In this example, the first thing the file did was add an application to the firewall's allow list. This behavior can indicate that the application is malicious and attempting to bypass firewall blacklist policies. Next, the file executed a keylogger function, which monitors and logs users' keystrokes. And lastly, it created a new file called trustme.doc. For any of these events, you can click the down-arrow and view the associated dynamic file attributes to learn more.
You would view static file attributes for this file (attributes that apply to the file regardless of any process behavior) on the File details page on the File Attributes tab.