Analysis of a PowerShell script designed to hide traces of RMM tools (Atera and Splashtop) on Windows systems. The script modifies registry keys to hide software from the Apps & features interface, removes installation folders from Start Menu and ProgramData directories, and renames firewall rules to disguise their origin.
Table of contents
IntroductionFind installed softwareRemoving foldersRemove traces in the Firewall RulesTestingConclusionSort: