image5 | WeLiveSecurity

image5

Figure 5 - HTTP request of backdoored module that contains EDRPOU number in cookies.