nlp-files

NirLauncher nlp files for popular websites
git clone git://fossdaily.xyz/nlp-files
Log | Files | Refs | README | LICENSE

Sysinternals.nlp (53231B)


      1 [General]
      2 Name=Sysinternals Suite
      3 GroupCount=7
      4 SoftwareCount=87
      5 
      6 [Group0]
      7 Name=All Utilities
      8 ShowAll=1
      9 
     10 [Group1]
     11 Name=File and Disk Utilities
     12 
     13 [Group2]
     14 Name=Networking Utilities
     15 
     16 [Group3]
     17 Name=Process Utilities
     18 
     19 [Group4]
     20 Name=Security Utilities
     21 
     22 [Group5]
     23 Name=System Information Utilities
     24 
     25 [Group6]
     26 Name=Miscellaneous Utilities
     27 
     28 [Software0]
     29 exe=accesschk.exe
     30 help=
     31 url=https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk
     32 exe64=accesschk64.exe
     33 group=4
     34 Name=AccessChk
     35 ShortDesc=Shows accesses the user or group has to files, Registry keys or Windows services
     36 LongDesc=As a part of ensuring that they've created a secure environment Windows administrators often need to know what kind of accesses specific users or groups have to resources including files, directories, Registry keys, global objects and Windows services. AccessChk quickly answers these questions with an intuitive interface and output.
     37 
     38 [Software1]
     39 exe=AccessEnum.exe
     40 help=
     41 url=https://docs.microsoft.com/en-us/sysinternals/downloads/accessenum
     42 exe64=
     43 group=4
     44 Name=AccessEnum
     45 ShortDesc=Shows who has what access to directories, files and Registry keys on your systems
     46 LongDesc=While the flexible security model employed by Windows NT-based systems allows full control over security and file permissions, managing permissions so that users have appropriate access to files, directories and Registry keys can be difficult. AccessEnum gives you a full view of your file system and Registry security settings in seconds, making it the ideal tool for helping you for security holes and lock down permissions where necessary.
     47 
     48 [Software2]
     49 exe=accvio.exe
     50 help=
     51 exe64=
     52 url=
     53 group=6
     54 Name=Accvio
     55 ShortDesc=
     56 LongDesc=
     57 
     58 [Software3]
     59 exe=ADExplorer.exe
     60 help=AdExplorer.chm
     61 url=https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer
     62 exe64=
     63 group=2
     64 Name=ADExplorer
     65 ShortDesc=Advanced Active Directory (AD) viewer and editor
     66 LongDesc=Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object's schema, and execute sophisticated searches that you can save and re-execute. AD Explorer also includes the ability to save snapshots of an AD database for off-line viewing and comparisons. When you load a saved snapshot, you can navigate and explorer it as you would a live database. If you have two snapshots of an AD database you can use AD Explorer's comparison functionality to see what objects, attributes and security permissions changed between them.
     67 
     68 [Software4]
     69 exe=ADInsight.exe
     70 help=ADInsight.chm
     71 url=https://docs.microsoft.com/en-us/sysinternals/downloads/adinsight
     72 exe64=
     73 group=2
     74 Name=ADInsight
     75 ShortDesc=LDAP (Light-weight Directory Access Protocol) real-time monitoring tool
     76 LongDesc=ADInsight is an LDAP (Light-weight Directory Access Protocol) real-time monitoring tool aimed at troubleshooting Active Directory client applications. Use its detailed tracing of Active Directory client-server communications to solve Windows authentication, Exchange, DNS, and other problems.
     77 
     78 [Software5]
     79 exe=adrestore.exe
     80 help=
     81 url=https://docs.microsoft.com/en-us/sysinternals/downloads/adrestore
     82 exe64=
     83 group=2
     84 Name=ADRestore
     85 ShortDesc=Undeletes Server 2003 Active Directory objects
     86 LongDesc=Windows Server 2003 introduces the ability to restore deleted ("tombstoned") objects. This simple command-line utility enumerates the deleted objects in a domain and gives you the option of restoring each one.
     87 
     88 [Software6]
     89 exe=Autologon.exe
     90 help=
     91 url=https://docs.microsoft.com/en-us/sysinternals/downloads/autologon
     92 exe64=
     93 group=4
     94 Name=Autologon
     95 ShortDesc=Bypasses password screen during logon
     96 LongDesc=Autologon enables you to easily configure Windows’ built-in autologon mechanism. Instead of waiting for a user to enter their name and password, Windows uses the credentials you enter with Autologon, which are encrypted in the Registry, to log on the specified user automatically.
     97 
     98 [Software7]
     99 exe=Autoruns.exe
    100 help=Autoruns.chm
    101 url=https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
    102 exe64=Autoruns64.exe
    103 group=5
    104 Name=Autoruns
    105 ShortDesc=Shows what programs are configured to run during system bootup or login
    106 LongDesc=This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.
    107 
    108 [Software8]
    109 exe=AutorunsC.exe
    110 help=Autoruns.chm
    111 url=https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
    112 exe64=AutorunsC64.exe
    113 group=5
    114 Name=Autoruns Command-line
    115 ShortDesc=Shows what programs are configured to run during system bootup or login. Command-line version
    116 LongDesc=This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.
    117 
    118 [Software9]
    119 exe=Bginfo.exe
    120 help=
    121 url=https://docs.microsoft.com/en-us/sysinternals/downloads/bginfo
    122 exe64=
    123 group=6
    124 Name=BGInfo
    125 ShortDesc=Displays relevant information about a Windows computer on the desktop background
    126 LongDesc=How many times have you walked up to a system in your office and needed to click through several diagnostic windows to remind yourself of important aspects of its configuration, such as its name, IP address, or operating system version? If you manage multiple computers you probably need BGInfo. It automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more. You can edit any field as well as the font and background colors, and can place it in your startup folder so that it runs every boot, or even configure it to display as the background for the logon screen.
    127 
    128 [Software10]
    129 exe=Cacheset.exe
    130 help=
    131 url=https://docs.microsoft.com/en-us/sysinternals/downloads/cacheset
    132 exe64=
    133 group=1
    134 Name=CacheSet
    135 ShortDesc=Allows to control the Cache Manager's working set size
    136 LongDesc=CacheSet is an applet that allows you to manipulate the working-set parameters of the system file cache. Unlike CacheMan, CacheSet runs on all versions of NT and will work without modifications on new Service Pack releases. In addition to providing you the ability to control the minimum and maximum working set sizes, it also allows you to reset the Cache's working set, forcing it to grow as necessary from a minimal starting point. Also unlike CacheMan, changes made with CacheSet have an immediate effect on the size of the Cache.
    137 
    138 [Software11]
    139 exe=Clockres.exe
    140 help=
    141 url=https://docs.microsoft.com/en-us/sysinternals/downloads/clockres
    142 exe64=Clockres64.exe
    143 group=5
    144 Name=ClockRes
    145 ShortDesc=Views resolution of the system clock
    146 LongDesc=Ever wondered what the resolution of the system clock was, or perhaps the maximum timer resolution that your application could obtain The answer lies in a simple function named GetSystemTimeAdjustment, and the ClockRes applet performs the function and shows you the result.
    147 
    148 [Software12]
    149 exe=Contig.exe
    150 help=
    151 url=https://docs.microsoft.com/en-us/sysinternals/downloads/contig
    152 exe64=Contig64.exe
    153 group=1
    154 Name=Contig
    155 ShortDesc=Optimizes individual files or creates new files that are contiguous
    156 LongDesc=Contig is a single-file defragmenter that attempts to make files contiguous on disk. Its perfect for quickly optimizing files that are continuously becoming fragmented, or that you want to ensure are in as few fragments as possible. Contig can be used to defrag an existing file, or to create a new file of a specified size and name, optimizing its placement on disk. Contig uses standard Windows defragmentation APIs so it won't cause disk corruption, even if you terminate it while its running.
    157 
    158 [Software13]
    159 exe=Coreinfo.exe
    160 help=
    161 url=https://docs.microsoft.com/en-us/sysinternals/downloads/coreinfo
    162 exe64=Coreinfo64a.exe
    163 group=5
    164 Name=Coreinfo
    165 ShortDesc=Shows CPU caps and memory topology
    166 LongDesc=Coreinfo is a command-line utility that shows you the mapping between logical processors and the physical processor, NUMA node, and socket on which they reside, as well as the cache’s assigned to each logical processor. It uses the Windows’ GetLogicalProcessorInformation function to obtain this information and prints it to the screen, representing a mapping to a logical processor with an asterisk e.g. ‘*’. Coreinfo is useful for gaining insight into the processor and cache topology of your system.
    167 
    168 [Software14]
    169 exe=CpuStres.exe
    170 help=
    171 url=https://docs.microsoft.com/en-us/sysinternals/downloads/cpustres
    172 exe64=CpuStres64.exe
    173 group=6
    174 Name=CPU Stress
    175 ShortDesc=Cpustres is a utility that can be used to simulate CPU activity by running up to 64 threads in a tight loop.
    176 LongDesc=Cpustres is a utility that can be used to simulate CPU activity by running up to 64 threads in a tight loop. Each thread can be started, paused or stopped independently and can be configured with the following parameters: Activity Level; This can be Low, Medium, Busy or Maximum which controls how long the thread sleepss between cycles. Setting this value to Maximum causes the thread to run continuously. Priority; This controls the thread priority.
    177 
    178 [Software15]
    179 exe=ctrl2cap.exe
    180 help=
    181 url=https://docs.microsoft.com/en-us/sysinternals/downloads/ctrl2cap
    182 exe64=
    183 group=6
    184 Name=Ctrl2Cap
    185 ShortDesc=Kernel-mode driver that demonstrates keyboard input filtering just above the keyboard class driver in order to turn caps-locks into control keys
    186 LongDesc=Ctrl2Cap is a kernel-mode device driver that filters the system's keyboard class driver in order to convert caps-lock characters into control characters. Install Ctrl2Cap running the command "ctrl2cap /install" from the directory into which you've unzipped the Ctrl2Cap files. To uninstall type "ctrl2cap /uninstall".
    187 
    188 [Software16]
    189 exe=Dbgview.exe
    190 help=Dbgview.chm
    191 url=https://docs.microsoft.com/en-us/sysinternals/downloads/debugview
    192 exe64=
    193 group=6
    194 Name=DebugView
    195 ShortDesc=Monitors debug output on your local system or any computer on the network
    196 LongDesc=DebugView is an application that lets you monitor debug output on your local system, or any computer on the network that you can reach via TCP/IP. It is capable of displaying both kernel-mode and Win32 debug output, so you don't need a debugger to catch the debug output your applications or device drivers generate, nor do you need to modify your applications or drivers to use non-standard debug output APIs.
    197 
    198 [Software17]
    199 exe=Desktops.exe
    200 help=
    201 url=https://docs.microsoft.com/en-us/sysinternals/downloads/desktops
    202 exe64=
    203 group=6
    204 Name=Desktops
    205 ShortDesc=Organizes your applications on up to four virtual desktops
    206 LongDesc=Desktops allows you to organize your applications on up to four virtual desktops. Read email on one, browse the web on the second, and do work in your productivity software on the third, without the clutter of the windows you're not using. After you configure hotkeys for switching desktops, you can create and switch desktops either by clicking on the tray icon to open a desktop preview and switching window, or by using the hotkeys.
    207 
    208 [Software18]
    209 exe=Disk2vhd.exe
    210 help=Disk2vhd.chm
    211 url=https://docs.microsoft.com/en-us/sysinternals/downloads/disk2vhd
    212 exe64=Disk2vhd64.exe
    213 group=1
    214 Name=Disk2vhd
    215 ShortDesc=Simplifies migration of physical systems into virtual machines (p2v)
    216 LongDesc=Disk2vhd is a utility that creates VHD (Virtual Hard Disk - Microsoft's Virtual Machine disk format) versions of physical disks for use in Microsoft Virtual PC or Microsoft Hyper-V virtual machines (VMs).
    217 
    218 [Software19]
    219 exe=diskext.exe
    220 help=
    221 url=https://docs.microsoft.com/en-us/sysinternals/downloads/diskext
    222 exe64=diskext64.exe
    223 group=1
    224 Name=DiskExt
    225 ShortDesc=Displays volume disk-mappings
    226 LongDesc=DiskExt demonstrates the use of the IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS command that returns information about what disks the partitions of a volume are located on (multipartition disks can reside on multiple disks) and where on the disk the partitions are located.
    227 
    228 [Software20]
    229 exe=Diskmon.exe
    230 help=Diskmon.hlp
    231 url=https://docs.microsoft.com/en-us/sysinternals/downloads/diskmon
    232 exe64=
    233 group=1
    234 Name=DiskMon
    235 ShortDesc=Captures all hard disk activity
    236 LongDesc=DiskMon is an application that logs and displays all hard disk activity on a Windows system. You can also minimize DiskMon to your system tray where it acts as a disk light, presenting a green icon when there is disk-read activity and a red icon when there is disk-write activity.
    237 
    238 [Software21]
    239 exe=DiskView.exe
    240 help=
    241 url=https://docs.microsoft.com/en-us/sysinternals/downloads/diskview
    242 exe64=DiskView64a.exe
    243 group=1
    244 Name=DiskView
    245 ShortDesc=Views disk usage by directory
    246 LongDesc=DiskView shows you a graphical map of your disk, allowing you to determine where a file is located or, by clicking on a cluster, seeing which file occupies it. Double-click to get more information about a file to which a cluster is allocated.
    247 
    248 [Software22]
    249 exe=du.exe
    250 help=
    251 url=https://docs.microsoft.com/en-us/sysinternals/downloads/du
    252 exe64=du64.exe
    253 group=1
    254 Name=DiskUsage
    255 ShortDesc=Reports disk space usage for the specified directory
    256 LongDesc=Du (disk usage) reports the disk space usage for the directory you specify. By default it recurses directories to show the total size of a directory and its subdirectories.
    257 
    258 [Software23]
    259 exe=efsdump.exe
    260 help=
    261 url=https://docs.microsoft.com/en-us/sysinternals/downloads/efsdump
    262 exe64=
    263 group=1
    264 Name=EFSDump
    265 ShortDesc=Views encrypted files information
    266 LongDesc=Windows 2000 introduces the Encrypting File System (EFS) so that users can protect their sensitive data. Several new APIs make their debut to support this factility, including one-QueryUsersOnEncryptedFile-that lets you see who has access to encrypted files. This applet uses the API to show you what accounts are authorized to access encrypted files.
    267 
    268 [Software24]
    269 exe=Filemon.exe
    270 help=Filemon.hlp
    271 url=
    272 exe64=Filemon64a.exe
    273 group=6
    274 Name=FileMon
    275 ShortDesc=This monitoring tool lets you see all file system activity in real-time
    276 LongDesc=FileMon monitors and displays file system activity on a system in real-time. Its advanced capabilities make it a powerful tool for exploring the way Windows works, seeing how applications use the files and DLLs, or tracking down problems in system or application file configurations. Filemon's timestamping feature will show you precisely when every open, read, write or delete, happens, and its status column tells you the outcome. FileMon is so easy to use that you'll be an expert within minutes. It begins monitoring when you start it, and its output window can be saved to a file for off-line viewing. It has full search capability, and if you find that you're getting information overload, simply set up one or more filters.
    277 
    278 [Software25]
    279 exe=FindLinks.exe
    280 help=
    281 url=https://docs.microsoft.com/en-us/sysinternals/downloads/findlinks
    282 exe64=FindLinks64.exe
    283 group=1
    284 Name=FindLinks
    285 ShortDesc=File index and any hard links reporter
    286 LongDesc=FindLinks reports the file index and any hard links (alternate file paths on the same volume) that exist for the specified file. A file's data remains allocated so long as at it has at least one file name referencing it.
    287 
    288 [Software26]
    289 exe=handle.exe
    290 help=
    291 url=https://docs.microsoft.com/en-us/sysinternals/downloads/handle
    292 exe64=handle64.exe
    293 group=3
    294 Name=Handle
    295 ShortDesc=Shows what files are open by which processes
    296 LongDesc=Handle is a utility that displays information about open handles for any process in the system. You can use it to see the programs that have a file open, or to see the object types and names of all the handles of a program.
    297 
    298 [Software27]
    299 exe=hex2dec.exe
    300 help=
    301 url=https://docs.microsoft.com/en-us/sysinternals/downloads/hex2dec
    302 exe64=hex2dec64.exe
    303 group=6
    304 Name=Hex2dec
    305 ShortDesc=Converts a hexadecimal number to decimal and vice versa
    306 LongDesc=Tired of running Calc everytime you want to convert a hexadecimal number to decimal? Now you can convert hex to decimal and vice versa with this simple command-line utility.
    307 
    308 [Software28]
    309 exe=Hostname.exe
    310 help=
    311 url=
    312 exe64=
    313 group=3
    314 Name=Hostname
    315 ShortDesc=Convert IP address to hostname, and vice versa
    316 LongDesc=Hostname is a very simply utility that takes either an IP address (e.g. 123.456.7.8), or a host name (e.g. ftp.ntinternals.com), and performs a translation into its inverse form. For example, if you pass Hostname an IP address, you'll get back a host name, and if you pass it a host name it will give you the corresponding IP address.
    317 
    318 [Software29]
    319 exe=junction.exe
    320 help=
    321 url=https://docs.microsoft.com/en-us/sysinternals/downloads/junction
    322 exe64=junction64.exe
    323 group=1
    324 Name=Junction
    325 ShortDesc=Creates NTFS symbolic links
    326 LongDesc=Windows 2000 and higher supports directory symbolic links, where a directory serves as a symbolic link to another directory on the computer. For example, if the directory D:\SYMLINK specified C:\WINNT\SYSTEM32 as its target, then an application accessing D:\SYMLINK\DRIVERS would in reality be accessing C:\WINNT\SYSTEM32\DRIVERS. Directory symbolic links are known as NTFS junctions in Windows. Unfortunately, Windows comes with no tools for creating junctions—you have to purchase the Win2K Resource Kit, which comes with the linkd program for creating junctions. Junction not only allows you to create NTFS junctions, it allows you to see if files or directories are actually reparse points. Reparse points are the mechanism on which NTFS junctions are based, and they are used by Windows' Remote Storage Service (RSS), as well as volume mount points.
    327 
    328 [Software30]
    329 exe=ldmdump.exe
    330 help=
    331 url=https://docs.microsoft.com/en-us/sysinternals/downloads/ldmdump
    332 exe64=
    333 group=1
    334 Name=LDMDump
    335 ShortDesc=Dumps contents of Logical Disk Manager on-disk database
    336 LongDesc=Windows 2000 introduces a new type of disk partitioning scheme that is managed by a component called the Logical Disk Manager (LDM). Windows 2000 introduces a new type of disk partitioning scheme that is managed by a component called the Logical Disk Manager (LDM).LDMDump is a utility that lets you examine exactly what is stored in a disk's copy of the system LDM database. LDMDump shows you the contents of the LDM database private header, table-of-contents, and object database (where partition, component and volume definitions are stored), and then summarizes its finding with partition table and volume listings.
    337 
    338 [Software31]
    339 exe=Listdlls.exe
    340 help=
    341 url=https://docs.microsoft.com/en-us/sysinternals/downloads/listdlls
    342 exe64=Listdlls64.exe
    343 group=3
    344 Name=ListDLLs
    345 ShortDesc=Lists all the DLLs that are currently loaded, including where they are loaded and their version numbers
    346 LongDesc=Unlike tlist, however, ListDLLs is able to show you the full path names of loaded modules - not just their base names. In addition, ListDLLs will flag loaded DLLs that have different version numbers than their corresponding on-disk files (which occurs when the file is updated after a program loads the DLL), and can tell you which DLLs were relocated because they are not loaded at their base address.
    347 
    348 [Software32]
    349 exe=livekd.exe
    350 help=
    351 url=https://docs.microsoft.com/en-us/sysinternals/downloads/livekd
    352 exe64=livekd64.exe
    353 group=5
    354 Name=LiveKd
    355 ShortDesc=Uses Microsoft kernel debuggers to examine a live system
    356 LongDesc=LiveKd allows you to run the Kd and Windbg Microsoft kernel debuggers, which are part of the Debugging Tools for Windows package, locally on a live system. Execute all the debugger commands that work on crash dump files to look deep inside the system. See the Debugging Tools for Windows documentation and our book for information on how to explore a system with the kernel debuggers. While the latest versions of Windbg and Kd have a similar capability on Windows XP and Server 2003, LiveKD enables more functionality, such as viewing thread stacks with the !thread command, than Windbg and Kd's own live kernel debugging facility.
    357 
    358 [Software33]
    359 exe=LoadOrd.exe
    360 help=
    361 url=https://docs.microsoft.com/en-us/sysinternals/downloads/loadorder
    362 exe64=LoadOrd64.exe
    363 group=5
    364 Name=LoadOrder
    365 ShortDesc=Shows order in which devices are loaded on Windows system
    366 LongDesc=This applet shows you the order that a Windows NT or Windows 2000 system loads device drivers. Note that on Windows 2000 plug-and-play drivers may actually load in a different order than the one calculated, because plug-and-play drivers are loaded on demand during device detection and enumeration.
    367 
    368 [Software34]
    369 exe=LoadOrdC.exe
    370 help=
    371 url=https://docs.microsoft.com/en-us/sysinternals/downloads/loadorder
    372 exe64=LoadOrdC64.exe
    373 group=5
    374 Name=LoadOrder Command-line
    375 ShortDesc=Shows order in which devices are loaded on Windows system. Command-line version
    376 LongDesc=This applet shows you the order that a Windows NT or Windows 2000 system loads device drivers. Note that on Windows 2000 plug-and-play drivers may actually load in a different order than the one calculated, because plug-and-play drivers are loaded on demand during device detection and enumeration.
    377 
    378 [Software35]
    379 exe=logonsessions.exe
    380 help=
    381 url=https://docs.microsoft.com/en-us/sysinternals/downloads/logonsessions
    382 exe64=logonsessions64.exe
    383 group=4
    384 Name=LogonSessions
    385 ShortDesc=Lists active logon sessions
    386 LongDesc=If you think that when you logon to a system there's only one active logon session, this utility will surprise you. It lists the currently active logon sessions and, if you specify the -p option, the processes running in each session.
    387 
    388 [Software36]
    389 exe=movefile.exe
    390 help=
    391 url=https://docs.microsoft.com/en-us/sysinternals/downloads/movefile
    392 exe64=movefile64.exe
    393 group=1
    394 Name=MoveFile
    395 ShortDesc=Schedules file rename and delete commands for the next reboot
    396 LongDesc=There are several applications, such as service packs and hotfixes, that must replace a file that's in use and is unable to. Windows therefore provides the MoveFileEx API to rename or delete a file and allows the caller to specify that they want the operation to take place the next time the system boots, before the files are referenced.
    397 
    398 [Software37]
    399 exe=NewSID.exe
    400 help=
    401 url=https://docs.microsoft.com/en-us/sysinternals/downloads/newsid
    402 exe64=
    403 group=4
    404 Name=NewSID
    405 ShortDesc=Learn about the computer SID problem everybody has been talking about and get a free computer SID changer, NewSID
    406 LongDesc=NewSID is a program we developed that changes a computer's SID. It is free and is a Win32 program, meaning that it can easily be run on systems that have been previously cloned.
    407 
    408 [Software38]
    409 exe=notmyfault.exe
    410 help=
    411 url=https://docs.microsoft.com/en-us/sysinternals/downloads/notmyfault
    412 exe64=notmyfault64.exe
    413 group=6
    414 Name=NotMyFault
    415 ShortDesc=Notmyfault is a tool that you can use to crash, hang, and cause kernel memory leaks on your Windows system
    416 LongDesc=Notmyfault is a tool that you can use to crash, hang, and cause kernel memory leaks on your Windows system. It’s useful for learning how to identify and diagnose device driver and hardware problems, and you can also use it to generate blue screen dump files on misbehaving systems. Chapter 7 in Windows Internals uses Notmyfault to o demonstrate pool leak troubleshooting and Chapter 14 uses it for crash analysis examples.
    417 
    418 [Software39]
    419 exe=notmyfaultc.exe
    420 help=
    421 url=https://docs.microsoft.com/en-us/sysinternals/downloads/notmyfault
    422 exe64=notmyfaultc64.exe
    423 group=6
    424 Name=NotMyFault Command-line
    425 ShortDesc=Notmyfault is a tool that you can use to crash, hang, and cause kernel memory leaks on your Windows system. Command-line version
    426 LongDesc=Notmyfault is a tool that you can use to crash, hang, and cause kernel memory leaks on your Windows system. It’s useful for learning how to identify and diagnose device driver and hardware problems, and you can also use it to generate blue screen dump files on misbehaving systems. Chapter 7 in Windows Internals uses Notmyfault to o demonstrate pool leak troubleshooting and Chapter 14 uses it for crash analysis examples.
    427 
    428 [Software40]
    429 exe=ntfsinfo.exe
    430 help=
    431 url=https://docs.microsoft.com/en-us/sysinternals/downloads/ntfsinfo
    432 exe64=ntfsinfo64.exe
    433 group=1
    434 Name=NTFSInfo
    435 ShortDesc=Views detailed information about NTFS volumes
    436 LongDesc=NTFSInfo is a little applet that shows you information about NTFS volumes. Its dump includes the size of a drive's allocation units, where key NTFS files are located, and the sizes of the NTFS metadata files on the volume.
    437 
    438 [Software41]
    439 exe=pagedfrg.exe
    440 help=pagedfrg.hlp
    441 url=https://docs.microsoft.com/en-us/sysinternals/downloads/pagedefrag
    442 exe64=
    443 group=1
    444 Name=PageDefrag
    445 ShortDesc=Defragments paging files and Registry hives
    446 LongDesc=One of the limitations of the Windows NT/2000 defragmentation interface is that it is not possible to defragment files that are open for exclusive access. Thus, standard defragmentation programs can neither show you how fragmented your paging files or Registry hives are, nor defragment them. Paging and Registry file fragmentation can be one of the leading causes of performance degradation related to file fragmentation in a system. PageDefrag uses advanced techniques to provide you what commercial defragmenters cannot: the ability for you to see how fragmented your paging files and Registry hives are, and to defragment them. In addition, it defragments event log files and Windows 2000/XP hibernation files (where system memory is saved when you hibernate a laptop).
    447 
    448 [Software42]
    449 exe=pendmoves.exe
    450 help=
    451 url=https://docs.microsoft.com/en-us/sysinternals/downloads/movefile
    452 exe64=pendmoves64.exe
    453 group=1
    454 Name=PendMoves
    455 ShortDesc=Shows what files are scheduled for delete or rename the next time the system boots
    456 LongDesc=There are several applications, such as service packs and hotfixes, that must replace a file that's in use and is unable to. Windows therefore provides the MoveFileEx API to rename or delete a file and allows the caller to specify that they want the operation to take place the next time the system boots, before the files are referenced. Session Manager performs this task by reading the registered rename and delete commands from the HKLM\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations value.
    457 
    458 [Software43]
    459 exe=PHYSMEM.EXE
    460 help=
    461 url=
    462 exe64=
    463 group=6
    464 Name=PhysMem
    465 ShortDesc=
    466 LongDesc=
    467 
    468 [Software44]
    469 exe=pipelist.exe
    470 help=
    471 url=https://docs.microsoft.com/en-us/sysinternals/downloads/pipelist
    472 exe64=pipelist64.exe
    473 group=5
    474 Name=PipeList
    475 ShortDesc=Displays the named pipes on your system
    476 LongDesc=Did you know that the device driver that implements named pipes is actually a file system driver? In fact, the driver's name is NPFS.SYS, for "Named Pipe File System". What you might also find surprising is that its possible to obtain a directory listing of the named pipes defined on a system.
    477 
    478 [Software45]
    479 exe=Portmon.exe
    480 help=Portmon.hlp
    481 url=https://docs.microsoft.com/en-us/sysinternals/downloads/portmon
    482 exe64=
    483 group=3
    484 Name=Portmon
    485 ShortDesc=Monitors serial and parallel port activity
    486 LongDesc=Portmon is a utility that monitors and displays all serial and parallel port activity on a system. It has advanced filtering and search capabilities that make it a powerful tool for exploring the way Windows works, seeing how applications use ports, or tracking down problems in system or application configurations.
    487 
    488 [Software46]
    489 exe=procdump.exe
    490 help=
    491 url=https://docs.microsoft.com/en-us/sysinternals/downloads/procdump
    492 exe64=procdump64.exe
    493 group=3
    494 Name=ProcDump
    495 ShortDesc=Captures process dumps to isolate and reproduce CPU spikes
    496 LongDesc=ProcDump is a command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during a spike that an administrator or developer can use to determine the cause of the spike. ProcDump also includes hung window monitoring (using the same definition of a window hang that Windows and Task Manager use), unhandled exception monitoring and can generate dumps based on the values of system performance counters. It also can serve as a general process dump utility that you can embed in other scripts.
    497 
    498 [Software47]
    499 exe=Procexp.exe
    500 help=Procexp.chm
    501 url=https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
    502 exe64=Procexp64.exe
    503 group=3
    504 Name=ProcessExplorer
    505 ShortDesc=Finds out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more
    506 LongDesc=Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded. The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
    507 
    508 [Software48]
    509 exe=ProcFeatures.exe
    510 help=
    511 url=https://docs.microsoft.com/en-us/sysinternals/downloads/procfeatures
    512 exe64=
    513 group=5
    514 Name=ProcFeatures
    515 ShortDesc=This applet reports processor and Windows support for Physical Address Extensions and No Execute buffer overflow protection
    516 LongDesc=ProcessorFeatures is a no-frills applet that uses the Windows IsProcessorFeaturePresent API to determine if the processor and Windows supports various features such as No-Execute pages, Physical Address Extensions (PAE), and a real-time cycle counter. Its primary purpose is to identify system's running the PAE version of the kernel and that support no-execute buffer overflow protection.
    517 
    518 [Software49]
    519 exe=Procmon.exe
    520 help=Procmon.chm
    521 url=https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
    522 exe64=Procmon64.exe
    523 group=3
    524 Name=ProcessMonitor
    525 ShortDesc=Monitors file system, Registry, process, thread and DLL activity in real-time
    526 LongDesc=Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
    527 
    528 [Software50]
    529 exe=PsExec.exe
    530 help=PsTools.chm
    531 url=https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
    532 exe64=PsExec64.exe
    533 group=3
    534 Name=PsExec
    535 ShortDesc=Executes processes remotely
    536 LongDesc=PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. PsExec's most powerful uses include launching interactive command-prompts on remote systems and remote-enabling tools like IpConfig that otherwise do not have the ability to show information about remote systems.
    537 
    538 [Software51]
    539 exe=PsFile.exe
    540 help=PsTools.chm
    541 url=https://docs.microsoft.com/en-us/sysinternals/downloads/psfile
    542 exe64=PsFile64.exe
    543 group=2
    544 Name=PsFile
    545 ShortDesc=Shows what files are opened remotely
    546 LongDesc=PsFile is a command-line utility that shows a list of files on a system that are opened remotely, and it also allows you to close opened files either by name or by a file identifier.
    547 
    548 [Software52]
    549 exe=PsGetSid.exe
    550 help=PsTools.chm
    551 url=https://docs.microsoft.com/en-us/sysinternals/downloads/psgetsid
    552 exe64=PsGetSid64.exe
    553 group=4
    554 Name=PsGetSid
    555 ShortDesc=Displays the SID of a computer or a user
    556 LongDesc=PsGetsid allows you to translate SIDs to their display name and vice versa. It works on builtin accounts, domain accounts, and local accounts.
    557 
    558 [Software53]
    559 exe=PsInfo.exe
    560 help=PsTools.chm
    561 url=https://docs.microsoft.com/en-us/sysinternals/downloads/psinfo
    562 exe64=PsInfo64.exe
    563 group=5
    564 Name=PsInfo
    565 ShortDesc=Obtains information about system
    566 LongDesc=PsInfo is a command-line tool that gathers key information about the local or remote Windows NT/2000 system, including the type of installation, kernel build, registered organization and owner, number of processors and their type, amount of physical memory, the install date of the system, and if its a trial version, the expiration date.
    567 
    568 [Software54]
    569 exe=PsKill.exe
    570 help=PsTools.chm
    571 url=https://docs.microsoft.com/en-us/sysinternals/downloads/pskill
    572 exe64=PsKill64.exe
    573 group=3
    574 Name=PsKill
    575 ShortDesc=Terminates local or remote processes
    576 LongDesc=Windows NT/2000 does not come with a command-line 'kill' utility. You can get one in the Windows NT or Win2K Resource Kit, but the kit's utility can only terminate processes on the local computer. PsKill is a kill utility that not only does what the Resource Kit's version does, but can also kill processes on remote systems. You don't even have to install a client on the target computer to use PsKill to terminate a remote process.
    577 
    578 [Software55]
    579 exe=PsList.exe
    580 help=PsTools.chm
    581 url=https://docs.microsoft.com/en-us/sysinternals/downloads/pslist
    582 exe64=PsList64.exe
    583 group=3
    584 Name=PsList
    585 ShortDesc=Shows information about processes and threads
    586 LongDesc=PsList shows information about processes on local or remote systems. Like Windows NT/2K's built-in PerfMon monitoring tool, PsList uses the Windows NT/2K performance counters to obtain the information it displays.
    587 
    588 [Software56]
    589 exe=PsLoggedOn.exe
    590 help=PsTools.chm
    591 url=https://docs.microsoft.com/en-us/sysinternals/downloads/psloggedon
    592 exe64=PsLoggedOn64.exe
    593 group=4
    594 Name=PsLoggedOn
    595 ShortDesc=Shows users logged on to a system
    596 LongDesc=You can determine who is using resources on your local computer with the "net" command ("net session"), however, there is no built-in way to determine who is using the resources of a remote computer. In addition, NT comes with no tools to see who is logged onto a computer, either locally or remotely. PsLoggedOn is an applet that displays both the locally logged on users and users logged on via resources for either the local computer, or a remote one. If you specify a user name instead of a computer, PsLoggedOn searches the computers in the network neighborhood and tells you if the user is currently logged on.
    597 
    598 [Software57]
    599 exe=PsLogList.exe
    600 help=PsTools.chm
    601 url=https://docs.microsoft.com/en-us/sysinternals/downloads/psloglist
    602 exe64=PsLogList64.exe
    603 group=4
    604 Name=PsLogList
    605 ShortDesc=Dumps event log records
    606 LongDesc=The Resource Kit comes with a utility, elogdump, that lets you dump the contents of an Event Log on the local or a remote computer. PsLogList is a clone of elogdump except that PsLogList lets you login to remote systems in situations your current set of security credentials would not permit access to the Event Log, and PsLogList retrieves message strings from the computer on which the event log you view resides.
    607 
    608 [Software58]
    609 exe=PsPasswd.exe
    610 help=PsTools.chm
    611 url=https://docs.microsoft.com/en-us/sysinternals/downloads/pspasswd
    612 exe64=PsPasswd64.exe
    613 group=4
    614 Name=PsPasswd
    615 ShortDesc=Local and remote password changer
    616 LongDesc=Systems administrators that manage local administrative accounts on multiple computers regularly need to change the account password as part of standard security practices. PsPasswd is a tool that lets you change an account password on the local or remote systems, enabling administrators to create batch files that run PsPasswd against the computers they manage in order to perform a mass change of the administrator password.
    617 
    618 [Software59]
    619 exe=PsPing.exe
    620 help=PsTools.chm
    621 url=https://docs.microsoft.com/en-us/sysinternals/downloads/psping
    622 exe64=PsPing64.exe
    623 group=2
    624 Name=PsPing
    625 ShortDesc=PsPing is a command-line utility for measuring network performance
    626 LongDesc=PsPing is a command-line utility for measuring network performance. In addition to standard ICMP ping functionality, it can report the latency of connecting to TCP ports, the latency of TCP round-trip communication between systems, and the TCP bandwidth available to a connection between systems. Besides obtaining min, max, and average values in 0.01ms resolution, you can also use PsPing to generate histograms of the results that are easy to import into spreadsheets.
    627 
    628 [Software60]
    629 exe=PsService.exe
    630 help=PsTools.chm
    631 url=https://docs.microsoft.com/en-us/sysinternals/downloads/psservice
    632 group=3
    633 exe64=PsService64.exe
    634 Name=PsService
    635 ShortDesc=Views and controls services
    636 LongDesc=PsService is a service viewer and controller for Windows. Like the SC utility that's included in the Windows NT and Windows 2000 Resource Kits, PsService displays the status, configuration, and dependencies of a service, and allows you to start, stop, pause, resume and restart them. Unlike the SC utility, PsService enables you to logon to a remote system using a different account, for cases when the account from which you run it doesn't have required permissions on the remote system. PsService includes a unique service-search capability, which identifies active instances of a service on your network. You would use the search feature if you wanted to locate systems running DHCP servers, for instance.
    637 
    638 [Software61]
    639 exe=PsShutdown.exe
    640 help=PsTools.chm
    641 url=https://docs.microsoft.com/en-us/sysinternals/downloads/psshutdown
    642 exe64=
    643 group=4
    644 Name=PsShutdown
    645 ShortDesc=Shutdowns, logoffs and power manages local and remote systems
    646 LongDesc=PsShutdown is a command-line utility similar to the shutdown utility from the Windows 2000 Resource Kit, but with the ability to do much more. In addition to supporting the same options for shutting down or rebooting the local or a remote computer, PsShutdown can logoff the console user or lock the console (locking requires Windows 2000 or higher). PsShutdown requires no manual installation of client software.
    647 
    648 [Software62]
    649 exe=PsSuspend.exe
    650 help=PsTools.chm
    651 url=https://docs.microsoft.com/en-us/sysinternals/downloads/pssuspend
    652 exe64=PsSuspend64.exe
    653 group=3
    654 Name=PsSuspend
    655 ShortDesc=Suspends and resumes processes
    656 LongDesc=PsSuspend lets you suspend processes on the local or a remote system, which is desirable in cases where a process is consuming a resource (e.g. network, CPU or disk) that you want to allow different processes to use. Rather than kill the process that's consuming the resource, suspending permits you to let it continue operation at some later point in time.
    657 
    658 [Software63]
    659 exe=PsUptime.exe
    660 help=
    661 url=
    662 exe64=
    663 group=5
    664 Name=PsUptime
    665 ShortDesc=
    666 LongDesc=
    667 
    668 [Software64]
    669 exe=RAMMap.exe
    670 help=
    671 url=https://docs.microsoft.com/en-us/sysinternals/downloads/rammap
    672 exe64=RAMMap64a.exe
    673 group=5
    674 Name=RAMMap
    675 ShortDesc=Advanced physical memory usage analysis utility
    676 LongDesc=RAMMap is an advanced physical memory usage analysis utility for Windows Vista and higher. Use RAMMap to gain understanding of the way Windows manages memory, to analyze application memory usage, or to answer specific questions about how RAM is being allocated. RAMMap’s refresh feature enables you to update the display and it includes support for saving and loading memory snapshots.
    677 
    678 [Software65]
    679 exe=RegDelNull.exe
    680 help=
    681 url=https://docs.microsoft.com/en-us/sysinternals/downloads/regdelnull
    682 exe64=RegDelNull64.exe
    683 group=6
    684 Name=RegDelNull
    685 ShortDesc=Scans for and deletes Registry keys that contain embedded null-characters
    686 LongDesc=This command-line utility searches for and allows you to delete Registry keys that contain embedded-null characters and that are otherwise undeleteable using standard Registry-editing tools. Note: deleting Registry keys may cause the applications they are associated with to fail.
    687 
    688 [Software66]
    689 exe=Reghide.exe
    690 help=
    691 url=https://docs.microsoft.com/en-us/sysinternals/downloads/reghide
    692 exe64=
    693 group=6
    694 Name=RegHide
    695 ShortDesc=Creates a key called "HKEY_LOCAL_MACHINE\Software\Sysinternals\Can't touch me!\0" using the Native API, and inside this key it creates a value
    696 LongDesc=
    697 
    698 [Software67]
    699 exe=regjump.exe
    700 help=
    701 url=https://docs.microsoft.com/en-us/sysinternals/downloads/regjump
    702 exe64=
    703 group=6
    704 Name=RegJump
    705 ShortDesc=Jumps to the specified registry path in Regedit
    706 LongDesc=This little command-line applet takes a registry path and makes Regedit open to that path. It accepts root keys in standard (e.g. HKEY_LOCAL_MACHINE) and abbreviated form (e.g. HKLM).
    707 
    708 [Software68]
    709 exe=Regmon.exe
    710 help=Regmon.hlp
    711 url=
    712 exe64=Regmon64a.exe
    713 group=6
    714 Name=RegMon
    715 ShortDesc=This monitoring tool lets you see all Registry activity in real-time
    716 LongDesc=Regmon is a Registry monitoring utility that will show you which applications are accessing your Registry, which keys they are accessing, and the Registry data that they are reading and writing - all in real-time. This advanced utility takes you one step beyond what static Registry tools can do, to let you see and understand exactly how programs use the Registry. With static tools you might be able to see what Registry values and keys changed. With Regmon you'll see how the values and keys changed..
    717 
    718 [Software69]
    719 exe=RootkitRevealer.exe
    720 help=RootkitRevealer.chm
    721 url=https://docs.microsoft.com/en-us/sysinternals/downloads/rootkit-revealer
    722 exe64=
    723 group=4
    724 Name=RootkitRevealer
    725 ShortDesc=Scans your system for rootkit-based malware
    726 LongDesc=RootkitRevealer is an advanced rootkit detection utility. It runs on Windows XP (32-bit) and Windows Server 2003 (32-bit), and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys). If you use it to identify the presence of a rootkit please let us know!
    727 
    728 [Software70]
    729 exe=ru.exe
    730 help=
    731 url=https://docs.microsoft.com/en-us/sysinternals/downloads/ru
    732 exe64=ru64.exe
    733 group=6
    734 Name=RegistryUsage
    735 ShortDesc=Registry usage reports the registry space usage for the registry key you specify
    736 LongDesc=Ru (registry usage) reports the registry space usage for the registry key you specify. By default it recurses subkeys to show the total size of a key and its subkeys.
    737 
    738 [Software71]
    739 exe=sdelete.exe
    740 help=
    741 url=https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete
    742 exe64=sdelete64.exe
    743 group=1
    744 Name=SDelete
    745 ShortDesc=Securely overwrites files and cleanses free space of previously deleted files
    746 LongDesc=The only way to ensure that deleted files, as well as files that you encrypt with EFS, are safe from recovery is to use a secure delete application. Secure delete applications overwrite a deleted file's on-disk data using techiques that are shown to make disk data unrecoverable, even using recovery technology that can read patterns in magnetic media that reveal weakly deleted files. You can use SDelete both to securely delete existing files, as well as to securely erase any file data that exists in the unallocated portions of a disk (including files that you have already deleted or encrypted).
    747 
    748 [Software72]
    749 exe=ShareEnum.exe
    750 help=
    751 url=https://docs.microsoft.com/en-us/sysinternals/downloads/shareenum
    752 exe64=
    753 group=2
    754 Name=ShareEnum
    755 ShortDesc=Scans file shares on network and views their security settings
    756 LongDesc=An aspect of Windows NT/2000/XP network security that's often overlooked is file shares. A common security flaw occurs when users define file shares with lax security, allowing unauthorized users to see sensitive files. There are no built-in tools to list shares viewable on a network and their security settings, but ShareEnum fills the void and allows you to lock down file shares in your network.
    757 
    758 [Software73]
    759 exe=ShellRunas.exe
    760 help=
    761 url=https://docs.microsoft.com/en-us/sysinternals/downloads/shellrunas
    762 exe64=
    763 group=3
    764 Name=ShellRunas
    765 ShortDesc=Launches programs as a different user via a convenient shell context-menu entry
    766 LongDesc=The command-line Runas utility is handy for launching programs under different accounts, but it’s not convenient if you’re a heavy Explorer user. ShellRunas provides functionality similar to that of Runas to launch programs as a different user via a convenient shell context-menu entry.
    767 
    768 [Software74]
    769 exe=sigcheck.exe
    770 help=
    771 url=https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck
    772 exe64=sigcheck64.exe
    773 group=1
    774 Name=Sigcheck
    775 ShortDesc=Dumps file version information and verify that image is digitally signed
    776 LongDesc=Verify that images are digitally signed and dump version information with this simple command-line utility.
    777 
    778 [Software75]
    779 exe=streams.exe
    780 help=
    781 url=https://docs.microsoft.com/en-us/sysinternals/downloads/streams
    782 exe64=streams64.exe
    783 group=1
    784 Name=Streams
    785 ShortDesc=Reveals NTFS alternate streams
    786 LongDesc=The NTFS file system provides applications the ability to create alternate data streams of information. Streams will examine the files and directories (note that directories can also have alternate data streams) you specify and inform you of the name and sizes of any named streams it encounters within those files.
    787 
    788 [Software76]
    789 exe=strings.exe
    790 help=
    791 url=https://docs.microsoft.com/en-us/sysinternals/downloads/strings
    792 exe64=strings64.exe
    793 group=6
    794 Name=Strings
    795 ShortDesc=Searches for ANSI and UNICODE strings in binary images
    796 LongDesc=Working on NT and Win2K means that executables and object files will many times have embedded UNICODE strings that you cannot easily see with a standard ASCII strings or grep programs. Strings just scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters.
    797 
    798 [Software77]
    799 exe=sync.exe
    800 help=
    801 url=https://docs.microsoft.com/en-us/sysinternals/downloads/sync
    802 exe64=sync64.exe
    803 group=1
    804 Name=Sync
    805 ShortDesc=Flushes cached data to disk
    806 LongDesc=Sync directs the operating system to flush all file system data to disk in order to insure that it is stable and won't be lost in case of a system failure. Otherwise, any modified data present in the cache would be lost.
    807 
    808 [Software78]
    809 exe=Sysmon.exe
    810 help=
    811 url=https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
    812 exe64=Sysmon64.exe
    813 group=4
    814 Name=SystemMonitor
    815 ShortDesc=Monitors and reports key system activity via the Windows event log
    816 LongDesc=System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time. By collecting the events it generates using Windows Event Collection or SIEM agents and subsequently analyzing them, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network. Note that Sysmon does not provide analysis of the events it generates, nor does it attempt to protect or hide itself from attackers.
    817 
    818 [Software79]
    819 exe=tcpvcon.exe
    820 help=
    821 url=https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview
    822 exe64=
    823 group=2
    824 Name=TCPView Command-line
    825 ShortDesc=Active sockets command-line viewer
    826 LongDesc=TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
    827 
    828 [Software80]
    829 exe=Tcpview.exe
    830 help=Tcpview.chm
    831 url=https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview
    832 exe64=
    833 group=2
    834 Name=TCPView
    835 ShortDesc=Active sockets viewer
    836 LongDesc=TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
    837 
    838 [Software81]
    839 exe=Tokenmon.exe
    840 help=Tokenmon.hlp
    841 url=
    842 exe64=
    843 group=3
    844 Name=TokenMon
    845 ShortDesc=Watch security-related activity, including logon, logoff, privilege usage, and impersonation with this monitoring tool
    846 LongDesc=Tokenmon is a application that monitors and displays a variety of security-related activity taking place on a system. Tokenmon gets its name from the fact that Windows NT/2000 stores a process' security information, including the user account context in which the process executes, in an object called a token.
    847 
    848 [Software82]
    849 exe=Vmmap.exe
    850 help=Vmmap.chm
    851 url=https://docs.microsoft.com/en-us/sysinternals/downloads/vmmap
    852 exe64=Vmmap64a.exe
    853 group=5
    854 Name=VMMap
    855 ShortDesc=Process virtual and physical memory analysis utility
    856 LongDesc=VMMap is a process virtual and physical memory analysis utility. It shows a breakdown of a process's committed virtual memory types as well as the amount of physical memory (working set) assigned by the operating system to those types. Besides graphical representations of memory usage, VMMap also shows summary information and a detailed process memory map. Powerful filtering and refresh capabilities allow you to identify the sources of process memory usage and the memory cost of application features.
    857 
    858 [Software83]
    859 exe=Volumeid.exe
    860 help=
    861 url=https://docs.microsoft.com/en-us/sysinternals/downloads/volumeid
    862 exe64=Volumeid64.exe
    863 group=1
    864 Name=VolumeID
    865 ShortDesc=Sets Volume ID of FAT or NTFS drives
    866 LongDesc=While WinNT/2K and Windows 9x's built-in Label utility lets you change the labels of disk volumes, it does not provide any means for changing volume ids. This utiltity, VolumeID, allows you to change the ids of FAT and NTFS disks (floppies or hard drives).
    867 
    868 [Software84]
    869 exe=whois.exe
    870 help=
    871 url=https://docs.microsoft.com/en-us/sysinternals/downloads/whois
    872 exe64=whois64.exe
    873 group=2
    874 Name=Whois
    875 ShortDesc=Shows who owns an Internet address
    876 LongDesc=Whois performs the registration record for the domain name or IP address that you specify.
    877 
    878 [Software85]
    879 exe=Winobj.exe
    880 help=
    881 url=https://docs.microsoft.com/en-us/sysinternals/downloads/winobj
    882 exe64=
    883 group=5
    884 Name=WinObj
    885 ShortDesc=Object Manager namespace viewer
    886 LongDesc=WinObj is a 32-bit Windows NT program that uses the native Windows NT API (provided by NTDLL.DLL) to access and display information on the NT Object Manager's namespace. Winobj may seem similar to the Microsoft SDK's program of the same name, but the SDK version suffers from numerous significant bugs that prevent it from displaying accurate information (e.g. its handle and reference counting information are totally broken). In addition, our WinObj understands many more object types. Finally, Version 2.0 of our WinObj has user-interface enhancements, knows how to open device objects, and will let you view and change object security information using native NT security editors.
    887 
    888 [Software86]
    889 exe=ZoomIt.exe
    890 help=
    891 url=https://docs.microsoft.com/en-us/sysinternals/downloads/zoomit
    892 exe64=ZoomIt64.exe
    893 group=6
    894 Name=ZoomIt
    895 ShortDesc=Presentation utility for zooming and drawing on the screen
    896 LongDesc=ZoomIt is screen zoom and annotation tool for technical presentations that include application demonstrations. ZoomIt runs unobtrusively in the tray and activates with customizable hotkeys to zoom in on an area of the screen, move around while zoomed, and draw on the zoomed image.