: EaseUS offers a free version that allows users to restore lost files and repair corrupted data without a paid license.
Select the file and press Shift + Delete to remove it permanently without sending it to the Recycle Bin.
Ensure your definitions are up-to-date to catch variations of the "W32.AIDetectVM" family.
If the file is confirmed as malware, follow this step-by-step guide:
Automated sandboxing data reveals that edrwkgn.exe behaves like a specialized information harvester and defense evasion tool. Security platforms like Joe Sandbox Report and Hybrid Analysis have cataloged the following operational parameters for the file: edrwkgn.exe
: Limit administrative privileges by using a standard user account for daily activities, reserving administrator access only for necessary installations
: It frequently spawns other processes like ipconfig.exe (with /flushdns ) and regedit.exe .
Invokes the native Windows SetErrorMode API to disable system application error messages. This prevents user-facing pop-ups if the background payload crashes or encounters an environment conflict.
is a Portable Executable (PE32) file designed for 32-bit Windows operating systems. According to sandbox analysis data, the file size is approximately 3.16 MB with the MD5 hash 1974c88979debfe710d597fff868d0e5 and SHA256 hash cfb0e9f2d6e4d72ec861480007d96a3695d4b1d780c86ff066a2a2222fafffdf .
If you find edrwkgn.exe on your system, run these immediately:
Before running or deleting the file, upload it to an online multi-engine scanner. Open your web browser and navigate to VirusTotal. Upload the edrwkgn.exe file.
: EaseUS offers a free version that allows users to restore lost files and repair corrupted data without a paid license.
Select the file and press Shift + Delete to remove it permanently without sending it to the Recycle Bin.
Ensure your definitions are up-to-date to catch variations of the "W32.AIDetectVM" family.
If the file is confirmed as malware, follow this step-by-step guide:
Automated sandboxing data reveals that edrwkgn.exe behaves like a specialized information harvester and defense evasion tool. Security platforms like Joe Sandbox Report and Hybrid Analysis have cataloged the following operational parameters for the file: edrwkgn.exe
: Limit administrative privileges by using a standard user account for daily activities, reserving administrator access only for necessary installations
: It frequently spawns other processes like ipconfig.exe (with /flushdns ) and regedit.exe .
Invokes the native Windows SetErrorMode API to disable system application error messages. This prevents user-facing pop-ups if the background payload crashes or encounters an environment conflict.
is a Portable Executable (PE32) file designed for 32-bit Windows operating systems. According to sandbox analysis data, the file size is approximately 3.16 MB with the MD5 hash 1974c88979debfe710d597fff868d0e5 and SHA256 hash cfb0e9f2d6e4d72ec861480007d96a3695d4b1d780c86ff066a2a2222fafffdf .
If you find edrwkgn.exe on your system, run these immediately:
Before running or deleting the file, upload it to an online multi-engine scanner. Open your web browser and navigate to VirusTotal. Upload the edrwkgn.exe file.
0086-0760-88751123 
Sales@al-harameen.com 
al-harameen1
Copyright (c) 2013 - 2020 al-harameen. all rights reserved.
