{
"autorun": "The process $Image_path ($Pid) has set the file $target_file to run on system start through registry key $registry_key",
"addedToFirewallList" : "The process $Image_path ($Pid) has added $target_file to the Firewall exclusions",
"create_file_in_system_directory" : "The process $Image_path ($Pid) has created the file in the system folder: $target_file",
"create_service" : "The process $Image_path ($Pid) has created the Windows service $service_name based on this file: $binary_path",
"name_like_system_file" : "The process $Image_path ($Pid) has created a file with a name similar to the system file: $target_file",
"create_autoruninf" : "The process $Image_path ($Pid) has created a file to run another executable: $target_file",
"write_hosts" : "The process $Image_path ($Pid) was caught writing to the Windows hosts file - this is an attempt to redirect you to some specific server (probably malicious)",
"redefine_http_protocol_handler" : "The process $Image_path ($Pid) has set $target_file as the HTTP protocol handler",
"inject_into_windows_process" : "The process $Image_path ($Pid) has injected binary code into the process $target_image_path ($target_pid)",
"dropper" : "The process $starter_image_path ($starter_pid) has run the file $dropped_file, which was created by the process $dropper_image_path ($dropper_pid). The file was started as follows: $command",
"load_win_kernel" : "The operating system kernel has been loaded to the address space of the process $Image_path ($Pid)",
"set_fake_file_time" : "The $target_file file time attributes have been changed​ by $Image_path process​.",
"process_crash" : "The trusted $Image_path ​application has been crashed​.",
"detect_vm" : "$Image_path process has performed a search of virtual machine.", 
"disable_dep" : "Data Execution Prevention has been disabled​ by $Image_path process.",
"self_delete" : "​​Executable has deleted itself."
}