Tk Plugin.dll !!top!! -
PluginInit PluginOpen PluginClose ExecuteCommand GetPluginInfo RegisterCallbacks
If you're having trouble, it helps to know: tk plugin.dll
<Sysmon> <EventFiltering> <ProcessAccess onmatch="include"> <TargetImage condition="end with">.exe</TargetImage> <CallTrace condition="contains">tk_plugin.dll</CallTrace> </ProcessAccess> <ImageLoad onmatch="include"> <ImageLoaded condition="end with">tk_plugin.dll</ImageLoaded> </ImageLoad> </EventFiltering> </Sysmon> it helps to know: <
A popup warning stating the DLL is "disabled" or "only compatible with versions earlier than...". TargetImage condition="end with">