You analyze your Threat Prevention events in SmartEvent and there is one specific event with a PDF-document you suspect being malicious. What is a typical behavior Threat Emulation would detect as malicious? When the PDF is opened in VM:
A. it tries to open in Acrobat Reader.
B. there are no changes to the registry.
C. it opens with Administrator privileges.
D. there is an outgoing network connection.