HoaxSMS Fake installers (Flash player / WinRAR )

Hoax SMS again, this time for Adobe Flash player and Winrar
----
Flash Player:
Flash_player come from: 109.120.157.81
Some files are sent in \%temp%\
No EULA shown.
MD5: e54c20c71f1cb78f25246c970f70c528

Network activities:

http://77.221.149.219/program/open_archive
http://77.221.149.219/program/get_prefix
http://77.221.149.219/program/check_key

The IP 77.221.149.219 is "zip-archive.com" a "Pay Per Install" service.

----
 WinRAR:
This one made me laught, a winrar installation who use a WinZip icon.
When opened, files are sent to C:\Documents and Settings\%userprofile%\%appdata%\winzipsoft
WinRAR come from: download-server-43.net
No EULA shown.
MD5: 134fcb1ecac0db185e2d3259a26a3e50

Chars are badly displayed because i've not enabled cyrilic support.

Net work activity:

http://wlnrar-auth5.net/pass_request_mt/?guid=7fc6bebcd8796ef5e5c72e43045f3654&parid=0&xnum=&xid=&nomer=undefined&param=&fn=dxl3.exe&xtime=29844&lp=9f54cb3ef8cce8e472ddf6de2736dfbb

----

Hoax SMS in the past:
findvirus.ru: HoaxSMS Fake installers - BitDefender/Avast/Avira/Dr.Web/Mcafee/Norton Fake products

HoaxSMS Fake installer (Avast) - Avast-antivirus-francais.exe

HoaxSMS Fake installers (Opera / WinRAR 2011)

HoaxSMS Avast.exe

HoaxSMS (uTorrent / Flash Player) FLASH10.exe

HoaxSMS Fake installers (WinRARc / WinRAR 2010)