CommandLine:copy\ * CommandLine:\/y\ * CommandLine:C\:\\windows\\system32\\cmd.exe\ C\:\\windows\\system32\\sethc.exe*