The .iso naming should not look legit. It should be legit.... Microsoft have never hosted or held files on such servers and used such a domains. So its absolutely true, they are mostly russian homebrew stuff with a bit "novichok" added.
Microsoft uses SHA1 for Windows .esd and .iso files, but not CRC32. It is not worth talking about more at all.