PUP.Xtron System Care

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank:	4,031
Threat Level:	10 % (Normal)
Infected Computers:	783

First Seen:	July 20, 2019
Last Seen:	December 24, 2025
OS(es) Affected:	Windows

Table of Contents

SpyHunter Detects & Remove PUP.Xtron System Care

File System Details

PUP.Xtron System Care may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	xpssetup.exe.6rq5qyc.partial	ea0ca998d1561fc6319bc43b3436d443	3
Name: xpssetup.exe.6rq5qyc.partial MD5: ea0ca998d1561fc6319bc43b3436d443 Size: 7.13 MB (7132680 bytes) Detections: 3 Path: c:\Users\<username>\downloads Group: Malware file Last Updated: May 25, 2023
2.	xcpsetup (1.0.1.125).exe	f32c6cf1a7b2c40072483f36846e8d78	1
Name: xcpsetup (1.0.1.125).exe MD5: f32c6cf1a7b2c40072483f36846e8d78 Size: 7.12 MB (7128216 bytes) Detections: 1 Type: Executable File Group: Malware file Last Updated: November 30, 2019
3.	xcpsetup[1].exe	73d62317d648b0aca1cebbc0b34b3c6e	1
Name: xcpsetup[1].exe MD5: 73d62317d648b0aca1cebbc0b34b3c6e Size: 7.12 MB (7129120 bytes) Detections: 1 Type: Executable File Path: c:\Users\<username>\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\m8z63t9v Group: Malware file Last Updated: May 25, 2023
4.	xcpsetup (1.0.1.125) 2.exe	aa9622286b1f65a468861e03dd7c096d	1
Name: xcpsetup (1.0.1.125) 2.exe MD5: aa9622286b1f65a468861e03dd7c096d Size: 7.12 MB (7127256 bytes) Detections: 1 Type: Executable File Group: Malware file Last Updated: February 4, 2020
5.	xscsetup (1.0.0.15).exe	b0a73df45f7b79c6f2b948be12ef2787	0
Name: xscsetup (1.0.0.15).exe MD5: b0a73df45f7b79c6f2b948be12ef2787 Size: 7.1 MB (7103384 bytes) Detections: 0 Type: Executable File Group: Malware file
6.	xcpsetup (1.0.2.3).exe	9ac8cd3615bf01210077104cbad62c53	0
Name: xcpsetup (1.0.2.3).exe MD5: 9ac8cd3615bf01210077104cbad62c53 Size: 7.12 MB (7127472 bytes) Detections: 0 Type: Executable File Group: Malware file
7.	xcpsetup (1.0.2.3) 2.exe	a9bd811a19d8d2f25a7870d7882169f9	0
Name: xcpsetup (1.0.2.3) 2.exe MD5: a9bd811a19d8d2f25a7870d7882169f9 Size: 7.13 MB (7130936 bytes) Detections: 0 Type: Executable File Group: Malware file
8.	xcpsetup (1.0.2.3) 3.exe	bd4efea534abde4db8a4e54d785930dc	0
Name: xcpsetup (1.0.2.3) 3.exe MD5: bd4efea534abde4db8a4e54d785930dc Size: 7.12 MB (7127944 bytes) Detections: 0 Type: Executable File Group: Malware file
9.	xcpsetup (1.0.2.3) 4.exe	a86c05f0b1a7db3edecac51648a834ec	0
Name: xcpsetup (1.0.2.3) 4.exe MD5: a86c05f0b1a7db3edecac51648a834ec Size: 7.12 MB (7128960 bytes) Detections: 0 Type: Executable File Group: Malware file
10.	xscsetup (1.0.0.14) 5.exe	c702a104aff7f5234f9d12d50e895767	0
Name: xscsetup (1.0.0.14) 5.exe MD5: c702a104aff7f5234f9d12d50e895767 Size: 7.1 MB (7101912 bytes) Detections: 0 Type: Executable File Group: Malware file
11.	xscsetup (1.0.0.1) 12.exe	69f448f2da8ced425ded0553920e8de2	0
Name: xscsetup (1.0.0.1) 12.exe MD5: 69f448f2da8ced425ded0553920e8de2 Size: 7.1 MB (7100224 bytes) Detections: 0 Type: Executable File Group: Malware file
12.	xcpsetup (1.0.0.15) 2.exe	820eecfa62e6f4ee9dd64c0c1cb9b25f	0
Name: xcpsetup (1.0.0.15) 2.exe MD5: 820eecfa62e6f4ee9dd64c0c1cb9b25f Size: 7.12 MB (7128640 bytes) Detections: 0 Type: Executable File Group: Malware file
13.	xscsetup (1.0.0.24) 10.exe	3e3514b51191bd7994e72f2bfd980a5f	0
Name: xscsetup (1.0.0.24) 10.exe MD5: 3e3514b51191bd7994e72f2bfd980a5f Size: 7.1 MB (7102344 bytes) Detections: 0 Type: Executable File Group: Malware file
14.	xcpsetup (1.0.1.100).exe	e743cb75bb6cb87f5914307ce2b5de6b	0
Name: xcpsetup (1.0.1.100).exe MD5: e743cb75bb6cb87f5914307ce2b5de6b Size: 7.12 MB (7128312 bytes) Detections: 0 Type: Executable File Group: Malware file
15.	xcpsetup (1.0.2.40).exe	d06647357c2100bfa02a2b563f0a1532	0
Name: xcpsetup (1.0.2.40).exe MD5: d06647357c2100bfa02a2b563f0a1532 Size: 7.13 MB (7132312 bytes) Detections: 0 Type: Executable File Group: Malware file
16.	xcpsetup (1.0.2.40) 2.exe	5ee4fb30edec1e9381e1f743d676df6a	0
Name: xcpsetup (1.0.2.40) 2.exe MD5: 5ee4fb30edec1e9381e1f743d676df6a Size: 7.13 MB (7131648 bytes) Detections: 0 Type: Executable File Group: Malware file
17.	xcpsetup (1.0.2.40) 3.exe	399e40306d64169055bfb56064495cd0	0
Name: xcpsetup (1.0.2.40) 3.exe MD5: 399e40306d64169055bfb56064495cd0 Size: 7.13 MB (7131416 bytes) Detections: 0 Type: Executable File Group: Malware file
18.	xcpsetup (1.0.2.40) 4.exe	8a2f3a523ec082af381666bb791c5372	0
Name: xcpsetup (1.0.2.40) 4.exe MD5: 8a2f3a523ec082af381666bb791c5372 Size: 7.13 MB (7131736 bytes) Detections: 0 Type: Executable File Group: Malware file
19.	xcpsetup (1.0.2.40) 5.exe	8b6b538243f5365d77c59a6974507ab9	0
Name: xcpsetup (1.0.2.40) 5.exe MD5: 8b6b538243f5365d77c59a6974507ab9 Size: 7.13 MB (7132248 bytes) Detections: 0 Type: Executable File Group: Malware file
20.	xcpsetup (1.0.2.40) 6.exe	7a4a4eea7da2c64a5d9304d9592391d5	0
Name: xcpsetup (1.0.2.40) 6.exe MD5: 7a4a4eea7da2c64a5d9304d9592391d5 Size: 7.13 MB (7132048 bytes) Detections: 0 Type: Executable File Group: Malware file
21.	xcpsetup (1.0.2.5).exe	0578b927e32a730b1475190d9f3fc03a	0
Name: xcpsetup (1.0.2.5).exe MD5: 0578b927e32a730b1475190d9f3fc03a Size: 7.12 MB (7126912 bytes) Detections: 0 Type: Executable File Group: Malware file
22.	xcpsetup (1.0.2.5) 2.exe	b9e196821165f0c2783bb8b53d678c66	0
Name: xcpsetup (1.0.2.5) 2.exe MD5: b9e196821165f0c2783bb8b53d678c66 Size: 7.12 MB (7128256 bytes) Detections: 0 Type: Executable File Group: Malware file
23.	xcpsetup (1.0.2.5) 3.exe	19115367870cca50b248e42bc1243948	0
Name: xcpsetup (1.0.2.5) 3.exe MD5: 19115367870cca50b248e42bc1243948 Size: 7.12 MB (7127552 bytes) Detections: 0 Type: Executable File Group: Malware file
24.	xcpsetup (1.0.2.5) 4.exe	0e55794b6d92fc4a38b0f05e4b7c0135	0
Name: xcpsetup (1.0.2.5) 4.exe MD5: 0e55794b6d92fc4a38b0f05e4b7c0135 Size: 7.12 MB (7128464 bytes) Detections: 0 Type: Executable File Group: Malware file
25.	xcpsetup (1.0.2.40) 7.exe	06de41cf263525b41a10da95e95a2027	0
Name: xcpsetup (1.0.2.40) 7.exe MD5: 06de41cf263525b41a10da95e95a2027 Size: 7.13 MB (7130328 bytes) Detections: 0 Type: Executable File Group: Malware file
26.	xpssetup (1.0.3.8) 2.exe	3101634d61113f692c53721ef7a645de	0
Name: xpssetup (1.0.3.8) 2.exe MD5: 3101634d61113f692c53721ef7a645de Size: 7.12 MB (7129776 bytes) Detections: 0 Type: Executable File Group: Malware file
27.	xcpsetup (1.0.2.40) 8.exe	b38fd81275a103364840ae9680d81ca2	0
Name: xcpsetup (1.0.2.40) 8.exe MD5: b38fd81275a103364840ae9680d81ca2 Size: 7.13 MB (7131840 bytes) Detections: 0 Type: Executable File Group: Malware file
28.	xcpsetup (1.0.3.7).exe	4796af8e636d334f0bfb6b2204a75c19	0
Name: xcpsetup (1.0.3.7).exe MD5: 4796af8e636d334f0bfb6b2204a75c19 Size: 7.13 MB (7130192 bytes) Detections: 0 Type: Executable File Group: Malware file
29.	xcpsetup (1.0.1.135).exe	ceed21ff7a5867f685e0f3cbe3ae8e97	0
Name: xcpsetup (1.0.1.135).exe MD5: ceed21ff7a5867f685e0f3cbe3ae8e97 Size: 7.12 MB (7128376 bytes) Detections: 0 Type: Executable File Group: Malware file

More files

Analysis Report

General information

Family Name:	PUP.Xtron System Care
Signature status:	Self Signed

Known Samples

MD5: 420ba85d85fe534f45d4b6acc0e24a3c

SHA1: 98c22d2ef517f69c1caffdb56a9b2ea44da00ab8

File Size: 236.10 KB, 236096 bytes

MD5: 563de6e0e003bbbf344528e7d25d8d7c

SHA1: 46a504455343657e70fb69c1a0cc1cf7c1f18015

SHA256: 3472DB4C440FBD01170E9254C5526AB733B3D9C4894186BF47512F0A2D7D33FC

File Size: 568.36 KB, 568360 bytes

MD5: 77dae21f571762db20d0926bec50369a

SHA1: 010e26184dfab245eef91c1fe81f244af33650c6

SHA256: AEF04F1AC2F8916289A22AF8EBF0AC22037E2ABE49FA69943E523D4686B138F4

File Size: 616.01 KB, 616008 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File has TLS information
File is .NET application
File is 32-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	1.5.0.6
Comments	This installation was built with Inno Setup.
Company Name	Open source hosted on CodePlex www.avast.com
File Description	Avast Free-Antivirus HTML Renderer Web~ Discover Setup
File Version	Avast Free-Antivirus 1.5.0.6
Internal Name	HtmlRenderer.dll
Legal Copyright	Copyright © 2008 © www.avast.com
Original Filename	HtmlRenderer.dll
Product Name	Avast Free-Antivirus HTML Renderer Web~ Discover
Product Version	3.0.1.33 3.0.0.96 1.5.0.6

Digital Signatures

Signer	Root	Status
Wincare utilities	COMODO RSA Code Signing CA	Hash Mismatch
Wincare utilities	COMODO RSA Code Signing CA	Self Signed
QUANTUM TECHNOLOGIES	Sectigo RSA Code Signing CA	Self Signed
QUANTUM TECHNOLOGIES	Sectigo RSA Code Signing CA	Self Signed

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\is-0tpvj.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-0tpvj.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-0tpvj.tmp\isxdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-699g6.tmp\010e26184dfab245eef91c1fe81f244af33650c6_0000616008.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-dq3bc.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-dq3bc.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-dq3bc.tmp\isxdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-qj9kv.tmp\46a504455343657e70fb69c1a0cc1cf7c1f18015_0000568360.tmp	Generic Write,Read Attributes
c:\users\user\appdata\roaming\bch.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tvb.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475	闱ȁਪˣ鈯ˣ遙̃豤̃অˣ炑̃濖̃賬̃獖}偫~엦1਷ˣ邯̃뫯ʃdᵂċᵆċeЂ엦1¶iꙥr֢	RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtDuplicateToken ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection Show More ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateSolidBrush win32u.dll!NtGdiDeleteObjectApp win32u.dll!NtGdiExtGetObjectW win32u.dll!NtGdiGetDCforBitmap win32u.dll!NtGdiGetDCObject win32u.dll!NtGdiGetDeviceCaps win32u.dll!NtGdiRestoreDC win32u.dll!NtGdiSaveDC win32u.dll!NtGdiSelectBitmap win32u.dll!NtGdiSetDIBitsToDeviceInternal win32u.dll!NtUserBuildHwndList win32u.dll!NtUserCallTwoParam win32u.dll!NtUserCreateEmptyCursorObject win32u.dll!NtUserCreateWindowEx win32u.dll!NtUserDestroyWindow win32u.dll!NtUserFindExistingCursorIcon win32u.dll!NtUserGetAncestor win32u.dll!NtUserGetClassInfoEx win32u.dll!NtUserGetClassName win32u.dll!NtUserGetDC win32u.dll!NtUserGetGUIThreadInfo win32u.dll!NtUserGetIconInfo win32u.dll!NtUserGetIconSize win32u.dll!NtUserGetImeInfoEx win32u.dll!NtUserGetKeyboardLayout win32u.dll!NtUserGetObjectInformation win32u.dll!NtUserGetProcessWindowStation win32u.dll!NtUserGetProp win32u.dll!NtUserGetThreadDesktop win32u.dll!NtUserGetThreadState win32u.dll!NtUserGetWindowCompositionAttribute win32u.dll!NtUserIsNonClientDpiScalingEnabled win32u.dll!NtUserIsTopLevelWindow win32u.dll!NtUserMessageCall win32u.dll!NtUserRegisterClassExWOW win32u.dll!NtUserRegisterWindowMessage win32u.dll!NtUserReleaseDC win32u.dll!NtUserRemoveProp win32u.dll!NtUserSelectPalette win32u.dll!NtUserSetCursorIconData win32u.dll!NtUserSetWindowFNID win32u.dll!NtUserSetWindowLongPtr win32u.dll!NtUserSetWindowPos win32u.dll!NtUserUpdateInputContext
Process Shell Execute	CreateProcess ShellExecuteEx
Network Urlomon	URLDownloadToFile
Process Manipulation Evasion	NtUnmapViewOfSection

Shell Command Execution


							"C:\Users\Ydwwkgln\AppData\Local\Temp\is-QJ9KV.tmp\46a504455343657e70fb69c1a0cc1cf7c1f18015_0000568360.tmp" /SL5="$7002E,169923,119296,c:\users\user\downloads\46a504455343657e70fb69c1a0cc1cf7c1f18015_0000568360"


							open schtasks.exe /create /tn ppvst /tr "C:\Users\Ydwwkgln\AppData\Roaming\tvb.bat" /sc onlogon /RL Highest /F


							"C:\Users\Nlwztsfm\AppData\Local\Temp\is-699G6.tmp\010e26184dfab245eef91c1fe81f244af33650c6_0000616008.tmp" /SL5="$70300,169923,119296,c:\users\user\downloads\010e26184dfab245eef91c1fe81f244af33650c6_0000616008"


							open schtasks.exe /create /tn ds_w /tr "C:\Users\Nlwztsfm\AppData\Roaming\bch.bat" /sc onlogon /RL Highest /F

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.Xtron System Care

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove PUP.Xtron System Care

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Bingo Master Ads

Adware.Search Safer

cPanel Account Suspension Email Scam

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

Discord Is Stuck on Gray Screen