Image:\\policydefinitions\\postgresql.exe OR ((CommandLine:CSIDL_SYSTEM_DRIVE\\temp\\sys.tmp* OR CommandLine:\ 1>\ \\\\127.0.0.1\\ADMIN$\\__16*) OR (CommandLine:powershell\ \-c\ * CommandLine:\\comsvcs.dll\ MiniDump\ * CommandLine:\\winupd.log\ full*))