Most malcode on it seems dead and closed (each after approx. 2-2.5 hrs activity),
htxp://dx7.52z.com/RMBDXZH.exe seems still up and alive:
Not detected on VT but analyzed here: http://camas.comodo.com/cgi-bin/submit?file=157f32a98ad47c6ac21d107db60aaab59d0a00b2133042b924a5f437afe9dd8d
See: http://urlquery.net/report.php?id=7055123 with IDS alerts, same as given for alan1998’s scan for the other uri.
On the one I gave there is even this IDS alert: ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

Here we have an earlier file scan: https://www.virustotal.com/nl/file/13033a0fcba3c8b9db385014719c5cf9922db2be6fe12b6295e248d659cc4f5b/analysis/
from the same executable earlier version 1 month ago. It means the malware is constantly changing and launched anew from that domain.
The version of 2 minutes ago: http://anubis.iseclab.org/?action=result&task_id=1ac114bc5fbee5844f50aa0edc2f0b097&format=html
Characteristics shown of trojan_nelloweg or zero_access. Site directs to Fast Flux Trojan.

see: http://support.clean-mx.de/clean-mx/viruses.php?ip=61.147.108.51&sort=id%20DESC

pol