Description
Original:https://flyawaysimulation.com/downloads/files/3048/fsx-sp2-space-shuttle-atlantis/
All You Need To Know AND READ BEFORE PLAY
Use Asobo A320neo
Too Much Speed
IF YOU "set to arrivel" IT WILL BE CRASHED(I CANT FIND OUT TO FIX)
RECOMMENDED FIX: SWITCH AIRCRAFT FIRST AND SET DEPARD AND ARRIVEL AFTER THAT YOU SWITCH BACK TO SPACE SHUTTLE
Space Shuttle Atlantis | FSX Port (Non Tanker)
The Space Shuttle Atlantis add-on for Microsoft Flight Simulator is a port from FSX, providing users with the authentic experience of flying this iconic spacecraft. Designed to be used with the Asobo A320neo, it features specific operational details and performance considerations. Users should be aware that setting arrival directly may lead to crashes, and a recommended workaround is to switch aircraft before setting departure and arrival.
User Reviews
3 reviews
More Information
Version History
No version history available.
Related
FSX Port | HJG De Havilland Comet III
The FSX Port of the HJG De Havilland Comet III includes a detailed model featuring the iconic British airline BOAC livery. Please note that the cockpit gauges and switches are non-functional. This add-on provides a historical aircraft experience for virtual pilots interested in classic aviation.
by ImFakepaulharper
FSX Port | HJG DC-8
This add-on features the HJG DC-8 aircraft ported from FSX, offering a representation of the -63 and -71 variants. It includes the cockpit of the Asobo 747-8i for an immersive experience. Please note that engine prop animations are currently not functional, with potential updates planned for the future.
by ImFakepaulharper
Orient Thai 767-3W0ER l HS-BKA / HS-BKE l RHDSimulations
This add-on features the Orient Thai Airlines Boeing 767-300ER aircraft, specifically the HS-BKA and HS-BKE variants, developed by RHDSimulations. The pack includes detailed replications of both aircraft, which previously served under China Yunnan Airlines before being acquired by Orient Thai. The models highlight the unique history of these planes, having been operated by a total of eight different operators prior to their use by Orient Thai.
by ImFakepaulharper
Jet Asia Airways 767-222 l HS-JAB + OC l RHDSimulations 767-200
This add-on features the Jet Asia Airways 767-222 (HS-JAB) from RHDSimulations, providing a detailed representation of the 767-200 and 200ER models. Originally from United Airlines, this aircraft was repurposed by Jet Asia Airways for business travel after its retirement. The airline operates a fleet that includes seven 767-200s and one 767-300ER.
by ImFakepaulharper
Comments(23)
Log in to join the discussion
Log Inabout 1 month ago
6 months ago
6 days ago
7 months ago
MITRE ATT&CK Tactics and Techniques checks-user-input / / detect-debug-environment // long-sleeps //
Hijack Execution Flow
T1574
DLL Side-Loading
T1574.002
Tries to load missing DLLs
Virtualization/Sandbox Evasion
T1497
Severity Description Match
INFO Contains medium sleeps (>= 30s)
delay time: 922337203685477
INFO Sample may be VM or Sandbox-aware, try analysis on a native machine -
INFO May sleep (evasive loops) to hinder dynamic analysis
1075 > 30
520 > 30
-922337203685477s >= -30000s
INFO Contains long sleeps (>= 3 min)
delay time: 922337203685477
INFO Allocates memory with a write watch (potentially for evading sandboxes)
1810000 memory reserve | memory write watch
32E0000 memory reserve | memory write watch
3100000 memory reserve | memory write watch
Input Capture
T1056
Severity Description Match
INFO Creates a DirectInput object (often for capturing keystrokes)
Discovery
TA0007
Application Window Discovery
T1010
Severity Description Match
INFO Sample monitors Window changes (e.g. starting applications), analyze the sample with the
simulation cookbook -
Collection
TA0009
Input Capture
T1056
Severity Description Match
INFO Creates a DirectInput object (often for capturing keystrokes)
Application Layer Protocol
T1071
Severity Description Match
UNKNOWN Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic
Malware Behavior Catalog Tree
Registry keys opened
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\Calendars\TwoDigitYearMax
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Policies\Microsoft\Control Panel\International\Calendars\TwoDigitYearMax
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\unarchiver.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000323-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000323-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppModel\Lookaside\Packages
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\7za.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unarchiver.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\AppContext
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\policy\standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\OLE\Diagnosis
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\WindowsStore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\UILanguages\en-US
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole\FeatureDevelopmentProperties
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Disable8And16BitMitigation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unarchiver.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime
HKEY_LOCAL_MACHINE\Software\Microsoft\Wow64\x86
HKEY_LOCAL_MACHINE\Software\Microsoft\Wow64\x86\xtajit
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Cryptography\Offload
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\OLE
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\OLE\Tracing
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Rpc
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Policies\Microsoft\MUI\Settings
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Policies\Microsoft\Windows\Display
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\System\Setup
Processes created
"C:\Windows\system32\rundll32.exe" "C:\Users\\AppData\Local\Temp\suborbital/SimObjects/AIRPLANES/Atlantis/texture/Thumbs.db",#1
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\suborbital_N6PTs.zip"
C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\ei25jhuf.14m" "C:\Users\user\Desktop\suborbital_N6PTs.zip"
C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Processes terminated
C:\Windows\SysWOW64\7za.exe
C:\Windows\SysWOW64\unarchiver.exe
Processes tree
5628 - "C:\Windows\system32\rundll32.exe" "C:\Users\\AppData\Local\Temp\suborbital/SimObjects/AIRPLANES/Atlantis/texture/Thumbs.db",#1
8044 - "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\suborbital_N6PTs.zip"
8072 - C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\ei25jhuf.14m" "C:\Users\user\Desktop\suborbital_N6PTs.zip"
8092 - C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
This is the Virustotal report !!!
Thank you Fake ... maybe you are fake after all ....
6 days ago
12 months ago
8 months ago
about 1 year ago
about 1 month ago
about 1 year ago
over 1 year ago
about 1 year ago
over 1 year ago
10 months ago
over 1 year ago
over 1 year ago