The following were stuff which would help you to do some hacks in windows 10
NTFS, Fat32, ExFat
Default Partition structure:
- “Windows” – core OS (NTFS)
- “Recovery” (NTFS)
- “Reserved”
- “System” – UEFI (Fat32)
- “Recovery Image” (NTFS)
Can be examined with numerous tools
(e.g. RegistryBrowser, RegistryViewer, X-Ways Forensics, etc.)
- Location of important registry hives:
\Users\user_name\NTUSER.DAT
\Windows\System32\config\DEFAULT
\Windows\System32\config\SAM
\Windows\System32\config\SECURITY
\Windows\System32\config\SOFTWARE
\Windows\System32\config\SYSTEM
Can be examined with numerous tools
(e.g. X-Ways Forensics, etc.)
- Location of EVTX logs:
\Windows\System32\winevt\Logs\
\Windows\System32\winevt\Logs\Microsoft-Windows-Store%4Operational.evtx
- NTUSER.dat
\SOFTWARE\Microsoft\Windows\Shell\Bags\
- UsrClass.dat
- LNK format has not changed
Can be examined with numerous tools
(e.g. X-Ways Forensics, etc.)
- Useful fields:
Hostname
MAC Address
Volume ID
Owner SID
MAC Times
\Users\user_name\AppData\Local\Microsoft\Windows\Explorer\
- Recycle Bin artefacts have not changed
$I
Still provides original file name and path
$R
Original file
- vssadmin tool still provides list of current VSCs
- Windows indexing service is an evidentiary gold mine
Potentially storing emails and other binary items
Great as dictionary list for password cracking
- Stored in an .EDB file
Can be interpreted by EseDbViewer, ESEDatabaseView or X-Ways Forensics
If “dirty” dismount, need to use esentutl.exe
- In Windows 10 stored in the following directory:
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
- Windows 10 features “Cortana”, a personal assistant, which expands upon the unified search platform introduced in Windows 8,
Search encompasses local files, Windows Store & online content
Can set reminders
Can initiate contact (e.g. write emails)
- Cortana Databases (EDBs):
\Users\user_name\AppData\Local\Packages\Microsoft.Windows.Cortana_xxxx\AppData\Indexed DB\IndexedDB.edb
\Users\user_name\AppData\Local\Packages\Microsoft.Windows.Cortana_xxxx\LocalState\ESEDatabase_CortanaCoreInstance\CortanaCireDb.dat
Interesting Tables:
LocationTriggers
Latitude/Longitude and Name of place results
Geofences
Latitude/Longitude for where location based reminders are triggered
Reminders
Creation and completion time (UNIX numeric value)
- The following databases contain a list of notifications:
\Users\user_name\AppData\Local\Microsoft\Windows\Notifications\appdb.dat
Toast notifications are stored in embedded XML
- “Picture Password” is an alternate login method where gestures on top of a picture are used as a password
- This registry key details the path to the location of the “Picture Password” file:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\PicturePassword\user_GUID
- Path of locally stored Picture Password file:
C:\ProgramData\Microsoft\Windows\SystemData\user_GUID\ReadOnly\PicturePassword\background.png
- Applications (Apps) that utilise the Metro Modern UI are treated differently to programs that work in desktop mode
- Apps are installed in the following directory:
\Program Files\WindowsApps\
- Settings and configuration DBs are located in following directories:
\Users\user_name\AppData\Local\Packages\package_name\LocalState\
Two DB formats:
SQLite DBs (.SQL)
Jet DBs (.EDB)
- Apps are purchased/installed via the Windows Store
- During the Insider Preview their was a Beta Store which contained Windows 10 –compatible Apps (e.g. Microsoft Office Apps)
- Registry key of installed applications:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\
- List of deleted applications:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\
- New web browser and rendering engine (Spartan)
- Same as IE10, records no longer stored in Index.DAT files, stored in EDB
- Edge settings are stored in the following file:
\Users\user_name\AppData\Local\Packages\Microsoft.MicrosoftEdge_xxxxx\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\xxxxx\DBStore\spartan.edb
- Edge cache stored in the following directory:
\Users\user_name\AppData\Local\Packages\Microsoft.MicrosoftEdge_xxxx\AC\#!001\MicrosoftEdge\Cache\
- Last active browsing session stored:
\Users\user_name\AppData\Local\Packages\Microsoft.MicrosoftEdge_xxxx\AC\MicrosoftEdge\User\Default\Recovery\Active\
- Edge (and IE) history records stored in the following database:
\Users\user_name\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
- This is actually an .EDB file
- Can be interpreted by EseDbViewer or ESEDatabaseView
- Might be a “dirty” dismount, need to use esentutl.exe
- Database also stores Cookies
- Internet Cache stored in this directory:
\Users\user_name\AppData\Local\Microsoft\Windows\INetCache\
- Internet Cookies stored in this directory:
\Users\user_name\AppData\Local\Microsoft\Windows\INetCookies\
- Body of emails are stored in TXT or HTML format
Can be analysed by a number of tools
Stored in the following directory:
\Users\user_name\AppData\Local\Comms\Unistore\data\
- Metadata of emails are stored in the following DB (EDB format):
\Users\user_name\AppData\Local\Comms\UnistoreDB\store.vol
- Attachments
- Email header
- Contact information
- Unified Communication (UC) is a built-in Microsoft application that brings together all of the following social media platforms (by default):
Appears to be scaled back from Windows 8.x (less integrated as previous People App)
- UC settings are stored in the following DB:
\Users\user_name\AppData\Local\Packages\microsoft.windowscommunicationsapps…\LocalState\livecomm.edb
- Account
SourceID
List of accounts (e.g WL = Windows Live, Skype, TWITR, LI = LinkedIn)
DomainTag
Username for each account
- Contact
List of synched contacts across all account platforms
- Event
Calendar entries (including birthdays of contacts if synched to Windows Live) and locations
- MeContact
Further details about owner accounts
-Person and PersonLink
Further details about each contact including what account they link back to (e.g Skype)
- Locally cached contact entries are stored in this directory:
\Users\user_name\AppData\Local\Packages\microsoft.windowscommunicationsapps_xxxxx\LocalState\Indexed\LiveComm\xxxxx\xxxxx\People\AddressBook\
- Contact photos are stored in this directory (JPGs):
\Users\user_name\AppData\Local\Packages\microsoft.windowscommunicationsapps_xxxx\LocalState\LiveComm\xxxx\xxxx\UserTiles\
- History DB located in following file:
\Users\user_name\AppData\Local\Packages\xxxx.Twitter_xxxxxxx\LocalState\twitter_user_id\twitter.sqlite
- SQLite3 format DB
11 Tables in DB
Relevant tables:
- messages – holds tweets & DMs
- search_queries – holds searches conducted in Twitter app by user
- statuses – lists latest tweets from accounts being followed
- users – lists user account and accounts being followed by user
- The Skype App was discontinued with Windows 10
Windows 10 prompts you to download the desktop Skype application
- Built-in by default, API allows all programs to save files in OneDrive
- List of Synced items located in file:
\Users\user_name\AppData\Local\Microsoft\Windows\OneDrive\settings\xxxxxxxx.dat
- Locally cached items are stored in directory:
\Users\user_name\OneDrive\
- With the release of the Windows Insider program Microsoft introduced the Office Mobile Apps
If you have a valid Office365 account then you can edit and create documents
Otherwise these Apps are read-only
- List of recent documents stored in the following file (XML):
\Users\user_name\AppData\Local\Packages\Microsoft.Office.Word_xxxx\LocalState\AppData\Local\Office\16.0\MruServiceCache\xxxx_LiveId\Excel\Documents_en-AU
- Cached files stored in this directory:
\Users\user_name\AppData\Local\Packages\Microsoft.Office.Word_xxxx\LocalState\OfficeFileCache\
- Files stored as .FSD extension - actually data embedded
- Can be manually carved from FSD file
- List of recent documents stored in the following file (XML):
\Users\user_name\AppData\Local\Packages\Microsoft.Office.Excel_xxxx\LocalState\AppData\Local\Office\16.0\MruServiceCache\xxxx_LiveId\Excel\Documents_en-AU
- Cached files stored in this directory:
\Users\user_name\AppData\Local\Packages\Microsoft.Office.Excel_xxxx\LocalState\OfficeFileCache\
Files stored as .FSD extension actually data embedded
Can be manually carved from FSD file
- List of recent documents stored in the following file (XML):
\Users\user_name\AppData\Local\Packages\Microsoft.Office.PowerPoint_xxxx\LocalState\AppData\Local\Office\16.0\MruServiceCache\xxxx_LiveId\Excel\Documents_en-AU
- Cached files stored in this directory:
\Users\user_name\AppData\Local\Packages\Microsoft.Office.PowerPoint_xxxx\LocalState\OfficeFileCache\
Files stored as .FSD extension - actually data embedded
Can be manually carved from FSD file
- Recent places stored in this file (XML):
\Users\user_name\AppData\Local\Packages\Microsoft.WindowsMaps_xxxx\LocalState\Graph\xxxx\Me\00000000.ttl
Latitude/Longitude
Dates modified (searched)
- WinPMEM (tested versions 1.6.2 & 2.0.1):
Run as Administrator
Has to extract driver to local temp location
V1.6.2 running process ~10MB
V2.0.1 running process ~80MB
- FTK Imager:
Run as Administrator
Running process ~15MB
- FTK Imager
Can be used for Physical or Logical acquisition
- X-Ways Forensics
Can be used for Physical or Logical acquisition
FTK Imager
Nirsoft ESEDatabaseView
RegistryBrowser
WinPMEM
All the credits of this post should go to Brent Muir and security affairs editor, since it was them
that shared a presentation with all the topics. In the bottom of the
post you can get the link to his presentation.
File Systems / Partitions
Supported File Systems:NTFS, Fat32, ExFat
Default Partition structure:
- “Windows” – core OS (NTFS)
- “Recovery” (NTFS)
- “Reserved”
- “System” – UEFI (Fat32)
- “Recovery Image” (NTFS)
Registry Hives
- Registry hives format has not changed
Can be examined with numerous tools
(e.g. RegistryBrowser, RegistryViewer, X-Ways Forensics, etc.)
- Location of important registry hives:
\Users\user_name\NTUSER.DAT
\Windows\System32\config\DEFAULT
\Windows\System32\config\SAM
\Windows\System32\config\SECURITY
\Windows\System32\config\SOFTWARE
\Windows\System32\config\SYSTEM
Event Logs
- EVTX log format has not changedCan be examined with numerous tools
(e.g. X-Ways Forensics, etc.)
- Location of EVTX logs:
\Windows\System32\winevt\Logs\
Event Logs – Windows Store
\Windows\System32\winevt\Logs\Microsoft-Windows-Store%4Operational.evtx
\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx
Prefetch
\Windows\Prefetch\
Shellbags
- NTUSER.dat
\SOFTWARE\Microsoft\Windows\Shell\Bags\
- UsrClass.dat
LNK Shortcuts
- LNK format has not changed
Can be examined with numerous tools
(e.g. X-Ways Forensics, etc.)
- Useful fields:
Hostname
MAC Address
Volume ID
Owner SID
MAC Times
Thumbcache
Location of Thumbcache files:
\Users\user_name\AppData\Local\Microsoft\Windows\Explorer\
Recycle Bin
- Recycle Bin artefacts have not changed
$I
Still provides original file name and path
$R
Original file
Volume Shadow Copies
- vssadmin tool still provides list of current VSCs
Windows Indexing Service
- Windows indexing service is an evidentiary gold mine
Potentially storing emails and other binary items
Great as dictionary list for password cracking
- Stored in an .EDB file
Can be interpreted by EseDbViewer, ESEDatabaseView or X-Ways Forensics
If “dirty” dismount, need to use esentutl.exe
- In Windows 10 stored in the following directory:
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
Cortana
- Windows 10 features “Cortana”, a personal assistant, which expands upon the unified search platform introduced in Windows 8,
Search encompasses local files, Windows Store & online content
Can set reminders
Can initiate contact (e.g. write emails)
- Cortana Databases (EDBs):
\Users\user_name\AppData\Local\Packages\Microsoft.Windows.Cortana_xxxx\AppData\Indexed DB\IndexedDB.edb
\Users\user_name\AppData\Local\Packages\Microsoft.Windows.Cortana_xxxx\LocalState\ESEDatabase_CortanaCoreInstance\CortanaCireDb.dat
Interesting Tables:
LocationTriggers
Latitude/Longitude and Name of place results
Geofences
Latitude/Longitude for where location based reminders are triggered
Reminders
Creation and completion time (UNIX numeric value)
- The following databases contain a list of contacts synched from email accounts:
\Users\user_name\AppData\Local\Packages\Microsoft.Windows.Cortana_xxxx\LocalState\Contacts_xxxxx.cfg
\Users\user_name\AppData\Local\Packages\Microsoft.Windows.Cortana_xxxx\LocalState\Contacts_xxxxx.cfg.txt
\Users\user_name\AppData\Local\Packages\Microsoft.Windows.Cortana_xxxx\LocalState\Contacts_xxxxx.cfg
\Users\user_name\AppData\Local\Packages\Microsoft.Windows.Cortana_xxxx\LocalState\Contacts_xxxxx.cfg.txt
Notification Centre
- The following databases contain a list of notifications:
\Users\user_name\AppData\Local\Microsoft\Windows\Notifications\appdb.dat
Toast notifications are stored in embedded XML
Picture Password
- “Picture Password” is an alternate login method where gestures on top of a picture are used as a password
- This registry key details the path to the location of the “Picture Password” file:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\PicturePassword\user_GUID
- Path of locally stored Picture Password file:
C:\ProgramData\Microsoft\Windows\SystemData\user_GUID\ReadOnly\PicturePassword\background.png
Applications
- Applications (Apps) that utilise the Metro Modern UI are treated differently to programs that work in desktop mode
- Apps are installed in the following directory:
\Program Files\WindowsApps\
- Settings and configuration DBs are located in following directories:
\Users\user_name\AppData\Local\Packages\package_name\LocalState\
Two DB formats:
SQLite DBs (.SQL)
Jet DBs (.EDB)
Windows Store
- Apps are purchased/installed via the Windows Store
- During the Insider Preview their was a Beta Store which contained Windows 10 –compatible Apps (e.g. Microsoft Office Apps)
- Registry key of installed applications:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\
- List of deleted applications:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\
Edge Browser
- New web browser and rendering engine (Spartan)
- Same as IE10, records no longer stored in Index.DAT files, stored in EDB
- Edge settings are stored in the following file:
\Users\user_name\AppData\Local\Packages\Microsoft.MicrosoftEdge_xxxxx\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\xxxxx\DBStore\spartan.edb
- Edge cache stored in the following directory:
\Users\user_name\AppData\Local\Packages\Microsoft.MicrosoftEdge_xxxx\AC\#!001\MicrosoftEdge\Cache\
- Last active browsing session stored:
\Users\user_name\AppData\Local\Packages\Microsoft.MicrosoftEdge_xxxx\AC\MicrosoftEdge\User\Default\Recovery\Active\
Browser History Records
- Edge (and IE) history records stored in the following database:
\Users\user_name\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
- This is actually an .EDB file
- Can be interpreted by EseDbViewer or ESEDatabaseView
- Might be a “dirty” dismount, need to use esentutl.exe
- Database also stores Cookies
Internet Explorer (legacy)
- Internet Cache stored in this directory:
\Users\user_name\AppData\Local\Microsoft\Windows\INetCache\
- Internet Cookies stored in this directory:
\Users\user_name\AppData\Local\Microsoft\Windows\INetCookies\
Email (Mail application)
- Body of emails are stored in TXT or HTML format
Can be analysed by a number of tools
Stored in the following directory:
\Users\user_name\AppData\Local\Comms\Unistore\data\
- Metadata of emails are stored in the following DB (EDB format):
\Users\user_name\AppData\Local\Comms\UnistoreDB\store.vol
- Attachments
- Email header
- Contact information
Unified Communication
- Unified Communication (UC) is a built-in Microsoft application that brings together all of the following social media platforms (by default):
Appears to be scaled back from Windows 8.x (less integrated as previous People App)
- UC settings are stored in the following DB:
\Users\user_name\AppData\Local\Packages\microsoft.windowscommunicationsapps…\LocalState\livecomm.edb
Interesting Tables:
- Account
SourceID
List of accounts (e.g WL = Windows Live, Skype, TWITR, LI = LinkedIn)
DomainTag
Username for each account
- Contact
List of synched contacts across all account platforms
- Event
Calendar entries (including birthdays of contacts if synched to Windows Live) and locations
- MeContact
Further details about owner accounts
-Person and PersonLink
Further details about each contact including what account they link back to (e.g Skype)
- Locally cached contact entries are stored in this directory:
\Users\user_name\AppData\Local\Packages\microsoft.windowscommunicationsapps_xxxxx\LocalState\Indexed\LiveComm\xxxxx\xxxxx\People\AddressBook\
- Contact photos are stored in this directory (JPGs):
\Users\user_name\AppData\Local\Packages\microsoft.windowscommunicationsapps_xxxx\LocalState\LiveComm\xxxx\xxxx\UserTiles\
Twitter App
- History DB located in following file:
\Users\user_name\AppData\Local\Packages\xxxx.Twitter_xxxxxxx\LocalState\twitter_user_id\twitter.sqlite
- SQLite3 format DB
11 Tables in DB
Relevant tables:
- messages – holds tweets & DMs
- search_queries – holds searches conducted in Twitter app by user
- statuses – lists latest tweets from accounts being followed
- users – lists user account and accounts being followed by user
- Settings located in file:
\Users\user_name\AppData\Local\Packages\xxxxx.Twitter_xxxx\Settings\settings.dat
- Includes user name (@xxxxx)
- Details on profile picture URL
- Twitter ID number
\Users\user_name\AppData\Local\Packages\xxxxx.Twitter_xxxx\Settings\settings.dat
- Includes user name (@xxxxx)
- Details on profile picture URL
- Twitter ID number
Skype App (legacy)
- The Skype App was discontinued with Windows 10
Windows 10 prompts you to download the desktop Skype application
OneDrive App
- Built-in by default, API allows all programs to save files in OneDrive
- List of Synced items located in file:
\Users\user_name\AppData\Local\Microsoft\Windows\OneDrive\settings\xxxxxxxx.dat
- Locally cached items are stored in directory:
\Users\user_name\OneDrive\
Microsoft Office Apps
- With the release of the Windows Insider program Microsoft introduced the Office Mobile Apps
If you have a valid Office365 account then you can edit and create documents
Otherwise these Apps are read-only
Word App
- List of recent documents stored in the following file (XML):
\Users\user_name\AppData\Local\Packages\Microsoft.Office.Word_xxxx\LocalState\AppData\Local\Office\16.0\MruServiceCache\xxxx_LiveId\Excel\Documents_en-AU
- Cached files stored in this directory:
\Users\user_name\AppData\Local\Packages\Microsoft.Office.Word_xxxx\LocalState\OfficeFileCache\
- Files stored as .FSD extension - actually data embedded
- Can be manually carved from FSD file
Excel App
- List of recent documents stored in the following file (XML):
\Users\user_name\AppData\Local\Packages\Microsoft.Office.Excel_xxxx\LocalState\AppData\Local\Office\16.0\MruServiceCache\xxxx_LiveId\Excel\Documents_en-AU
- Cached files stored in this directory:
\Users\user_name\AppData\Local\Packages\Microsoft.Office.Excel_xxxx\LocalState\OfficeFileCache\
Files stored as .FSD extension actually data embedded
Can be manually carved from FSD file
PowerPoint App
- List of recent documents stored in the following file (XML):
\Users\user_name\AppData\Local\Packages\Microsoft.Office.PowerPoint_xxxx\LocalState\AppData\Local\Office\16.0\MruServiceCache\xxxx_LiveId\Excel\Documents_en-AU
- Cached files stored in this directory:
\Users\user_name\AppData\Local\Packages\Microsoft.Office.PowerPoint_xxxx\LocalState\OfficeFileCache\
Files stored as .FSD extension - actually data embedded
Can be manually carved from FSD file
OneNote App
Cached files stored in this directory:
\Users\user_name\AppData\Local\Packages\Microsoft.Office.OneNote_xxxx\LocalState\AppData\Local\OneNote\16.0\
- Files stored as xxxx.bin extension
Encoded binary files
Embedded graphics such as PNG or JPG
\Users\user_name\AppData\Local\Packages\Microsoft.Office.OneNote_xxxx\LocalState\AppData\Local\OneNote\16.0\
- Files stored as xxxx.bin extension
Encoded binary files
Embedded graphics such as PNG or JPG
Maps App
- Recent places stored in this file (XML):
\Users\user_name\AppData\Local\Packages\Microsoft.WindowsMaps_xxxx\LocalState\Graph\xxxx\Me\00000000.ttl
Latitude/Longitude
Dates modified (searched)
Memory Acquisition
- WinPMEM (tested versions 1.6.2 & 2.0.1):
Run as Administrator
Has to extract driver to local temp location
V1.6.2 running process ~10MB
V2.0.1 running process ~80MB
- FTK Imager:
Run as Administrator
Running process ~15MB
Live Disk Acquisition
- FTK Imager
Can be used for Physical or Logical acquisition
- X-Ways Forensics
Can be used for Physical or Logical acquisition
Sources:
PresentationFTK Imager
Nirsoft ESEDatabaseView
RegistryBrowser
WinPMEM
🔍🔍Are you Seeking for the Best Legit Professional Hackers online??❓💻💻💻
ReplyDeleteCongratulations Your search ends right here with us. 🔍🔍🔍🔍
🏅ALEXGHACKLORD is a vibrant squad of dedicated online hackers maintaining the highest standards and unparalleled professionalism in every aspect.
We Are One Of The Leading Hack Teams in The United States🇺🇸🇺🇸 With So many Accolades From The IT Companies🏆🏅🥇. In this online world there is no Electronic Device we cannot hack. Having years of experience in serving Clients with Professional Hacking services, we have mastered them all. You might get scammed for wrong hacking services or by fake hackers on the Internet. Don't get fooled by scamers that are advertising false professional hacking services via False Testimonies, and sort of Fake Write Ups.❌❌❌❌
* ALEXGHACKLORD is the Answers to your prayers. We Can help you to recover the password of your email, Facebook or any other accounts, Facebook Hack, Phone Hack (Which enables you to monitor your kids/wife/husband/boyfriend/girlfriend, by gaining access to everything they are doing on their phone without their notice), You Wanna Hack A Website or Database? You wanna Clear your Criminal Records?? Our Team accepts all types of hacking orders and delivers assured results to alleviate your agonies and anxieties. Our main areas of expertise include but is never confined to:
✅Website hacking 💻,✅Facebook and social media hacking📲, ✅Database hacking, Email hacking⌨️, ✅Phone and Gadget Hacking📲💻,✅Clearing Of Criminal Records❌ ✅Location Tracking✅ Credit Card Loading✅ and many More✅
🏅We have a trained team of seasoned professionals under various skillsets when it comes to online hacking services. Our company in fact houses a separate group of specialists who are productively focussed and established authorities in different platforms. They hail from a proven track record and have cracked even the toughest of barriers to intrude and capture or recapture all relevant data needed by our Clients. 📲💻
🏅 ALEXGHACKLORD understands your requirements to hire a professional hacker and can perceive what actually threatens you and risk your business⚔️, relationships or even life👌🏽. We are 100% trusted professional hacking Organization and keep your deal entirely confidential💯. We are aware of the hazards involved. Our team under no circumstances disclose information to any third party❌❌. The core values adhered by our firm is based on trust and faith. Our expert hacking online Organization supports you on time and reply to any query related to the unique services we offer. 💯
🏅ALEXGHACKLORD is available for customer care 24/7, all day and night. We understand that your request might be urgent, so we have a separate team of allocated hackers who interact with our Clients round the clock⏰. You are with the right people so just get started.💯✅
✅CONTACT US TODAY VIA:✅
📲 ALEXGHACKLORD@GMAiL. COM 📲
Reply
An hacker helped me to spy on my wife’s WhatsApp,mails and every text message that was sent to her iPhone and every deleted messages of the past six months you can message him through this number (+13852501115) or contact him via email at brillianthackers800@gmail.com
ReplyDeleteSelling USA FRESH SPAMMED SSN Leads/Fullz, along with Driving License/ID Number with EXCELLENT connectivity.
ReplyDelete**PRICE**
>>2$ FOR EACH LEAD/FULLZ/PROFILE
>>5$ FOR EACH PREMIUM LEAD/FULLZ/PROFILE
>All Leads are Tested & Verified.
>Invalid info found, will be replaced.
>Serious buyers will be welcome & will give discounts to them.
>Fresh spammed data of USA Credit Bureau
>Good credit Scores, 700 minimum scores.
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
**DETAILS IN EACH LEAD/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER WITH EXPIRY DATE
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL, I.P ADDRESS
->EMPLOYEE DETAILS
->REALTIONSHIP DETAILS
->MORTGAGE INFO
->BANK ACCOUNT DETAILS
->Bulk order will be preferable
->Minimum order 25 to 30 leads/fullz
->Hope for the long term business
->You can asked for specific states & zips
->You can demand for samples if you want to test
->Data will be given with in few mins after payment received
->Payment mode BTC, PAYPAL & PERFECT MONEY
**Contact 24/7**
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
**SELLING SSN+DOB FULLZ**
ReplyDeleteCONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
>>1$ each without DL/ID number
>>2$ each with DL
>>5$ each for premium (also included relative info)
*Will reduce price if buying in bulk
*Hope for a long term business
FORMAT OF LEADS/FULLZ/PROS
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER WITH EXPIRY DATE
->COMPLETE ADDRESS
->PHONE NUMBER, EMAIL, I.P ADDRESS
->EMPLOYMENT DETAILS
->REALTIONSHIP DETAILS
->MORTGAGE INFO
->BANK ACCOUNT DETAILS
>Fresh Leads for tax returns & w-2 form filling
>Payment mode BTC, ETH, LTC, PayPal, USDT & PERFECT MONEY
''OTHER GADGETS PROVIDING''
>SSN+DOB Fullz
>CC with CVV
>Photo ID's
>Dead Fullz
>Spamming Tutorials
>Carding Tutorials
>Hacking Tutorials
>SMTP Linux Root
>DUMPS with pins track 1 and 2
>Sock Tools
>Server I.P's
>HQ Emails with passwords
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
THANK YOU
Thanks for sharing this.,
ReplyDeleteScrum master certification online
csm certification online