2023-09-13 by t3chn1qu3_/WSP (@t3chn1qu3_WSP)
How to look like malware, by RingCentral
Binary installs deep in AppData
, drops a setDefaultAppByProtcol.vbs
script, that is then executed to query/create/modify registry entries by running cmd.exe to call cscript
//NoLogo and then finally run the vbscript.