File name:

2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear

Full analysis: https://app.any.run/tasks/9e6e23b6-88fb-486a-89a6-34a826aaba26
Verdict: Malicious activity
Threats:

MetaStealer is an info-stealing malware primarily targeting sensitive data like login credentials, payment details, and browser history. It typically infects systems via phishing emails or malicious downloads and can exfiltrate data to a command and control (C2) server. MetaStealer is known for its stealthy techniques, including evasion and persistence mechanisms, which make it difficult to detect. This malware has been actively used in various cyberattacks, particularly for financial theft and credential harvesting from individuals and organizations.

Malware Trends Tracker     >>>
Analysis date: April 29, 2025, 02:38:39
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
redline
lefthook
metastealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

05279D6B92F5E93ED1CA5EA6EC90672C

SHA1:

356AB54BD87D1DDA67C34A4B26A4BEB65ACB44CA

SHA256:

64C1AC17DAAADB7279A761EDBFC3F8842478D61E6F2C9094E3859B4C42DA02AF

SSDEEP:

24576:FcwghQBv1lNyE+VSLDeZCY7yszuM1fhtLg/HDP7J2kGkqAj:FcwghQBv1lNyJVSLDeZCY7yszuM1fhtu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Stealers network behavior

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7620)

    • REDLINE has been detected (YARA)

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7620)

    • Actions looks like stealing of personal data

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7620)

    • REDLINE has been detected (SURICATA)

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7620)

    • LEFTHOOK has been detected (SURICATA)

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7620)

    • METASTEALER has been detected (SURICATA)

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7620)

  • SUSPICIOUS

    • Application launched itself

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7400)

    • Connects to unusual port

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7620)

    • Contacting a server suspected of hosting an CnC

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7620)

    • Multiple wallet extension IDs have been found

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7620)

  • INFO

    • Reads the computer name

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7400)
      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7620)

    • Reads the machine GUID from the registry

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7400)
      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7620)

    • Checks supported languages

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7620)
      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7400)

    • Disables trace logs

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7620)

    • Checks proxy server information

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7620)
      • slui.exe (PID: 7960)

    • Reads the software policy settings

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7620)
      • slui.exe (PID: 7960)

    • Create files in a temporary directory

      • 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe (PID: 7620)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

RedLine

(PID) Process(7620) 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe
C2 (1)31.56.36.73:44644
Botnetcheat
Keys
Xor
Options
ErrorMessage
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (63.1)
.exe | Win64 Executable (generic) (23.8)
.dll | Win32 Dynamic Link Library (generic) (5.6)
.exe | Win32 Executable (generic) (3.8)
.exe | Generic Win/DOS Executable (1.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:04:28 03:37:43+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 603136
InitializedDataSize: 102400
UninitializedDataSize: -
EntryPoint: 0x95272
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: -
FileDescription: Change Tracking
FileVersion: 1.0.0.0
InternalName: PpFR.exe
LegalCopyright: Copyright © Microsoft Corporation. All rights reserved.
LegalTrademarks: -
OriginalFileName: PpFR.exe
ProductName: Change Tracking
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
126
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe no specs #REDLINE 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe conhost.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
7400"C:\Users\admin\Desktop\2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe" C:\Users\admin\Desktop\2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Change Tracking
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
7620"C:\Users\admin\Desktop\2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe"C:\Users\admin\Desktop\2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe
2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Change Tracking
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
RedLine
(PID) Process(7620) 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe
C2 (1)31.56.36.73:44644
Botnetcheat
Keys
Xor
Options
ErrorMessage
7636\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exe2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7960C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
8 624
Read events
8 610
Write events
14
Delete events
0

Modification events

(PID) Process:(7620) 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(7620) 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(7620) 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(7620) 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(7620) 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(7620) 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(7620) 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(7620) 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(7620) 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(7620) 2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
0
Suspicious files
38
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
76202025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeC:\Users\admin\AppData\Local\Temp\tmp3FF9.tmpbinary
MD5:A45465CDCDC6CB30C8906F3DA4EC114C
SHA256:4412319EF944EBCCA9581CBACB1D4E1DC614C348D1DFC5D2FAAAAD863D300209
76202025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeC:\Users\admin\AppData\Local\Temp\tmp3FE7.tmpbinary
MD5:A45465CDCDC6CB30C8906F3DA4EC114C
SHA256:4412319EF944EBCCA9581CBACB1D4E1DC614C348D1DFC5D2FAAAAD863D300209
76202025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeC:\Users\admin\AppData\Local\Temp\tmp3FF8.tmpbinary
MD5:A45465CDCDC6CB30C8906F3DA4EC114C
SHA256:4412319EF944EBCCA9581CBACB1D4E1DC614C348D1DFC5D2FAAAAD863D300209
76202025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeC:\Users\admin\AppData\Local\Temp\tmp3FC5.tmpbinary
MD5:A45465CDCDC6CB30C8906F3DA4EC114C
SHA256:4412319EF944EBCCA9581CBACB1D4E1DC614C348D1DFC5D2FAAAAD863D300209
76202025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeC:\Users\admin\AppData\Local\Temp\tmp400A.tmpbinary
MD5:F6C33AC5E1032A0873BE7BFC65169287
SHA256:D97895CEDED32E33D57BDCACCDBE144E58AA87AF4D2F8855D630286CE30A8D83
76202025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeC:\Users\admin\AppData\Local\Temp\tmp3FD6.tmpbinary
MD5:A45465CDCDC6CB30C8906F3DA4EC114C
SHA256:4412319EF944EBCCA9581CBACB1D4E1DC614C348D1DFC5D2FAAAAD863D300209
76202025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeC:\Users\admin\AppData\Local\Temp\tmp3FE6.tmpbinary
MD5:A45465CDCDC6CB30C8906F3DA4EC114C
SHA256:4412319EF944EBCCA9581CBACB1D4E1DC614C348D1DFC5D2FAAAAD863D300209
76202025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeC:\Users\admin\AppData\Local\Temp\tmp40C2.tmpbinary
MD5:29A644B1F0D96166A05602FE27B3F4AD
SHA256:BF96902FEB97E990A471492F78EE8386BCF430D66BDAEFDEAFBF912C8CF7CE46
76202025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeC:\Users\admin\AppData\Local\Temp\tmp405F.tmpbinary
MD5:F6C33AC5E1032A0873BE7BFC65169287
SHA256:D97895CEDED32E33D57BDCACCDBE144E58AA87AF4D2F8855D630286CE30A8D83
76202025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exeC:\Users\admin\AppData\Local\Temp\tmp405E.tmpbinary
MD5:F6C33AC5E1032A0873BE7BFC65169287
SHA256:D97895CEDED32E33D57BDCACCDBE144E58AA87AF4D2F8855D630286CE30A8D83
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
34
TCP/UDP connections
52
DNS requests
16
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
304
52.149.20.212:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
GET
200
52.149.20.212:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
7620
2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe
POST
200
31.56.36.73:44644
http://31.56.36.73:44644/
unknown
unknown
7720
SIHClient.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7720
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
7720
SIHClient.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
7720
SIHClient.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
7620
2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe
POST
200
31.56.36.73:44644
http://31.56.36.73:44644/
unknown
unknown
7720
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7720
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
20.190.160.3:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
20.190.160.3:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
4
System
192.168.100.255:137
whitelisted
7620
2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe
31.56.36.73:44644
Aria Shatel Company Ltd
IR
malicious
7720
SIHClient.exe
4.245.163.56:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 4.231.128.59
whitelisted
client.wns.windows.com
  • 172.211.123.250
  • 172.211.123.248
whitelisted
login.live.com
  • 20.190.160.3
  • 20.190.160.2
  • 20.190.160.64
  • 20.190.160.65
  • 20.190.160.4
  • 20.190.160.131
  • 20.190.160.20
  • 40.126.32.140
whitelisted
google.com
  • 172.217.18.14
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
api.ip.sb
  • 104.26.13.31
  • 172.67.75.172
  • 104.26.12.31
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
  • 40.91.76.224
whitelisted

Threats

PID
Process
Class
Message
7620
2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe
Malware Command and Control Activity Detected
ET MALWARE RedLine Stealer - CheckConnect Response
7620
2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe
A Network Trojan was detected
AV TROJAN RedLine Stealer Config Download
7620
2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe
Malware Command and Control Activity Detected
ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound
7620
2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear.exe
A Network Trojan was detected
ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-04-29_05279d6b92f5e93ed1ca5ea6ec90672c_elex_hiddentear