RingCentral.exe

2023-09-13 by t3chn1qu3_/WSP (@t3chn1qu3_WSP)

How to look like malware, by RingCentral

Binary installs deep in AppData, drops a setDefaultAppByProtcol.vbs script, that is then executed to query/create/modify registry entries by running cmd.exe to call cscript //NoLogo and then finally run the vbscript.

Documentation