Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use

    Friday, February 13, 2026 In: Threat Research Print

    Date: 02/13/2026

    Severity: High

    Summary

    The report highlights a rise in model extraction (“distillation”) attacks aimed at stealing proprietary AI logic, alongside the growing integration of generative AI into real-world threat operations. While no breakthrough exploitation of frontier models has been observed, government-backed actors from the DPRK, Iran, China, and Russia are increasingly using LLMs to streamline reconnaissance, phishing, and tooling development. It also documents experimentation with AI-integrated malware (e.g., HONESTCUE leveraging the Gemini API), interest in agentic AI capabilities, and the emergence of underground jailbreak ecosystems, as defenders continue disrupting abuse and strengthening model safeguards.

    Indicators of Compromise (IOC) List

    URLs/Domains

    369201v-coinbase.com

    482901v-coinbase.com

    543902-coinbase.com

    562789-coinbase.com

    582751v-coinbase.com

    650421-coinbase.com

    673442-coinbase.com

    673827-coinbase.com

    673908-coinbase.com

    674933-coinbase.com

    783521-coinbase.com

    901562-coinbase.com

    903182s-coinbase.com

    coinbase-access.com

    coinbase-diagnostic.com

    coinbase-live.com

    coinbase-myaccount.com

    coinbase-myvault.com

    coinbase-protected.com

    coinbase-safeguard.com

    coinbase-safevault.com

    coinbase-securedvault.com

    coinbase-storage.com

    coldwallets-coinbase.com

    defense-coinbase.com

    diagnose-coinbase.com

    diagnosis-coinbase.com

    diagnostics-coinbase.com

    mycoldstorage-coinbase.com

    myhelpdesk-coinbase.com

    mysafevault-coinbase.com

    mysecureportal-coinbase.com

    privacyvault-coinbase.com

    protectedportal-coinbase.com

    protectedvault-coinbase.com

    refuge-coinbase.com

    safeportal-coinbase.com

    safestorage-coinbase.com

    safestorages-coinbase.com

    safetystorage-coinbase.com

    safetyvault-coinbase.com

    safewallet-coinbase.com

    securedvault-coinbase.com

    securesession-coinbase.com

    securing-coinbase.com

    securityvault-coinbase.com

    storages-coinbase.com

    www.369201v-coinbase.com

    www.482901v-coinbase.com

    www.543902-coinbase.com

    www.562789-coinbase.com

    www.563901-coinbase.com

    www.582751v-coinbase.com

    www.673442-coinbase.com

    www.673827-coinbase.com

    www.673908-coinbase.com

    www.674933-coinbase.com

    www.783521-coinbase.com

    www.901562-coinbase.com

    www.903182s-coinbase.com

    www.coinbase-access.com

    www.coinbase-diagnostic.com

    www.coinbase-live.com

    www.coinbase-myaccount.com

    www.coinbase-myvault.com

    www.coinbase-protected.com

    www.coinbase-safeguard.com

    www.coinbase-safevault.com

    www.coldwallets-coinbase.com

    www.defense-coinbase.com

    www.diagnose-coinbase.com

    www.diagnosis-coinbase.com

    www.diagnostics-coinbase.com

    www.mycoldstorage-coinbase.com

    www.mysafevault-coinbase.com

    www.mysecureportal-coinbase.com

    www.privacyvault-coinbase.com

    www.protectedportal-coinbase.com

    www.protectedvault-coinbase.com

    www.refuge-coinbase.com

    www.safeportal-coinbase.com

    www.safestorages-coinbase.com

    www.safetystorage-coinbase.com

    www.safetyvault-coinbase.com

    www.safevault-coinbase.com

    www.safewallet-coinbase.com

    www.securedvault-coinbase.com

    www.securesession-coinbase.com

    www.securing-coinbase.com

    www.securityvault-coinbase.com

    www.storages-coinbase.com

    Hash

    2581b50b6e60fd38634501125ebdabc9

    6148ac866a98b412acf9ba6ebd41d4a5

    e4d30c315749ff4cb5c99957533b6f45

    05c109d7b5d9ad91ee0eabf84c62f455fce7ec95

    03a29678b78f390dc4bbb4f485e4905b640b82cfa99ad976b475c1114d69146e

    0539fbf0e37dd623cd068a357cc876cac68ccf272a8c6e0b361c63e9d6e980bd

    142f293512ae56fc8c00fd296bb83ee55c6d33659d200a201519879db7c91dc4

    183bc69ea1f39eeacbc6ee934d2c054878821ae32213de50cfd272546ff04774

    2beb652cdf326670d04da2a5bb75acfe12f6610ca26cf1b4c355de527c56f8e9

    3481106ad452f684e0d5ccfa6e7c185663480f6c7fa757caef384415140136ba

    3b4737d4378bfbe94a22ec6cbbec1996eb7672b8a7c242c021eb7cb3bb533493

    3f14baee32fc0a43bb1270ed987c91bcfeca0ff6be558eb80d9ccade06c2b219

    513a7a0daa03a6591a18b2d850af5ed6ebc6d5e1d04080214ebd3047f2ba70be

    51de550577469f56a7ffd7cb1a1ec1f6ddacfe635e6d20c339873cec6f056521

    5b58365f174fb44c8b56f7ac354f65b888578a9ae6b56f651066bc926b966152

    5c70dd5ad4d34cd25cceab4421a73686e4ae3c3a3e6ffa61916f245ca9f7697c

    5c929c8cc12504b1b3a164284a6b83ff32e15defe54c9dbae81b0e37e65fe1be

    618a4f0d6cb47bdde07a9e1e3dc107ae090d867e3cf728428ce7aeecb4f43296

    6371e212b87bca591d3a52eee0c8af63d67c2345492ceb3bfd63f42967f359b1

    6994b8b2b870f4e920b969b9efca6bdce9fca8dce2f4a782dfae1e7af2b20a77

    7c7017a52c787a08772f42614b670f7b6e5ba472e6db88427945c1310c15b2c0

    7f6e02f7dfe64bcce460a241fdd5c41d39e43f0b0bec169372ebe3488b7bd9fd

    80690dcc5b7779ca26ff7b981e101ddb74e5e3bd10edcec343de0325cdfe835a

    8815d7e3aa9cfa97765c29e89db89f0df1c52ec2e7b71ee9d61bafed1eb1d06a

    8a4ae1f830ccf116ee5d92069e98b08a13ef1d77004c7f31a896765b4466313f

    8d656e2672bfb08872d919d5b7cb3a5acd333bc7bf3f5769d14abfcac99dcd70

    959c8d65bd8b7acda2c09c0cf2e981ffb675c138cb67fea1d9fdb5f923908b9a

    97da665a133d5ada32e0c2705cea6eb4f9b00e6d4506ab1771d70f7c99105b6b

    a5cc95fa6d8e28f563cda46b9f5a8e5d9ed41bb96dca5f2a43e6c33e5a3fc6a1

    a689f599d45421c0509f12e0da9155fdc4f332bfb0234f1a31f5df9df3f14349

    af25b1c3b36a97262206842679dc2baef0d654726976330e433547920094abbc

    b3379bea18d40b3eb33d7626965f5b7424b958bd78290e4b1efbc3f360be94f9

    cd8afec1a9164f5bcfea9b3bd62894cb360ac1e175d305daa3c5f6b4f6acb2dd

    cec9d4e4bd217de80fd55f1b055c7919ed7ee68d04850bd6651f184a0833695e

    d583f60cdbd0909965d3e8f14fe6f3d663b93dd6850c7c2e5734954053d0e33d

    db43fa07fba044cd4a8f0df6ec7e4536e8af42b13a6428f8f732b4671ebe6a53

    de48ed56bcf188e538d298777f29105c9d4cf7ed68571e2129865e981707e90a

    de501b275d50622023a44489d23bf78a0157f883eaf970c9a3c2d95c52ac5de0

    e73ae1e1eca6be4f96d91e802dfa8a9b1ed29732cc0fb6378ab8d91c9bb0feba

    fb72accfbde0c8628140c4ee2e6866efcfcf45f0a65e25ec89177cfbe63ec2a3

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    domainname like "storages-coinbase.com" or siteurl like "storages-coinbase.com" or url like "storages-coinbase.com" or domainname like "mysafevault-coinbase.com" or siteurl like "mysafevault-coinbase.com" or url like "mysafevault-coinbase.com" or domainname like "www.diagnosis-coinbase.com" or siteurl like "www.diagnosis-coinbase.com" or url like "www.diagnosis-coinbase.com" or domainname like "www.coinbase-myvault.com" or siteurl like "www.coinbase-myvault.com" or url like "www.coinbase-myvault.com" or domainname like "safestorages-coinbase.com" or siteurl like "safestorages-coinbase.com" or url like "safestorages-coinbase.com" or domainname like "www.securityvault-coinbase.com" or siteurl like "www.securityvault-coinbase.com" or url like "www.securityvault-coinbase.com" or domainname like "defense-coinbase.com" or siteurl like "defense-coinbase.com" or url like "defense-coinbase.com" or domainname like "safetystorage-coinbase.com" or siteurl like "safetystorage-coinbase.com" or url like "safetystorage-coinbase.com" or domainname like "myhelpdesk-coinbase.com" or siteurl like "myhelpdesk-coinbase.com" or url like "myhelpdesk-coinbase.com" or domainname like "coinbase-safevault.com" or siteurl like "coinbase-safevault.com" or url like "coinbase-safevault.com" or domainname like "www.safetyvault-coinbase.com" or siteurl like "www.safetyvault-coinbase.com" or url like "www.safetyvault-coinbase.com" or domainname like "www.protectedportal-coinbase.com" or siteurl like "www.protectedportal-coinbase.com" or url like "www.protectedportal-coinbase.com" or domainname like "369201v-coinbase.com" or siteurl like "369201v-coinbase.com" or url like "369201v-coinbase.com" or domainname like "safetyvault-coinbase.com" or siteurl like "safetyvault-coinbase.com" or url like "safetyvault-coinbase.com" or domainname like "www.673442-coinbase.com" or siteurl like "www.673442-coinbase.com" or url like "www.673442-coinbase.com" or domainname like "www.482901v-coinbase.com" or siteurl like "www.482901v-coinbase.com" or url like "www.482901v-coinbase.com" or domainname like "www.543902-coinbase.com" or siteurl like "www.543902-coinbase.com" or url like "www.543902-coinbase.com" or domainname like "www.storages-coinbase.com" or siteurl like "www.storages-coinbase.com" or url like "www.storages-coinbase.com" or domainname like "safeportal-coinbase.com" or siteurl like "safeportal-coinbase.com" or url like "safeportal-coinbase.com" or domainname like "diagnose-coinbase.com" or siteurl like "diagnose-coinbase.com" or url like "diagnose-coinbase.com" or domainname like "650421-coinbase.com" or siteurl like "650421-coinbase.com" or url like "650421-coinbase.com" or domainname like "coinbase-live.com" or siteurl like "coinbase-live.com" or url like "coinbase-live.com" or domainname like "coinbase-diagnostic.com" or siteurl like "coinbase-diagnostic.com" or url like "coinbase-diagnostic.com" or domainname like "coinbase-access.com" or siteurl like "coinbase-access.com" or url like "coinbase-access.com" or domainname like "coinbase-protected.com" or siteurl like "coinbase-protected.com" or url like "coinbase-protected.com" or domainname like "www.protectedvault-coinbase.com" or siteurl like "www.protectedvault-coinbase.com" or url like "www.protectedvault-coinbase.com" or domainname like "www.562789-coinbase.com" or siteurl like "www.562789-coinbase.com" or url like "www.562789-coinbase.com" or domainname like "www.safetystorage-coinbase.com" or siteurl like "www.safetystorage-coinbase.com" or url like "www.safetystorage-coinbase.com" or domainname like "www.defense-coinbase.com" or siteurl like "www.defense-coinbase.com" or url like "www.defense-coinbase.com" or domainname like "482901v-coinbase.com" or siteurl like "482901v-coinbase.com" or url like "482901v-coinbase.com" or domainname like "903182s-coinbase.com" or siteurl like "903182s-coinbase.com" or url like "903182s-coinbase.com" or domainname like "coinbase-myvault.com" or siteurl like "coinbase-myvault.com" or url like "coinbase-myvault.com" or domainname like "www.563901-coinbase.com" or siteurl like "www.563901-coinbase.com" or url like "www.563901-coinbase.com" or domainname like "coinbase-safeguard.com" or siteurl like "coinbase-safeguard.com" or url like "coinbase-safeguard.com" or domainname like "www.safeportal-coinbase.com" or siteurl like "www.safeportal-coinbase.com" or url like "www.safeportal-coinbase.com"

    Detection Query 2 :

    domainname like "securityvault-coinbase.com" or siteurl like "securityvault-coinbase.com" or url like "securityvault-coinbase.com" or domainname like "674933-coinbase.com" or siteurl like "674933-coinbase.com" or url like "674933-coinbase.com" or domainname like "www.coinbase-safeguard.com" or siteurl like "www.coinbase-safeguard.com" or url like "www.coinbase-safeguard.com" or domainname like "protectedvault-coinbase.com" or siteurl like "protectedvault-coinbase.com" or url like "protectedvault-coinbase.com" or domainname like "www.673908-coinbase.com" or siteurl like "www.673908-coinbase.com" or url like "www.673908-coinbase.com" or domainname like "www.diagnose-coinbase.com" or siteurl like "www.diagnose-coinbase.com" or url like "www.diagnose-coinbase.com" or domainname like "safestorage-coinbase.com" or siteurl like "safestorage-coinbase.com" or url like "safestorage-coinbase.com" or domainname like "coldwallets-coinbase.com" or siteurl like "coldwallets-coinbase.com" or url like "coldwallets-coinbase.com" or domainname like "coinbase-myaccount.com" or siteurl like "coinbase-myaccount.com" or url like "coinbase-myaccount.com" or domainname like "562789-coinbase.com" or siteurl like "562789-coinbase.com" or url like "562789-coinbase.com" or domainname like "privacyvault-coinbase.com" or siteurl like "privacyvault-coinbase.com" or url like "privacyvault-coinbase.com" or domainname like "diagnosis-coinbase.com" or siteurl like "diagnosis-coinbase.com" or url like "diagnosis-coinbase.com" or domainname like "www.coinbase-live.com" or siteurl like "www.coinbase-live.com" or url like "www.coinbase-live.com" or domainname like "www.903182s-coinbase.com" or siteurl like "www.903182s-coinbase.com" or url like "www.903182s-coinbase.com" or domainname like "783521-coinbase.com" or siteurl like "783521-coinbase.com" or url like "783521-coinbase.com" or domainname like "www.coinbase-access.com" or siteurl like "www.coinbase-access.com" or url like "www.coinbase-access.com" or domainname like "www.mycoldstorage-coinbase.com" or siteurl like "www.mycoldstorage-coinbase.com" or url like "www.mycoldstorage-coinbase.com" or domainname like "mysecureportal-coinbase.com" or siteurl like "mysecureportal-coinbase.com" or url like "mysecureportal-coinbase.com" or domainname like "www.mysecureportal-coinbase.com" or siteurl like "www.mysecureportal-coinbase.com" or url like "www.mysecureportal-coinbase.com" or domainname like "securesession-coinbase.com" or siteurl like "securesession-coinbase.com" or url like "securesession-coinbase.com" or domainname like "673908-coinbase.com" or siteurl like "673908-coinbase.com" or url like "673908-coinbase.com" or domainname like "securing-coinbase.com" or siteurl like "securing-coinbase.com" or url like "securing-coinbase.com" or domainname like "securedvault-coinbase.com" or siteurl like "securedvault-coinbase.com" or url like "securedvault-coinbase.com" or domainname like "www.674933-coinbase.com" or siteurl like "www.674933-coinbase.com" or url like "www.674933-coinbase.com" or domainname like "www.diagnostics-coinbase.com" or siteurl like "www.diagnostics-coinbase.com" or url like "www.diagnostics-coinbase.com" or domainname like "www.369201v-coinbase.com" or siteurl like "www.369201v-coinbase.com" or url like "www.369201v-coinbase.com" or domainname like "www.901562-coinbase.com" or siteurl like "www.901562-coinbase.com" or url like "www.901562-coinbase.com" or domainname like "www.securedvault-coinbase.com" or siteurl like "www.securedvault-coinbase.com" or url like "www.securedvault-coinbase.com" or domainname like "www.582751v-coinbase.com" or siteurl like "www.582751v-coinbase.com" or url like "www.582751v-coinbase.com" or domainname like "safewallet-coinbase.com" or siteurl like "safewallet-coinbase.com" or url like "safewallet-coinbase.com" or domainname like "673442-coinbase.com" or siteurl like "673442-coinbase.com" or url like "673442-coinbase.com" or domainname like "www.securesession-coinbase.com" or siteurl like "www.securesession-coinbase.com" or url like "www.securesession-coinbase.com" or domainname like "543902-coinbase.com" or siteurl like "543902-coinbase.com" or url like "543902-coinbase.com" or domainname like "diagnostics-coinbase.com" or siteurl like "diagnostics-coinbase.com" or url like "diagnostics-coinbase.com" or domainname like "www.refuge-coinbase.com" or siteurl like "www.refuge-coinbase.com" or url like "www.refuge-coinbase.com"

    Detection Query 3 :

    domainname like "coinbase-securedvault.com" or siteurl like "coinbase-securedvault.com" or url like "coinbase-securedvault.com" or domainname like "www.783521-coinbase.com" or siteurl like "www.783521-coinbase.com" or url like "www.783521-coinbase.com" or domainname like "mycoldstorage-coinbase.com" or siteurl like "mycoldstorage-coinbase.com" or url like "mycoldstorage-coinbase.com" or domainname like "www.safestorages-coinbase.com" or siteurl like "www.safestorages-coinbase.com" or url like "www.safestorages-coinbase.com" or domainname like "www.safewallet-coinbase.com" or siteurl like "www.safewallet-coinbase.com" or url like "www.safewallet-coinbase.com" or domainname like "www.coinbase-protected.com" or siteurl like "www.coinbase-protected.com" or url like "www.coinbase-protected.com" or domainname like "www.coinbase-safevault.com" or siteurl like "www.coinbase-safevault.com" or url like "www.coinbase-safevault.com" or domainname like "901562-coinbase.com" or siteurl like "901562-coinbase.com" or url like "901562-coinbase.com" or domainname like "582751v-coinbase.com" or siteurl like "582751v-coinbase.com" or url like "582751v-coinbase.com" or domainname like "coinbase-storage.com" or siteurl like "coinbase-storage.com" or url like "coinbase-storage.com" or domainname like "www.coldwallets-coinbase.com" or siteurl like "www.coldwallets-coinbase.com" or url like "www.coldwallets-coinbase.com" or domainname like "www.mysafevault-coinbase.com" or siteurl like "www.mysafevault-coinbase.com" or url like "www.mysafevault-coinbase.com" or domainname like "www.coinbase-myaccount.com" or siteurl like "www.coinbase-myaccount.com" or url like "www.coinbase-myaccount.com" or domainname like "www.safevault-coinbase.com" or siteurl like "www.safevault-coinbase.com" or url like "www.safevault-coinbase.com" or domainname like "www.securing-coinbase.com" or siteurl like "www.securing-coinbase.com" or url like "www.securing-coinbase.com" or domainname like "protectedportal-coinbase.com" or siteurl like "protectedportal-coinbase.com" or url like "protectedportal-coinbase.com" or domainname like "refuge-coinbase.com" or siteurl like "refuge-coinbase.com" or url like "refuge-coinbase.com" or domainname like "673827-coinbase.com" or siteurl like "673827-coinbase.com" or url like "673827-coinbase.com" or domainname like "www.673827-coinbase.com" or siteurl like "www.673827-coinbase.com" or url like "www.673827-coinbase.com" or domainname like "www.privacyvault-coinbase.com" or siteurl like "www.privacyvault-coinbase.com" or url like "www.privacyvault-coinbase.com" or domainname like "www.coinbase-diagnostic.com" or siteurl like "www.coinbase-diagnostic.com" or url like "www.coinbase-diagnostic.com"

    Detection Query 4 :

    md5hash IN ("2581b50b6e60fd38634501125ebdabc9","6148ac866a98b412acf9ba6ebd41d4a5","e4d30c315749ff4cb5c99957533b6f45")

    Detection Query 5 :

    sha1hash IN ("05c109d7b5d9ad91ee0eabf84c62f455fce7ec95")

    Detection Query 6 :

    sha256hash IN ("618a4f0d6cb47bdde07a9e1e3dc107ae090d867e3cf728428ce7aeecb4f43296","8d656e2672bfb08872d919d5b7cb3a5acd333bc7bf3f5769d14abfcac99dcd70","a689f599d45421c0509f12e0da9155fdc4f332bfb0234f1a31f5df9df3f14349","db43fa07fba044cd4a8f0df6ec7e4536e8af42b13a6428f8f732b4671ebe6a53","fb72accfbde0c8628140c4ee2e6866efcfcf45f0a65e25ec89177cfbe63ec2a3","6371e212b87bca591d3a52eee0c8af63d67c2345492ceb3bfd63f42967f359b1","3481106ad452f684e0d5ccfa6e7c185663480f6c7fa757caef384415140136ba","5c70dd5ad4d34cd25cceab4421a73686e4ae3c3a3e6ffa61916f245ca9f7697c","142f293512ae56fc8c00fd296bb83ee55c6d33659d200a201519879db7c91dc4","2beb652cdf326670d04da2a5bb75acfe12f6610ca26cf1b4c355de527c56f8e9","80690dcc5b7779ca26ff7b981e101ddb74e5e3bd10edcec343de0325cdfe835a","8a4ae1f830ccf116ee5d92069e98b08a13ef1d77004c7f31a896765b4466313f","a5cc95fa6d8e28f563cda46b9f5a8e5d9ed41bb96dca5f2a43e6c33e5a3fc6a1","7c7017a52c787a08772f42614b670f7b6e5ba472e6db88427945c1310c15b2c0","cd8afec1a9164f5bcfea9b3bd62894cb360ac1e175d305daa3c5f6b4f6acb2dd","03a29678b78f390dc4bbb4f485e4905b640b82cfa99ad976b475c1114d69146e","e73ae1e1eca6be4f96d91e802dfa8a9b1ed29732cc0fb6378ab8d91c9bb0feba","de48ed56bcf188e538d298777f29105c9d4cf7ed68571e2129865e981707e90a","5c929c8cc12504b1b3a164284a6b83ff32e15defe54c9dbae81b0e37e65fe1be","3f14baee32fc0a43bb1270ed987c91bcfeca0ff6be558eb80d9ccade06c2b219","97da665a133d5ada32e0c2705cea6eb4f9b00e6d4506ab1771d70f7c99105b6b","5b58365f174fb44c8b56f7ac354f65b888578a9ae6b56f651066bc926b966152","959c8d65bd8b7acda2c09c0cf2e981ffb675c138cb67fea1d9fdb5f923908b9a","7f6e02f7dfe64bcce460a241fdd5c41d39e43f0b0bec169372ebe3488b7bd9fd","cec9d4e4bd217de80fd55f1b055c7919ed7ee68d04850bd6651f184a0833695e","183bc69ea1f39eeacbc6ee934d2c054878821ae32213de50cfd272546ff04774","b3379bea18d40b3eb33d7626965f5b7424b958bd78290e4b1efbc3f360be94f9","8815d7e3aa9cfa97765c29e89db89f0df1c52ec2e7b71ee9d61bafed1eb1d06a","513a7a0daa03a6591a18b2d850af5ed6ebc6d5e1d04080214ebd3047f2ba70be","0539fbf0e37dd623cd068a357cc876cac68ccf272a8c6e0b361c63e9d6e980bd","af25b1c3b36a97262206842679dc2baef0d654726976330e433547920094abbc","51de550577469f56a7ffd7cb1a1ec1f6ddacfe635e6d20c339873cec6f056521","d583f60cdbd0909965d3e8f14fe6f3d663b93dd6850c7c2e5734954053d0e33d","3b4737d4378bfbe94a22ec6cbbec1996eb7672b8a7c242c021eb7cb3bb533493","de501b275d50622023a44489d23bf78a0157f883eaf970c9a3c2d95c52ac5de0","6994b8b2b870f4e920b969b9efca6bdce9fca8dce2f4a782dfae1e7af2b20a77")

    Reference:

    https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use/


    Tags

    MalwareThreat ActorAPTDPRKIranChinaRussiaLLMsPhishingAI

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.