Download SigCheck and run it on the ISO file:
Security experts warn that ISO files are prime targets for malware injection. A threat actor can take a legitimate Windows 10 ISO, inject a backdoor, a keylogger, or ransomware, and re-upload it to a server. They might then manipulate search engine optimization (SEO) to make that file appear in "Index Of" search results. To the naked eye, the file looks correct—it has the right name and file size—but the code within is compromised. By downloading from these sources, users expose themselves to: index of windows 10 iso verified
On Linux/Mac:
John opened a Command Prompt as an administrator and navigated to the directory where he had downloaded the ISO file and the hash.exe tool. He then ran the following command: Download SigCheck and run it on the ISO