This malware analysis video walks through the trojanized 3CX desktop app supply chain attack by reversing the malicious ffmpeg.dll in Binary Ninja. The analysis starts from public reporting, unpacks the MSI, compares the signed components, and follows DLL entry point logic to the patched malware code. The malicious ffmpeg.dll loads d3dcompiler_47.dll, extracts embedded data from that file, checks synchronization events, and continues into the SmoothOperator execution flow described in contemporary 3CX reporting.