Recent content by pc1

  1. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    It's been over a month, any updates from their cybersecurity team, and/or McAfee?
  2. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    Thanks EMPIRETECANDY for confirming that the plugin is built-in (i.e. a firmware update will have no effect on it), and that the functionality of the camera's "sophisticated settings" are dependent on installing the plugin. Regarding your McAfee comment, it does not appear to relate to the...
  3. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    Here's another threat analysis I've also anonymously submitted the plugin to CISA's new next-gen analysis (Malware Next-Generation Analysis | CISA). If any U.S. citizen here...
  4. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    You're implying awareness that the firmware and plugin are separate, I'm curious as to how you determined that? A careful and simple step when evaluating a camera is to download the firmware from the vendor support site, and check it. Then, even if the camera claims it has the same version...
  5. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    No worries. However the issue is not whether it's possible to get the plugin to safely enable features, the higher level concern is that the plugin as provided to the general user base includes a high risk component. The camera model is stated in the title of this thread, IPC-Color4K-T...
  6. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    1: Please check the sha256 hash of your ITC413 plugin. If it's not 469705fb3df80c89c67927f4d07e0b3a22ce19811272e86789c18e26e35a8add, it's not the same plugin as used in the IPC-Color4K-T 2: see post 18 3: see post 11
  7. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    1: See attached pdf file, listing the contents of the extracted plugin. Please advise which file(s) you identify as the actual plugin, and how you would install it. 2: The plugin is apparently required for some of the advanced useful features to function. (post 21)
  8. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    fyi, I've separately pinged Empire Tech and the amazon seller, asking them to comment on the situation. If/when they respond I'll post it in this thread.
  9. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    My isolated testing environment always starts with a clean os image, the chance of something else on the computer as an infection source is highly unlikely.
  10. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    Thanks, I understand that some vendors on virustotal are less rigorous and will generate a false positive based on loose heuristics. I've seen other webplugins from various cameras with a few low confidence virustotal hits, and they're fine. This one however lights up way too many vendor...
  11. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    The browser is chrome Version 122.0.6261.129 (Official Build) (64-bit), win10 pro current update. I also have many other cams (Amcrest) that display fine in chrome without a plugin, however this camera has a jittery display in chrome, and it then prompts the user to download and install the...
  12. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    I recently bought this camera from Amazon, new condition and sold by "EmpireTech-Andy". I setup the camera in an isolated environment, and during setup the camera prompts you to download (from the cameras embedded firmware) the webplugin.exe file to enable viewing imaging in a browser. After...
  13. pc1

    Admin interface won't start after app hang/close.

    I may have resolved this myself, I'll describe it here in the chance others may find it useful. I manually stopped the BlueIris service, then I could successfully launch the BI admin console. The BI service also then restarted automatically.
  14. pc1

    Admin interface won't start after app hang/close.

    I've been running BI v4.8.6.3 x64 on win10 v1909 build 18363.752, service runs at startup, and I manually start BlueIris admin when I need to adjust something, worked fine until today. Today I was running the BI admin console window, then it hung, and I had to close it. Now when I attempt to...
  15. pc1

    IPC3042WD unexpected temporary shift of on-screen time display

    Update: I checked recordings from other days, and sure enough every day about the same time (4:25PM) all the IPC3042WD's experience the temporary time shift in on-screen display. The attached 5.7MB zip file ( is a cropped and trimmed mp4 that is an...