as automated checkin systems and data centers. Servers are organized into named groups. You can connect or disconnect to all servers in a group with a single command. You can view all the servers in a group as a set of thumbnails, showing live action in each session. Servers can inherit their logon settings from a parent group or a credential store. Thus when you change your lab account password, you only need to change the password stored by RDCMan in one place. Passwords are stored securely by encrypting with either CryptProtectData using the (locally) logged on user's authority or an X509 certificate. User with OS versions prior to Win7/Vista will need to get version 6 of the Terminal Services Client. You can obtain this from the Microsoft Download Center: XP; Win2003 Upgrade note: RDG files with this version of RDCMan are not compatible with older program versions. Any legacy RDG file opened and saved with this version will be backed up as filename.old
learn.microsoft.com
Process Explorer logo

Process Explorer

Sysinternals
Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded. The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded. The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
learn.microsoft.com
Link Shell Extension logo

Link Shell Extension

Hermann Schinagl
Link Shell Extension (LSE) provides for the creation of Hardlinks, Junctions, Volume Mountpoints, and Symbolic Links, (herein referred to collectively as Links) a folder cloning process that utilises Hardlinks or Symbolic Links and a copy process taking care of Junctions, Symbolic Links, and Hardlinks. LSE, as its name implies is implemented as a Shell extension and is accessed from Windows Explorer, or similar file/folder managers. The extension allows the user to select one or many files or folders, then using the mouse, complete the creation of the required Links - Hardlinks, Junctions or Symbolic Links or in the case of folders to create Clones consisting of Hard or Symbolic Links. LSE is supported on all Windows versions that support NTFS, Windows 7/8/10. Hardlinks, Junctions and Symbolic Links are NOT supported on FAT file systems, and nor is the Cloning and Smart Copy process supported on FAT file systems.
schinagl.priv.at
Everything Lite logo

Everything Lite

voidtools
Everything is search engine that locates files and folders by filename instantly for Windows. Unlike Windows search Everything initially displays every file and folder on your computer (hence the name Everything). You type in a search filter to limit what files and folders are displayed.
www.voidtools.com
Remote Desktop Connection Manager logo

Remote Desktop Connection Manager

Sysinternals
RDCMan manages multiple remote desktop connections. It is useful for managing server labs where you need regular access to each machine such as automated checkin systems and data centers. Servers are organized into named groups. You can connect or disconnect to all servers in a group with a single command. You can view all the servers in a group as a set of thumbnails, showing live action in each session. Servers can inherit their logon settings from a parent group or a credential store. Thus when you change your lab account password, you only need to change the password stored by RDCMan in one place. Passwords are stored securely by encrypting with either CryptProtectData using the (locally) logged on user's authority or an X509 certificate. User with OS versions prior to Win7/Vista will need to get version 6 of the Terminal Services Client. You can obtain this from the Microsoft Download Center: XP; Win2003 Upgrade note: RDG files with this version of RDCMan are not compatible with older program versions. Any legacy RDG file opened and saved with this version will be backed up as filename.old
learn.microsoft.com
Versions
4.01
Website
learn.microsoft.com
License
Last Updated
8/12/2025

Process Monitor is an advanced monitoring tool designed to provide real-time insights into file system, Registry, and process/thread activity on Windows. It combines the functionalities of legacy tools Filemon and Regmon with enhanced features such as non-destructive filtering, comprehensive event properties including user names and session IDs, and thread stacks with symbol support for precise operation tracing.

Key Features:

  • Real-time monitoring of file, Registry, and process/thread activities
  • Non-destructive filters to refine data without losing information
  • Comprehensive event properties for detailed insights
  • Thread stack capture with symbol support for root cause analysis
  • Simultaneous logging capabilities

Ideal for IT professionals, system administrators, developers, and malware analysts, Process Monitor aids in quickly identifying and resolving system issues, understanding application behavior, and detecting malicious activity. It can be installed via winget for seamless integration into your toolkit.

Autoruns logo

Autoruns

Sysinternals
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer and media players. These programs and drivers include ones in your startup folder, Run, RunOnce, and other Registry keys. Autoruns reports Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond other autostart utilities. Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system. Also included in the download package is a command-line equivalent that can output in CSV format, Autorunsc. You'll probably be surprised at how many executables are launched automatically!
docs.microsoft.com
Autoruns logo

Autoruns

Sysinternals
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer and media players. These programs and drivers include ones in your startup folder, Run, RunOnce, and other Registry keys. Autoruns reports Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond other autostart utilities. Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system. Also included in the download package is a command-line equivalent that can output in CSV format, Autorunsc. You'll probably be surprised at how many executables are launched automatically!
docs.microsoft.com
Ln - Command line Hardlinks logo

Ln - Command line Hardlinks

Hermann Schinagl
ln is a swiss army knife for hardlinks, symbolic links, junctions when it comes to copying. Further more it provides a incremental copy mechanism called Delorean Copy
schinagl.priv.at
Ln - Command line Hardlinks logo

Ln - Command line Hardlinks

Hermann Schinagl
ln is a swiss army knife for hardlinks, symbolic links, junctions when it comes to copying. Further more it provides a incremental copy mechanism called Delorean Copy
schinagl.priv.at
MoveFile logo

MoveFile

Sysinternals
There are several applications, such as service packs and hotfixes, that must replace a file that's in use and is unable to. Windows therefore provides the MoveFileEx API to rename or delete a file and allows the caller to specify that they want the operation to take place the next time the system boots,before the files are referenced. Session Manager performs this task by reading the registered rename and delete commands from the HKLM\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations value. MoveFile usage: The included MoveFile utility allows you to schedule move and delete commands for the next reboot: usage: movefile [source] [dest]
learn.microsoft.com
MoveFile logo

MoveFile

Sysinternals
There are several applications, such as service packs and hotfixes, that must replace a file that's in use and is unable to. Windows therefore provides the MoveFileEx API to rename or delete a file and allows the caller to specify that they want the operation to take place the next time the system boots,before the files are referenced. Session Manager performs this task by reading the registered rename and delete commands from the HKLM\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations value. MoveFile usage: The included MoveFile utility allows you to schedule move and delete commands for the next reboot: usage: movefile [source] [dest]
learn.microsoft.com
RamMap logo

RamMap

Sysinternals
Have you ever wondered exactly how Windows is assigning physical memory, how much file data is cached in RAM, or how much RAM is used by the kernel and device drivers? RAMMap makes answering those questions easy. RAMMap is an advanced physical memory usage analysis utility for Windows Vista and higher. It presents usage information in different ways on its several different tabs: - Use Counts: usage summary by type and paging list - Processes: process working set sizes - Priority Summary: prioritized standby list sizes - Physical Pages: per-page use for all physical memory - Physical Ranges: physical memory addresses - File Summary: file data in RAM by file - File Details: individual physical pages by file Use RAMMap to gain understanding of the way Windows manages memory, to analyze application memory usage, or to answer specific questions about how RAM is being allocated. RAMMap’s refresh feature enables you to update the display and it includes support for saving and loading memory snapshots.
learn.microsoft.com
RamMap logo

RamMap

Sysinternals
Have you ever wondered exactly how Windows is assigning physical memory, how much file data is cached in RAM, or how much RAM is used by the kernel and device drivers? RAMMap makes answering those questions easy. RAMMap is an advanced physical memory usage analysis utility for Windows Vista and higher. It presents usage information in different ways on its several different tabs: - Use Counts: usage summary by type and paging list - Processes: process working set sizes - Priority Summary: prioritized standby list sizes - Physical Pages: per-page use for all physical memory - Physical Ranges: physical memory addresses - File Summary: file data in RAM by file - File Details: individual physical pages by file Use RAMMap to gain understanding of the way Windows manages memory, to analyze application memory usage, or to answer specific questions about how RAM is being allocated. RAMMap’s refresh feature enables you to update the display and it includes support for saving and loading memory snapshots.
learn.microsoft.com
Handle logo

Handle

Sysinternals
Handle is a utility that displays information about open handles for any process in the system. You can use it to see the programs that have a file open, or to see the object types and names of all the handles of a program. Handle is targeted at searching for open file references, so if you do not specify any command-line parameters it will list the values of all the handles in the system that refer to open files and the names of the files. It also takes several parameters that modify this behavior. When in search mode, Handle prints the process names and id's are listed on the left side and the names of the objects that had a match are on the right.
learn.microsoft.com
Handle logo

Handle

Sysinternals
Handle is a utility that displays information about open handles for any process in the system. You can use it to see the programs that have a file open, or to see the object types and names of all the handles of a program. Handle is targeted at searching for open file references, so if you do not specify any command-line parameters it will list the values of all the handles in the system that refer to open files and the names of the files. It also takes several parameters that modify this behavior. When in search mode, Handle prints the process names and id's are listed on the left side and the names of the objects that had a match are on the right.
learn.microsoft.com
FindLinks logo

FindLinks

Sysinternals
FindLinks reports the file index and any hard links (alternate file paths on the same volume) that exist for the specified file. A file's data remains allocated so long as at it has at least one file name referencing it. Usage: findlinks <filename>
learn.microsoft.com
FindLinks logo

FindLinks

Sysinternals
FindLinks reports the file index and any hard links (alternate file paths on the same volume) that exist for the specified file. A file's data remains allocated so long as at it has at least one file name referencing it. Usage: findlinks <filename>
learn.microsoft.com
PendMoves logo

PendMoves

Sysinternals
There are several applications, such as service packs and hotfixes, that must replace a file that's in use and is unable to. Windows therefore provides the MoveFileEx API to rename or delete a file and allows the caller to specify that they want the operation to take place the next time the system boots,before the files are referenced. Session Manager performs this task by reading the registered rename and delete commands from the HKLM\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations value. PendMoves Usage: This applet dumps the contents of the pending rename/delete value and also reports an error when the source file is notaccessible. Usage: pendmoves
learn.microsoft.com
PendMoves logo

PendMoves

Sysinternals
There are several applications, such as service packs and hotfixes, that must replace a file that's in use and is unable to. Windows therefore provides the MoveFileEx API to rename or delete a file and allows the caller to specify that they want the operation to take place the next time the system boots,before the files are referenced. Session Manager performs this task by reading the registered rename and delete commands from the HKLM\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations value. PendMoves Usage: This applet dumps the contents of the pending rename/delete value and also reports an error when the source file is notaccessible. Usage: pendmoves
learn.microsoft.com
Sysinternals Suite logo

Sysinternals Suite

Sysinternals
Sysinternals Suite is a bundle of the Sysinternals utilities including Process Explorer, Process Monitor, Sysmon, Autoruns, ProcDump, all of the PsTools, and many more. The Sysinternals website was created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you’re an IT pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot, and diagnose your Windows systems and applications. The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver. The Suite is a bundling of the following selected Sysinternals Utilities: AccessChk, AccessEnum, AdExplorer, AdInsight, AdRestore, Autologon, Autoruns, BgInfo, BlueScreen, CacheSet, ClockRes, Contig, Coreinfo, Ctrl2Cap, DebugView, Desktops, Disk2vhd, DiskExt, DiskMon, DiskView, Disk Usage (DU), EFSDump, FindLinks, Handle, Hex2dec, Junction, LDMDump, ListDLLs, LiveKd, LoadOrder, LogonSessions, MoveFile, NotMyFault, NTFSInfo, PendMoves, PipeList, PortMon, ProcDump, Process Explorer, Process Monitor, PsExec, PsFile, PsGetSid, PsInfo, PsKill, PsList, PsLoggedOn, PsLogList, PsPasswd, PsPing, PsService, PsShutdown, PsSuspend, PsTools, RAMMap, RDCMan, RegDelNull, RegHide, RegJump, Registry Usage (RU), SDelete, ShareEnum, ShellRunas, Sigcheck, Streams, Strings, Sync, Sysmon, TCPView, VMMap, VolumeID, WhoIs, WinObj, ZoomIt
learn.microsoft.com
Sysinternals Suite logo

Sysinternals Suite

Sysinternals
Sysinternals Suite is a bundle of the Sysinternals utilities including Process Explorer, Process Monitor, Sysmon, Autoruns, ProcDump, all of the PsTools, and many more. The Sysinternals website was created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you’re an IT pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot, and diagnose your Windows systems and applications. The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver. The Suite is a bundling of the following selected Sysinternals Utilities: AccessChk, AccessEnum, AdExplorer, AdInsight, AdRestore, Autologon, Autoruns, BgInfo, BlueScreen, CacheSet, ClockRes, Contig, Coreinfo, Ctrl2Cap, DebugView, Desktops, Disk2vhd, DiskExt, DiskMon, DiskView, Disk Usage (DU), EFSDump, FindLinks, Handle, Hex2dec, Junction, LDMDump, ListDLLs, LiveKd, LoadOrder, LogonSessions, MoveFile, NotMyFault, NTFSInfo, PendMoves, PipeList, PortMon, ProcDump, Process Explorer, Process Monitor, PsExec, PsFile, PsGetSid, PsInfo, PsKill, PsList, PsLoggedOn, PsLogList, PsPasswd, PsPing, PsService, PsShutdown, PsSuspend, PsTools, RAMMap, RDCMan, RegDelNull, RegHide, RegJump, Registry Usage (RU), SDelete, ShareEnum, ShellRunas, Sigcheck, Streams, Strings, Sync, Sysmon, TCPView, VMMap, VolumeID, WhoIs, WinObj, ZoomIt
learn.microsoft.com
BGInfo logo

BGInfo

Sysinternals
BGInfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more. You can edit any field as well as the font and background colors, and can place it in your startup folder so that it runs every boot, or even configure it to display as the background for the logon screen. Because BGInfo simply writes a new desktop bitmap and exits, you don't have to worry about it consuming system resources or interfering with other applications. By placing BGInfo in your Startup folder, you can ensure that the system information being displayed is up to date each time you boot. Once you've settled on the information to be displayed, use the command-line option /timer:0 to update the display without showing the dialog box. You can also use the Windows Scheduler to run BGInfo on a regular basis to ensure long-running systems are kept up to date.
learn.microsoft.com
BGInfo logo

BGInfo

Sysinternals
BGInfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more. You can edit any field as well as the font and background colors, and can place it in your startup folder so that it runs every boot, or even configure it to display as the background for the logon screen. Because BGInfo simply writes a new desktop bitmap and exits, you don't have to worry about it consuming system resources or interfering with other applications. By placing BGInfo in your Startup folder, you can ensure that the system information being displayed is up to date each time you boot. Once you've settled on the information to be displayed, use the command-line option /timer:0 to update the display without showing the dialog box. You can also use the Windows Scheduler to run BGInfo on a regular basis to ensure long-running systems are kept up to date.
learn.microsoft.com
DebugView logo

DebugView

Sysinternals
DebugView is an application that lets you monitor debug output on your local system, or any computer on the network that you can reach via TCP/IP. It is capable of displaying both kernel-mode and Win32 debug output, so you don't need a debugger to catch the debug output your applications or device drivers generate, nor do you need to modify your applications or drivers to use non-standard debug output APIs. Under Windows 2000, XP, Server 2003 and Vista DebugView will capture: - Win32 OutputDebugString - Kernel-mode DbgPrint - All kernel-mode variants of DbgPrint implemented in Windows XP and Server 2003 DebugView also extracts kernel-mode debug output generated before a crash from Window's 2000/XP crash dump files if DebugView was capturing at the time of the crash. Here is a list highlighting some of DebugView's other features: - Remote monitoring: Capture kernel-mode and/or Win32 debug output from any computer accessible via TCP/IP - even across the Internet. You can monitor multiple remote computers simultaneously. DebugView will even install its client software itself if you are running it on a Windows 2000 system and are capturing from another Windows 2000 system in the same Network Neighborhood. - Most-recent-filter lists:DebugView remembers your most recent filter selections, with an interface that makes it easy to reselect them. - Process ID option: Toggle the display of process IDs for Win32 debug output. - Clipboard copy: Select multiple lines in the output window and copy their contents to the clipboard. - Log-to-file: Write debug output to a file as its being captured. - Printing: Print all or part of captured debug output to a printer. - One-file payload:DebugView is implemented as one file. - Crash-Dump Support:DebugView can recover its buffers from a crash dump and save the output to a log file so that users can send you the output your Windows driver generated right up to the time of a crash.
learn.microsoft.com
DebugView logo

DebugView

Sysinternals
DebugView is an application that lets you monitor debug output on your local system, or any computer on the network that you can reach via TCP/IP. It is capable of displaying both kernel-mode and Win32 debug output, so you don't need a debugger to catch the debug output your applications or device drivers generate, nor do you need to modify your applications or drivers to use non-standard debug output APIs. Under Windows 2000, XP, Server 2003 and Vista DebugView will capture: - Win32 OutputDebugString - Kernel-mode DbgPrint - All kernel-mode variants of DbgPrint implemented in Windows XP and Server 2003 DebugView also extracts kernel-mode debug output generated before a crash from Window's 2000/XP crash dump files if DebugView was capturing at the time of the crash. Here is a list highlighting some of DebugView's other features: - Remote monitoring: Capture kernel-mode and/or Win32 debug output from any computer accessible via TCP/IP - even across the Internet. You can monitor multiple remote computers simultaneously. DebugView will even install its client software itself if you are running it on a Windows 2000 system and are capturing from another Windows 2000 system in the same Network Neighborhood. - Most-recent-filter lists:DebugView remembers your most recent filter selections, with an interface that makes it easy to reselect them. - Process ID option: Toggle the display of process IDs for Win32 debug output. - Clipboard copy: Select multiple lines in the output window and copy their contents to the clipboard. - Log-to-file: Write debug output to a file as its being captured. - Printing: Print all or part of captured debug output to a printer. - One-file payload:DebugView is implemented as one file. - Crash-Dump Support:DebugView can recover its buffers from a crash dump and save the output to a log file so that users can send you the output your Windows driver generated right up to the time of a crash.
learn.microsoft.com
Desktops logo

Desktops

Sysinternals
Desktops allows you to organize your applications on up to four virtual desktops. Read email on one, browse the web on the second, and do work in your productivity software on the third, without the clutter of the windows you're not using. After you configure hotkeys for switching desktops, you can create and switch desktops either by clicking on the tray icon to open a desktop preview and switching window, or by using the hotkeys.
learn.microsoft.com
Desktops logo

Desktops

Sysinternals
Desktops allows you to organize your applications on up to four virtual desktops. Read email on one, browse the web on the second, and do work in your productivity software on the third, without the clutter of the windows you're not using. After you configure hotkeys for switching desktops, you can create and switch desktops either by clicking on the tray icon to open a desktop preview and switching window, or by using the hotkeys.
learn.microsoft.com
Desktops logo

Desktops

Sysinternals
Desktops allows you to organize your applications on up to four virtual desktops. Read email on one, browse the web on the second, and do work in your productivity software on the third, without the clutter of the windows you're not using. After you configure hotkeys for switching desktops, you can create and switch desktops either by clicking on the tray icon to open a desktop preview and switching window, or by using the hotkeys.
learn.microsoft.com
TCPView logo

TCPView

Sysinternals
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality. When you start TCPView it will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions. You can use a toolbar button or menu item to toggle the display of resolved names. TCPView shows the name of the process that owns each endpoint, including the service name (if any). By default, TCPView updates every second, but you can use the Options|Refresh Rate menu item to change the rate. Endpoints that change state from one update to the next are highlighted in yellow; those that are deleted are shown in red, and new endpoints are shown in green. You can close established TCP/IP connections (those labeled with a state of ESTABLISHED) by selecting File|Close Connections, or by right-clicking on a connection and choosing Close Connections from the resulting context menu. You can save TCPView's output window to a file using the Save menu item.
learn.microsoft.com
TCPView logo

TCPView

Sysinternals
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality. When you start TCPView it will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions. You can use a toolbar button or menu item to toggle the display of resolved names. TCPView shows the name of the process that owns each endpoint, including the service name (if any). By default, TCPView updates every second, but you can use the Options|Refresh Rate menu item to change the rate. Endpoints that change state from one update to the next are highlighted in yellow; those that are deleted are shown in red, and new endpoints are shown in green. You can close established TCP/IP connections (those labeled with a state of ESTABLISHED) by selecting File|Close Connections, or by right-clicking on a connection and choosing Close Connections from the resulting context menu. You can save TCPView's output window to a file using the Save menu item.
learn.microsoft.com
TCPView logo

TCPView

Sysinternals
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality. When you start TCPView it will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions. You can use a toolbar button or menu item to toggle the display of resolved names. TCPView shows the name of the process that owns each endpoint, including the service name (if any). By default, TCPView updates every second, but you can use the Options|Refresh Rate menu item to change the rate. Endpoints that change state from one update to the next are highlighted in yellow; those that are deleted are shown in red, and new endpoints are shown in green. You can close established TCP/IP connections (those labeled with a state of ESTABLISHED) by selecting File|Close Connections, or by right-clicking on a connection and choosing Close Connections from the resulting context menu. You can save TCPView's output window to a file using the Save menu item.
learn.microsoft.com
Strings logo

Strings

Microsoft Corporation
Strings scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters.
docs.microsoft.com
Strings logo

Strings

Microsoft Corporation
Strings scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters.
docs.microsoft.com
Strings logo

Strings

Microsoft Corporation
Strings scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters.
docs.microsoft.com