Bazar Loader

Detected loader normally used to deploy BazarBackdoor malware.

Nloader

Simple loader that includes the keyword 'cambo' in the URL used to download other families.

Process spawned unexpected child process

This typically indicates the parent process was compromised via an exploit or macro.

Bazar/Team9 Loader payload

Nloader Payload

Blocklisted process makes network request

Executes dropped EXE