Once the full archive is assembled and executed, it installs malicious browser extensions (Chrome or Safari) designed to hijack search results, inject ads, or steal user data.
This is part of a malicious campaign and does not contain legitimate software.
Based on security research data, the file is identified as a component of a multi-part archive used to deliver Choziosi Loader (also known as ChromeLoader ) malware . File Overview Malware Family: Choziosi Loader / ChromeLoader. GF090322-HS2DX-R8.part11.rar
For more technical details on how this malware operates, you can review the full analysis on the ORKL Cybersecurity Library .
Use an updated antivirus or security tool, such as those discussed in analysis by Colins Security Blog , to check for scheduled tasks or browser extensions that may have been installed. Once the full archive is assembled and executed,
Manually inspect your browser for any extensions you did not intentionally install.
This archive typically disguises itself as cracked software, games, or hacks (such as The Sims 4 , Adobe Photoshop , or Roblox scripts) to trick users into downloading and executing it. File Overview Malware Family: Choziosi Loader / ChromeLoader
Are you currently seeing or ads, or did you encounter this file while looking for a specific piece of software ? Choziosi Loader Analysis | Colins Security Blog