Why verify
Installers from unofficial channels (cloud drives, group files, third-party sites) may be repacked with account-stealing or mining code while looking identical. A hash check confirms the file matches exactly what the project released.
How to compute it on Windows
In PowerShell run:
Get-FileHash .\v2rayN-windows-64.zip -Algorithm SHA256
Compare the resulting string, character by character, with the value on the GitHub Release page (or the official .sha256 file).
Mismatch = don't use it
A single differing character means the file was altered or the download is corrupt — delete it and re-download from the official GitHub. Making this a habit beats scanning after the fact.