A recent counter threat intelligence notification states that companies should review indicators of compromise on all systems. The notification stated that the
presence of a win32.dll was an identifier of a compromised system. A scan of the network reveals that all systems have this file. Which of the following should the
security analyst perform FIRST to determine if the files collected are part of the threat intelligence?

A.
Quarantine the file on each machine.

B.
Take a full system image of each machine.

C.
Take hashes of the files found for verification.

D.
Verify the time and date of the files found.