Why verify

Installers from unofficial channels (cloud drives, group files, third-party sites) may be repacked with account-stealing or mining code while looking identical. A hash check confirms the file matches exactly what the project released.

How to compute it on Windows

In PowerShell run:

Get-FileHash .\v2rayN-windows-64.zip -Algorithm SHA256

Compare the resulting string, character by character, with the value on the GitHub Release page (or the official .sha256 file).

Mismatch = don't use it

A single differing character means the file was altered or the download is corrupt — delete it and re-download from the official GitHub. Making this a habit beats scanning after the fact.