After getting files from a remote source, it is often a good idea to get some sort of fingerprint or checksum of the file, and verify it against a known value published in a place or on a website you trust.
For Windows, this can be accomplished with:
certutil -hashfile filename.ext sha256
sha256 can be any of MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512
View as @geek1968 flashcard on Instagram