diff --git a/Snaffler/SnaffRules/DefaultRules/FileRules/Keep/Code/Cmd/KeepCmdCredentials.toml b/Snaffler/SnaffRules/DefaultRules/FileRules/Keep/Code/Cmd/KeepCmdCredentials.toml
index 9cd8ef40..17c727a1 100644
--- a/Snaffler/SnaffRules/DefaultRules/FileRules/Keep/Code/Cmd/KeepCmdCredentials.toml
+++ b/Snaffler/SnaffRules/DefaultRules/FileRules/Keep/Code/Cmd/KeepCmdCredentials.toml
@@ -7,10 +7,11 @@ MatchLocation = "FileContentAsString"
 WordListType = "Regex"
 MatchLength = 0
 WordList = ["passwo?r?d\\s*=\\s*[\\'\\\"][^\\'\\\"]....",
+"set\\s*\\\"?\\w*passwo?r?d=....",
 "schtasks.{1,300}(/rp\\s|/p\\s)",
 "net user ",
 "psexec .{0,100} -p ",
 "net use .{0,300} /user:",
 "cmdkey "
 ]
-Triage = "Red"
\ No newline at end of file
+Triage = "Red"