File name:

SolusManifestApp.exe

Full analysis: https://app.any.run/tasks/db31a6d3-266f-4805-9e14-59b22f9b3f48
Verdict: Malicious activity
Analysis date: February 07, 2026, 11:10:47
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto
generic
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 10 sections
MD5:

B9EFE50C550F4196AD83BBB93A8562E8

SHA1:

9F0306F0CF7102D3F413B16D72C7C431ABF8B1E7

SHA256:

BC542BF51EC327CC34C0ADC450DFA01203F37E6FC5C15703E26941E5F8B5CB78

SSDEEP:

786432:mgVdkK0l34rICQ3RM/vLwwq+Xx4gA3eefOTuH/DlTJB:moSK0lIsCQ3RMM4XGgA3zGSH/hTJB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GENERIC has been found (auto)

      • SolusManifestApp.exe (PID: 3516)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • SolusManifestApp.exe (PID: 3516)

    • Process drops legitimate windows executable

      • SolusManifestApp.exe (PID: 3516)

    • Executable content was dropped or overwritten

      • SolusManifestApp.exe (PID: 3516)

    • The process drops C-runtime libraries

      • SolusManifestApp.exe (PID: 3516)

    • Reads the date of Windows installation

      • SolusManifestApp.exe (PID: 3516)

  • INFO

    • Checks supported languages

      • SolusManifestApp.exe (PID: 3516)

    • Create files in a temporary directory

      • SolusManifestApp.exe (PID: 3516)

    • The sample compiled with english language support

      • SolusManifestApp.exe (PID: 3516)

    • Creates files in the program directory

      • SolusManifestApp.exe (PID: 3516)

    • Reads the computer name

      • SolusManifestApp.exe (PID: 3516)

    • Process checks computer location settings

      • SolusManifestApp.exe (PID: 3516)

    • Creates files or folders in the user directory

      • SolusManifestApp.exe (PID: 3516)

    • Checks proxy server information

      • SolusManifestApp.exe (PID: 3516)
      • slui.exe (PID: 6820)

    • Reads the machine GUID from the registry

      • SolusManifestApp.exe (PID: 3516)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:12:06 22:33:16+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.44
CodeSize: 6347776
InitializedDataSize: 3382272
UninitializedDataSize: -
EntryPoint: 0x5c2df0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2026.1.31.2
ProductVersionNumber: 2026.1.31.2
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: Solus Manifest App
CompanyName: Solus
FileDescription: SolusManifestApp
FileVersion: 2026.1.31.2
InternalName: SolusManifestApp.dll
LegalCopyright:
OriginalFileName: SolusManifestApp.dll
ProductName: SolusManifestApp
ProductVersion: 2026.01.31.02+111392e22674a32198f09d6af5276f98057f5fc6
AssemblyVersion: 2026.1.31.2
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
129
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #GENERIC solusmanifestapp.exe slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
3516"C:\Users\admin\Desktop\SolusManifestApp.exe" C:\Users\admin\Desktop\SolusManifestApp.exe
explorer.exe
User:
admin
Company:
Solus
Integrity Level:
MEDIUM
Description:
SolusManifestApp
Version:
2026.1.31.2
Modules
Images
c:\users\admin\desktop\solusmanifestapp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
6820C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
7 219
Read events
7 212
Write events
7
Delete events
0

Modification events

(PID) Process:(3516) SolusManifestApp.exeKey:HKEY_CLASSES_ROOT\solusapp
Operation:writeName:URL Protocol
Value:
(PID) Process:(3516) SolusManifestApp.exeKey:HKEY_CLASSES_ROOT\AppUserModelId\C:/Users/admin/Desktop/SolusManifestApp.exe
Operation:writeName:DisplayName
Value:
SolusManifestApp
(PID) Process:(3516) SolusManifestApp.exeKey:HKEY_CLASSES_ROOT\AppUserModelId\C:/Users/admin/Desktop/SolusManifestApp.exe
Operation:writeName:IconUri
Value:
C:\Users\admin\AppData\Local\ToastNotificationManagerCompat\Apps\A40E588E-FD2A-3D0A-4A02-F996D9E3DB9B\Icon.png
(PID) Process:(3516) SolusManifestApp.exeKey:HKEY_CLASSES_ROOT\AppUserModelId\C:/Users/admin/Desktop/SolusManifestApp.exe
Operation:writeName:IconBackgroundColor
Value:
FFDDDDDD
(PID) Process:(3516) SolusManifestApp.exeKey:HKEY_CLASSES_ROOT\AppUserModelId\C:/Users/admin/Desktop/SolusManifestApp.exe
Operation:writeName:Has7.0.1Fix
Value:
1
(PID) Process:(3516) SolusManifestApp.exeKey:HKEY_CLASSES_ROOT\AppUserModelId\C:/Users/admin/Desktop/SolusManifestApp.exe
Operation:writeName:CustomActivator
Value:
{a40e588e-fd2a-3d0a-4a02-f996d9e3db9b}
(PID) Process:(3516) SolusManifestApp.exeKey:HKEY_CLASSES_ROOT\AppUserModelId\C:/Users/admin/Desktop/SolusManifestApp.exe
Operation:writeName:HasSentNotification
Value:
1
Executable files
489
Suspicious files
5
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
3516SolusManifestApp.exeC:\Users\admin\AppData\Local\Temp\.net\SolusManifestApp\dbc\SolusManifestApp.dll
MD5:
SHA256:
3516SolusManifestApp.exeC:\Users\admin\AppData\Local\Temp\.net\SolusManifestApp\dbc\Microsoft.CSharp.dllexecutable
MD5:35812A7E2ADF3569D95E84561A371C71
SHA256:B6EF76BEDA2566489B99FE4CF94C03441F909307B041B2459DF149EBAF6C783D
3516SolusManifestApp.exeC:\Users\admin\AppData\Local\Temp\.net\SolusManifestApp\dbc\System.ComponentModel.EventBasedAsync.dllexecutable
MD5:E832BCDE0B475716428B78EE3AE5656A
SHA256:C98AA4D48A42F506CF4AE9262A423CA9D435896F3B1A08076DE0F9F2CF0D2768
3516SolusManifestApp.exeC:\Users\admin\AppData\Local\Temp\.net\SolusManifestApp\dbc\System.Collections.NonGeneric.dllexecutable
MD5:7AFFD9231D621E2B08EBCBA43E389BD4
SHA256:37045A5334BE120D61488FCD1D44E6751598E036C0CF6F5E4A5F62521D53AA22
3516SolusManifestApp.exeC:\Users\admin\AppData\Local\Temp\.net\SolusManifestApp\dbc\System.ComponentModel.DataAnnotations.dllexecutable
MD5:63E3B0858187D30DEE6118890125FE40
SHA256:26BD876A8E051C0C7BB0C51F98DC74411BB47E335B0D4073C5CA77D81ADDE626
3516SolusManifestApp.exeC:\Users\admin\AppData\Local\Temp\.net\SolusManifestApp\dbc\System.Collections.Specialized.dllexecutable
MD5:32BE37FBF350F12DD5E1E3EBD95362B8
SHA256:1FDDF55A3F33A29C7AB165F961403669990043897D9F7933228F70B313500D1F
3516SolusManifestApp.exeC:\Users\admin\AppData\Local\Temp\.net\SolusManifestApp\dbc\System.Collections.Immutable.dllexecutable
MD5:4836F0E4466A5E17B7527A23088F933D
SHA256:61030351D8BC49E2345597F4A115A8B783B3FA7F3CF5949B16AC1708DEBF04C3
3516SolusManifestApp.exeC:\Users\admin\AppData\Local\Temp\.net\SolusManifestApp\dbc\Microsoft.Win32.Registry.dllexecutable
MD5:B22AABFB0DB3119A5E4E39E7C807EB82
SHA256:906B6D70E1630E7EB1D565F35EAB0A72A3851A5F8A4710FD8C4D5B24E788E361
3516SolusManifestApp.exeC:\Users\admin\AppData\Local\Temp\.net\SolusManifestApp\dbc\Microsoft.Win32.Primitives.dllexecutable
MD5:6DE6A4CF7EDDEC4902C38D74654D758B
SHA256:D2ECE2888E84009FA0D802B471A8A79A922CB76069A6DC083251AA258A9C3CE9
3516SolusManifestApp.exeC:\Users\admin\AppData\Local\Temp\.net\SolusManifestApp\dbc\System.Collections.Concurrent.dllexecutable
MD5:5D0A6DBB2EA6FF8702D9588F583A580B
SHA256:4E00A1B4696FEFC0384D1060B4330EE1321F221B9FA76D84958F954DA677D873
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
23
DNS requests
11
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3516
SolusManifestApp.exe
GET
188.114.96.3:443
https://applist.morrenus.xyz/
US
unknown
GET
200
2.19.126.146:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
2.19.126.146:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
GET
200
140.82.121.5:443
https://api.github.com/repos/MorrenusGames/Solus-Manifest-App/releases/latest
US
text
4.37 Kb
unknown
3516
SolusManifestApp.exe
GET
200
140.82.121.6:443
https://api.github.com/repos/MorrenusGames/Solus-Manifest-App/releases/latest
US
text
4.37 Kb
unknown
GET
200
188.114.97.3:443
https://applist.morrenus.xyz/
US
text
19.9 Mb
unknown
POST
500
48.192.1.64:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
US
unknown
3292
svchost.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl
US
binary
814 b
whitelisted
3292
svchost.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.2.crl
US
binary
401 b
whitelisted
3292
svchost.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
US
binary
813 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
5780
svchost.exe
2.19.126.146:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
2.19.126.146:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6768
MoUsoCoreWorker.exe
2.19.126.146:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3516
SolusManifestApp.exe
140.82.121.6:443
api.github.com
GITHUB
US
whitelisted
3516
SolusManifestApp.exe
188.114.96.3:443
applist.morrenus.xyz
CLOUDFLARENET
US
whitelisted
3560
slui.exe
48.192.1.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
self.events.data.microsoft.com
  • 13.89.179.11
  • 40.79.141.155
whitelisted
google.com
  • 216.58.206.46
whitelisted
crl.microsoft.com
  • 2.19.126.146
  • 2.19.126.133
  • 95.101.54.128
  • 95.101.54.122
whitelisted
applist.morrenus.xyz
  • 188.114.96.3
  • 188.114.97.3
unknown
api.github.com
  • 140.82.121.6
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.64
whitelisted
www.microsoft.com
  • 23.59.18.102
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET HUNTING Request to .XYZ Domain with Minimal Headers
3516
SolusManifestApp.exe
Potentially Bad Traffic
ET HUNTING Request to .XYZ Domain with Minimal Headers
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SolusManifestApp.exe