MD5 hash of the legitimate Microsoft-signed install.exe binary abused for DLL sideloading across all campaign variants