Author Topic: Few unsorted - Part 3  (Read 22443 times)

0 Members and 1 Guest are viewing this topic.

July 02, 2008, 11:10:48 am
Read 22443 times

sowhat-x

  • Guest
...moving on to "Part 3",and it is meant "to be continued"...  ;D

Quote
hxxp://121.10.108.242/max1.exe
hxxp://121.10.108.242/max10.exe
hxxp://121.10.108.242/max11.exe
hxxp://121.10.108.242/max12.exe
hxxp://121.10.108.242/max13.exe
hxxp://121.10.108.242/max14.exe
hxxp://121.10.108.242/max15.exe
hxxp://121.10.108.242/max16.exe
hxxp://121.10.108.242/max17.exe
hxxp://121.10.108.242/max18.exe
hxxp://121.10.108.242/max2.exe
hxxp://121.10.108.242/max20.exe
hxxp://121.10.108.242/max21.exe
hxxp://121.10.108.242/max28.exe
hxxp://121.10.108.242/max3.exe
hxxp://121.10.108.242/max30.exe
hxxp://121.10.108.242/max5.exe
hxxp://121.10.108.242/max6.exe
hxxp://121.10.108.242/max7.exe
hxxp://121.10.108.242/max8.exe
hxxp://121.10.108.242/max9.exe
hxxp://8nnnnn99.cn/9/ck.exe
hxxp://aba.twoserv.cn/upx1.exe
hxxp://aba.twoserv.cn/upx2.exe
hxxp://aba.twoserv.cn/upx3.exe
hxxp://aba.twoserv.cn/upx4.exe
hxxp://aba.twoserv.cn/upx5.exe
hxxp://aba.twoserv.cn/upx6.exe
hxxp://aca.twoserv.cn/upx14.exe
hxxp://ata1.sysions.net/soft1.exe
hxxp://ata1.sysions.net/soft2.exe
hxxp://ata1.sysions.net/soft3.exe
hxxp://ata1.sysions.net/soft4.exe
hxxp://ata1.sysions.net/soft5.exe
hxxp://ata1.sysions.net/soft6.exe
hxxp://ata1.sysions.net/soft7.exe
hxxp://ata2.sysions.net/soft10.exe
hxxp://ata2.sysions.net/soft11.exe
hxxp://ata2.sysions.net/soft12.exe
hxxp://ata2.sysions.net/soft13.exe
hxxp://ata2.sysions.net/soft14.exe
hxxp://ata2.sysions.net/soft8.exe
hxxp://ata2.sysions.net/soft9.exe
hxxp://ata3.sysions.net/soft15.exe
hxxp://ata3.sysions.net/soft16.exe
hxxp://ata3.sysions.net/soft17.exe
hxxp://ata3.sysions.net/soft18.exe
hxxp://ata3.sysions.net/soft19.exe
hxxp://ata3.sysions.net/soft20.exe
hxxp://ata3.sysions.net/soft21.exe
hxxp://ata3.sysions.net/soft22.exe
hxxp://ata4.sysions.net/soft23.exe
hxxp://ata4.sysions.net/soft24.exe
hxxp://ata4.sysions.net/soft25.exe
hxxp://ata4.sysions.net/soft26.exe
hxxp://ata4.sysions.net/soft27.exe
hxxp://ata4.sysions.net/soft28.exe
hxxp://ata4.sysions.net/soft29.exe
hxxp://ata4.sysions.net/soft30.exe
hxxp://ata4.sysions.net/soft31.exe
hxxp://ata4.sysions.net/soft32.exe
hxxp://ava.twoserv.cn/upx22.exe
hxxp://ava.twoserv.cn/upx23.exe
hxxp://ava.twoserv.cn/upx24.exe
hxxp://ava.twoserv.cn/upx25.exe
hxxp://ava.twoserv.cn/upx26.exe
hxxp://ava.twoserv.cn/upx27.exe
hxxp://axa.twoserv.cn/upx10.exe
hxxp://axa.twoserv.cn/upx11.exe
hxxp://axa.twoserv.cn/upx12.exe
hxxp://axa.twoserv.cn/upx13.exe
hxxp://axa.twoserv.cn/upx7.exe
hxxp://axa.twoserv.cn/upx8.exe
hxxp://axa.twoserv.cn/upx9.exe
hxxp://aza.twoserv.cn/upx14.exe
hxxp://aza.twoserv.cn/upx15.exe
hxxp://aza.twoserv.cn/upx16.exe
hxxp://aza.twoserv.cn/upx17.exe
hxxp://aza.twoserv.cn/upx18.exe
hxxp://aza.twoserv.cn/upx19.exe
hxxp://aza.twoserv.cn/upx20.exe
hxxp://aza.twoserv.cn/upx21.exe
hxxp://bczouhao.cn/hb/1.exe
hxxp://bczouhao.cn/hb/10.exe
hxxp://bczouhao.cn/hb/11.exe
hxxp://bczouhao.cn/hb/12.exe
hxxp://bczouhao.cn/hb/14.exe
hxxp://bczouhao.cn/hb/15.exe
hxxp://bczouhao.cn/hb/17.exe
hxxp://bczouhao.cn/hb/18.exe
hxxp://bczouhao.cn/hb/2.exe
hxxp://bczouhao.cn/hb/23.exe
hxxp://bczouhao.cn/hb/25.exe
hxxp://bczouhao.cn/hb/29.exe
hxxp://bczouhao.cn/hb/3.exe
hxxp://bczouhao.cn/hb/4.exe
hxxp://bczouhao.cn/hb/6.exe
hxxp://bczouhao.cn/hb/7.exe
hxxp://bczouhao.cn/hb/8.exe
hxxp://bczouhao.cn/hb/9.exe
hxxp://d.la369.com.cn/max1.exe
hxxp://d.la369.com.cn/max10.exe
hxxp://d.la369.com.cn/max11.exe
hxxp://d.la369.com.cn/max12.exe
hxxp://d.la369.com.cn/max13.exe
hxxp://d.la369.com.cn/max14.exe
hxxp://d.la369.com.cn/max15.exe
hxxp://d.la369.com.cn/max16.exe
hxxp://d.la369.com.cn/max17.exe
hxxp://d.la369.com.cn/max18.exe
hxxp://d.la369.com.cn/max19.exe
hxxp://d.la369.com.cn/max2.exe
hxxp://d.la369.com.cn/max21.exe
hxxp://d.la369.com.cn/max22.exe
hxxp://d.la369.com.cn/max26.exe
hxxp://d.la369.com.cn/max27.exe
hxxp://d.la369.com.cn/max28.exe
hxxp://d.la369.com.cn/max29.exe
hxxp://d.la369.com.cn/max3.exe
hxxp://d.la369.com.cn/max30.exe
hxxp://d.la369.com.cn/max4.exe
hxxp://d.la369.com.cn/max5.exe
hxxp://d.la369.com.cn/max6.exe
hxxp://d.la369.com.cn/max7.exe
hxxp://d.la369.com.cn/max8.exe
hxxp://d.la369.com.cn/max9.exe
hxxp://d.lv66.com.cn/max1.exe
hxxp://d.lv66.com.cn/max10.exe
hxxp://d.lv66.com.cn/max11.exe
hxxp://d.lv66.com.cn/max12.exe
hxxp://d.lv66.com.cn/max13.exe
hxxp://d.lv66.com.cn/max14.exe
hxxp://d.lv66.com.cn/max15.exe
hxxp://d.lv66.com.cn/max16.exe
hxxp://d.lv66.com.cn/max17.exe
hxxp://d.lv66.com.cn/max18.exe
hxxp://d.lv66.com.cn/max19.exe
hxxp://d.lv66.com.cn/max2.exe
hxxp://d.lv66.com.cn/max20.exe
hxxp://d.lv66.com.cn/max21.exe
hxxp://d.lv66.com.cn/max22.exe
hxxp://d.lv66.com.cn/max26.exe
hxxp://d.lv66.com.cn/max27.exe
hxxp://d.lv66.com.cn/max28.exe
hxxp://d.lv66.com.cn/max29.exe
hxxp://d.lv66.com.cn/max3.exe
hxxp://d.lv66.com.cn/max30.exe
hxxp://d.lv66.com.cn/max4.exe
hxxp://d.lv66.com.cn/max5.exe
hxxp://d.lv66.com.cn/max6.exe
hxxp://d.lv66.com.cn/max7.exe
hxxp://d.lv66.com.cn/max8.exe
hxxp://d.lv66.com.cn/max9.exe
hxxp://d.yuku369.cn/max1.exe
hxxp://d.yuku369.cn/max10.exe
hxxp://d.yuku369.cn/max11.exe
hxxp://d.yuku369.cn/max12.exe
hxxp://d.yuku369.cn/max13.exe
hxxp://d.yuku369.cn/max14.exe
hxxp://d.yuku369.cn/max15.exe
hxxp://d.yuku369.cn/max16.exe
hxxp://d.yuku369.cn/max2.exe
hxxp://d.yuku369.cn/max3.exe
hxxp://d.yuku369.cn/max4.exe
hxxp://d.yuku369.cn/max5.exe
hxxp://d.yuku369.cn/max6.exe
hxxp://d.yuku369.cn/max7.exe
hxxp://d.yuku369.cn/max8.exe
hxxp://d.yuku369.cn/max9.exe
hxxp://dm.xcvgj.org.cn/gd.exe
hxxp://down.fafa52.cn/down/ko.exe
hxxp://facaizhifuok.cn/root/svcos.exe
hxxp://fv.fvskl.com.cn/ad.exe
hxxp://hounian.tj.cn/dir/index_pic/mm/hosts.exe
hxxp://hounian.tj.cn/dir/index_pic/mm/wow.exe
hxxp://jan1.fdsjan.cn/max1.exe
hxxp://jan1.fdsjan.cn/max10.exe
hxxp://jan1.fdsjan.cn/max11.exe
hxxp://jan1.fdsjan.cn/max12.exe
hxxp://jan1.fdsjan.cn/max13.exe
hxxp://jan1.fdsjan.cn/max14.exe
hxxp://jan1.fdsjan.cn/max15.exe
hxxp://jan1.fdsjan.cn/max16.exe
hxxp://jan1.fdsjan.cn/max17.exe
hxxp://jan1.fdsjan.cn/max19.exe
hxxp://jan1.fdsjan.cn/max2.exe
hxxp://jan1.fdsjan.cn/max21.exe
hxxp://jan1.fdsjan.cn/max22.exe
hxxp://jan1.fdsjan.cn/max26.exe
hxxp://jan1.fdsjan.cn/max27.exe
hxxp://jan1.fdsjan.cn/max29.exe
hxxp://jan1.fdsjan.cn/max3.exe
hxxp://jan1.fdsjan.cn/max30.exe
hxxp://jan1.fdsjan.cn/max4.exe
hxxp://jan1.fdsjan.cn/max5.exe
hxxp://jan1.fdsjan.cn/max6.exe
hxxp://jan1.fdsjan.cn/max7.exe
hxxp://jan1.fdsjan.cn/max8.exe
hxxp://jan1.fdsjan.cn/max9.exe
hxxp://jnshanghai.cn/hb/1.exe
hxxp://jnshanghai.cn/hb/10.exe
hxxp://jnshanghai.cn/hb/11.exe
hxxp://jnshanghai.cn/hb/12.exe
hxxp://jnshanghai.cn/hb/14.exe
hxxp://jnshanghai.cn/hb/15.exe
hxxp://jnshanghai.cn/hb/17.exe
hxxp://jnshanghai.cn/hb/18.exe
hxxp://jnshanghai.cn/hb/2.exe
hxxp://jnshanghai.cn/hb/23.exe
hxxp://jnshanghai.cn/hb/25.exe
hxxp://jnshanghai.cn/hb/29.exe
hxxp://jnshanghai.cn/hb/3.exe
hxxp://jnshanghai.cn/hb/4.exe
hxxp://jnshanghai.cn/hb/6.exe
hxxp://jnshanghai.cn/hb/7.exe
hxxp://jnshanghai.cn/hb/8.exe
hxxp://jnshanghai.cn/hb/9.exe
hxxp://mmlan.com.cn/mm.exe
hxxp://png1.gacxz.net/soft1.exe
hxxp://png1.gacxz.net/soft2.exe
hxxp://png1.gacxz.net/soft3.exe
hxxp://png1.gacxz.net/soft5.exe
hxxp://png1.gacxz.net/soft6.exe
hxxp://png1.gacxz.net/soft7.exe
hxxp://png2.gacxz.net/soft10.exe
hxxp://png2.gacxz.net/soft11.exe
hxxp://png2.gacxz.net/soft12.exe
hxxp://png2.gacxz.net/soft13.exe
hxxp://png2.gacxz.net/soft14.exe
hxxp://png2.gacxz.net/soft8.exe
hxxp://png2.gacxz.net/soft9.exe
hxxp://png3.gacxz.net/soft15.exe
hxxp://png3.gacxz.net/soft16.exe
hxxp://png3.gacxz.net/soft17.exe
hxxp://png3.gacxz.net/soft18.exe
hxxp://png3.gacxz.net/soft19.exe
hxxp://png3.gacxz.net/soft20.exe
hxxp://png3.gacxz.net/soft21.exe
hxxp://png3.gacxz.net/soft22.exe
hxxp://png4.gacxz.net/soft23.exe
hxxp://png4.gacxz.net/soft25.exe
hxxp://png4.gacxz.net/soft26.exe
hxxp://png4.gacxz.net/soft27.exe
hxxp://png4.gacxz.net/soft28.exe
hxxp://png4.gacxz.net/soft29.exe
hxxp://png4.gacxz.net/soft30.exe
hxxp://png4.gacxz.net/soft31.exe
hxxp://png4.gacxz.net/soft32.exe
hxxp://snbjoy.cn/hb/1.exe
hxxp://snbjoy.cn/hb/10.exe
hxxp://snbjoy.cn/hb/11.exe
hxxp://snbjoy.cn/hb/12.exe
hxxp://snbjoy.cn/hb/13.exe
hxxp://snbjoy.cn/hb/14.exe
hxxp://snbjoy.cn/hb/15.exe
hxxp://snbjoy.cn/hb/16.exe
hxxp://snbjoy.cn/hb/17.exe
hxxp://snbjoy.cn/hb/18.exe
hxxp://snbjoy.cn/hb/19.exe
hxxp://snbjoy.cn/hb/2.exe
hxxp://snbjoy.cn/hb/22.exe
hxxp://snbjoy.cn/hb/23.exe
hxxp://snbjoy.cn/hb/24.exe
hxxp://snbjoy.cn/hb/25.exe
hxxp://snbjoy.cn/hb/26.exe
hxxp://snbjoy.cn/hb/29.exe
hxxp://snbjoy.cn/hb/3.exe
hxxp://snbjoy.cn/hb/4.exe
hxxp://snbjoy.cn/hb/5.exe
hxxp://snbjoy.cn/hb/6.exe
hxxp://snbjoy.cn/hb/7.exe
hxxp://snbjoy.cn/hb/8.exe
hxxp://snbjoy.cn/hb/9.exe
hxxp://user1.18-22.net/a14.exe
hxxp://w.117b.cn/net/are.exe
hxxp://windows.loveyoushipin.com/win.exe
hxxp://www.118bi.cn/net/are.exe
hxxp://www.1ive.net/i.exe
hxxp://www.fdsjan.cn/max1.exe
hxxp://www.fdsjan.cn/max10.exe
hxxp://www.fdsjan.cn/max11.exe
hxxp://www.fdsjan.cn/max12.exe
hxxp://www.fdsjan.cn/max13.exe
hxxp://www.fdsjan.cn/max14.exe
hxxp://www.fdsjan.cn/max15.exe
hxxp://www.fdsjan.cn/max16.exe
hxxp://www.fdsjan.cn/max17.exe
hxxp://www.fdsjan.cn/max18.exe
hxxp://www.fdsjan.cn/max2.exe
hxxp://www.fdsjan.cn/max20.exe
hxxp://www.fdsjan.cn/max21.exe
hxxp://www.fdsjan.cn/max28.exe
hxxp://www.fdsjan.cn/max3.exe
hxxp://www.fdsjan.cn/max30.exe
hxxp://www.fdsjan.cn/max5.exe
hxxp://www.fdsjan.cn/max6.exe
hxxp://www.fdsjan.cn/max7.exe
hxxp://www.fdsjan.cn/max8.exe
hxxp://www.fdsjan.cn/max9.exe
hxxp://www.gamerost.com/authz.exe
hxxp://www.jplineage.com/1.exe
hxxp://www.mmboi.cn/net/are.exe
hxxp://www.tlcn.net/cert/fuckkr.exe
hxxp://www.xlsf013.cn/server.exe
hxxp://www.xlsf013.cn/zr/sct.exe
hxxp://zouhaobc.cn/hb/10.exe
hxxp://zouhaobc.cn/hb/11.exe
hxxp://zouhaobc.cn/hb/12.exe
hxxp://zouhaobc.cn/hb/14.exe
hxxp://zouhaobc.cn/hb/15.exe
hxxp://zouhaobc.cn/hb/17.exe
hxxp://zouhaobc.cn/hb/18.exe
hxxp://zouhaobc.cn/hb/2.exe
hxxp://zouhaobc.cn/hb/23.exe
hxxp://zouhaobc.cn/hb/25.exe
hxxp://zouhaobc.cn/hb/29.exe
hxxp://zouhaobc.cn/hb/3.exe
hxxp://zouhaobc.cn/hb/4.exe
hxxp://zouhaobc.cn/hb/6.exe
hxxp://zouhaobc.cn/hb/7.exe
hxxp://zouhaobc.cn/hb/8.exe
hxxp://zouhaobc.cn/hb/9.exe
hxxp://www.xlsf013.cn/server.exe

July 02, 2008, 11:25:25 am
Reply #1

sowhat-x

  • Guest
Quote
hxxp://17178bbs.cn/flash/f115.swf
hxxp://17178bbs.cn/flash/f16.swf
hxxp://17178bbs.cn/flash/f28.swf
hxxp://17178bbs.cn/flash/f45.swf
hxxp://17178bbs.cn/flash/f47.swf
hxxp://adlaji.cn/115.swf
hxxp://adlaji.cn/16.swf
hxxp://adlaji.cn/28.swf
hxxp://adlaji.cn/45.swf
hxxp://adlaji.cn/47.swf
hxxp://adlaji.cn/64.swf
hxxp://adsiter.cn/115.swf
hxxp://adsiter.cn/16.swf
hxxp://adsiter.cn/28.swf
hxxp://adsiter.cn/45.swf
hxxp://adsiter.cn/47.swf
hxxp://adsiter.cn/64.swf
hxxp://bjjiayou.cn/flash/f115.swf
hxxp://bjjiayou.cn/flash/f16.swf
hxxp://bjjiayou.cn/flash/f28.swf
hxxp://bjjiayou.cn/flash/f45.swf
hxxp://bjjiayou.cn/flash/f47.swf
hxxp://cnzuma.cn/115.swf
hxxp://cnzuma.cn/16.swf
hxxp://cnzuma.cn/28.swf
hxxp://cnzuma.cn/45.swf
hxxp://cnzuma.cn/47.swf
hxxp://cnzuma.cn/64.swf
hxxp://foursn.cn/115.swf
hxxp://jnzuguo.cn/bbs/f16.swf
hxxp://jnzuguo.cn/bbs/f28.swf
hxxp://mmlan.com.cn/versionff.swf
hxxp://mmlan.com.cn/versionie.swf
hxxp://snwenchuan.cn/bbs/f115.swf
hxxp://snwenchuan.cn/bbs/f16.swf
hxxp://snwenchuan.cn/bbs/f28.swf
hxxp://snwenchuan.cn/bbs/f45.swf
hxxp://snwenchuan.cn/bbs/f47.swf
hxxp://w.la66.cn/ff.swf
hxxp://w.la66.cn/ie.swf
hxxp://www.bdsae.org.cn/f16.swf
hxxp://www.bdsae.org.cn/f28.swf
hxxp://www.bdsae.org.cn/f45.swf
hxxp://www.bdsae.org.cn/f47.swf
hxxp://www.gamerost.com/ie.swf
hxxp://www.h-nan.net.cn/f115.swf
hxxp://www.h-nan.net.cn/f28.swf
hxxp://www.h-nan.net.cn/f45.swf
hxxp://www.h-nan.net.cn/f47.swf
hxxp://www.h-nan.net.cn/i115.swf
hxxp://www.h-nan.net.cn/i16.swf
hxxp://www.h-nan.net.cn/i28.swf
hxxp://www.h-nan.net.cn/i45.swf
hxxp://www.h-nan.net.cn/i64.swf
hxxp://www.mvoe.cn/all/xmsl3.swf
hxxp://www.mvoe.cn/all/xmsl4.swf
hxxp://www.psp666.cn/4561.swf
hxxp://www.psp666.cn/4562.swf
hxxp://www.psp777.cn/4561.swf
hxxp://www.psp777.cn/4562.swf
hxxp://xnzuguo.cn/flash/f115.swf
hxxp://xnzuguo.cn/flash/f16.swf
hxxp://xnzuguo.cn/flash/f28.swf
hxxp://xnzuguo.cn/flash/f45.swf
hxxp://xnzuguo.cn/flash/f47.swf

Quote
hxxp://www.118bi.cn/down/10.exe
hxxp://www.118bi.cn/down/11.exe
hxxp://www.118bi.cn/down/12.exe
hxxp://www.118bi.cn/down/13.exe
hxxp://www.118bi.cn/down/14.exe
hxxp://www.118bi.cn/down/15.exe
hxxp://www.118bi.cn/down/16.exe
hxxp://www.118bi.cn/down/17.exe
hxxp://www.118bi.cn/down/18.exe
hxxp://www.118bi.cn/down/19.exe
hxxp://www.118bi.cn/down/21.exe
hxxp://www.118bi.cn/down/22.exe
hxxp://www.118bi.cn/down/23.exe
hxxp://www.118bi.cn/down/24.exe
hxxp://www.118bi.cn/down/25.exe
hxxp://www.118bi.cn/down/26.exe
hxxp://www.118bi.cn/down/28.exe
hxxp://www.118bi.cn/down/29.exe
hxxp://www.118bi.cn/down/30.exe
hxxp://www.118bi.cn/down/32.exe
hxxp://www.118bi.cn/down/33.exe
hxxp://www.118bi.cn/down/34.exe
hxxp://www.118bi.cn/down/35.exe
hxxp://www.118bi.cn/down/36.exe

Some of the above stuff were found via these downloader lists,
check them back again tomorrow or so for newer pointers to malware...
Quote
hxxp://513389.cn/808.txt
hxxp://513389.cn/yy.txt
hxxp://d.la369.com.cn/d.txt
hxxp://w.117b.cn/config.txt
hxxp://www.alanga.net/axi.txt
hxxp://www.infomt.net/dk.txt
hxxp://www.mvoe.cn/config.txt
hxxp://www.xiaobai01.net/update.txt

Quote
hxxp://11d2me91.cn/xi/xx.htm
hxxp://52-o.cn/admin.js
hxxp://565duomayi.cn/9/sf.htm
hxxp://8mxa9uje23.cn/9/ilink.html
hxxp://serhn.cn/news.html
hxxp://ageofconans.net/fsb/ilink.html
hxxp://alimamamm.cn/news.html
hxxp://aoxiaobao.cn/news.html
hxxp://asonlyway.cn/news.html
hxxp://baidutd.cn/news.html
hxxp://chanm.cn/a.js
hxxp://www.dfdf43.cn/65.htm
hxxp://dreamcityer.cn/news.html
hxxp://dvb.bnmfg.com.cn/r11.htm
hxxp://dyyh.com.cn/ktm/k.js
hxxp://www.mabi360.cn/bb2.htm?12
hxxp://hoooworld.cn/news.html
hxxp://idchoster.cn/news.html
hxxp://jaora.cn/news.html
hxxp://jnbeijingoy.cn/flash/index.htm
hxxp://jnqingchuan.cn/flash/index.htm
hxxp://likenice.cn/news.html
hxxp://logingin.cn/news.html
hxxp://mmpp.cqcx321.cn/wf.htm
hxxp://ngrep.cn/news.html
hxxp://nimade360.cn/zz.htm?232
hxxp://niw82221.cn/xi/so.htm
hxxp://nss82l.cn/xi/sz.htm
hxxp://nudsyhk2.cn/xi/xx.htm
hxxp://oo00oo.com.cn/news.html
hxxp://sammitr.co.za/toyota.htm
hxxp://sejaca.cn/news.html
hxxp://sergx.cn/news.html
hxxp://sergz.cn/news.html
hxxp://serhk.cn/news.html
hxxp://sky323.cn/b.htm
hxxp://sooogoooo.cn/news.html
hxxp://www.456ii.cn/all/aa.js
hxxp://www.456ii.cn/all/aa.htm?aa
hxxp://www.baiduoe.cn/bd.cab
hxxp://www.surei.cn/118.htm?google

July 02, 2008, 12:18:01 pm
Reply #2

sowhat-x

  • Guest
Exploits / pseudo-extensions:

Quote
hxxp://www.1login.com.cn/title.gif
hxxp://www.1login.com.cn/xml.gif
hxxp://www.alinama.org.cn/rss.gif
hxxp://www.alinama.org.cn/title.gif
hxxp://www.alinama.org.cn/xml.gif
hxxp://www.userlg.cn/logo.gif
hxxp://www.userlg.cn/rss.gif
hxxp://www.userlg.cn/title.gif
hxxp://www.userlg.cn/xml.gif
hxxp://zouhaobc.cn/w.jpg
===========================

The above were detected by the AV used here (no name needed...),
so I didn't submit them separately in VirusTotal...
The following 2 samples were missed though,so I got slightly curious about them:

Quote
hxxp://www.xlsf013.cn/Real.gif --> Result: 7/33 (21.22%)
http://www.virustotal.com/analisis/3755439615f3d048383c9b0dd4ccbeb0

Quote
hxxp://www.xlsf013.cn/Real11.gif  --> Result: 10/33 (30.31%)
http://www.virustotal.com/analisis/9ba4f70a1766b3727c9195fb6389c0a9

Have a nice day...  ::)  :-*

July 07, 2008, 12:58:10 am
Reply #3

sowhat-x

  • Guest
Quote
hxxp://dl07.mir2down.com/06down/10/jsytj3.8.rar
hxxp://down.aishu8.com/wxxs/wocwkxyhdyy1.19.exe
hxxp://update.51edm.net/my_70423.exe
hxxp://update.51edm.net/my_70427.exe
hxxp://update1.searchnine.cn/Toolbar/Boos.dll
hxxp://update1.searchnine.cn/Toolbar/schunin.exe
hxxp://update1.searchnine.cn/Toolbar/scNine.dll
hxxp://update1.searchnine.cn/Toolbar/windates.exe
hxxp://www.happydown.com/soft/ads/pp.js
hxxp://www.softcashier.com/members/link.php?wmid=1019&l=9&it=2&s=3

July 08, 2008, 06:13:25 pm
Reply #4

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

July 11, 2008, 12:23:27 pm
Reply #5

sowhat-x

  • Guest
Newer samples,from the downloader lists mentioned earlier...play around with the numbers:

Quote
hxxp://lua.blackhei.cn/vie2.exe
hxxp://lua.blackhei.cn/vie3.exe
hxxp://lua.blackhei.cn/vie4.exe
hxxp://lua.blackhei.cn/vie5.exe
hxxp://lub.blackhei.cn/vie6.exe
hxxp://lub.blackhei.cn/vie7.exe
hxxp://lub.blackhei.cn/vie8.exe
hxxp://lub.blackhei.cn/vie9.exe
hxxp://lub.blackhei.cn/vie10.exe
hxxp://lub.blackhei.cn/vie11.exe
hxxp://lub.blackhei.cn/vie12.exe
hxxp://lub.blackhei.cn/vie13.exe
hxxp://luc.blackhei.cn/vie14.exe
hxxp://luc.blackhei.cn/vie15.exe
hxxp://luc.blackhei.cn/vie16.exe
hxxp://luc.blackhei.cn/vie17.exe
hxxp://luc.blackhei.cn/vie18.exe
hxxp://luc.blackhei.cn/vie19.exe
hxxp://luc.blackhei.cn/vie20.exe
hxxp://lud.blackhei.cn/vie21.exe
hxxp://lud.blackhei.cn/vie22.exe
hxxp://lud.blackhei.cn/vie23.exe
hxxp://lud.blackhei.cn/vie24.exe
hxxp://lud.blackhei.cn/vie25.exe
hxxp://lud.blackhei.cn/vie26.exe
hxxp://lud.blackhei.cn/vie27.exe
hxxp://lud.blackhei.cn/vie28.exe
vie28.exe didn't work for me...moving on:

Quote
hxxp://lva.lvorgucci.net/may1.exe
hxxp://lva.lvorgucci.net/may2.exe
hxxp://lva.lvorgucci.net/may3.exe
hxxp://lva.lvorgucci.net/may4.exe
hxxp://lva.lvorgucci.net/may5.exe
hxxp://lva.lvorgucci.net/may6.exe
hxxp://lva.lvorgucci.net/may7.exe
hxxp://lvb.lvorgucci.net/may8.exe
hxxp://lvb.lvorgucci.net/may9.exe
hxxp://lvb.lvorgucci.net/may10.exe
hxxp://lvb.lvorgucci.net/may11.exe
hxxp://lvb.lvorgucci.net/may12.exe
hxxp://lvb.lvorgucci.net/may13.exe
hxxp://lvb.lvorgucci.net/may14.exe
hxxp://lvc.lvorgucci.net/may15.exe
hxxp://lvc.lvorgucci.net/may16.exe
hxxp://lvc.lvorgucci.net/may17.exe
hxxp://lvc.lvorgucci.net/may18.exe
hxxp://lvc.lvorgucci.net/may19.exe
hxxp://lvc.lvorgucci.net/may20.exe
hxxp://lvc.lvorgucci.net/may21.exe
hxxp://lvc.lvorgucci.net/may22.exe
hxxp://lvd.lvorgucci.net/may23.exe
hxxp://lvd.lvorgucci.net/may24.exe
hxxp://lvd.lvorgucci.net/may25.exe
hxxp://lvd.lvorgucci.net/may26.exe
hxxp://lvd.lvorgucci.net/may27.exe
hxxp://lvd.lvorgucci.net/may28.exe
hxxp://lvd.lvorgucci.net/may29.exe
hxxp://lvd.lvorgucci.net/may30.exe
hxxp://lvd.lvorgucci.net/may31.exe
hxxp://lvd.lvorgucci.net/may32.exe

Quote
hxxp://d.web678.com.cn/max1.exe
Up to...
hxxp://d.web678.com.cn/max31.exe

Quote
hxxp://www.345bi.cn/down/30.exe
Up to...
hxxp://www.345bi.cn/down/39.exe

July 11, 2008, 01:20:45 pm
Reply #6

sowhat-x

  • Guest
Quote
hxxp://anjinger.cn/sina.exe
hxxp://d.lv66.com.cn/max1.exe
hxxp://d.webdaa.cn/ff.swf
hxxp://d.webdaa.cn/ie.swf
hxxp://dd.danshkk.cn/a.exe
hxxp://down.nihao69.cn/down/ko.exe
hxxp://www.1ive.net/i.exe
hxxp://www.langzidec.cn/0.exe
hxxp://www.langzidec.cn/xxx/200/down8.exe
hxxp://www.mmboi.cn/net/are.exe
hxxp://www.wacacop.net/wiki/sever.exe
hxxp://www.xlsf013.cn/zr/sct.exe

July 11, 2008, 10:35:28 pm
Reply #7

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

July 13, 2008, 02:16:29 pm
Reply #8

sowhat-x

  • Guest
Quote
hxxp://121.14.154.194/1.exe
Up to...
hxxp://121.14.154.194/40.exe

Quote
hxxp://facaizhifuok.cn/hb/1.exe
Up to..
hxxp://facaizhifuok.cn/hb/29.exe

Quote
hxxp://ssskuki88.cn/inte/dlld1.exe
Up to...
hxxp://ssskuki88.cn/inte/dlld15.exe

Quote
hxxp://adwim8812.cn/inte/dlld16.exe
Up to...
hxxp://adwim8812.cn/inte/dlld30.exe

Quote
hxxp://cc.ns-ok.com/down/1.exe
Up to...
hxxp://cc.ns-ok.com/down/26.exe

Quote
hxxp://hoo.fan-si-zhe.net/may1.exe
Up to...
hxxp://hor.fan-si-zhe.net/may32.exe

Quote
hxxp://www.j1bc.cn/1.exe
Up to...
hxxp://www.j1bc.cn/23.exe

Quote
hxxp://111.1212l112.net/cao/aa1.exe
hxxp://111.1212l112.net/cao/aa2.exe
hxxp://111.1212l112.net/cao/aa3.exe
hxxp://111.1212l112.net/cao/aa4.exe
hxxp://111.1212l112.net/cao/aa5.exe
hxxp://111.1212l112.net/cao/aa6.exe
hxxp://222.1212l112.net/cao/aa7.exe
hxxp://222.1212l112.net/cao/aa8.exe
hxxp://222.1212l112.net/cao/aa9.exe
hxxp://222.1212l112.net/cao/aa10.exe
hxxp://222.1212l112.net/cao/aa11.exe
hxxp://222.1212l112.net/cao/aa12.exe
hxxp://444.1212l112.net/cao/aa13.exe
hxxp://444.1212l112.net/cao/aa14.exe
hxxp://444.1212l112.net/cao/aa15.exe
hxxp://444.1212l112.net/cao/aa16.exe
hxxp://444.1212l112.net/cao/aa17.exe
hxxp://444.1212l112.net/cao/aa18.exe
hxxp://555.1212l112.net/cao/aa19.exe
hxxp://555.1212l112.net/cao/aa20.exe
hxxp://555.1212l112.net/cao/aa21.exe
hxxp://555.1212l112.net/cao/aa22.exe
hxxp://555.1212l112.net/cao/aa23.exe
hxxp://555.1212l112.net/cao/aa24.exe
hxxp://555.1212l112.net/cao/aa25.exe
hxxp://555.1212l112.net/cao/aa26.exe
hxxp://555.1212l112.net/cao/aa27.exe

Quote
hxxp://dl.pvs360.com/cao/aa1.exe
Up to...
hxxp://dl.pvs360.com/cao/aa8.exe

Quote
hxxp://cw.pvs360.com/cao/aa9.exe
Up to...
hxxp://cw.pvs360.com/cao/aa16.exe

Quote
hxxp://ta.pvs360.com/cao/aa17.exe
Up to...
hxxp://ta.pvs360.com/cao/aa24.exe

Quote
hxxp://fg.pvs360.com/cao/aa25.exe
hxxp://fg.pvs360.com/cao/aa26.exe
hxxp://fg.pvs360.com/cao/aa27.exe
hxxp://grwm.woxwngw.cn/arp.exe

Quote
hxxp://wm.wngwda.cn/1.exe
hxxp://www.9z9t.com/hz/crtc.exe

Quote
hxxp://xz1.dajao.cn/6.exe
hxxp://xz1.dajao.cn/8.exe
hxxp://xz1.dajao.cn/9.exe
hxxp://xz1.dajao.cn/13.exe
hxxp://xz1.dajao.cn/15.exe
hxxp://xz1.dajao.cn/19.exe
hxxp://xz1.dajao.cn/24.exe
hxxp://xz1.dajao.cn/26.exe
hxxp://xz1.dajao.cn/34.exe
hxxp://xz1.dajao.cn/39.exe
hxxp://xz2.daoqaz.cn/6.exe
hxxp://xz2.daoqaz.cn/7.exe
hxxp://xz2.daoqaz.cn/8.exe
hxxp://xz2.daoqaz.cn/10.exe
hxxp://xz2.daoqaz.cn/15.exe
hxxp://xz2.daoqaz.cn/26.exe
hxxp://xz2.daoqaz.cn/32.exe
hxxp://xz2.daoqaz.cn/34.exe
hxxp://xz2.daoqaz.cn/42.exe

Quote
hxxp://www.sky8000.com/lanqingting/1.exe
hxxp://www.sky8000.com/lanqingting/2.exe
hxxp://www.sky8000.com/lanqingting/3.exe
hxxp://www.sky8000.com/lanqingting/4.exe
hxxp://www.sky8000.com/lanqingting/5.exe
hxxp://www.sky8000.com/lanqingting/6.exe
hxxp://www.sky8000.com/lanqingting/7.exe

Some of the above were gathered via the following downloader lists...
Quote
hxxp://8mdsai.cn/9/jx.txt
hxxp://at.yooosky.com/at.txt
hxxp://down.fafa56.cn/ko.txt
hxxp://udd.yooosky.com/o.txt
hxxp://www.9z9t.com/down.txt
hxxp://www.link5566.cn/ko.txt
hxxp://x.us-ok.net/1234.txt
hxxp://z2.us-2.net/1.txt

Have a nice day...   ::)  :-*

July 15, 2008, 03:11:18 pm
Reply #9

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

July 15, 2008, 04:50:06 pm
Reply #10

sowhat-x

  • Guest
Quote
hxxp://hello.hierxw.com/down/wqq1.exe
hxxp://hello.hierxw.com/down/qqw2.exe
hxxp://hello.hierxw.com/down/qqw3.exe
hxxp://hello.hierxw.com/down/qqw4.exe
hxxp://hello.hierxw.com/down/qqw5.exe
hxxp://hello.hierxw.com/down/qqw6.exe
hxxp://hello.hierxw.com/down/qqw7.exe
hxxp://hello.hierxw.com/down/qqw8.exe
hxxp://hello.hierxw.com/down/qqw9.exe
hxxp://hello.hierxw.com/down/qqw10.exe
hxxp://haha.ziyuan6.com/down/qqw11.exe
hxxp://haha.ziyuan6.com/down/qqw12.exe
hxxp://haha.ziyuan6.com/down/qqw13.exe
hxxp://haha.ziyuan6.com/down/qqw14.exe
hxxp://haha.ziyuan6.com/down/qqw15.exe
hxxp://haha.ziyuan6.com/down/qqw16.exe
hxxp://haha.ziyuan6.com/down/qqw17.exe
hxxp://haha.ziyuan6.com/down/qqw18.exe
hxxp://haha.ziyuan6.com/down/qqw19.exe
hxxp://haha.ziyuan6.com/down/qqw20.exe
hxxp://news.ziyuan6.com/down/qqw21.exe
hxxp://news.ziyuan6.com/down/qqw22.exe
hxxp://news.ziyuan6.com/down/qqw23.exe
hxxp://news.ziyuan6.com/down/qqw24.exe
hxxp://news.ziyuan6.com/down/qqw25.exe
hxxp://news.ziyuan6.com/down/qqw26.exe
hxxp://news.ziyuan6.com/down/qqw27.exe
hxxp://news.ziyuan6.com/down/qqw28.exe
hxxp://news.ziyuan6.com/down/qqw29.exe
hxxp://news.ziyuan6.com/down/qqw30.exe
hxxp://news.ziyuan6.com/down/qqw31.exe
hxxp://news.ziyuan6.com/down/qqw32.exe

Via downloader lists...
Quote
hxxp://www.irxxv.com/css.txt
hxxp://www.rkjhc.cn/google.txt

July 21, 2008, 11:55:02 am
Reply #11

sowhat-x

  • Guest
Quote
hxxp://ma.danshkk.cn/1.exe
Up to...
hxxp://ma.danshkk.cn/30.exe
Quote
hxxp://newa.yibanle.cn/vie1.exe
Up to...
hxxp://newa.yibanle.cn/vie6.exe
Quote
hxxp://newb.yibanle.cn/vie7.exe
Up to...
hxxp://newb.yibanle.cn/vie12.exe
Quote
hxxp://newc.yibanle.cn/vie13.exe
Up to...
hxxp://newc.yibanle.cn/vie18.exe
Quote
hxxp://newd.yibanle.cn/vie19.exe
Up to...
hxxp://newd.yibanle.cn/vie25.exe
Quote
hxxp://nka.youlaiyou.net/may1.exe
Up to...
hxxp://nka.youlaiyou.net/may7.exe
Quote
hxxp://nkb.youlaiyou.net/may10.exe
Up to...
hxxp://nkb.youlaiyou.net/may14.exe
Quote
hxxp://nkc.youlaiyou.net/may15.exe
Up to...
hxxp://nkc.youlaiyou.net/may22.exe
Quote
hxxp://nkd.youlaiyou.net/may23.exe
Up to...
hxxp://nkd.youlaiyou.net/may33.exe
Quote
hxxp://nptt.urwxo.com/down/new21.exe
Up to...
hxxp://nptt.urwxo.com/down/new34.exe
Quote
hxxp://nxxv.urwxo.com/down/new11.exe
Up to...
hxxp://nxxv.urwxo.com/down/new20.exe
Quote
hxxp://uiik.urwxo.com/down/new1.exe
Up to...
hxxp://uiik.urwxo.com/down/new10.exe
Quote
hxxp://121.14.154.193/1.exe
Up to...
hxxp://121.14.154.193/38.exe
Quote
hxxp://zfzuguo.cn/hb/1.exe
Up to...
hxxp://zfzuguo.cn/hb/30.exe
Quote
hxxp://60.190.223.200/new/new1.exe
Up to...
hxxp://60.190.223.200/new/new30.exe

Downloader lists for the above as well...
Quote
hxxp://www.mapuso.net/dk.txt
hxxp://www.irxxv.com/css.txt
hxxp://dd.jackkk.cn/down.txt
hxxp://www.interoo.net/dk.txt
hxxp://2hdahlk3md.cn/9/jx.txt
hxxp://aboutdr.cn/dk.txt
hxxp://down.doups.cn/nwod.txt
hxxp://down.nihao29.cn/ko.txt
hxxp://zfzuguo.cn/css.txt

Quote
hxxp://a.llxslaile1.com/cn/1.exe
Up to...
hxxp://a.llxslaile1.com/cn/18.exe

Quote
hxxp://encountertracker.ws/rep.php
hxxp://encountertracker.ws/report.php

Quote
hxxp://abzsa.com.ar/watch.exe
hxxp://ad.50db34d5.info/rm/rm.exe
hxxp://anjinger.cn/sina.exe
hxxp://asd.dasd89712l.com/mas1.exe
hxxp://cppppp.cn/sina.exe
hxxp://down.hyrzxm.cn/down.exe
hxxp://eirte.cn/sina.exe
hxxp://flashfer.cn/sina.exe
hxxp://h1.ripway.com/AFLOW/Qb_.exe
hxxp://qianfane.cn/sina.exe
hxxp://serhi.cn/s.exe
hxxp://sun.63afe561.info/rm/rm.exe
hxxp://th.jjbnn.com.cn/pfile.exe
hxxp://uu5656uu.cn/xz/cs1.exe
hxxp://uu5656uu.cn/xz/cs2.exe
hxxp://uusese653.cn/xz/sin.exe
hxxp://www.almamama.com.cn/x/aychuanshi.exe
hxxp://www.almamama.com.cn/x/ayjr.exe
hxxp://www.almamama.com.cn/x/ayjxqy.exe
hxxp://www.almamama.com.cn/x/ayjxsj.exe
hxxp://www.almamama.com.cn/x/ayqns.exe
hxxp://www.almamama.com.cn/x/ayqqhx.exe
hxxp://www.almamama.com.cn/x/aytlbb.exe
hxxp://www.almamama.com.cn/x/aywl.exe
hxxp://www.almamama.com.cn/x/aywmgj.exe
hxxp://www.almamama.com.cn/x/aywow.exe
hxxp://www.almamama.com.cn/x/ayzhengfu.exe
hxxp://www.almamama.com.cn/x/qqys.exe
hxxp://www.almamama.com.cn/x/rxcq.exe
hxxp://www.almamama.com.cn/x/txdh2.exe
hxxp://www.almamama.com.cn/x/txmh.exe
hxxp://www.almamama.com.cn/x/txqqsg.exe
hxxp://www.almamama.com.cn/x/txshqz.exe
hxxp://www.almamama.com.cn/x/zzdh3.exe
hxxp://www.almamama.com.cn/x/zzfy.exe
hxxp://www.almamama.com.cn/x/zzmy.exe
hxxp://www.almamama.com.cn/x/zzwd.exe
hxxp://www.almamama.com.cn/x/zzzt.exe
hxxp://www.uswow1.com/css/xx.exe
hxxp://www.c55.cc/cc.exe
hxxp://www.cviog.cn/tv.exe
hxxp://www.eshuba.com/gg/SkypeClient.exe
hxxp://www.freewebtown.com/freeblogers/test.exe
hxxp://www.fukfuk360.org.cn/down/mm.exe
hxxp://www.ll63.com.cn/down.exe
hxxp://www.netzseiten2008.com/schau-mal/wwoc/casino.exe
hxxp://www.system-defender.com/download/4364/SystemDefender_Installer.exe
hxxp://www.tourunnion.com/x/aycb.exe
hxxp://www.tourunnion.com/x/aychuanshi.exe
hxxp://www.tourunnion.com/x/ayqqhx.exe
hxxp://www.tourunnion.com/x/aywl.exe
hxxp://www.tourunnion.com/x/rxcq.exe
hxxp://www.tourunnion.com/x/txqqsg.exe
hxxp://www.tourunnion.com/x/zzfs2.exe
hxxp://www.tourunnion.com/x/zzmy.exe
hxxp://xieshia.cn/sina.exe

Quote
hxxp://wm88.9966.org/htm/flash9e.swf
hxxp://wm88.9966.org/htm/flash9cd.swf
hxxp://wm88.9966.org/htm/flash9b.swf
hxxp://wm88.9966.org/htm/flash9.swf

Flash exploits / about 33% detection rate at VirusTotal.
Randomly selected report:
http://www.virustotal.com/analisis/35bb7a8d8bbb8eb3386e32dd9d501fcc

July 22, 2008, 01:32:10 pm
Reply #12

sowhat-x

  • Guest
Quote
hxxp://ww.txtv15.com/htm/flash9e.swf -> (note: ww,not www...)
hxxp://www.infomm.cn/htm/flash9e.swf
hxxp://www.uswow2.com/htm/flash9e.swf
hxxp://www.wooollstx.cn/flash/flash9e.swf

And newer stuff from the dl lists above...

Quote
hxxp://k1ks.cn/hb/1.exe
Up to...
hxxp://k1ks.cn/hb/30.exe

Quote
hxxp://111.ns-ok.com/down/1.exe
Up to...
hxxp://111.ns-ok.com/down/26.exe

Quote
hxxp://usa.herezh.cn/fbi1.exe
Up to...
hxxp://usd.herezh.cn/fbi24.exe

Quote
hxxp://www.dmatca6.org/c666.bin
hxxp://adultwebmasters.co.il/images/icons/nahuj/s.php

July 24, 2008, 02:23:42 pm
Reply #13

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

July 24, 2008, 09:20:51 pm
Reply #14

sowhat-x

  • Guest
Quote
hxxp://333.ns-ok.com/down/1.exe
Up to...
hxxp://333.ns-ok.com/down/26.exe

Older dl list,newer samples...
Quote
hxxp://z2.us-2.net/1.txt

Not previously spotted dl list...
Quote
hxxp://www.web369.net/tt.txt

Quote
hxxp://d.dds600.cn/max1.exe
Up to...
hxxp://d.dds600.cn/max30.exe

Quote
hxxp://d.web598.com.cn/max1.exe
Up to...
hxxp://d.web598.com.cn/max30.exe

No dl list this time,sorry guys,lol...  :)

Quote
hxxp://sa.xccxcxcxcxcx.cn/win.css
hxxp://xiazai.cpushpop.com/4/ad7565.exe
hxxp://xxxxx.1a2b3c1.net/ctfmon.exe
hxxp://ww.xnibi.com/71.swf
hxxp://mmm.xnibi.com/mm.exe
hxxp://dodolook.1008606.com/d.txt
hxxp://xiazai.cpushpop.com/2/ad2345.exe
hxxp://moltodos.com/fix/album.exe
hxxp://windows.loveyoushipin.com/win.css

Quote
hxxp://208.66.195.15/40E800142020202057202D444D574D414C393644383133376C0000003266000000017600000064EB00053013181A1E
hxxp://208.66.195.71/40e8001430303030303030303030303030303030303031306c0000004d66000000007600000002

Urls found in it's strings...
Quote
hxxp://bestdiabetesdrugs.com/
hxxp://mexicandrugstor.com/
hxxp://superdrugsworld.com/
hxxp://superdrugssite.com/
hxxp://bestanxietydrugs.com/
hxxp://georgescheapdrugs.com/
hxxp://buydrugsonlinehere.com/
hxxp://ulcerdrugsonline.com/
hxxp://bestdrugsinternational.com/
hxxp://besttopicaldrugs.com/

Quote
hxxp://fastupdateservice.com/zsa9/winsrc.dll
hxxp://fastupdateservice.com/toolbar313/wscmp.dll

Quote
hxxp://antispyware2008soft.com/soft/Antispyware2008.exe
hxxp://dl.internetsecuritydeluxe.com/en/SaveId.exe
hxxp://dl.internetsecuritydeluxe.com/en/UI.exe
hxxp://dwnld1.com/VRM_Free.exe
hxxp://infectionscanner.com/AntvrsInstall.cab
hxxp://windows-virus-scanner.com/2009/download/trial/AV2009Install_0011.exe
hxxp://wista-antivirus.com/setup_en.exe
hxxp://www.xpsecuritycenter.com/XPSecurityCenter/Binaries1.zip
hxxp://xpsecuritycenter.com/install/Installer.exe

That's all for now...  :)