Cyb0rgbytes
/ gist:12630b615c85123de8851645aeb90770
Created
February 21, 2026 18:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| appsruprov.dllapi-ms-win-core-psm-key-l1-1-2 | |
| api-ms-win-core-psm-plm-l1-1-3 | |
| api-ms-win-core-psm-plm-l1-2-0 | |
| api-ms-win-core-psm-plm-l1-3-0 | |
| api-ms-win-core-psm-rtimer-l1-1-1 | |
| api-ms-win-core-psm-tc-l1-1-1 | |
| -- | |
| ngckeyenum.dllapi-ms-win-ntuser-ie-message-l1-1-0 | |
| user32.dllapi-ms-win-ntuser-ie-window-l1-1-0 | |
| api-ms-win-ntuser-ie-wmpointer-l1-1-0 |
Cyb0rgbytes
/ gist:4e75fef852134bb0768bce3b561c1da1
Created
February 21, 2026 18:20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| appsruprov.dllapi-ms-win-core-psm-key-l1-1-2 | |
| api-ms-win-core-psm-plm-l1-1-3 | |
| api-ms-win-core-psm-plm-l1-2-0 | |
| api-ms-win-core-psm-plm-l1-3-0 | |
| api-ms-win-core-psm-rtimer-l1-1-1 | |
| api-ms-win-core-psm-tc-l1-1-1 | |
| -- | |
| ngckeyenum.dllapi-ms-win-ntuser-ie-message-l1-1-0 | |
| user32.dllapi-ms-win-ntuser-ie-window-l1-1-0 | |
| api-ms-win-ntuser-ie-wmpointer-l1-1-0 |
Cyb0rgbytes
/ gist:0af2225f41a87aa518eecc5fccbe256c
Created
February 21, 2026 18:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| derkziel_form | |
| $DSC | |
| $TXF_DATA | |
| WINDOW~1.DLL | |
| 7Windows.Graphics.Display.DisplayEnhancementOverride.dll | |
| WINDOW~1.DLL | |
| Windows.Graphics.Display.DisplayEnhancementOverride.dll | |
| $DSC | |
| gdi32.dll | |
| gdi32.dll |
Cyb0rgbytes
/ gist:7103abb97f3e21050f6e3307c366176d
Created
February 21, 2026 18:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0xde8feeadc950 \Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05112~31bf3856ad364e35~amd64~~10.0.19041.6456.cat | |
| 0xde8feeade4a0 \Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05110~31bf3856ad364e35~amd64~~10.0.19041.6456.cat | |
| 0xde8feeadfd10 \Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.6456.cat | |
| 0xde8feeae6780 \Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.6456.cat | |
| 0xde8feeae7750 \Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0519~31bf3856ad364e35~amd64~~10.0.19041.6456.cat | |
| 0xde8feef45920 \Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package01~31bf38 |
Cyb0rgbytes
/ gist:57605ba347a910ea6f3b91981f9aba52
Created
February 21, 2026 18:04
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| UnmountAddedScopeRequest | |
| leted | |
| UX.AddToOneDriveShorcutMoved | |
| UX.KFMMigrationRedirectOpBegin | |
| UX.UpdateRingSettingsUpdated | |
| UX.KFMPollOneRMContext | |
| Issues | |
| UX.AddToOneDriveShorcutDeleted | |
| UX.PremiumStateChanged | |
| OpBegin |
Cyb0rgbytes
/ gist:c86befd7905005bc74122ea443e022a6
Created
February 21, 2026 18:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Volatility 3 Framework 2.27.0 | |
| Last Write Time Hive Offset Type Key Name Data Volatile | |
| 2026-01-05 12:49:20.000000 UTC 0xc90c35804000 Key \??\C:\Users\VM\ntuser.dat\SOFTWARE\Microsoft\Windows\CurrentVersion AccountsService N/A False | |
| 2025-12-16 16:40:03.000000 UTC 0xc90c35804000 Key \??\C:\Users\VM\ntuser.dat\SOFTWARE\Microsoft\Windows\CurrentVersion ActivityDataModel N/A False | |
| 2025-12-16 16:39:28.000000 UTC 0xc90c35804000 Key \??\C:\Users\VM\ntuser.dat\SOFTWARE\Microsoft\Windows\CurrentVersion AdvertisingInfo N/A False | |
| 2026-01-05 13:12:45.000000 UTC 0xc90c35804000 Key \??\C:\Users\VM\ntuser.dat\SOFTWARE\Microsoft\Windows\CurrentVersion AppBroadcast N/A False | |
| 2025-12-16 16:39:56.000000 UTC 0xc90c35804000 Key \??\C:\Users\VM\ntuser.dat\SOFTWARE\Microsoft\Windows\CurrentVersion AppHost N/A False | |
| 2025-12-16 16:41:41.000000 UTC 0xc90c35804000 Key \??\C:\Users\VM\ntuser.dat\SOFTWARE\Microsoft\Windows\CurrentVersion A |
Cyb0rgbytes
/ gist:14439338d77ec29627e382cc3cd69e15
Created
February 21, 2026 17:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Volatility 3 Framework 2.27.0 | |
| Last Write Time Hive Offset Type Key Name Data Volatile | |
| - 0xc90c30e9b000 Key [NONAME]\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - - - | |
| - 0xc90c30e78000 Key \REGISTRY\MACHINE\SYSTEM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - - - | |
| - 0xc90c30ef2000 Key \REGISTRY\MACHINE\HARDWARE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - - - | |
| - 0xc90c31983000 Key \SystemRoot\System32\Config\SECURITY\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - - - | |
| - 0xc90c31252000 Key \SystemRoot\System32\Config\SAM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - - - | |
| - 0xc90c3198e000 Key \SystemRoot\System32\Config\SOFTWARE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - - - |
Cyb0rgbytes
/ gist:690c062fb3c78f25c1941b760ca80e1e
Created
February 21, 2026 17:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Volatility 3 Framework 2.27.0 | |
| Offset FileFullPath File output | |
| 0xc90c30e9b000 Disabled | |
| 0xc90c30e78000 \REGISTRY\MACHINE\SYSTEM Disabled | |
| 0xc90c30ef2000 \REGISTRY\MACHINE\HARDWARE Disabled | |
| 0xc90c31983000 \SystemRoot\System32\Config\SECURITY Disabled | |
| 0xc90c31986000 \SystemRoot\System32\Config\DEFAULT Disabled | |
| 0xc90c31252000 \SystemRoot\System32\Config\SAM Disabled |
Cyb0rgbytes
/ gist:ac186634e7e95601d876fb45720e67c4
Created
February 21, 2026 17:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sstarswrong</h3>thing.org/multiheardPowerstandtokensolid(thisbringshipsstafftriedcallsfullyfactsagentThis //-->adminegyptEvent15px;Emailtrue"crossspentblogsbox">notedleavechinasizesguest</h4>robotheavytrue,sevengrandcrimesignsawaredancephase><!--en_US'200px_namelatinenjoyajax.ationsmithU.S. holdspeterindianav">chainscorecomesdoingpriorShare1990sromanlistsjapanfallstrialowneragree</h2>abusealertopera"-//WcardshillsteamsPhototruthclean.php?saintmetallouismeantproofbriefrow">genretrucklooksValueFrame.net/--> | |
| salesteam.flippingbook.com | |
| [{"application":"C:\\Users\\VM\\Desktop\\steam.exe","platform":"x_exe_path"},{"application":"C:\\Users\\VM\\Desktop\\steam.exe","platform":"packageId"},{"application":"","platform":"alternateId"}]wa8OtVOYzA9+oQf+v7kWyCfB0kIztK/ekXXxkyzYCHs=ECB32AF3-1440-4086-94E3-5311F97F89C4 | |
| steam://rungameid/505460 12330 | |
| steam://rungameid/980610 12336 | |
| steam://rungameid/1446780 12343 | |
| steam://rungameid/1229490 12348 | |
| chromeos-steam | |
| steam | |
| chromeos-steam |
Cyb0rgbytes
/ gist:708b805997971bc2d3077721e7aaf9c1
Created
February 21, 2026 17:18
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ZVD9[WD9\XE:]YF:_[G;`\G<a]H<b^I=d_J=e`J>faK>gbL?icL?jdM@kfN@lgOAnhOAoiPBpjQBqkQCslRCtmSDunSDvoTExpUEyqUFzrVF{tWG}uWG~vXG | |
| --% ..&!//'"10(#22)#33*$44+%65,&76,&87-'99.(;:/(<;0)=<1*>=2+@>3+A?3,BA4-CB5-DC6.FD7/GE8/HF80IG91KI:1LJ;2MK<3NL=3PM=4QN>5RO?5SQ@6UR@6VSA7WTB8XUC8ZVD9[WD9\XE:]YF:_[G;`\G<a]H<b^I=d_J=e`J>faK>gbL?icL?jdM@kfN@lgOAnhOAoiPBpjQBqkQCslRCtmSDunSDvoTExpUEyqUFzrVF{tWG}uWG~vXG | |
| HTTP/1.1 200 OK | |
| HTTP/1.1 200 OK | |
| HTTP/1.1 200 OK | |
| -,% --% .-&!/.&!/.&!0/'"00'"10(#21(#21)#32)$43*$43*$54+%54+%65+&75,&76,&87-'97-'98.':8.(:9/(;:/(<:/)<;0)=;0)><1*><1*?=2+?>2+@>2+A?3,A?3,B@4,B@4-CA5-DB5-DB5.EC6.FC6.FD7/GD7/GE8/HF80IF80IG90JG91KH:1KH:1LI:2LJ;2MJ;2NK<3NK<3OL<3PL=4PM=4QN>4QN>4RO>5SO?5SP?5TP@6UQ@6UR@6VRA7VSA7WSB7XTB7XTB8YUC8ZUC8ZVC9[WD9[WD9\XE:]XE:]YE:^YF:_ZF;_ZF;`[G;`\G<a\H<b]H<b]H<c^I=d^I=d_I=e_J=e`J>f`K>gaK>gbK>hbL?icL?icL?jdM@jdM@keM@leN@lfNAmfNAmgOAnhOAohOBoiPBpiPBqjPBqjQCrkQCrkRCslRCtlRCtmSDunSDvnSDvoTDwoTEwpTExpTEyqUEyqUFzrUF{rVF{sVF|sVF|tWG}tWG~uWG~vXG | |
| --% ..&!//'"10(#22)#33*$44+%65,&76,&87-'99.(;:/(<;0)=<1*>=2+@ |
NewerOlder