Actor(s): APT-C-35, Donot Team, Viceroy Tiger
There is no description at this point.
rule win_yty_auto { meta: author = "Felix Bilstein - yara-signator at cocacoding dot com" date = "2026-05-04" version = "1" description = "Detects win.yty." info = "autogenerated rule brought to you by yara-signator" tool = "yara-signator v0.6.0" signator_config = "callsandjumps;datarefs;binvalue" malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.yty" malpedia_rule_date = "20260422" malpedia_hash = "a182e35da64e6d71cb55f125c4d4225196523f14" malpedia_version = "20260504" malpedia_license = "CC BY-SA 4.0" malpedia_sharing = "TLP:WHITE" /* DISCLAIMER * The strings used in this rule have been automatically selected from the * disassembly of memory dumps and unpacked files, using YARA-Signator. * The code and documentation is published here: * https://github.com/fxb-cocacoding/yara-signator * As Malpedia is used as data source, please note that for a given * number of families, only single samples are documented. * This likely impacts the degree of generalization these rules will offer. * Take the described generation method also into consideration when you * apply the rules in your use cases and assign them confidence levels. */ strings: $sequence_0 = { 8b45d8 83e001 0f840c000000 8365d8fe 8b7508 e9???????? } // n = 6, score = 500 // 8b45d8 | mov eax, dword ptr [ebp - 0x28] // 83e001 | and eax, 1 // 0f840c000000 | je 0x12 // 8365d8fe | and dword ptr [ebp - 0x28], 0xfffffffe // 8b7508 | mov esi, dword ptr [ebp + 8] // e9???????? | $sequence_1 = { 8365d8fe 8b7508 e9???????? c3 8b542408 8d420c } // n = 6, score = 500 // 8365d8fe | and dword ptr [ebp - 0x28], 0xfffffffe // 8b7508 | mov esi, dword ptr [ebp + 8] // e9???????? | // c3 | ret // 8b542408 | mov edx, dword ptr [esp + 8] // 8d420c | lea eax, [edx + 0xc] $sequence_2 = { 33c5 50 8d45f4 64a300000000 8b7508 33ff 897dd8 } // n = 7, score = 500 // 33c5 | xor eax, ebp // 50 | push eax // 8d45f4 | lea eax, [ebp - 0xc] // 64a300000000 | mov dword ptr fs:[0], eax // 8b7508 | mov esi, dword ptr [ebp + 8] // 33ff | xor edi, edi // 897dd8 | mov dword ptr [ebp - 0x28], edi $sequence_3 = { 894608 8945fc 56 c745f001000000 e8???????? } // n = 5, score = 400 // 894608 | mov dword ptr [esi + 8], eax // 8945fc | mov dword ptr [ebp - 4], eax // 56 | push esi // c745f001000000 | mov dword ptr [ebp - 0x10], 1 // e8???????? | $sequence_4 = { 8a1402 2ad1 8bfe 80ea04 b901000000 } // n = 5, score = 400 // 8a1402 | mov dl, byte ptr [edx + eax] // 2ad1 | sub dl, cl // 8bfe | mov edi, esi // 80ea04 | sub dl, 4 // b901000000 | mov ecx, 1 $sequence_5 = { 0f82dbfeffff 397d1c 720c 8b4508 50 e8???????? } // n = 6, score = 400 // 0f82dbfeffff | jb 0xfffffee1 // 397d1c | cmp dword ptr [ebp + 0x1c], edi // 720c | jb 0xe // 8b4508 | mov eax, dword ptr [ebp + 8] // 50 | push eax // e8???????? | $sequence_6 = { 64a300000000 8965f0 8bf9 8b7508 8b06 8b4804 8b4c3138 } // n = 7, score = 400 // 64a300000000 | mov dword ptr fs:[0], eax // 8965f0 | mov dword ptr [ebp - 0x10], esp // 8bf9 | mov edi, ecx // 8b7508 | mov esi, dword ptr [ebp + 8] // 8b06 | mov eax, dword ptr [esi] // 8b4804 | mov ecx, dword ptr [eax + 4] // 8b4c3138 | mov ecx, dword ptr [ecx + esi + 0x38] $sequence_7 = { 668910 8bc6 5b 8be5 5d c20400 } // n = 6, score = 400 // 668910 | mov word ptr [eax], dx // 8bc6 | mov eax, esi // 5b | pop ebx // 8be5 | mov esp, ebp // 5d | pop ebp // c20400 | ret 4 $sequence_8 = { 8b4c3138 33db 895de8 885def 8975e0 } // n = 5, score = 400 // 8b4c3138 | mov ecx, dword ptr [ecx + esi + 0x38] // 33db | xor ebx, ebx // 895de8 | mov dword ptr [ebp - 0x18], ebx // 885def | mov byte ptr [ebp - 0x11], bl // 8975e0 | mov dword ptr [ebp - 0x20], esi $sequence_9 = { 2ad1 80ea13 33c9 881407 bf10000000 } // n = 5, score = 400 // 2ad1 | sub dl, cl // 80ea13 | sub dl, 0x13 // 33c9 | xor ecx, ecx // 881407 | mov byte ptr [edi + eax], dl // bf10000000 | mov edi, 0x10 $sequence_10 = { 397e14 7204 8b3e eb02 8bfe 8a1402 } // n = 6, score = 400 // 397e14 | cmp dword ptr [esi + 0x14], edi // 7204 | jb 6 // 8b3e | mov edi, dword ptr [esi] // eb02 | jmp 4 // 8bfe | mov edi, esi // 8a1402 | mov dl, byte ptr [edx + eax] $sequence_11 = { 50 ffd2 ff15???????? 8a857bffffff } // n = 4, score = 400 // 50 | push eax // ffd2 | call edx // ff15???????? | // 8a857bffffff | mov al, byte ptr [ebp - 0x85] $sequence_12 = { 2ad1 80ea04 b901000000 e9???????? } // n = 4, score = 400 // 2ad1 | sub dl, cl // 80ea04 | sub dl, 4 // b901000000 | mov ecx, 1 // e9???????? | $sequence_13 = { eb58 8b5508 397d1c 7303 } // n = 4, score = 400 // eb58 | jmp 0x5a // 8b5508 | mov edx, dword ptr [ebp + 8] // 397d1c | cmp dword ptr [ebp + 0x1c], edi // 7303 | jae 5 $sequence_14 = { 6aff 6a00 8bcf c645fc02 e8???????? 8b0e } // n = 6, score = 400 // 6aff | push -1 // 6a00 | push 0 // 8bcf | mov ecx, edi // c645fc02 | mov byte ptr [ebp - 4], 2 // e8???????? | // 8b0e | mov ecx, dword ptr [esi] $sequence_15 = { 8975e0 85c9 7407 8b11 } // n = 4, score = 400 // 8975e0 | mov dword ptr [ebp - 0x20], esi // 85c9 | test ecx, ecx // 7407 | je 9 // 8b11 | mov edx, dword ptr [ecx] $sequence_16 = { 33c0 8d7910 85d2 0f8425010000 83f904 0f8712010000 } // n = 6, score = 400 // 33c0 | xor eax, eax // 8d7910 | lea edi, [ecx + 0x10] // 85d2 | test edx, edx // 0f8425010000 | je 0x12b // 83f904 | cmp ecx, 4 // 0f8712010000 | ja 0x118 $sequence_17 = { 53 50 e8???????? 83c40c 8d8de8fdffff 51 } // n = 6, score = 400 // 53 | push ebx // 50 | push eax // e8???????? | // 83c40c | add esp, 0xc // 8d8de8fdffff | lea ecx, [ebp - 0x218] // 51 | push ecx $sequence_18 = { 8b3e 2ad1 80ea04 b904000000 } // n = 4, score = 400 // 8b3e | mov edi, dword ptr [esi] // 2ad1 | sub dl, cl // 80ea04 | sub dl, 4 // b904000000 | mov ecx, 4 $sequence_19 = { 6a01 8bcf e8???????? 8b0e 8b5104 8b443238 } // n = 6, score = 400 // 6a01 | push 1 // 8bcf | mov ecx, edi // e8???????? | // 8b0e | mov ecx, dword ptr [esi] // 8b5104 | mov edx, dword ptr [ecx + 4] // 8b443238 | mov eax, dword ptr [edx + esi + 0x38] $sequence_20 = { 807def00 8b5de8 7503 83cb02 8b16 8b4a04 03ce } // n = 7, score = 400 // 807def00 | cmp byte ptr [ebp - 0x11], 0 // 8b5de8 | mov ebx, dword ptr [ebp - 0x18] // 7503 | jne 5 // 83cb02 | or ebx, 2 // 8b16 | mov edx, dword ptr [esi] // 8b4a04 | mov ecx, dword ptr [edx + 4] // 03ce | add ecx, esi $sequence_21 = { 8d8de8fdffff 51 53 53 6a28 } // n = 5, score = 400 // 8d8de8fdffff | lea ecx, [ebp - 0x218] // 51 | push ecx // 53 | push ebx // 53 | push ebx // 6a28 | push 0x28 $sequence_22 = { 7204 8b07 eb02 8bc7 8b4de0 } // n = 5, score = 300 // 7204 | jb 6 // 8b07 | mov eax, dword ptr [edi] // eb02 | jmp 4 // 8bc7 | mov eax, edi // 8b4de0 | mov ecx, dword ptr [ebp - 0x20] $sequence_23 = { 8ad1 c0ea02 8ac4 80e20f c0e004 } // n = 5, score = 300 // 8ad1 | mov dl, cl // c0ea02 | shr dl, 2 // 8ac4 | mov al, ah // 80e20f | and dl, 0xf // c0e004 | shl al, 4 $sequence_24 = { 8b4c1938 895dd4 85c9 7405 8b01 ff5004 c745fc00000000 } // n = 7, score = 200 // 8b4c1938 | mov ecx, dword ptr [ecx + ebx + 0x38] // 895dd4 | mov dword ptr [ebp - 0x2c], ebx // 85c9 | test ecx, ecx // 7405 | je 7 // 8b01 | mov eax, dword ptr [ecx] // ff5004 | call dword ptr [eax + 4] // c745fc00000000 | mov dword ptr [ebp - 4], 0 $sequence_25 = { b904000000 6bd11d 898278a04600 68???????? 8b45fc 50 ff15???????? } // n = 7, score = 100 // b904000000 | mov ecx, 4 // 6bd11d | imul edx, ecx, 0x1d // 898278a04600 | mov dword ptr [edx + 0x46a078], eax // 68???????? | // 8b45fc | mov eax, dword ptr [ebp - 4] // 50 | push eax // ff15???????? | $sequence_26 = { 8345f401 837df40d 76d4 eb01 90 837df40e 7507 } // n = 7, score = 100 // 8345f401 | add dword ptr [ebp - 0xc], 1 // 837df40d | cmp dword ptr [ebp - 0xc], 0xd // 76d4 | jbe 0xffffffd6 // eb01 | jmp 3 // 90 | nop // 837df40e | cmp dword ptr [ebp - 0xc], 0xe // 7507 | jne 9 $sequence_27 = { 68???????? bf01000000 ffd6 8985ecfdffff 83f8ff } // n = 5, score = 100 // 68???????? | // bf01000000 | mov edi, 1 // ffd6 | call esi // 8985ecfdffff | mov dword ptr [ebp - 0x214], eax // 83f8ff | cmp eax, -1 $sequence_28 = { 890424 e8???????? 85c0 0f851f040000 8d853cfeffff } // n = 5, score = 100 // 890424 | mov dword ptr [esp], eax // e8???????? | // 85c0 | test eax, eax // 0f851f040000 | jne 0x425 // 8d853cfeffff | lea eax, [ebp - 0x1c4] $sequence_29 = { 8975e0 8b04bda0244300 0500080000 3bf0 0f8396000000 f6460401 755b } // n = 7, score = 100 // 8975e0 | mov dword ptr [ebp - 0x20], esi // 8b04bda0244300 | mov eax, dword ptr [edi*4 + 0x4324a0] // 0500080000 | add eax, 0x800 // 3bf0 | cmp esi, eax // 0f8396000000 | jae 0x9c // f6460401 | test byte ptr [esi + 4], 1 // 755b | jne 0x5d $sequence_30 = { 890424 e8???????? 83ec08 e8???????? c785bafeffff62624a78 c785befeffff6f7c6b4a c785c2feffff677a6762 } // n = 7, score = 100 // 890424 | mov dword ptr [esp], eax // e8???????? | // 83ec08 | sub esp, 8 // e8???????? | // c785bafeffff62624a78 | mov dword ptr [ebp - 0x146], 0x784a6262 // c785befeffff6f7c6b4a | mov dword ptr [ebp - 0x142], 0x4a6b7c6f // c785c2feffff677a6762 | mov dword ptr [ebp - 0x13e], 0x62677a67 $sequence_31 = { ff75fc 51 8b0d???????? 57 e8???????? 8b0d???????? b893244992 } // n = 7, score = 100 // ff75fc | push dword ptr [ebp - 4] // 51 | push ecx // 8b0d???????? | // 57 | push edi // e8???????? | // 8b0d???????? | // b893244992 | mov eax, 0x92492493 $sequence_32 = { 01d0 0fb600 3c2e 7416 } // n = 4, score = 100 // 01d0 | add eax, edx // 0fb600 | movzx eax, byte ptr [eax] // 3c2e | cmp al, 0x2e // 7416 | je 0x18 $sequence_33 = { 732f 8bc6 8bd6 83e03f c1fa06 6bc830 8b049560cb4300 } // n = 7, score = 100 // 732f | jae 0x31 // 8bc6 | mov eax, esi // 8bd6 | mov edx, esi // 83e03f | and eax, 0x3f // c1fa06 | sar edx, 6 // 6bc830 | imul ecx, eax, 0x30 // 8b049560cb4300 | mov eax, dword ptr [edx*4 + 0x43cb60] $sequence_34 = { c7858cbbf0ff9c734300 e8???????? 83c404 c645fc01 } // n = 4, score = 100 // c7858cbbf0ff9c734300 | mov dword ptr [ebp - 0xf4474], 0x43739c // e8???????? | // 83c404 | add esp, 4 // c645fc01 | mov byte ptr [ebp - 4], 1 $sequence_35 = { e8???????? 6a06 89430c 8d4310 8d8984f94200 5a } // n = 6, score = 100 // e8???????? | // 6a06 | push 6 // 89430c | mov dword ptr [ebx + 0xc], eax // 8d4310 | lea eax, [ebx + 0x10] // 8d8984f94200 | lea ecx, [ecx + 0x42f984] // 5a | pop edx $sequence_36 = { 8b45ec 3b45e0 761e 8b4508 0345e0 894508 8b4508 } // n = 7, score = 100 // 8b45ec | mov eax, dword ptr [ebp - 0x14] // 3b45e0 | cmp eax, dword ptr [ebp - 0x20] // 761e | jbe 0x20 // 8b4508 | mov eax, dword ptr [ebp + 8] // 0345e0 | add eax, dword ptr [ebp - 0x20] // 894508 | mov dword ptr [ebp + 8], eax // 8b4508 | mov eax, dword ptr [ebp + 8] $sequence_37 = { c645fc0a 50 c78594fbffff9c734300 e8???????? c645fc02 } // n = 5, score = 100 // c645fc0a | mov byte ptr [ebp - 4], 0xa // 50 | push eax // c78594fbffff9c734300 | mov dword ptr [ebp - 0x46c], 0x43739c // e8???????? | // c645fc02 | mov byte ptr [ebp - 4], 2 $sequence_38 = { c78405dcfbffff84734300 8b85dcfbffff 8b4804 8d4190 89840dd8fbffff } // n = 5, score = 100 // c78405dcfbffff84734300 | mov dword ptr [ebp + eax - 0x424], 0x437384 // 8b85dcfbffff | mov eax, dword ptr [ebp - 0x424] // 8b4804 | mov ecx, dword ptr [eax + 4] // 8d4190 | lea eax, [ecx - 0x70] // 89840dd8fbffff | mov dword ptr [ebp + ecx - 0x428], eax $sequence_39 = { 8b14cd30bc4500 3b5508 750c 8b45fc 8b04c534bc4500 eb04 } // n = 6, score = 100 // 8b14cd30bc4500 | mov edx, dword ptr [ecx*8 + 0x45bc30] // 3b5508 | cmp edx, dword ptr [ebp + 8] // 750c | jne 0xe // 8b45fc | mov eax, dword ptr [ebp - 4] // 8b04c534bc4500 | mov eax, dword ptr [eax*8 + 0x45bc34] // eb04 | jmp 6 $sequence_40 = { c785e2feffff00000000 c785e6feffff00000000 66c785eafeffff0000 c7442404fa000000 8d85bafeffff 890424 e8???????? } // n = 7, score = 100 // c785e2feffff00000000 | mov dword ptr [ebp - 0x11e], 0 // c785e6feffff00000000 | mov dword ptr [ebp - 0x11a], 0 // 66c785eafeffff0000 | mov word ptr [ebp - 0x116], 0 // c7442404fa000000 | mov dword ptr [esp + 4], 0xfa // 8d85bafeffff | lea eax, [ebp - 0x146] // 890424 | mov dword ptr [esp], eax // e8???????? | $sequence_41 = { 89c6 0f8434010000 8db82c020000 8d4301 } // n = 4, score = 100 // 89c6 | mov esi, eax // 0f8434010000 | je 0x13a // 8db82c020000 | lea edi, [eax + 0x22c] // 8d4301 | lea eax, [ebx + 1] $sequence_42 = { 8d8cc2c8934600 894ddc eb09 8b55dc 83c202 8955dc } // n = 6, score = 100 // 8d8cc2c8934600 | lea ecx, [edx + eax*8 + 0x4693c8] // 894ddc | mov dword ptr [ebp - 0x24], ecx // eb09 | jmp 0xb // 8b55dc | mov edx, dword ptr [ebp - 0x24] // 83c202 | add edx, 2 // 8955dc | mov dword ptr [ebp - 0x24], edx $sequence_43 = { c745ac44000000 6a10 6a00 8d4594 50 e8???????? } // n = 6, score = 100 // c745ac44000000 | mov dword ptr [ebp - 0x54], 0x44 // 6a10 | push 0x10 // 6a00 | push 0 // 8d4594 | lea eax, [ebp - 0x6c] // 50 | push eax // e8???????? | $sequence_44 = { 894104 85c0 75ea 8b0d???????? c7410400000000 8d4df8 } // n = 6, score = 100 // 894104 | mov dword ptr [ecx + 4], eax // 85c0 | test eax, eax // 75ea | jne 0xffffffec // 8b0d???????? | // c7410400000000 | mov dword ptr [ecx + 4], 0 // 8d4df8 | lea ecx, [ebp - 8] $sequence_45 = { c1f805 8bfe 53 8d1c85a0244300 8b03 83e71f c1e706 } // n = 7, score = 100 // c1f805 | sar eax, 5 // 8bfe | mov edi, esi // 53 | push ebx // 8d1c85a0244300 | lea ebx, [eax*4 + 0x4324a0] // 8b03 | mov eax, dword ptr [ebx] // 83e71f | and edi, 0x1f // c1e706 | shl edi, 6 $sequence_46 = { 83bd0cefffff00 0f8451020000 8d85c4efffff c785ccefffff00000000 0f57c0 50 } // n = 6, score = 100 // 83bd0cefffff00 | cmp dword ptr [ebp - 0x10f4], 0 // 0f8451020000 | je 0x257 // 8d85c4efffff | lea eax, [ebp - 0x103c] // c785ccefffff00000000 | mov dword ptr [ebp - 0x1034], 0 // 0f57c0 | xorps xmm0, xmm0 // 50 | push eax $sequence_47 = { 50 8d8d8cfcffff 51 6a00 6a00 6800000008 } // n = 6, score = 100 // 50 | push eax // 8d8d8cfcffff | lea ecx, [ebp - 0x374] // 51 | push ecx // 6a00 | push 0 // 6a00 | push 0 // 6800000008 | push 0x8000000 $sequence_48 = { 8bcf e8???????? c645fc1e 8b85a4bcf0ff 83f810 } // n = 5, score = 100 // 8bcf | mov ecx, edi // e8???????? | // c645fc1e | mov byte ptr [ebp - 4], 0x1e // 8b85a4bcf0ff | mov eax, dword ptr [ebp - 0xf435c] // 83f810 | cmp eax, 0x10 $sequence_49 = { 0f87a2000000 6683fb56 0f84a2000000 83c320 0fbfc3 56 50 } // n = 7, score = 100 // 0f87a2000000 | ja 0xa8 // 6683fb56 | cmp bx, 0x56 // 0f84a2000000 | je 0xa8 // 83c320 | add ebx, 0x20 // 0fbfc3 | movsx eax, bx // 56 | push esi // 50 | push eax $sequence_50 = { 8bc6 c1f805 8bce 83e11f c1e106 8b0485a0244300 8d440804 } // n = 7, score = 100 // 8bc6 | mov eax, esi // c1f805 | sar eax, 5 // 8bce | mov ecx, esi // 83e11f | and ecx, 0x1f // c1e106 | shl ecx, 6 // 8b0485a0244300 | mov eax, dword ptr [eax*4 + 0x4324a0] // 8d440804 | lea eax, [eax + ecx + 4] $sequence_51 = { c70424f4010000 e8???????? 83ec04 8b45d8 890424 } // n = 5, score = 100 // c70424f4010000 | mov dword ptr [esp], 0x1f4 // e8???????? | // 83ec04 | sub esp, 4 // 8b45d8 | mov eax, dword ptr [ebp - 0x28] // 890424 | mov dword ptr [esp], eax $sequence_52 = { 8b4510 50 8b4d0c 8b148d10cf4400 52 8b4508 50 } // n = 7, score = 100 // 8b4510 | mov eax, dword ptr [ebp + 0x10] // 50 | push eax // 8b4d0c | mov ecx, dword ptr [ebp + 0xc] // 8b148d10cf4400 | mov edx, dword ptr [ecx*4 + 0x44cf10] // 52 | push edx // 8b4508 | mov eax, dword ptr [ebp + 8] // 50 | push eax $sequence_53 = { c70424e8030000 e8???????? 83ec04 8345f401 } // n = 4, score = 100 // c70424e8030000 | mov dword ptr [esp], 0x3e8 // e8???????? | // 83ec04 | sub esp, 4 // 8345f401 | add dword ptr [ebp - 0xc], 1 $sequence_54 = { 8d3c85a0244300 8bf3 83e61f c1e606 8b07 0fbe440604 83e001 } // n = 7, score = 100 // 8d3c85a0244300 | lea edi, [eax*4 + 0x4324a0] // 8bf3 | mov esi, ebx // 83e61f | and esi, 0x1f // c1e606 | shl esi, 6 // 8b07 | mov eax, dword ptr [edi] // 0fbe440604 | movsx eax, byte ptr [esi + eax + 4] // 83e001 | and eax, 1 condition: 7 of them and filesize < 1097728 }
import "pe" rule win_yty_w0 { meta: author = "James E.C, ProofPoint" description = "Modular malware framework with similarities to EHDevel" hash = "1e0c1b97925e1ed90562d2c68971e038d8506b354dd6c1d2bcc252d2a48bc31c" malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.yty" malpedia_version = "20180312" malpedia_license = "CC BY-NC-SA 4.0" malpedia_sharing = "TLP:WHITE" strings: $x1 = "/football/download2/" ascii wide $x2 = "/football/download/" ascii wide $x3 = "Caption: Xp>" wide $x_c2 = "5.135.199.0" ascii fullword $a1 = "getGoogle" ascii fullword $a2 = "/q /noretstart" wide $a3 = "IsInSandbox" ascii fullword $a4 = "syssystemnew" ascii fullword $a5 = "ytyinfo" ascii fullword $a6 = "\\ytyboth\\yty " ascii $s1 = "SELECT Name FROM Win32_Processor" wide $s2 = "SELECT Caption FROM Win32_OperatingSystem" wide $s3 = "SELECT SerialNumber FROM Win32_DiskDrive" wide $s4 = "VM: Yes" wide fullword $s5 = "VM: No" wide fullword $s6 = "helpdll.dll" ascii fullword $s7 = "boothelp.exe" ascii fullword $s8 = "SbieDll.dll" wide fullword $s9 = "dbghelp.dll" wide fullword $s10 = "YesNoMaybe" ascii fullword $s11 = "saveData" ascii fullword $s12 = "saveLogs" ascii fullword condition: pe.imphash() == "87775285899fa860b9963b11596a2ded" or 1 of ($x*) or 3 of ($a*) or 6 of ($s*) }
If your designated proposal does not fit in any other category, feel free to write a free-text in the comment field below. Changes regarding references should be proposed on the Malpedia library page.
Your suggestion will be reviewed before being published. Thank you for contributing!
YYYY-MM-DD
YYYY-MM
YYYY
