9ba322eef07c555678be71545b9e26c11004f1635a6adc3eb7fed57ce6a92b7b

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-09-2024 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpaceSim_0.4.3.msi
Size

99.7MB
MD5

26bcc21e1e971ba3d52db00a5fc86914
SHA1

eaa2b5469f21c079d264f48cb41ba5ce644d01b4
SHA256

9ba322eef07c555678be71545b9e26c11004f1635a6adc3eb7fed57ce6a92b7b
SHA512

f00a90605e7c5e3dd252ad0ba162cd9772d26cb9049d8d2f221b98bfebf223d5e35479d25deb7b1e9d65948a448e86846e02c490426012d78aa0f866a0caf0ea
SSDEEP

3145728:AQJ+l5pRT6fNArpLqBkuRoT7zdFKguXjwiGP:S5pRefNmLq644/dFKSP

Score

6^/10

persistence privilege_escalation

Malware Config

Signatures

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe

Drops file in Program Files directory 9 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\SpaceSim\freetype.dll	msiexec.exe
File created	C:\Program Files (x86)\SpaceSim\SpaceSim.exe	msiexec.exe
File created	C:\Program Files (x86)\SpaceSim\icon.ico	msiexec.exe
File created	C:\Program Files (x86)\SpaceSim\tbb12.dll	msiexec.exe
File created	C:\Program Files (x86)\SpaceSim\msdfgl.dll	msiexec.exe
File created	C:\Program Files (x86)\SpaceSim\libgwavi.dll	msiexec.exe
File created	C:\Program Files (x86)\SpaceSim\assets.data	msiexec.exe
File created	C:\Program Files (x86)\SpaceSim\glew32.dll	msiexec.exe
File created	C:\Program Files (x86)\SpaceSim\SpaceSim.pdb	msiexec.exe

Drops file in Windows directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\f76f882.msi	msiexec.exe
File created	C:\Windows\Installer\f76f883.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF96C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f76f883.ipi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\Installer\f76f882.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\f76f885.msi	msiexec.exe

Executes dropped EXE 1 IoCs

pid	Process
2424	SpaceSim.exe

Loads dropped DLL 8 IoCs

pid	Process
1252	Process not Found
2424	SpaceSim.exe
2424	SpaceSim.exe
2424	SpaceSim.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
2956	msiexec.exe

Modifies data under HKEY_USERS 43 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe

Modifies registry class 14 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Simulation file\shell	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Simulation file\shell\open\command\command = 40002b007000570054004b00540042006d003d00530065004b0033004f00770068006900600027003e0041005600590066004500330067002a00520028003d006e00710075006a00630071004800610037002000220025003100220000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.sim	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Simulation file\DefaultIcon	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Simulation file\shell\open\ = "&Open"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Simulation file\shell\ = "open"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Simulation file\shell\open\command	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Simulation file	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Simulation file\shell\open	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.sim\Simulation file\ShellNew	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.sim\ = "Simulation file"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Simulation file\shell\open\command\ = "\"C:\\Program Files (x86)\\SpaceSim\\SpaceSim.exe\" \"%1\""	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\.sim\Simulation file	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_CLASSES\Simulation file\DefaultIcon\ = "%APPDATA%\\Microsoft\\Installer\\{8AA7127E-8AB3-46F3-BCB6-E879289B7C0E}\\_853F67D554F05449430E7E.exe,0"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2128	msiexec.exe
2128	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2956	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2956	msiexec.exe
Token: SeRestorePrivilege	2128	msiexec.exe
Token: SeTakeOwnershipPrivilege	2128	msiexec.exe
Token: SeSecurityPrivilege	2128	msiexec.exe
Token: SeCreateTokenPrivilege	2956	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2956	msiexec.exe
Token: SeLockMemoryPrivilege	2956	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2956	msiexec.exe
Token: SeMachineAccountPrivilege	2956	msiexec.exe
Token: SeTcbPrivilege	2956	msiexec.exe
Token: SeSecurityPrivilege	2956	msiexec.exe
Token: SeTakeOwnershipPrivilege	2956	msiexec.exe
Token: SeLoadDriverPrivilege	2956	msiexec.exe
Token: SeSystemProfilePrivilege	2956	msiexec.exe
Token: SeSystemtimePrivilege	2956	msiexec.exe
Token: SeProfSingleProcessPrivilege	2956	msiexec.exe
Token: SeIncBasePriorityPrivilege	2956	msiexec.exe
Token: SeCreatePagefilePrivilege	2956	msiexec.exe
Token: SeCreatePermanentPrivilege	2956	msiexec.exe
Token: SeBackupPrivilege	2956	msiexec.exe
Token: SeRestorePrivilege	2956	msiexec.exe
Token: SeShutdownPrivilege	2956	msiexec.exe
Token: SeDebugPrivilege	2956	msiexec.exe
Token: SeAuditPrivilege	2956	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2956	msiexec.exe
Token: SeChangeNotifyPrivilege	2956	msiexec.exe
Token: SeRemoteShutdownPrivilege	2956	msiexec.exe
Token: SeUndockPrivilege	2956	msiexec.exe
Token: SeSyncAgentPrivilege	2956	msiexec.exe
Token: SeEnableDelegationPrivilege	2956	msiexec.exe
Token: SeManageVolumePrivilege	2956	msiexec.exe
Token: SeImpersonatePrivilege	2956	msiexec.exe
Token: SeCreateGlobalPrivilege	2956	msiexec.exe
Token: SeBackupPrivilege	2168	vssvc.exe
Token: SeRestorePrivilege	2168	vssvc.exe
Token: SeAuditPrivilege	2168	vssvc.exe
Token: SeBackupPrivilege	2128	msiexec.exe
Token: SeRestorePrivilege	2128	msiexec.exe
Token: SeRestorePrivilege	2160	DrvInst.exe
Token: SeRestorePrivilege	2160	DrvInst.exe
Token: SeRestorePrivilege	2160	DrvInst.exe
Token: SeRestorePrivilege	2160	DrvInst.exe
Token: SeRestorePrivilege	2160	DrvInst.exe
Token: SeRestorePrivilege	2160	DrvInst.exe
Token: SeRestorePrivilege	2160	DrvInst.exe
Token: SeLoadDriverPrivilege	2160	DrvInst.exe
Token: SeLoadDriverPrivilege	2160	DrvInst.exe
Token: SeLoadDriverPrivilege	2160	DrvInst.exe
Token: SeRestorePrivilege	2128	msiexec.exe
Token: SeTakeOwnershipPrivilege	2128	msiexec.exe
Token: SeRestorePrivilege	2128	msiexec.exe
Token: SeTakeOwnershipPrivilege	2128	msiexec.exe
Token: SeRestorePrivilege	2128	msiexec.exe
Token: SeTakeOwnershipPrivilege	2128	msiexec.exe
Token: SeRestorePrivilege	2128	msiexec.exe
Token: SeTakeOwnershipPrivilege	2128	msiexec.exe
Token: SeRestorePrivilege	2128	msiexec.exe
Token: SeTakeOwnershipPrivilege	2128	msiexec.exe
Token: SeRestorePrivilege	2128	msiexec.exe
Token: SeTakeOwnershipPrivilege	2128	msiexec.exe
Token: SeRestorePrivilege	2128	msiexec.exe
Token: SeTakeOwnershipPrivilege	2128	msiexec.exe
Token: SeRestorePrivilege	2128	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2956	msiexec.exe
2956	msiexec.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2424	SpaceSim.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 2452	2424	SpaceSim.exe	37
PID 2424 wrote to memory of 2452	2424	SpaceSim.exe	37
PID 2424 wrote to memory of 2452	2424	SpaceSim.exe	37

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\SpaceSim_0.4.3.msi
1⤵
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2956

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2128

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2168

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000550" "00000000000005D4"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2160

C:\Program Files (x86)\SpaceSim\SpaceSim.exe
"C:\Program Files (x86)\SpaceSim\SpaceSim.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2424 -s 320
  2⤵
  - Loads dropped DLL
  PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f76f884.rbs

Filesize
12KB

MD5
a41201187891bff9d521e480903b8e71

SHA1
ad42ee30e2c05795570df24edca0d1a35878df4a

SHA256
d409bc4553d3b6c10bdbb07a2fa13d75ce04514cbb844a69c830e56dc54f0efb

SHA512
b40aa67f88237c464ff2958a062ef75581fdab1086ff31c505a2417048ffbbbf98c498f446faa3dcb6b1f935ac67741a2ff0d4ee691b781e15e9adafd5b34225

Download Submit
C:\Program Files (x86)\SpaceSim\glew32.dll

Filesize
413KB

MD5
974c2c545092ff138da8b7aaabc83fa4

SHA1
1f8ea03134078a43072a6d06b24fa52637080e94

SHA256
eabb3dfec3a95f0282f10f5ba4b633e681aa5aff19995cad069e6e954a9cea12

SHA512
4ccaaa03a7e3bc4116025a4904a68bad57b2e204b054629dcdc3dfd0c9b965b5b4bd111d1506e0e18b92ac412e499359a303cf886fe40894412c4957e99cb348

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{8AA7127E-8AB3-46F3-BCB6-E879289B7C0E}\_112D608FD02CD87FDC7735.exe

Filesize
800KB

MD5
da94e6a0b0069c7abac34d2c0552f8db

SHA1
fae536c926e34657dde2391c3900b8532e6159cd

SHA256
f7aa8b807501915d77e00fc7b644575f717d4607985b2b34f7a64341dd471a6e

SHA512
bd316d66c0f724f765290b2d79825c44f8bb2b244541336a31396b41cb22b01050d648c7f9ffa85bdc2d7722d2ee2be7cff3045407eef1f4c47f8c3b745a5e80

Download Submit
\Program Files (x86)\SpaceSim\SpaceSim.exe

Filesize
12.6MB

MD5
d063e1fd8598b3f26ca61347cf38b2ba

SHA1
521af4dd45108daa6cade98d7be347a38e5b7369

SHA256
0301fd8126c0422a450ca99926138c2d28a51ed4c8fd7aaccd254d28ae14d3ec

SHA512
e5f16a7ac71185242ccfdff5c9667e67fce7b5065bdad507bec802576c8345626f1ce99f394fe4cc4fb2f17d2f5883c568fce5af7aed5e0a8a05d89a1e54a988

Download Submit
\Program Files (x86)\SpaceSim\libgwavi.dll

Filesize
22KB

MD5
f61f64d57cf6929c6628ac6e3c8e5003

SHA1
a39f71d11c97b64b8457981bb7e7e91b036bfcd0

SHA256
866512dbe7abc2b92c871d50246d3ed6f167fe292b71d64fabf400d2d135cfe7

SHA512
920ebbdb08268961a05f580ca2f4208f9a47398a95d4219661310ded6d5c8dcd58ba7035bc172081d56f5f31304102bd9f4747c3061725192ee4c7e49023dcb5

Download Submit
\Program Files (x86)\SpaceSim\tbb12.dll

Filesize
280KB

MD5
35519ac434e2754b6af1ea8c7d182b78

SHA1
1895d51e5ade8954f59eb5a36940fa1bfcc28211

SHA256
3bda7c5458d7f43bcd49f0dead5114eac1ea14f573aafc736f833089b1d2cd79

SHA512
5f60d96a5327d349f4345d32217f9537b23cf20846f343a497442e7d93a2c0a7718a2dbca803f4807f5ad24af19b9370ad09781d3af92c3d840278a83e7f98cc

Download Submit