wingetCollections
  • Auto
  • Search
  • Awesome Collections
  • Awesome Programs
  • My Favorite Collections
  • My Collections
  • Account / Settings
  • Terms of Service
  • Privacy
  • About

© 2025 winget.ragerworks.com

Loading...
Install TCPView using Winget - wingetCollections
  1. Go back
  2. Packages
  3. TCPView
TCPView logo

TCPView Sysinternals

sysinternals
Use this command to install TCPView:
winget install --id=Microsoft.Sysinternals.TCPView -e

TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality. When you start TCPView it will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions. You can use a toolbar button or menu item to toggle the display of resolved names. TCPView shows the name of the process that owns each endpoint, including the service name (if any). By default, TCPView updates every second, but you can use the Options|Refresh Rate menu item to change the rate. Endpoints that change state from one update to the next are highlighted in yellow; those that are deleted are shown in red, and new endpoints are shown in green. You can close established TCP/IP connections (those labeled with a state of ESTABLISHED) by selecting File|Close Connections, or by right-clicking on a connection and choosing Close Connections from the resulting context menu. You can save TCPView's output window to a file using the Save menu item.

TCPView is a Windows utility designed to display detailed information about all TCP and UDP endpoints on your system, including local and remote addresses, port numbers, connection states, and the associated process names. This tool provides a comprehensive view of network activity, making it easier to monitor and troubleshoot connections.

Key Features:

  • Real-Time Monitoring: Displays active TCP and UDP endpoints with details such as connection states (e.g., ESTABLISHED, LISTENING) and remote addresses.
  • Process Identification: Shows the name of the process or service owning each endpoint, aiding in identifying which applications are using network resources.
  • Connection State Visualization: Highlights changes in connection states, new connections, and closed endpoints with color-coded indicators (yellow for changes, red for deletions, green for new connections).
  • Command-Line Tool: Includes Tcpvcon, a command-line version that allows saving output as CSV or text files for further analysis.

Related Programs

Process Explorer logo

Process Explorer

Sysinternals
Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded. The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded. The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
learn.microsoft.com
Process Monitor logo

Process Monitor

Sysinternals
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such as session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit. Process Monitor includes powerful monitoring and filtering capabilities, including: - More data captured for operation input and output parameters - Non-destructive filters allow you to set filters without losing data - Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation - Reliable capture of process details, including image path, command line, user and session ID - Configurable and moveable columns for any event property - Filters can be set for any data field, including fields not configured as columns - Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data - Process tree tool shows relationship of all processes referenced in a trace - Native log format preserves all data for loading in a different Process Monitor instance - Process tooltip for easy viewing of process image information - Detail tooltip allows convenient access to formatted data that doesn't fit in the column - Cancellable search - Boot time logging of all operations
learn.microsoft.com
Process Explorer logo

Process Explorer

Sysinternals
Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded. The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded. The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
learn.microsoft.com
Process Monitor logo

Process Monitor

Sysinternals
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such as session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit. Process Monitor includes powerful monitoring and filtering capabilities, including: - More data captured for operation input and output parameters - Non-destructive filters allow you to set filters without losing data - Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation - Reliable capture of process details, including image path, command line, user and session ID - Configurable and moveable columns for any event property - Filters can be set for any data field, including fields not configured as columns - Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data - Process tree tool shows relationship of all processes referenced in a trace - Native log format preserves all data for loading in a different Process Monitor instance - Process tooltip for easy viewing of process image information - Detail tooltip allows convenient access to formatted data that doesn't fit in the column - Cancellable search - Boot time logging of all operations
learn.microsoft.com
Versions
4.19
Website
learn.microsoft.com
License
Last Updated
8/9/2025
  • Adjustable Refresh Rate: Users can set the update frequency to suit their monitoring needs.

    • Audience & Benefit:

    Ideal for system administrators and network professionals, TCPView provides actionable insights into network activity. It helps users identify unnecessary connections, troubleshoot connectivity issues, and manage network resources efficiently.

    TCPView can be installed via winget, making it easy to integrate into your workflow.

    Remote Desktop Connection Manager logo

    Remote Desktop Connection Manager

    Sysinternals
    RDCMan manages multiple remote desktop connections. It is useful for managing server labs where you need regular access to each machine such as automated checkin systems and data centers. Servers are organized into named groups. You can connect or disconnect to all servers in a group with a single command. You can view all the servers in a group as a set of thumbnails, showing live action in each session. Servers can inherit their logon settings from a parent group or a credential store. Thus when you change your lab account password, you only need to change the password stored by RDCMan in one place. Passwords are stored securely by encrypting with either CryptProtectData using the (locally) logged on user's authority or an X509 certificate. User with OS versions prior to Win7/Vista will need to get version 6 of the Terminal Services Client. You can obtain this from the Microsoft Download Center: XP; Win2003 Upgrade note: RDG files with this version of RDCMan are not compatible with older program versions. Any legacy RDG file opened and saved with this version will be backed up as filename.old
    learn.microsoft.com
    Remote Desktop Connection Manager logo

    Remote Desktop Connection Manager

    Sysinternals
    RDCMan manages multiple remote desktop connections. It is useful for managing server labs where you need regular access to each machine such as automated checkin systems and data centers. Servers are organized into named groups. You can connect or disconnect to all servers in a group with a single command. You can view all the servers in a group as a set of thumbnails, showing live action in each session. Servers can inherit their logon settings from a parent group or a credential store. Thus when you change your lab account password, you only need to change the password stored by RDCMan in one place. Passwords are stored securely by encrypting with either CryptProtectData using the (locally) logged on user's authority or an X509 certificate. User with OS versions prior to Win7/Vista will need to get version 6 of the Terminal Services Client. You can obtain this from the Microsoft Download Center: XP; Win2003 Upgrade note: RDG files with this version of RDCMan are not compatible with older program versions. Any legacy RDG file opened and saved with this version will be backed up as filename.old
    learn.microsoft.com
    Autoruns logo

    Autoruns

    Sysinternals
    This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer and media players. These programs and drivers include ones in your startup folder, Run, RunOnce, and other Registry keys. Autoruns reports Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond other autostart utilities. Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system. Also included in the download package is a command-line equivalent that can output in CSV format, Autorunsc. You'll probably be surprised at how many executables are launched automatically!
    docs.microsoft.com
    Autoruns logo

    Autoruns

    Sysinternals
    This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer and media players. These programs and drivers include ones in your startup folder, Run, RunOnce, and other Registry keys. Autoruns reports Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond other autostart utilities. Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system. Also included in the download package is a command-line equivalent that can output in CSV format, Autorunsc. You'll probably be surprised at how many executables are launched automatically!
    docs.microsoft.com
    MoveFile logo

    MoveFile

    Sysinternals
    There are several applications, such as service packs and hotfixes, that must replace a file that's in use and is unable to. Windows therefore provides the MoveFileEx API to rename or delete a file and allows the caller to specify that they want the operation to take place the next time the system boots,before the files are referenced. Session Manager performs this task by reading the registered rename and delete commands from the HKLM\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations value. MoveFile usage: The included MoveFile utility allows you to schedule move and delete commands for the next reboot: usage: movefile [source] [dest]
    learn.microsoft.com
    MoveFile logo

    MoveFile

    Sysinternals
    There are several applications, such as service packs and hotfixes, that must replace a file that's in use and is unable to. Windows therefore provides the MoveFileEx API to rename or delete a file and allows the caller to specify that they want the operation to take place the next time the system boots,before the files are referenced. Session Manager performs this task by reading the registered rename and delete commands from the HKLM\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations value. MoveFile usage: The included MoveFile utility allows you to schedule move and delete commands for the next reboot: usage: movefile [source] [dest]
    learn.microsoft.com
    RamMap logo

    RamMap

    Sysinternals
    Have you ever wondered exactly how Windows is assigning physical memory, how much file data is cached in RAM, or how much RAM is used by the kernel and device drivers? RAMMap makes answering those questions easy. RAMMap is an advanced physical memory usage analysis utility for Windows Vista and higher. It presents usage information in different ways on its several different tabs: - Use Counts: usage summary by type and paging list - Processes: process working set sizes - Priority Summary: prioritized standby list sizes - Physical Pages: per-page use for all physical memory - Physical Ranges: physical memory addresses - File Summary: file data in RAM by file - File Details: individual physical pages by file Use RAMMap to gain understanding of the way Windows manages memory, to analyze application memory usage, or to answer specific questions about how RAM is being allocated. RAMMap’s refresh feature enables you to update the display and it includes support for saving and loading memory snapshots.
    learn.microsoft.com
    RamMap logo

    RamMap

    Sysinternals
    Have you ever wondered exactly how Windows is assigning physical memory, how much file data is cached in RAM, or how much RAM is used by the kernel and device drivers? RAMMap makes answering those questions easy. RAMMap is an advanced physical memory usage analysis utility for Windows Vista and higher. It presents usage information in different ways on its several different tabs: - Use Counts: usage summary by type and paging list - Processes: process working set sizes - Priority Summary: prioritized standby list sizes - Physical Pages: per-page use for all physical memory - Physical Ranges: physical memory addresses - File Summary: file data in RAM by file - File Details: individual physical pages by file Use RAMMap to gain understanding of the way Windows manages memory, to analyze application memory usage, or to answer specific questions about how RAM is being allocated. RAMMap’s refresh feature enables you to update the display and it includes support for saving and loading memory snapshots.
    learn.microsoft.com
    Handle logo

    Handle

    Sysinternals
    Handle is a utility that displays information about open handles for any process in the system. You can use it to see the programs that have a file open, or to see the object types and names of all the handles of a program. Handle is targeted at searching for open file references, so if you do not specify any command-line parameters it will list the values of all the handles in the system that refer to open files and the names of the files. It also takes several parameters that modify this behavior. When in search mode, Handle prints the process names and id's are listed on the left side and the names of the objects that had a match are on the right.
    learn.microsoft.com
    Handle logo

    Handle

    Sysinternals
    Handle is a utility that displays information about open handles for any process in the system. You can use it to see the programs that have a file open, or to see the object types and names of all the handles of a program. Handle is targeted at searching for open file references, so if you do not specify any command-line parameters it will list the values of all the handles in the system that refer to open files and the names of the files. It also takes several parameters that modify this behavior. When in search mode, Handle prints the process names and id's are listed on the left side and the names of the objects that had a match are on the right.
    learn.microsoft.com
    FindLinks logo

    FindLinks

    Sysinternals
    FindLinks reports the file index and any hard links (alternate file paths on the same volume) that exist for the specified file. A file's data remains allocated so long as at it has at least one file name referencing it. Usage: findlinks <filename>
    learn.microsoft.com
    FindLinks logo

    FindLinks

    Sysinternals
    FindLinks reports the file index and any hard links (alternate file paths on the same volume) that exist for the specified file. A file's data remains allocated so long as at it has at least one file name referencing it. Usage: findlinks <filename>
    learn.microsoft.com
    PendMoves logo

    PendMoves

    Sysinternals
    There are several applications, such as service packs and hotfixes, that must replace a file that's in use and is unable to. Windows therefore provides the MoveFileEx API to rename or delete a file and allows the caller to specify that they want the operation to take place the next time the system boots,before the files are referenced. Session Manager performs this task by reading the registered rename and delete commands from the HKLM\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations value. PendMoves Usage: This applet dumps the contents of the pending rename/delete value and also reports an error when the source file is notaccessible. Usage: pendmoves
    learn.microsoft.com
    PendMoves logo

    PendMoves

    Sysinternals
    There are several applications, such as service packs and hotfixes, that must replace a file that's in use and is unable to. Windows therefore provides the MoveFileEx API to rename or delete a file and allows the caller to specify that they want the operation to take place the next time the system boots,before the files are referenced. Session Manager performs this task by reading the registered rename and delete commands from the HKLM\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations value. PendMoves Usage: This applet dumps the contents of the pending rename/delete value and also reports an error when the source file is notaccessible. Usage: pendmoves
    learn.microsoft.com
    Sysinternals Suite logo

    Sysinternals Suite

    Sysinternals
    Sysinternals Suite is a bundle of the Sysinternals utilities including Process Explorer, Process Monitor, Sysmon, Autoruns, ProcDump, all of the PsTools, and many more. The Sysinternals website was created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you’re an IT pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot, and diagnose your Windows systems and applications. The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver. The Suite is a bundling of the following selected Sysinternals Utilities: AccessChk, AccessEnum, AdExplorer, AdInsight, AdRestore, Autologon, Autoruns, BgInfo, BlueScreen, CacheSet, ClockRes, Contig, Coreinfo, Ctrl2Cap, DebugView, Desktops, Disk2vhd, DiskExt, DiskMon, DiskView, Disk Usage (DU), EFSDump, FindLinks, Handle, Hex2dec, Junction, LDMDump, ListDLLs, LiveKd, LoadOrder, LogonSessions, MoveFile, NotMyFault, NTFSInfo, PendMoves, PipeList, PortMon, ProcDump, Process Explorer, Process Monitor, PsExec, PsFile, PsGetSid, PsInfo, PsKill, PsList, PsLoggedOn, PsLogList, PsPasswd, PsPing, PsService, PsShutdown, PsSuspend, PsTools, RAMMap, RDCMan, RegDelNull, RegHide, RegJump, Registry Usage (RU), SDelete, ShareEnum, ShellRunas, Sigcheck, Streams, Strings, Sync, Sysmon, TCPView, VMMap, VolumeID, WhoIs, WinObj, ZoomIt
    learn.microsoft.com
    Sysinternals Suite logo

    Sysinternals Suite

    Sysinternals
    Sysinternals Suite is a bundle of the Sysinternals utilities including Process Explorer, Process Monitor, Sysmon, Autoruns, ProcDump, all of the PsTools, and many more. The Sysinternals website was created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you’re an IT pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot, and diagnose your Windows systems and applications. The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver. The Suite is a bundling of the following selected Sysinternals Utilities: AccessChk, AccessEnum, AdExplorer, AdInsight, AdRestore, Autologon, Autoruns, BgInfo, BlueScreen, CacheSet, ClockRes, Contig, Coreinfo, Ctrl2Cap, DebugView, Desktops, Disk2vhd, DiskExt, DiskMon, DiskView, Disk Usage (DU), EFSDump, FindLinks, Handle, Hex2dec, Junction, LDMDump, ListDLLs, LiveKd, LoadOrder, LogonSessions, MoveFile, NotMyFault, NTFSInfo, PendMoves, PipeList, PortMon, ProcDump, Process Explorer, Process Monitor, PsExec, PsFile, PsGetSid, PsInfo, PsKill, PsList, PsLoggedOn, PsLogList, PsPasswd, PsPing, PsService, PsShutdown, PsSuspend, PsTools, RAMMap, RDCMan, RegDelNull, RegHide, RegJump, Registry Usage (RU), SDelete, ShareEnum, ShellRunas, Sigcheck, Streams, Strings, Sync, Sysmon, TCPView, VMMap, VolumeID, WhoIs, WinObj, ZoomIt
    learn.microsoft.com
    BGInfo logo

    BGInfo

    Sysinternals
    BGInfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more. You can edit any field as well as the font and background colors, and can place it in your startup folder so that it runs every boot, or even configure it to display as the background for the logon screen. Because BGInfo simply writes a new desktop bitmap and exits, you don't have to worry about it consuming system resources or interfering with other applications. By placing BGInfo in your Startup folder, you can ensure that the system information being displayed is up to date each time you boot. Once you've settled on the information to be displayed, use the command-line option /timer:0 to update the display without showing the dialog box. You can also use the Windows Scheduler to run BGInfo on a regular basis to ensure long-running systems are kept up to date.
    learn.microsoft.com
    BGInfo logo

    BGInfo

    Sysinternals
    BGInfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more. You can edit any field as well as the font and background colors, and can place it in your startup folder so that it runs every boot, or even configure it to display as the background for the logon screen. Because BGInfo simply writes a new desktop bitmap and exits, you don't have to worry about it consuming system resources or interfering with other applications. By placing BGInfo in your Startup folder, you can ensure that the system information being displayed is up to date each time you boot. Once you've settled on the information to be displayed, use the command-line option /timer:0 to update the display without showing the dialog box. You can also use the Windows Scheduler to run BGInfo on a regular basis to ensure long-running systems are kept up to date.
    learn.microsoft.com
    DebugView logo

    DebugView

    Sysinternals
    DebugView is an application that lets you monitor debug output on your local system, or any computer on the network that you can reach via TCP/IP. It is capable of displaying both kernel-mode and Win32 debug output, so you don't need a debugger to catch the debug output your applications or device drivers generate, nor do you need to modify your applications or drivers to use non-standard debug output APIs. Under Windows 2000, XP, Server 2003 and Vista DebugView will capture: - Win32 OutputDebugString - Kernel-mode DbgPrint - All kernel-mode variants of DbgPrint implemented in Windows XP and Server 2003 DebugView also extracts kernel-mode debug output generated before a crash from Window's 2000/XP crash dump files if DebugView was capturing at the time of the crash. Here is a list highlighting some of DebugView's other features: - Remote monitoring: Capture kernel-mode and/or Win32 debug output from any computer accessible via TCP/IP - even across the Internet. You can monitor multiple remote computers simultaneously. DebugView will even install its client software itself if you are running it on a Windows 2000 system and are capturing from another Windows 2000 system in the same Network Neighborhood. - Most-recent-filter lists:DebugView remembers your most recent filter selections, with an interface that makes it easy to reselect them. - Process ID option: Toggle the display of process IDs for Win32 debug output. - Clipboard copy: Select multiple lines in the output window and copy their contents to the clipboard. - Log-to-file: Write debug output to a file as its being captured. - Printing: Print all or part of captured debug output to a printer. - One-file payload:DebugView is implemented as one file. - Crash-Dump Support:DebugView can recover its buffers from a crash dump and save the output to a log file so that users can send you the output your Windows driver generated right up to the time of a crash.
    learn.microsoft.com
    DebugView logo

    DebugView

    Sysinternals
    DebugView is an application that lets you monitor debug output on your local system, or any computer on the network that you can reach via TCP/IP. It is capable of displaying both kernel-mode and Win32 debug output, so you don't need a debugger to catch the debug output your applications or device drivers generate, nor do you need to modify your applications or drivers to use non-standard debug output APIs. Under Windows 2000, XP, Server 2003 and Vista DebugView will capture: - Win32 OutputDebugString - Kernel-mode DbgPrint - All kernel-mode variants of DbgPrint implemented in Windows XP and Server 2003 DebugView also extracts kernel-mode debug output generated before a crash from Window's 2000/XP crash dump files if DebugView was capturing at the time of the crash. Here is a list highlighting some of DebugView's other features: - Remote monitoring: Capture kernel-mode and/or Win32 debug output from any computer accessible via TCP/IP - even across the Internet. You can monitor multiple remote computers simultaneously. DebugView will even install its client software itself if you are running it on a Windows 2000 system and are capturing from another Windows 2000 system in the same Network Neighborhood. - Most-recent-filter lists:DebugView remembers your most recent filter selections, with an interface that makes it easy to reselect them. - Process ID option: Toggle the display of process IDs for Win32 debug output. - Clipboard copy: Select multiple lines in the output window and copy their contents to the clipboard. - Log-to-file: Write debug output to a file as its being captured. - Printing: Print all or part of captured debug output to a printer. - One-file payload:DebugView is implemented as one file. - Crash-Dump Support:DebugView can recover its buffers from a crash dump and save the output to a log file so that users can send you the output your Windows driver generated right up to the time of a crash.
    learn.microsoft.com
    Desktops logo

    Desktops

    Sysinternals
    Desktops allows you to organize your applications on up to four virtual desktops. Read email on one, browse the web on the second, and do work in your productivity software on the third, without the clutter of the windows you're not using. After you configure hotkeys for switching desktops, you can create and switch desktops either by clicking on the tray icon to open a desktop preview and switching window, or by using the hotkeys.
    learn.microsoft.com
    Desktops logo

    Desktops

    Sysinternals
    Desktops allows you to organize your applications on up to four virtual desktops. Read email on one, browse the web on the second, and do work in your productivity software on the third, without the clutter of the windows you're not using. After you configure hotkeys for switching desktops, you can create and switch desktops either by clicking on the tray icon to open a desktop preview and switching window, or by using the hotkeys.
    learn.microsoft.com
    Strings logo

    Strings

    Microsoft Corporation
    Strings scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters.
    docs.microsoft.com
    Strings logo

    Strings

    Microsoft Corporation
    Strings scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters.
    docs.microsoft.com
    Strings logo

    Strings

    Microsoft Corporation
    Strings scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters.
    docs.microsoft.com
    Sysmon logo

    Sysmon

    Microsoft
    System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log.
    learn.microsoft.com
    Sysmon logo

    Sysmon

    Microsoft
    System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log.
    learn.microsoft.com
    Sysmon logo

    Sysmon

    Microsoft
    System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log.
    learn.microsoft.com
    ZoomIt logo

    ZoomIt

    Microsoft Corporation
    ZoomIt is a screen zoom, annotation, and recording tool for technical presentations that include application demonstrations. ZoomIt runs unobtrusively in the tray and activates with customizable hotkeys to zoom in on an area of the screen, move around while zoomed, and draw on the zoomed image. I wrote ZoomIt to fit my specific needs and use it in all my presentations. ZoomIt works on all versions of Windows and you can use touch and pen input for ZoomIt drawing on tablets.
    learn.microsoft.com
    ZoomIt logo

    ZoomIt

    Microsoft Corporation
    ZoomIt is a screen zoom, annotation, and recording tool for technical presentations that include application demonstrations. ZoomIt runs unobtrusively in the tray and activates with customizable hotkeys to zoom in on an area of the screen, move around while zoomed, and draw on the zoomed image. I wrote ZoomIt to fit my specific needs and use it in all my presentations. ZoomIt works on all versions of Windows and you can use touch and pen input for ZoomIt drawing on tablets.
    learn.microsoft.com
    ZoomIt logo

    ZoomIt

    Microsoft Corporation
    ZoomIt is a screen zoom, annotation, and recording tool for technical presentations that include application demonstrations. ZoomIt runs unobtrusively in the tray and activates with customizable hotkeys to zoom in on an area of the screen, move around while zoomed, and draw on the zoomed image. I wrote ZoomIt to fit my specific needs and use it in all my presentations. ZoomIt works on all versions of Windows and you can use touch and pen input for ZoomIt drawing on tablets.
    learn.microsoft.com