diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
index d6085b09a..1d74bac61 100644
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1086.py
@@ -40,7 +40,10 @@ class T1086(AttackTechnique):
         {
             "$match": {
                 "telem_category": "post_breach",
-                "data.command": {"$regex": r"\.ps1"},
+                "$or": [
+                    {"data.command": {"$regex": r"\.ps1"}},
+                    {"data.result": {"$regex": r"\.ps1"}},
+                ],
             },
         },
         {