diff --git a/monkey/infection_monkey/exploit/__init__.py b/monkey/infection_monkey/exploit/__init__.py
index 0a445b7ed..611599970 100644
--- a/monkey/infection_monkey/exploit/__init__.py
+++ b/monkey/infection_monkey/exploit/__init__.py
@@ -60,7 +60,8 @@ class HostExploiter(object):
         self._exploit_info['vulnerable_ports'].append(port)
 
     def set_example_cmd(self, cmd):
-        self._exploit_info['executed_cmds']['example'] = cmd
+        powershell = True if "powershell" in cmd.lower() else False
+        self._exploit_info['executed_cmds']['example'].append({'command': cmd, 'powershell': powershell})
 
     def add_powershell_cmd(self, cmd):
         """
@@ -68,8 +69,6 @@ class HostExploiter(object):
         :param cmd: Command used
         :return: None
         """
-        if "powershell" in cmd.lower():
-            self._exploit_info['executed_cmds']['powershell'] = cmd
 
 
 from infection_monkey.exploit.win_ms08_067 import Ms08_067_Exploiter
diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
index 1dc2e9a67..8e550cfcf 100644
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
@@ -13,7 +13,7 @@ class T1086(AttackTechnique):
     used_msg = "Monkey successfully ran powershell commands on exploited machines in the network."
 
     query = [{'$match': {'telem_type': 'exploit',
-                         'data.info.executed_cmds.powershell': {'$exists': True}}},
+                         'data.info.executed_cmds.example': {'$elemMatch': {'powershell': True}}}},
              {'$project': {'_id': 0,
                            'machine': '$data.machine',
                            'info': '$data.info'}},
@@ -22,9 +22,10 @@ class T1086(AttackTechnique):
     @staticmethod
     def get_report_data():
         cmd_data = list(mongo.db.telemetry.aggregate(T1086.query))
-        data = {'title': T1086.technique_title(T1086.tech_id), 'cmds': cmd_data}
+        data = {'title': T1086.technique_title(), 'cmds': cmd_data}
         if cmd_data:
-            data.update({'message': T1086.used_msg, 'status': ScanStatus.USED.name})
+            status = ScanStatus.USED
         else:
-            data.update({'message': T1086.unscanned_msg, 'status': ScanStatus.UNSCANNED.name})
+            status = ScanStatus.UNSCANNED
+        data.update(T1086.get_message_and_status(status))
         return data