{"id":3964,"date":"2021-12-02T14:18:16","date_gmt":"2021-12-02T08:48:16","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=3964"},"modified":"2021-12-02T14:18:31","modified_gmt":"2021-12-02T08:48:31","slug":"how-emotet-spreads-through-fake-adobe-windows-application-installer-packages","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/","title":{"rendered":"How Emotet Spreads Through Fake Adobe Windows Application Installer Packages?"},"content":{"rendered":"\n
The Emotet Trojan is now appropriated through malicious Windows App Installer packages that try to be Adobe PDF software. Emotet is a prominent malware infection that spreads through various phishing emails for other spam operations and set up the malware, such as TrickBot and Qbot, which is usually lead to ransomware attacks.<\/p><\/p>\n\n\n\n
The attackers behind the Emotet are now impacting systems by installing malicious packages utilizing a built-in feature of Windows 10 and Windows 11 called App Installer. Investigators’ priory saw this same method is utilized to distribute the BazarLoader malware where it is installed malicious packages hosted on Microsoft Azure.<\/p><\/p>\n\n\n\n
Affecting Windows App Installer<\/strong><\/h2>\n\n\n\n
By utilizing the URLs and email samples transmitted by the Emotet tracking group Cryptolaemus, our experts determine below the attack flow of the advanced phishing email operations. This advance Emotet operation initiates with stolen reply-chain emails that come as a reply to the ongoing conversation. <\/p><\/p>\n\n\n\n
These replies simply tell the receiver to \u201cPlease see attached\u201d and contain a link to a so-called PDF related to the email conversation.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
When you initially click on the link, the user will be brought to a fake Google Drive page that prompts them to click a button to preview the PDF document.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
This ‘Preview PDF’ button is an ms-app installer URL that attempts to open an app installer file hosted on Microsoft Azure using URLs at *.web.core.windows.net. For example, the above link would open an app installer package at the following example URL: ms-appinstaller:?source=https:\/\/xxx.z13.web.core.windows.net\/abcdefghi.appinstaller.<\/p><\/p>\n\n\n\n
An app installer file is simply an XML file containing information about the signed publisher and the URL to the appbundle that will be installed.<\/p><\/p>\n\n\n\n
How to Launch the App installer?<\/strong><\/h2>\n\n\n\n
<\/figure><\/div>\n\n\n\n
When attempting to open a .appinstaller file, the Windows browser will prompt if you wish to open the Windows App Installer program to proceed. Once you agree, you will be shown an App Installer window prompting you to install the ‘Adobe PDF Component.’<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
The malicious package looks like a legitimate Adobe application, as it has a legitimate Adobe PDF icon, a valid certificate that marks it as a ‘Trusted App’, and fake publisher information. This type of validation from Windows is more than enough for many users to trust the application and install it.<\/p><\/p>\n\n\n\n
Once a user clicks on the ‘Install’ button, App Installer will download and install the malicious appxbundle hosted on Microsoft Azure. This appxbundle will install a DLL in the %Temp% folder and execute it with rundll32.exe, as shown below:<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
This process will also copy the DLL as a randomly named file and folder in %LocalAppData%, as shown below:<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
Finally, an autorun will be created under HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run to automatically launch the DLL when a user logs into Windows.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
Emotet was the most highly distributed malware in the past until a law enforcement operation shut down and seized the botnet’s infrastructure. Ten months later, Emotet was resurrected as it started to rebuild with the help of the TrickBot trojan.<\/p><\/p>\n\n\n\n
A day later, Emotet spam campaigns began, with emails hitting users’ mailboxes with various lures and malicious documents that installed the malware. These campaigns have allowed Emotet to build its presence rapidly, and once again, perform large-scale phishing campaigns that install TrickBot and Qbot.<\/p><\/p>\n\n\n\n
Emotet campaigns commonly lead to ransomware attacks. Windows admins must stay on top of the malware distribution methods and train employees to spot Emotet campaigns.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"
The Emotet Trojan is now appropriated through malicious Windows App Installer packages that try to be Adobe PDF software. Emotet is a prominent malware infection that spreads through various phishing emails for other spam operations and set up the malware, such as TrickBot and Qbot, which is usually lead to ransomware attacks. The attackers behind […]<\/p>\n","protected":false},"author":2,"featured_media":3966,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"\n
How Emotet Spreads Through Fake Adobe Windows Application Installer Packages? - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Emotet Spreads Through Fake Adobe Windows Application Installer Packages? - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"The Emotet Trojan is now appropriated through malicious Windows App Installer packages that try to be Adobe PDF software. Emotet is a prominent malware infection that spreads through various phishing emails for other spam operations and set up the malware, such as TrickBot and Qbot, which is usually lead to ransomware attacks. The attackers behind […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-02T08:48:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-02T08:48:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/12\/How-Emotet-Spreads-Through-Fake-Adobe-Windows-Application-Installer-Packages-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"How Emotet Spreads Through Fake Adobe Windows Application Installer Packages?\",\"datePublished\":\"2021-12-02T08:48:16+00:00\",\"dateModified\":\"2021-12-02T08:48:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/\"},\"wordCount\":588,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/\",\"url\":\"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/\",\"name\":\"How Emotet Spreads Through Fake Adobe Windows Application Installer Packages? - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-12-02T08:48:16+00:00\",\"dateModified\":\"2021-12-02T08:48:31+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Emotet Spreads Through Fake Adobe Windows Application Installer Packages?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Emotet Spreads Through Fake Adobe Windows Application Installer Packages? - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/","og_locale":"en_US","og_type":"article","og_title":"How Emotet Spreads Through Fake Adobe Windows Application Installer Packages? - Xiarch Solutions Private Limited","og_description":"The Emotet Trojan is now appropriated through malicious Windows App Installer packages that try to be Adobe PDF software. Emotet is a prominent malware infection that spreads through various phishing emails for other spam operations and set up the malware, such as TrickBot and Qbot, which is usually lead to ransomware attacks. The attackers behind […]","og_url":"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-12-02T08:48:16+00:00","article_modified_time":"2021-12-02T08:48:31+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/12\/How-Emotet-Spreads-Through-Fake-Adobe-Windows-Application-Installer-Packages-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"How Emotet Spreads Through Fake Adobe Windows Application Installer Packages?","datePublished":"2021-12-02T08:48:16+00:00","dateModified":"2021-12-02T08:48:31+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/"},"wordCount":588,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/","url":"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/","name":"How Emotet Spreads Through Fake Adobe Windows Application Installer Packages? - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-12-02T08:48:16+00:00","dateModified":"2021-12-02T08:48:31+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/how-emotet-spreads-through-fake-adobe-windows-application-installer-packages\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How Emotet Spreads Through Fake Adobe Windows Application Installer Packages?"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3964"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=3964"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3964\/revisions"}],"predecessor-version":[{"id":3974,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3964\/revisions\/3974"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/3966"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=3964"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=3964"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=3964"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"How-Emotet-Spreads-Through-Fake-Adobe-Windows-Application-Installer-Packages-image1\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/12\/How-Emotet-Spreads-Through-Fake-Adobe-Windows-Application-Installer-Packages-image1-1024x743.jpg\")
<\/figure><\/div>\n\n\n\n![\"How-Emotet-Spreads-Through-Fake-Adobe-Windows-Application-Installer-Packages-image2\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/12\/How-Emotet-Spreads-Through-Fake-Adobe-Windows-Application-Installer-Packages-image2-1024x651.jpg\")
<\/figure><\/div>\n\n\n\n![\"How-Emotet-Spreads-Through-Fake-Adobe-Windows-Application-Installer-Packages-image3\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/12\/How-Emotet-Spreads-Through-Fake-Adobe-Windows-Application-Installer-Packages-image3-1024x402.jpg\")
<\/figure><\/div>\n\n\n\n![\"How-Emotet-Spreads-Through-Fake-Adobe-Windows-Application-Installer-Packages-image4\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/12\/How-Emotet-Spreads-Through-Fake-Adobe-Windows-Application-Installer-Packages-image4-1024x674.jpg\")
<\/figure><\/div>\n\n\n\n![\"How-Emotet-Spreads-Through-Fake-Adobe-Windows-Application-Installer-Packages-image5\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/12\/How-Emotet-Spreads-Through-Fake-Adobe-Windows-Application-Installer-Packages-image5.jpg\")
<\/figure><\/div>\n\n\n\n![\"How-Emotet-Spreads-Through-Fake-Adobe-Windows-Application-Installer-Packages-image6\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/12\/How-Emotet-Spreads-Through-Fake-Adobe-Windows-Application-Installer-Packages-image6.jpg\")
<\/figure><\/div>\n\n\n\n![\"How-Emotet-Spreads-Through-Fake-Adobe-Windows-Application-Installer-Packages-image7\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/12\/How-Emotet-Spreads-Through-Fake-Adobe-Windows-Application-Installer-Packages-image7-1024x451.jpg\")
<\/figure><\/div>\n\n\n\n