Always verify the MD5 or SHA-1 hash. For the authentic xtmavengersmainiso (1581 MB), the community has posted these reference hashes:

Always recalculate the hash after download using tools like CertUtil (Windows) or sha1sum (Linux).

In VirtualBox, create a new VM with no network access (disable adapter). Boot the ISO and observe behavior. Does it attempt to phone home? Does it format drives without confirmation?

If you’ve downloaded xtmavengersmainiso.iso from a sketchy site and you’re feeling uneasy, here’s a cleanup checklist: