(Image:\\loader.exe CommandLine:\-\-pid\:*) OR (Hashes:IMPHASH=38D9E015591BBFD4929E0D0F47FA0055* OR Hashes:IMPHASH=0E2216679CA6E1094D63322E3412D650*) OR ((CommandLine:\-\-pid\:* CommandLine:\-\-outfile\:*) (CommandLine:.dmp* OR CommandLine:lsass* OR CommandLine:.obf* OR CommandLine:dump*))