<messages type=“osfwBlockedText” vaLDBX`alue=”%process_name% ăăłăźăŤăăăŻă¨ăăăăă°ăŠăăłă°ćčĄă使ç¨ă㌠%target_process% ă¨é俥ăăăă¨ăăăŽăé˛ć˘ăăžăă” locale=“jp-JA” />
<messages type=“osfwPresentText” value=”%process_name% estĂĄ intentando comunicarse con %target_process% mediante una tĂŠcnica de programaciĂłn denominada respuesta de llamada” locale=“es-ES” />
<messages type=“osfwPastText” value=”%process_name% ha intentado comunicarse LDBXabcon %target_process% mediante una tĂŠcnica de programaciĂłn denominada respuesta de llamada” locale=“es-ES” />
<messages type=“osfwBlockedText” value=“Se ha impedido que %process_name% se comunique con %target_process% mediante una tĂŠcnica de programaciĂłn denominada respuesta de llamada” locale=“es-ES” />
<messages type=“osfwPresentText” value=”%process_name% sta cercando di comunicare con %target_process% utilizzando una tecnica di programmazioneLDBXbc denominata callback” locale=“it-IT” />
<messages type=“osfwPastText” value=”%process_name% ha cercato di comunicare con %target_process% utilizzando una tecnica di programmazione denominata callback” locale=“it-IT” />
<messages type=“osfwBlockedText” value=”Ă stato impedito a %process_name% di comunicare con %target_process% utilizzando una tecnica di programmazione denominata callback” locale=“it-IT” />
</customevent>
LDBXcd <customevent id=“6009” >
<messages type=“osfwPresentText” value=”%process_name% is trying to inject code into: %target_process%” locale=“en-US” />
<messages type=“osfwPastText” value=”%process_name% was trying to inject code into: %target_process%” locale=“en-US” />
<messages type=“osfwBlockedText” value=”%process_name% was prevented from injecting code into: %target_process%” locale=“en-US” />
<messagLDBXdees type=“osfwPresentText” value=”%process_name% versucht, Code einzubringen in: %target_process%” locale=“de-DE” />
<messages type=“osfwPastText” value=”%process_name% hat versucht, Code einzubringen in: %target_process%” locale=“de-DE” />
<messages type=“osfwBlockedText” value=”%process_name% wurde daran gehindert, Code einzubringen in: %target_process%” locale=“de-DE” />
<messages type=“osfwPresentText” value=”%process_name% LDBXeftente d’insĂŠrer un code dans : %target_process%” locale=“fr-FR” />
<messages type=“osfwPastText” value=”%process_name% a tentĂŠ d’insĂŠrer un code dans : %target_process%” locale=“fr-FR” />
<messages type=“osfwBlockedText” value=”%process_name% n’a pas rĂŠussi Ă insĂŠrer un code dans : %target_process%” locale=“fr-FR” />
<messages type=“osfwPresentText” value=”%process_name% ă揥ăŽăăăťăšăŤăłăźăăćżĺ
ĽăăăăLDBXfg¨ăăŚăăžă: %target_process%” locale=“jp-JA” />
<messages type=“osfwPastText” value=”%process_name% ă揥ăŽăăăťăšăŤăłăźăăćżĺ
Ľăăăă¨ăăŚăăžăă: %target_process%” locale=“jp-JA” />
<messages type=“osfwBlockedText” value=”%process_name% ă揥ăŽăăăťăšăŤăłăźăăćżĺ
Ľăăăă¨ăăăŽăé˛ć˘ăăžăă: %target_process%” locale=“jp-JA” />
<messages type=“osfwPresentText” valueLDBXgh=”%process_name% estĂĄ intentando insertar cĂłndigo en: %target_process%” locale=“es-ES” />
<messages type=“osfwPastText” value=”%process_name% ha intentado insertar cĂłndigo en: %target_process%” locale=“es-ES” />
<messages type=“osfwBlockedText” value=“Se ha impedido que %process_name% inserte cĂłndigo en: %target_process%” locale=“es-ES” />
<messages type=“osfwPresentText” value=”%process_name% sta cercando di inserire del coLDBXhidice in: %target_process%” locale=“it-IT” />
<messages type=“osfwPastText” value=”%process_name% ha cercato di inserire del codice in: %target_process%” locale=“it-IT” />
<messages type=“osfwBlockedText” value=”Ă stato impedito a %process_name% di inserire del codice in: %target_process%” locale=“it-IT” />
</customevent>
<customevent id=“6010” >
<messages type=“osfwPresentText” value=”%process_LDBXijname% is trying to terminate: %target_process%” locale=“en-US” />
<messages type=“osfwPastText” value=”%process_name% was trying to terminate: %target_process%” locale=“en-US” />
<messages type=“osfwBlockedText” value=”%process_name% was prevented from terminating: %target_process%” locale=“en-US” />
<messages type=“osfwPresentText” value=”%process_name% versucht, Folgendes zu beenden: %target_process%” locale=“de-DE” />
<messages type=“osfwBlockedText” value=”%process_name% wurde daran gehindert, Folgendes zu beenden: %target_process%” locale=“de-DE” />
<messages type=“osfwPresentText” value=”%process_name% tente de terminer : %target_process%” locale=“fr-FR” />
<messages type=“osfwPastText” value=”%process_nLDBXklame% a tentĂŠ de terminer : %target_process%” locale=“fr-FR” />
<messages type=“osfwBlockedText” value=”%process_name% n’a pas rĂŠussi Ă terminer : %target_process%” locale=“fr-FR” />
<messages type=“osfwPresentText” value=”%process_name% ă揥ăŽăăăťăšăçľäşăăăă¨ăăŚăăžă: %target_process%” locale=“jp-JA” />
<messages type=“osfwPastText” value=”%process_name% ă揥ăŽăăăťăšăçľäşăăăă¨ăLDBXlmăŚăăžăă: %target_process%” locale=“jp-JA” />
<messages type=“osfwBlockedText” value=”%process_name% ă揥ăŽăăăťăšăçľäşăăăă¨ăăăŽăé˛ć˘ăăžăă: %target_process%” locale=“jp-JA” />
<messages type=“osfwPresentText” value=”%process_name% estĂĄ intentando terminar: %target_process%” locale=“es-ES” />
<messages type=“osfwPastText” value=”%process_name% ha intentado terminar: %target_process%” locLDBXmnale=“es-ES” />
<messages type=“osfwBlockedText” value=“Se ha impedido que %process_name% termine: %target_process%” locale=“es-ES” />
<messages type=“osfwPresentText” value=”%process_name% sta cercando di terminare: %target_process%” locale=“it-IT” />
<messages type=“osfwPastText” value=”%process_name% ha cercato di terminare: %target_process%” locale=“it-IT” />
<messages type=“osfwBlockedText” value=”Ă staLDBXnoto impedito a %process_name% di terminare: %target_process%” locale=“it-IT” />
</customevent>
<customevent id=“6011” >
<messages type=“osfwPresentText” value=”%process_name% is trying to communicate with %target_process% using Windows messages” locale=“en-US” />
<messages type=“osfwPastText” value=”%process_name% was trying to communicate with %target_process% using Windows messages” locale=“en-US” />
LDBXop <messages type=“osfwBlockedText” value=”%process_name% was prevented from communicating with %target_process% using Windows messages” locale=“en-US” />
<messages type=“osfwPresentText” value=”%process_name% versucht, mit Hilfe von Windows-Meldungen mit %target_
process% zu kommunizieren.” locale=“de-DE” />
<messages type=“osfwPastText” value=”%process_name% hat versucht, mit Hilfe von Windows-Meldungen mit %target_process% zu kommunizieren.” LDBXpqlocale=“de-DE” />
<messages type=“osfwBlockedText” value=”%process_name% wurde daran gehindert, mit Hilfe von Windows-Meldungen mit %target_process% zu kommunizieren.” locale=“de-DE” />
<messages type=“osfwPresentText” value=”%process_name% tente de communiquer avec %target_process% en utilisant les messages Windows” locale=“fr-FR” />
<messages type=“osfwPastText” value=”%process_name% a tentĂŠ de communiquer avec %target_procesLDBXqrs% en utilisant les messages Windows” locale=“fr-FR” />
<messages type=“osfwBlockedText” value=”%process_name% n’a pas rĂŠussi Ă communiquer avec %target_process% en utilisant les messages Windows” locale=“fr-FR” />
<messages type=“osfwPresentText” value=”%process_name% ă Windows ăĄăăťăźă¸ă使ç¨ă㌠%target_process% ă¨é俥ăăăă¨ăăŚăăžă” locale=“jp-JA” />
<messages type=“osfwPastText” value=”%procesLDBXrss_name% ă Windows ăĄăăťăźă¸ă使ç¨ă㌠%target_process% ă¨é俥ăăăă¨ăăŚăăžăă” locale=“jp-JA” />
<messages type=“osfwBlockedText” value=”%process_name% ă Windows ăĄăăťăźă¸ă使ç¨ă㌠%target_process% ă¨é俥ăăăă¨ăăăŽăé˛ć˘ăăžăă” locale=“jp-JA” />
<messages type=“osfwPresentText” value=”%process_name% estĂĄ intentando comunicarse con %target_process% mediante mensajes de Windows” localLDBXste=“es-ES” />
<messages type=“osfwPastText” value=”%process_name% ha intentado comunicarse con %target_process% mediante mensajes de Windows” locale=“es-ES” />
<messages type=“osfwBlockedText” value=“Se ha impedido que %process_name% se comunique con %target_process% mediante mensajes de Windows” locale=“es-ES” />
<messages type=“osfwPresentText” value=”%process_name% sta cercando di comunicare con %target_process% utilizzando meLDBXtussaggi di Windows” locale=“it-IT” />
<messages type=“osfwPastText” value=”%process_name% ha cercato di comunicare con %target_process% utilizzando messaggi di Windows” locale=“it-IT” />
<messages type=“osfwBlockedText” value=”Ă stato impedito a %process_name% di comunicare con %target_process% utilizzando messaggi di Windows” locale=“it-IT” />
</customevent>
<customevent id=“6012” >
<messages tyLDBXuvpe=“osfwPresentText” value=”%process_name% is trying to communicate with %target_process% using OLE or COM” locale=“en-US” />
<messages type=“osfwPastText” value=”%process_name% was trying to communicate with %target_process% using OLE or COM” locale=“en-US” />
<messages type=“osfwBlockedText” value=”%process_name% was prevented from communicating with %target_process% using OLE or COM” locale=“en-US” />
<messages type=“osfwPresLDBXvwentText” value=”%process_name% versucht, mit Hilfe von OLE oder COM mit %target_process% zu kommunizieren.” locale=“de-DE” />
<messages type=“osfwPastText” value=”%process_name% hat versucht, mit Hilfe von OLE oder COM mit %target_process% zu kommunizieren.” locale=“de-DE” />
<messages type=“osfwBlockedText” value=”%process_name% wurde daran gehindert, mit Hilfe von OLE oder COM mit %target_process% zu kommunizieren.” locale=“de-DE” />
LDBXwx <messages type=“osfwPresentText” value=”%process_name% tente de communiquer avec %target_process% via OLE ou COM” locale=“fr-FR” />
<messages type=“osfwPastText” value=”%process_name% a tentĂŠ de communiquer avec %target_process% via OLE ou COM” locale=“fr-FR” />
<messages type=“osfwBlockedText” value=”%process_name% n’as pas rĂŠussi Ă communiquer avec %target_process% via OLE ou COM” locale=“fr-FR” />
<messages type=“oLDBXxysfwPresentText” value=”%process_name% 㯠OLE ăžă㯠COM ă使ç¨ă㌠%target_process% ă¨é俥ăăăă¨ăăŚăăžă” locale=“jp-JA” />
<messages type=“osfwPastText” value=”%process_name% 㯠OLE ăžă㯠COM ă使ç¨ă㌠%target_process% ă¨é俥ăăăă¨ăăŚăăžăă” locale=“jp-JA” />
<messages type=“osfwBlockedText” value=”%process_name% 㯠OLE ăžă㯠COM ă使ç¨ă㌠%target_process% ă¨é俥ă§ăăžăăă§ăLDBXyză” locale=“jp-JA” />
<messages type=“osfwPresentText” value=”%process_name% estĂĄ intentando comunicarse con %target_process% mediante OLE o COM” locale=“es-ES” />
<messages type=“osfwPastText” value=”%process_name% estaba intentando comunicarse con %target_process% mediante OLE o COM” locale=“es-ES” />
<messages type=“osfwBlockedText” value=“Se ha evitado que %process_name% se comunicara con %target_process% mediante OLE o LDBXz{COM” locale=“es-ES” />
<messages type=“osfwPresentText” value=”%process_name% sta cercando di comunicare con %target_process% utilizzando OLE o COM” locale=“it-IT” />
<messages type=“osfwPastText” value=”%process_name% ha cercato di comunicare con %target_process% utilizzando OLE o COM” locale=“it-IT” />
<messages type=“osfwBlockedText” value=”Ă stato impedito a %process_name% di comunicare con %target_process% utilizzando OLE LDBX{|o COM” locale=“it-IT” />
</customevent>
<!—
Rulegroups used soley to map events to customevents. We
can get rid of this if the evententry element is ever
extended to allow specification of customtext.
—>
<!— ASKING —>
<!— Malicious behavior —>
<rulegroup name=“rg-malwr-ask” customtext=“2001” ask=“true” />
LDBX|} <!— Dangerous behavior —>
<rulegroup name=“rg-memmp-ask” customtext=“3004” ask=“true” />
<rulegroup name=“rg-glbhook-ask” customtext=“3005” ask=“true” />
<rulegroup name=“rg-drvld-ask” customtext=“3006” ask=“true” />
<rulegroup name=“rg-drvcr-ask” customtext=“3007” ask=“true” />
<rulegroup name=“rg-drvmd-ask” customtext=“3008” ask=“true” />
<rulegroup name=“rg-drvdl-ask” custLDBX}~omtext=“3009” ask=“true” />
<!— Suspicious behavior —>
<rulegroup name=“rg-drvud-ask” customtext=“4002” ask=“true” />
<rulegroup name=“rg-drvct-ask” customtext=“4003” ask=“true” />
<!— Normal behavior —>
<rulegroup name=“rg-modld-ok” customtext=“5001” allow=“true” notify=“true” />
<!— Severity depends upon the target process —>
<rulegroup name=“rg-openp-askLDBX~” customtext=“6001” ask=“true” />
<rulegroup name=“rg-opent-ask” customtext=“6002” ask=“true” />
<rulegroup name=“rg-spawn-ask” customtext=“6003” ask=“true” />
<rulegroup name=“rg-start-ask” customtext=“6004” ask=“true” />
<rulegroup name=“rg-keybd-ask” customtext=“6005” ask=“true” />
<rulegroup name=“rg-mouse-ask” customtext=“6006” ask=“true” />
<rulegroup name=“rg-ddein-ask” customtext=“60LDBX07” ask=“true” />
<rulegroup name=“rg-callb-ask” customtext=“6008” ask=“true” />
<rulegroup name=“rg-whook-ask” customtext=“6009” ask=“true” />
<rulegroup name=“rg-termp-ask”
customtext=“6010” ask=“true” />
<rulegroup name=“rg-msg-ask” customtext=“6011” ask=“true” />
<rulegroup name=“rg-olecn-ask” customtext=“6012” ask=“true” />
<!— BLOCKING —>
<!— Malicious behavior LDBX—>
<rulegroup name=“rg-malwr-blk” customtext=“2001” allow=“false” notify=“true” />
<!— Dangerous behavior —>
<rulegroup name=“rg-memmp-blk” customtext=“3004” allow=“false” notify=“true” />
<rulegroup name=“rg-glbhook-blk” customtext=“3005” allow=“false” notify=“true” />
<rulegroup name=“rg-drvld-blk” customtext=“3006” allow=“false” notify=“true” />
<rulegroup name=“rg-drvcr-blk” cusLDBXtomtext=“3007” allow=“false” notify=“true” />
<rulegroup name=“rg-drvmd-blk” customtext=“3008” allow=“false” notify=“true” />
<rulegroup name=“rg-drvdl-blk” customtext=“3009” allow=“false” notify=“true” />
<!— Suspicious behavior —>
<rulegroup name=“rg-drvud-blk” customtext=“4002” allow=“false” notify=“true” />
<rulegroup name=“rg-drvct-blk” customtext=“4003” allow=“false” notify=“true” />
LDBX <rulegroup name=“rg-regall-blk” customtext=“4005” allow=“false” notify=“true” />
<!— Severity depends upon the target process —>
<rulegroup name=“rg-openp-blk” customtext=“6001” allow=“false” notify=“true” />
<rulegroup name=“rg-opent-blk” customtext=“6002” allow=“false” notify=“true” />
<rulegroup name=“rg-spawn-blk” customtext=“6003” allow=“false” notify=“true” />