論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available
論文名稱 Title |
分析系統記錄檔的神經網路為基礎之鑑識系統 A Neural Network based Forensic System by Analyzing System Log |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
91 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2019-07-24 |
繳交日期 Date of Submission |
2019-08-15 |
關鍵字 Keywords |
Windows事件紀錄、自動化分析、數位鑑識、Sysmon事件紀錄 Digital Forensics, Sysmon Event Log, Automatic analysis, Windows Event Log |
||
統計 Statistics |
本論文已被瀏覽 6029 次,被下載 0 次 The thesis/dissertation has been browsed 6029 times, has been downloaded 0 times. |
中文摘要 |
數位鑑識,又稱作電腦與網路鑑識,是在網路犯罪後,藉由一連串嚴謹的步驟來蒐集並分析數位證據,最後從中找到網路罪犯的犯罪手法與目的。面對攻擊手法日益多元的資安事件,企業與組織對於數位鑑識的需求逐漸增加。然而數位鑑識是一門需要專家經驗且耗費大量時間分析的學問。 目前數位鑑識面臨的困難在於數位證據的資料量過大,而現有的研究與數位鑑識軟體較多著重在證據蒐集的便利性與簡化鑑識工具使用與選擇,蒐集回來龐大的資料使鑑識人員無法有效地分析全部的數位證據,增加了數位鑑識的困難,因此如何迅速且正確的蒐集與分析受害電腦的數位證據為數位鑑識所面臨的挑戰。 本研究依照鑑識流程的核心準則,開發一套自動化鑑識分析系統,蒐集Sysmon事件紀錄與Windows事件紀錄,從Sysmon事件紀錄解析出系統中的處理程序、檔案系統、登錄檔、網路連線,利用神經網路分析,分類出記錄檔中惡意軟體產生的事件,並搭配Security事件紀錄找出可能為異常的系統事件,協助鑑識人員初步判別出記錄檔中惡意的活動。最後藉由大量良性軟體與惡意軟體的實驗、與商用鑑識軟體的成效比較以及與專業鑑識報告的比較,證實本研究的系統可準確地協助鑑識人員進行鑑識與分析。 |
Abstract |
Digital forensics, also known as computer and network forensics, is to collect and analyze digital evidences by following a rigorous forensic process upon the occurrence of a security incident and to discover the root cause of the incident. Facing the increasingly diversified attack techniques constantly, businesses and organizations are seeking for an efficient digital forensics solution. However, digital forensics is a science that requires lots of security expertise and experience; analyzing massive amount of evidences is time consuming. Most organizations lack of professionals as well as resources to perform the task promptly and efficiently. One big challenge of digital forensics lies in the fact that digital evidences are enormous, while most digital forensic software focus on the process of evidence collection and little on assisting users to identify the malicious behaviors. An integrated digital forensic system is desired, performing the collection as well as analysis of the evidence automatically. Therefore, this research develops an automatic forensic analysis system, which collects multiple digital evidences including Sysmon Event Log and Windows Event Log, analyzes the evidences by using machine learning approach, neural network, to detect the malicious behaviors. Through a lot of experiment, the experimental results show that this research can accurately assist forensics staff. |
目次 Table of Contents |
論文審定書 i 論文公開授權書 ii 致謝 iii 摘要 iv Abstract v 目錄 vi 圖次 viii 表次 x 第一章 緒論 1 11 研究背景 1 12 研究動機 2 第二章 文獻探討 5 21 數位鑑識流程 5 22 數位證據 6 23 Windows事件紀錄 8 24 Sysmon事件紀錄 13 25 神經網路簡介 16 26 惡意軟體與記錄檔分析 17 第三章 研究方法與步驟 20 31 證據蒐集模組 21 32 前處理模組 21 321 證據型態 22 322 證據特徵擷取 24 33 分析與偵測模型 32 331 事件ID分析模型 33 332 事件ID與事件屬性分析模型 35 34 報告模組 36 第四章 系統評估 38 41 實驗1 鑑識分析模型建置 38 42 實驗2 本研究鑑識分析模型成效 51 43 實驗3 鑑識報告比較 57 44 實驗4 商用鑑識軟體比較 62 第五章 研究貢獻與未來展望 67 參考文獻 68 附錄一 72 附錄二 75 附錄三 77 附錄四 79 附錄五 80 圖 2-1、數位鑑識流程 6 圖 2-2、Windows事件紀錄的種類 8 圖 2-3、Windows事件記錄檔儲存位置 9 圖 2-4、Event Tracing for Windows 9 圖 2-5、evtx的組成圖 10 圖 2-6、evtx的Xml結構 10 圖 2-7、Windows事件檢視器 11 圖 2-8、NSA 提出需注意的事件ID 12 圖 2-9、Martini等學者提出需注意的事件ID 12 圖 2-10、Tobiyama 等學者的研究方法流程圖 18 圖 2-11、Srikumar 等學者的研究方法流程圖 19 圖 3-1、系統架構圖 21 圖 3-2、惡意軟體鑑識的證據來源 22 圖 3-3、處理程序所使用到的事件與關係 33 圖 3-4、事件ID分析模型結構圖 35 圖 3-5、事件ID與事件屬性分析模型結構圖 36 圖 4-1、事件ID分析模型:訓練集與驗證集不同比例長條圖 44 圖 4-2、事件ID分析模型訓練階段的損失率 45 圖 4-3、事件ID分析模型訓練階段的準確率 45 圖 4-4、事件ID分析模型:本研究提出的方法與SVM比較長條圖 46 圖 4-5、事件ID與事件屬性分析模型:訓練集與驗證集不同比例長條圖 49 圖 4-6、事件ID與事件屬性分析模型訓練階段的損失率 49 圖 4-7、事件ID與事件屬性分析模型訓練階段的準確率 50 圖 4-8、事件ID與事件屬性分析模型:本研究提出的方法與SVM比較長條圖 51 圖 4-9、實驗2-2:事件ID分析模型的ROC圖 53 圖 4-10、實驗2-2:事件ID與事件屬性分析模型的ROC圖 55 圖 4-11、報告模組-深度1的處理程序行為 58 圖 4-12、報告模組-深度2的處理程序行為 59 圖 4-13、報告模組-深度1的檔案系統行為 60 圖 4-14、報告模組-深度2的檔案系統行為 60 圖 4-15、報告模組-登錄檔行為 61 圖 4-16、報告模組-網路連線行為 62 表 2-1、Sysmon紀錄之事件 14 表 3-1、處理程序使用到的Sysmon事件ID與屬性 26 表 3-2、檔案系統使用到的Sysmon事件ID與事件屬性 28 表 3-3、登錄檔使用到的Sysmon事件ID與事件屬性 30 表 3-4、網路連線使用到的Sysmon事件ID與事件屬性 31 表 3-5、Windows事件紀錄使用到的事件ID與說明 32 表 4-1、實驗項目列表 38 表 4-2、良性軟體系統環境規格 39 表 4-3、惡意軟體系統環境規格 39 表 4-4、訓練系統環境規格 40 表 4-5、惡意軟體資料集的分類 41 表 4-6、事件ID分析模型的參數設定 43 表 4-7、事件ID分析模型:訓練集與驗證集不同比例數據 44 表 4-8、事件ID分析模型:本研究提出的方法與SVM比較數據 46 表 4-9、事件ID與事件屬性分析模型的參數設定 47 表 4-10、事件ID與事件屬性分析模型:訓練集與驗證集不同比例數據 48 表 4-11、事件ID與事件屬性分析模型:本研究提出的方法與SVM 比較數據 50 表 4-12、實驗2之子實驗項目列表 51 表 4-13、實驗2-1的真陽性率 52 表 4-14、實驗2-2:事件ID分析模型的混淆矩陣 53 表 4-15、實驗2-2:事件ID分析模型的評量彙整表 53 表 4-16、實驗2-2:事件ID與事件屬性分析模型的混淆矩陣 54 表 4-17、實驗2-2:事件ID與事件屬性分析模型的評量彙整表 54 表 4-18、實驗2-3:事件ID分析模型的惡意軟體說明與評量彙整表 56 表 4-19、實驗2-3:事件ID與事件屬性分析模型的惡意軟體說明與評量彙整表 57 表 4-20、本研究與其他數位鑑識軟體比較 65 表 4-21、本研究與eDetector的真陽性率比較 66 |
參考文獻 References |
[1] 黃彥棻, "【詳細圖解】駭客入侵一銀ATM流程追追追," Jul. 25, 2016. [Online]. Available: https://www.ithome.com.tw/news/107294, [Accessed on: Jun. 13, 2019.] [2] "新勒索病毒「想哭」襲擊全球," May. 14, 2017. [Online]. Available: https://features.ltn.com.tw/spring/article/2019/paper/1102158, [Accessed on: Jun. 13, 2019.] [3] 吳其勳, "究竟誰搶劫遠銀?新報告指證北韓網軍專搶銀行的APT 38組織," Oct. 3, 2018. [Online]. Available: https://www.ithome.com.tw/news/126245, [Accessed on: Jun. 13, 2019.] [4] FireEye, "APT38 Un-usual Suspects," Oct 2018. [Online]. Available: https://app.cdn.lookbookhq.com/lbhq-production/10427/content/original/5de5022e-bbc4-4175-af8d-6bf8d4e48630/rpt-apt38-2018-web_v5.pdf#page=20, [Accessed on: Oct. 25, 2018.] [5] T Grance, S. Chevalier, K. K. Kent, and H. Dang, "Guide to Integrating Forensic Techniques into Incident Response," Special Publication (NIST SP) - 800-862006. [Online]. Available: https://www.nist.gov/publications/guide-integrating-forensic-techniques-incident-response, [Accessed on: May. 18, 2019.] [6] "資通安全管理法施行細則," Nov. 21, 2018. [Online]. Available: https://law.moj.gov.tw/LawClass/LawAll.aspx?pcode=A0030303, [Accessed on: Jul. 21, 2019.] [7] "資通安全管理法," Jul. 6, 2018. [Online]. Available: https://law.moj.gov.tw/LawClass/LawAll.aspx?pcode=A0030297, [Accessed on: Jul. 21, 2019.] [8] S. Soltani and S. A. H. Seno, "A survey on digital evidence collection and analysis," in 2017 7th International Conference on Computer and Knowledge Engineering (ICCKE), 2017, pp. 247-253. [9] BakerHostetler, "Building Cyber Resilience Compromise Response Intelligence in Action," Feb 2018. [Online]. Available: https://f.datasrvr.com/fr1/518/85193/2018_BakerHostetler_Data_Security_Incident_Response_Report.pdf, [Accessed on: Oct. 25, 2018.] [10] S. L. Garfinkel, "Forensic feature extraction and cross-drive analysis," Digital Investigation, vol. 3, pp. 71-81, 2006. [11] H.-W. Cheng and C.-H. Yang, "Design and Implementation of Windows Based Computer Forensics Management System," 2011. [12] P.-H. Yen, C.-H. Yang, and T.-N. Ahn, "Design and Implementation of a Live-analysis Digital Forensic System,," in International Conference on Convergence and Hybrid Information Technology (ICHIT 2009), 2009. [13] D. N. Patil and B. B. Meshram, "RegForensicTool: Evidence Collection and Analysis of Windows Registry," International Journal of Cyber-Security and Digital Forensics, vol. 5, pp. 94-105, 2016. [14] A. Barakat and A. Hadi, "Windows Forensic Investigations Using PowerForensics Tool," in 2016 Cybersecurity and Cyberforensics Conference (CCC), 2016, pp. 41-47. [15] Z. X. Tsai, "自動化資安事件應變之鑑識系統," 2018. [16] Statcounter, "Desktop Operating System Market Share Worldwide." [Online]. Available: http://gs.statcounter.com/os-market-share/desktop/worldwide, [Accessed on: Jun. 13, 2019.] [17] Netmarketshare, "Operating System Market Share." [Online]. Available: https://www.netmarketshare.com/operating-system-market-share.aspx?options=%7B%22filter%22%3A%7B%22%24and%22%3A%5B%7B%22deviceType%22%3A%7B%22%24in%22%3A%5B%22Desktop%2Flaptop%22%5D%7D%7D%5D%7D%2C%22dateLabel%22%3A%22Trend%22%2C%22attributes%22%3A%22share%22%2C%22group%22%3A%22platform%22%2C%22sort%22%3A%7B%22share%22%3A-1%7D%2C%22id%22%3A%22platformsDesktop%22%2C%22dateInterval%22%3A%22Monthly%22%2C%22dateStart%22%3A%222018-06%22%2C%22dateEnd%22%3A%222019-05%22%2C%22segments%22%3A%22-1000%22%7D, [Accessed on: Jun. 13, 2019.] [18] thycotic, "BLACK HAT 2018 HACKER SURVEY REPORT ". [Online]. Available: https://go.thycotic.com/l/101722/2018-09-12/5gf8wq/101722/74015/Report_2018_Black_Hat_Survey.pdf?_ga=2.52829416.1772536159.1560412381-274843393.1560412381, [Accessed on: Jun. 13, 2019.] [19] "Locard's exchange principle," Wikipedia, . [Online]. Available: https://en.wikipedia.org/wiki/Locard%27s_exchange_principle, [Accessed on: May. 18, 2019.] [20] JPCERT/CC, "Detecting Lateral Movement through Tracking Event Logs (Version 2)," Dec. 05, 2017. [Online]. Available: https://www.jpcert.or.jp/english/pub/sr/Detecting%20Lateral%20Movement%20through%20Tracking%20Event%20Logs_version2.pdf, [Accessed on: Oct. 27, 2018.] [21] S. Tomonaga, "APT Log Analysis -Tracking Attack Tools by Audit Policy and Sysmon-," JPCERT/CC,Jun. 16, 2017. [Online]. Available: https://www.first.org/resources/papers/conf2017/APT-Log-Analysis-Tracking-Attack-Tools-by-Audit-Policy-and-Sysmon.pdf, [Accessed on: Oct. 27, 2018.] [22] "About Event Tracing," Microsoft, May. 31, 2018. [Online]. Available: https://docs.microsoft.com/en-us/windows/desktop/etw/about-event-tracing, [Accessed on: May. 18, 2019.] [23] B. Charter, "EVTX and Windows Event Logging," Nov. 13, 2008. [Online]. Available: https://www.sans.org/reading-room/whitepapers/logging/evtx-windows-event-logging-32949, [Accessed on: May. 18, 2019.] [24] A. Schuster, "Introducing the Microsoft Vista event log file format," Digital Investigation, vol. 4, pp. 65-72, 2007. [25] J. Talebi, A. Dehghantanha, and R. Mahmoud, "Introducing and Analysis of the Windows 8 Event Log for Forensic Purposes," in Computational Forensics, Cham, 2015, pp. 145-162: Springer International Publishing. [26] K. Dashora, D. S. Tomar, and J. Rana, "A practical approach for evidence gathering in Windows environment," International Journal of Computer Applications, vol. 5, no. 10, pp. 21-27, 2010. [27] "Spotting the Adversary with Windows Event Log Monitoring," 2015. [28] Q. Do, B. Martini, J. Looi, Y. Wang, and K.-K. Choo, "Windows Event Forensic Process," in Advances in Digital Forensics X, Berlin, Heidelberg, 2014, pp. 87-100: Springer Berlin Heidelberg. [29] A. R. Ahmad, Anthonie., " FIRESTORM: Exploring the Need for a Forensic Tool for Pattern Correlation in Windows NT Audit Logs," presented at the 3rd Australian Information Warfare and Security Conference 2002 , 2002. [30] J. M. Aquilina, E. Casey, and C. Malin, Malware Forensics: Investigating and Analyzing Malicious Code. 2008, pp. 1-674. [31] T. G. Mark Russinovich "Sysmon v8.0," July, 5 2018. [Online]. Available: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon, [Accessed on: Oct. 25, 2018.] [32] C. Pascariu and I. Barbu, "Dynamic analysis of malware using artificial neural networks: Applying machine learning to identify malicious behavior based on parent process hirarchy," in 2017 9th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 2017, pp. 1-5. [33] V. Mavroeidis and A. Jøsang, "Data-Driven Threat Hunting Using Sysmon," presented at the Proceedings of the 2nd International Conference on Cryptography, Security and Privacy, Guiyang, China, 2018. [34] M. Khan, C. R. Chatwin, and R. C. Young, "A framework for post-event timeline reconstruction using neural networks," vol. 4, no. 3-4, pp. 146-157, 2007. [35] D. Hendler, S. Kels, and A. Rubin, "Detecting Malicious PowerShell Commands using Deep Neural Networks," presented at the Proceedings of the 2018 on Asia Conference on Computer and Communications Security, Incheon, Republic of Korea, 2018. [36] S. Tobiyama, Y. Yamaguchi, H. Shimada, T. Ikuse, and T. Yagi, "Malware Detection with Deep Neural Network Using Process Behavior," in 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), 2016, vol. 2, pp. 577-582. [37] S. Hochreiter and J. Schmidhuber, "Long Short-term Memory," Neural computation, vol. 9, pp. 1735-80, 12/01 1997. [38] K. Cho et al., "Learning Phrase Representations using RNN Encoder–Decoder for Statistical Machine Translation," Doha, Qatar, 2014, pp. 1724-1734: Association for Computational Linguistics. [39] K. Berlin, D. Slater, and J. Saxe, "Malicious Behavior Detection using Windows Audit Logs," in AISec '15 Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security, 2015, pp. Pages 35-44 [40] "Process Monitor." [Online]. Available: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon, [Accessed on: Jul. 3, 2019.] [41] M. Du, F. Li, G. Zheng, and V. Srikumar, "DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning," presented at the Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Securit, Dallas, Texas, USA, 2017. [42] 黃彥棻, "因應個資法 企業該如何有效保存數位資訊," iThome, Nov. 23, 2012. [Online]. Available: https://www.ithome.com.tw/node/77448, [Accessed on: May. 18, 2019.] [43] "EventLogRecord Class," Microsoft. [Online]. Available: https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.eventing.reader.eventlogrecord?view=netframework-4.7.2, [Accessed on: May. 18, 2019.] [44] "Overview of the Windows Registry," Microsoft, Oct. 8, 2009. [Online]. Available: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc781906(v=ws.10), [Accessed on: May. 18, 2019.] [45] H. Xie, K. Jiang, X. Yuan, and H. Zeng, "Forensic Analysis of Windows Registry Against Intrusion," International Journal of Network Security & Its Applications, vol. 4, 2012. [46] G. L. Mengíbar, "Bypassing UAC using Registry Keys," ATTACKIQ, 2018. [Online]. Available: https://www.attackiq.com/blog/2018/05/14/bypassing-uac-using-registry-keys/, [Accessed on: May. 18, 2019.] [47] D. Perez, "Malicious registry keys: Reflective injection," Welivesecurity, May. 15, 2017. [Online]. Available: https://www.welivesecurity.com/2017/05/15/malicious-registry-keys-reflective-injection/, [Accessed on: May. 18, 2019.] [48] M. Pilkington and R. Lee, "DFIR "Find Evil"," SANS, . [Online]. Available: https://digital-forensics.sans.org/media/poster_2014_find_evil.pdf, [Accessed on: May. 18, 2019.] [49] "CreateRemoteThread DLL Injection," Wikileaks, . [Online]. Available: https://wikileaks.org/ciav7p1/cms/page_3375330.html, [Accessed on: May. 18, 2019.] [50] T. L. 趨勢科技全球技術支援與研發中心, "針對性目標攻擊 (Targeted attack ):Shadow Force 挾持 DLL 程式庫攻擊南韓媒體," Trend MicroSep. 8, 2015. [Online]. Available: https://blog.trendmicro.com.tw/?tag=dll-hijacking, [Accessed on: May. 18, 2019.] [51] "Process Security and Access Rights," Microsoft, May. 31, 2018. [Online]. Available: https://docs.microsoft.com/en-us/windows/desktop/procthread/process-security-and-access-rights, [Accessed on: May. 18, 2019.] [52] B. Deply, "mimikatz." [Online]. Available: https://github.com/gentilkiwi/mimikatz, [Accessed on: May. 18, 2019.] [53] "ATT&CK," MITRE, . [Online]. Available: https://attack.mitre.org/, [Accessed on: May. 19, 2019.] [54] R. Rodriguez, "MITRE ATT&CK PYTHON CLIENT: Data Sources." [Online]. Available: https://github.com/Cyb3rWard0g/ATTACK-Python-Client/blob/master/notebooks/ATT%26CK_DataSources.ipynb, [Accessed on: May. 19, 2019.] [55] ERICLAW, "Downloads and the Mark-of-the-Web," Apr. 4, 2016. [Online]. Available: https://textslashplain.com/2016/04/04/downloads-and-the-mark-of-the-web/, [Accessed on: May. 19, 2019.] [56] "Timeline Analysis," forensicswiki, Apr. 4, 2015. [Online]. Available: https://www.forensicswiki.org/wiki/Timeline_Analysis, [Accessed on: May. 19, 2019.] [57] M. Gül and E. Kugu, "A survey on anti-forensics techniques," in 2017 International Artificial Intelligence and Data Processing Symposium (IDAP), 2017, pp. 1-6. [58] O. J. Adebayo, I. ASuleiman, A. Y. Ade, S. O. Ganiyu, and I. O. Alabi, "Digital Forensic analysis for enhancing information security," in 2015 International Conference on Cyberspace (CYBER-Abuja), 2015, pp. 38-44. [59] "Timestomp," forensicswiki, Jul. 17, 2014. [Online]. Available: https://www.forensicswiki.org/wiki/Timestomp, [Accessed on: May. 19, 2019.] [60] B. Infosec, "List of autorun keys / malware persistence Windows registry entries," peerlyst, Jul. 25, 2017. [Online]. Available: https://www.peerlyst.com/posts/list-of-autorun-keys-malware-persistence-windows-registry-entries-benjamin-infosec, [Accessed on: May. 19, 2019.] [61] "AppInit DLLs," Mitre, . [Online]. Available: https://attack.mitre.org/techniques/T1103/.] [62] J. Milletary, "Citadel Trojan Malware Analysis," 2012. [Online]. Available: https://botnetlegalnotice.com/citadel/files/Patel_Decl_Ex20.pdf, [Accessed on: May. 19, 2019.] [63] M. Melliang, "Windows Security Feature Abused, Blocks Security Software," Jun. 11, 2014. [Online]. Available: https://blog.trendmicro.com/trendlabs-security-intelligence/windows-security-feature-abused-blocks-security-software/, [Accessed on: May. 19, 2019.] [64] N. Grossman, "EternalBlue – Everything There Is To Know," Checkpoint, Sep. 29, 2017. [Online]. Available: https://research.checkpoint.com/eternalblue-everything-know/, [Accessed on: May. 19, 2019.] [65] "Malware Knowledge Base." [Online]. Available: https://owl.nchc.org.tw/, [Accessed on: Jun. 14, 2019.] [66] 臺灣學術網路危機處理中心團隊(TACERT), "個案分析礦工木馬 PhotoMiner 病毒感染校園主機事件分析報告," 2017. [Online]. Available: https://portal.cert.tanet.edu.tw/docs/pdf/201709290109555585771228906051.pdf, [Accessed on: Jul. 3, 2019.] |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 論文使用權限 Thesis access permission:自定論文開放時間 user define 開放時間 Available: 校內 Campus: 已公開 available 校外 Off-campus: 已公開 available |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |