home *** CD-ROM | disk | FTP | other *** search

---

/ ftp.networkinstruments.com / 2015-02-04.ftp.networkinstruments.com.tar / ftp.networkinstruments.com / pub / demos / ObserverSetup.exe / Common / HacksViruses.reg

< prev

next >

Wrap

Windows Registry Data  |  2012-07-30  |  151KB  |  2,212 lines

---

1. REGEDIT4
2.  
3. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\ Empty Filter]
4. "FilterBuffer"=hex:13,00,00,00,01,00,00,00,0b,00,00,00,00,00,00,00,00,00,00
5. "RGBValue"=dword:00000000
6. "szFolder"=""
7.  
8. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Chat Clients) AIM, ICQ, Yahoo, MSN]
9. "FilterBuffer"=hex:6c,01,00,00,09,00,00,00,2b,00,33,00,00,00,1f,00,00,ab,00,00,\
10.   00,00,01,00,06,00,02,00,00,c8,00,00,12,61,69,6d,65,78,70,72,65,73,73,2e,61,\
11.   6f,6c,2e,63,6f,6d,28,00,72,00,5b,00,1f,00,00,3b,11,00,02,00,01,00,06,00,01,\
12.   00,00,00,00,01,02,2a,01,01,00,06,00,01,00,00,00,00,01,02,2a,02,17,00,00,00,\
13.   9a,00,20,00,01,2e,00,06,00,50,00,00,00,00,00,00,00,00,00,28,00,b3,00,5b,00,\
14.   1f,00,00,45,11,00,02,00,01,00,06,00,01,00,00,00,00,01,02,2a,03,01,00,06,00,\
15.   01,00,00,00,00,01,02,2a,04,19,00,00,00,00,00,21,00,01,2d,00,00,00,00,01,00,\
16.   05,00,00,00,00,00,00,00,00,28,00,db,00,5b,00,1f,00,00,d4,11,00,02,00,01,00,\
17.   06,00,01,00,00,00,00,01,02,2a,05,01,00,06,00,01,00,00,00,00,01,02,2a,06,3a,\
18.   00,15,01,00,00,1f,00,00,9c,21,00,02,00,01,00,06,00,01,00,00,00,00,01,12,56,\
19.   45,52,20,31,20,4d,53,4e,50,38,20,43,56,52,30,0d,0a,01,00,06,00,01,00,00,00,\
20.   00,00,04,43,52,56,20,3a,00,4f,01,00,00,1f,00,00,4c,15,00,01,00,01,00,06,00,\
21.   02,00,00,c8,00,01,06,4d,53,4d,53,47,53,01,00,06,00,02,00,00,c8,00,00,10,57,\
22.   69,6e,64,6f,77,73,4d,65,73,73,65,6e,67,65,72,1d,00,00,00,00,00,1f,00,00,a5,\
23.   00,00,00,00,01,00,06,00,01,00,00,00,00,00,04,59,4d,53,47
24. "szDescr"="Captures connection requests from Chat Client programs to Chat Servers."
25. "RGBValue"=dword:00400080
26. "bFilterBasedAlarm"=dword:00000001
27. "szFolder"="Peer-To-Peer and Chat Client Filters"
28.  
29. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Hack) Back Orifice Trojan]
30. "FilterBuffer"=hex:c6,00,00,00,07,00,00,00,17,00,1f,00,00,00,1e,00,00,34,02,11,\
31.   00,69,7a,00,00,00,00,00,00,00,00,17,00,36,00,00,00,1e,00,00,ec,02,11,00,00,\
32.   04,00,00,01,00,69,7a,00,00,17,00,68,00,4d,00,1e,00,00,fd,01,06,00,50,00,00,\
33.   00,00,00,00,00,00,00,1b,00,00,00,7f,00,1f,00,00,eb,00,00,00,00,01,00,02,00,\
34.   01,0d,00,00,00,02,02,10,00,17,00,00,00,a1,00,1e,00,00,7c,02,11,00,69,7a,00,\
35.   00,00,00,00,00,00,00,22,00,00,00,00,00,1f,00,00,8a,00,00,00,00,01,00,06,00,\
36.   01,00,00,00,00,01,09,73,65,76,65,72,3a,42,4f,2f,25,00,00,00,00,00,1f,00,00,\
37.   22,00,00,00,00,01,00,0a,00,01,00,00,00,00,01,0c,ce,63,d1,d2,16,e7,13,cf,38,\
38.   a5,a5,86
39. "RGBValue"=dword:000000ff
40. "szDescr"="This indicates that either a scan, reply or connection has been made to or from a Back Orifice probe or Web Server."
41. "bFilterBasedAlarm"=dword:00000001
42. "szFolder"="Hack Filters"
43.  
44. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Hack) Dagger 1.4.0]
45. "FilterBuffer"=hex:a6,00,00,00,04,00,00,00,17,00,59,00,1f,00,1e,00,00,cb,01,06,\
46.   00,00,04,00,00,01,00,1d,0a,00,00,3a,00,00,00,00,00,1f,00,00,58,1e,00,02,00,\
47.   01,00,06,00,01,00,00,00,00,01,0f,0b,00,00,00,07,00,00,00,43,6f,6e,6e,65,63,\
48.   74,01,00,06,00,02,00,00,1e,00,00,07,43,6f,6e,6e,65,63,74,36,00,00,00,8f,00,\
49.   1f,00,00,a5,1f,00,01,00,01,00,06,00,01,00,00,00,00,01,10,32,00,00,00,06,00,\
50.   00,00,44,72,69,76,65,73,24,00,01,00,02,00,01,0d,00,00,00,02,02,10,00,17,00,\
51.   00,00,00,00,1e,00,00,9b,01,06,00,1d,0a,00,00,01,00,00,04,00,00
52. "szDescr"="This event indicates that a remote user has attempted to connect to a dagger 1.4.0 trojan server running on Windows. This connection attempt may indicate an existing compromise. The target server should be checked for infection."
53. "RGBValue"=dword:000000ff
54. "bFilterBasedAlarm"=dword:00000001
55. "szFolder"="Hack Filters"
56.  
57. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Hack) Net BUS 1]
58. "FilterBuffer"=hex:9a,00,00,00,05,00,00,00,2c,00,4b,00,34,00,1f,00,00,5b,11,00,\
59.   01,00,01,00,02,00,01,07,00,00,00,02,02,10,00,01,00,06,00,01,00,00,00,00,00,\
60.   06,4e,65,74,42,75,73,17,00,62,00,00,00,1e,00,00,23,02,06,00,39,30,00,00,00,\
61.   00,00,00,00,00,17,00,00,00,79,00,1e,00,00,f3,02,06,00,39,30,00,00,00,00,00,\
62.   00,00,00,17,00,00,00,00,00,1e,00,00,4b,01,06,00,39,30,00,00,00,00,00,00,00,\
63.   00,21,00,00,00,00,00,1f,00,00,03,00,00,00,00,01,00,06,00,01,00,00,00,00,01,\
64.   08,47,65,74,49,6e,66,6f,0d
65. "szDescr"="This event may indicate that the Netbus remote administration tool is operating on the server. This legitimate administration tool is often used by attackers as a trojan. "
66. "RGBValue"=dword:000000ff
67. "bFilterBasedAlarm"=dword:00000001
68. "szFolder"="Hack Filters"
69.  
70. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Hack) Net BUS 2]
71. "FilterBuffer"=hex:c2,00,00,00,06,00,00,00,17,00,4b,00,1f,00,1e,00,00,cf,01,06,\
72.   00,3a,30,00,00,00,00,00,00,00,00,2c,00,00,00,00,00,1f,00,00,92,15,00,01,00,\
73.   01,00,06,00,01,00,00,00,00,00,06,4e,65,74,42,75,73,01,00,02,00,01,0d,00,00,\
74.   00,02,02,10,00,17,00,90,00,62,00,1e,00,00,52,02,06,00,3a,30,00,00,00,00,00,\
75.   00,00,00,2e,00,00,00,00,00,1f,00,00,4c,11,00,01,00,01,00,02,00,01,0d,00,00,\
76.   00,02,02,10,00,01,00,06,00,01,00,00,00,00,01,08,47,65,74,49,6e,66,6f,0d,17,\
77.   00,00,00,a7,00,1e,00,00,63,01,06,00,3a,30,00,00,01,00,00,04,00,00,1b,00,00,\
78.   00,00,00,1f,00,00,cb,00,00,00,00,01,00,02,00,01,0d,00,00,00,02,02,12,00
79. "szDescr"="This event may indicate that the Netbus remote administration tool is operating on the server. This legitimate administration tool is often used by attackers as a trojan. "
80. "RGBValue"=dword:000000ff
81. "bFilterBasedAlarm"=dword:00000001
82. "szFolder"="Hack Filters"
83.  
84. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Hack) Sub Seven 1]
85. "FilterBuffer"=hex:3a,00,00,00,02,00,00,00,17,00,00,00,1f,00,1e,00,00,4e,01,06,\
86.   00,db,04,00,00,01,00,00,04,00,00,1b,00,00,00,00,00,1f,00,00,96,00,00,00,00,\
87.   01,00,02,00,01,0d,00,00,00,02,02,12,00
88. "szDescr"="This event indicates that a known trojan may be operating on the host. This is not a scan or probe, but a successful connection."
89. "RGBValue"=dword:000000ff
90. "bFilterBasedAlarm"=dword:00000001
91. "szFolder"="Hack Filters"
92.  
93. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Hack) Sub Seven 2.1]
94. "FilterBuffer"=hex:3a,00,00,00,02,00,00,00,17,00,00,00,1f,00,1e,00,00,52,01,06,\
95.   00,ee,6a,00,00,00,00,00,00,00,00,1b,00,00,00,00,00,1f,00,00,9c,00,00,00,00,\
96.   01,00,02,00,01,0d,00,00,00,02,02,12,00
97. "szDescr"="This event indicates that a known trojan may be operating on the host. This is not a scan or probe, but response to a connection request. TCP port 27374 is the default port used by SubSeven-2.1/2.2-Gold. "
98. "RGBValue"=dword:000000ff
99. "bFilterBasedAlarm"=dword:00000001
100. "szFolder"="Hack Filters"
101.  
102. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Peer-To-Peer Client) Ares]
103. "FilterBuffer"=hex:4d,01,00,00,0c,00,00,00,23,00,2b,00,00,00,1f,00,00,89,00,00,\
104.   00,00,01,00,06,00,01,00,00,00,00,01,0a,47,45,54,20,2f,61,72,65,73,2f,17,00,\
105.   6a,00,42,00,20,00,00,21,00,11,00,35,00,00,00,00,00,00,00,00,00,28,00,00,00,\
106.   00,00,1f,00,00,3d,00,00,00,00,01,00,0a,00,02,00,00,2d,00,01,0f,77,77,77,07,\
107.   73,6f,66,74,67,61,70,03,63,6f,6d,27,00,91,00,00,00,1f,00,00,f7,00,00,00,00,\
108.   01,00,06,00,01,00,00,00,00,00,0e,47,45,54,20,2f,61,72,65,73,68,6f,6d,65,2f,\
109.   17,00,c3,00,a8,00,1e,00,00,df,02,06,00,b8,22,00,00,01,00,74,06,00,00,1b,00,\
110.   00,00,00,00,1f,00,00,6e,00,00,00,00,01,00,02,00,01,0d,00,00,00,02,02,02,00,\
111.   17,00,da,00,a8,00,1e,00,00,aa,02,06,00,b8,22,00,00,01,00,73,06,00,00,17,00,\
112.   f1,00,a8,00,1e,00,00,ea,02,06,00,b8,22,00,00,01,00,72,06,00,00,17,00,08,01,\
113.   a8,00,1e,00,00,16,02,06,00,b8,22,00,00,01,00,71,06,00,00,17,00,1f,01,a8,00,\
114.   1e,00,00,84,02,06,00,b8,22,00,00,01,00,70,06,00,00,17,00,36,01,a8,00,1e,00,\
115.   00,b4,02,06,00,b8,22,00,00,01,00,6f,06,00,00,17,00,00,00,a8,00,1e,00,00,e7,\
116.   02,06,00,b8,22,00,00,01,00,6e,06,00,00
117. "szDescr"="The sending station has attempted or has connected to the Ares network."
118. "RGBValue"=dword:000080ff
119. "bFilterBasedAlarm"=dword:00000001
120. "szFolder"="Peer-To-Peer and Chat Client Filters"
121.  
122. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Peer-To-Peer Client) Bit Torrent]
123. "FilterBuffer"=hex:43,00,00,00,01,00,00,00,3b,00,00,00,00,00,1f,00,00,d8,20,00,\
124.   01,00,00,00,01,00,01,36,00,00,00,01,11,47,45,54,20,2f,64,6f,77,6e,6c,6f,61,\
125.   64,2e,70,68,70,00,00,01,00,02,37,00,7e,00,01,06,6f,72,72,65,6e,74
126. "szDescr"="The sending station is attempting to download files using the Bit Torrent client."
127. "RGBValue"=dword:000080ff
128. "szFolder"="Peer-To-Peer and Chat Client Filters"
129. "bFilterBasedAlarm"=dword:00000001
130.  
131. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Peer-To-Peer Client) eDonkey - Overnet]
132. "FilterBuffer"=hex:3c,00,00,00,01,00,00,00,34,00,00,00,00,00,1f,00,00,28,00,00,\
133.   00,00,00,00,01,00,01,90,00,00,00,01,1b,48,6f,73,74,3a,20,72,65,67,2e,65,64,\
134.   6f,6e,6b,65,79,32,30,30,30,2e,63,6f,6d,0d,0a
135. "szDescr"="The sending station has attempted to log into the eDonkey - Overnet server"
136. "RGBValue"=dword:000080ff
137. "bFilterBasedAlarm"=dword:00000001
138. "szFolder"="Peer-To-Peer and Chat Client Filters"
139.  
140. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Peer-To-Peer Client) Kazaa]
141. "FilterBuffer"=hex:3a,00,00,00,01,00,00,00,32,00,00,00,00,00,1f,00,00,47,12,00,\
142.   01,00,01,00,06,00,01,00,00,00,00,01,03,47,45,54,01,00,06,00,02,00,00,2c,01,\
143.   00,0b,4b,61,7a,61,61,43,6c,69,65,6e,74
144. "szDescr"="The sending station has connected to the Kazaa network and is attempting to download"
145. "RGBValue"=dword:000080ff
146. "bFilterBasedAlarm"=dword:00000001
147. "szFolder"="Peer-To-Peer and Chat Client Filters"
148.  
149. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Peer-To-Peer Client) Limewire]
150. "FilterBuffer"=hex:35,00,00,00,01,00,00,00,2d,00,00,00,00,00,1f,00,00,63,00,00,\
151.   00,00,01,00,06,00,02,00,00,96,00,01,14,55,73,65,72,2d,41,67,65,6e,74,3a,20,\
152.   4c,69,6d,65,57,69,72,65
153. "szDescr"="The sending station has attempted or has connected to the Limewire network"
154. "RGBValue"=dword:000080ff
155. "bFilterBasedAlarm"=dword:00000001
156. "szFolder"="Peer-To-Peer and Chat Client Filters"
157.  
158. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Peer-To-Peer Client) Morpheus]
159. "FilterBuffer"=hex:7c,00,00,00,03,00,00,00,21,00,29,00,00,00,1f,00,00,cc,00,00,\
160.   00,00,00,00,01,00,02,d2,00,f0,00,00,08,6d,6f,72,70,68,65,75,73,32,00,5b,00,\
161.   00,00,1f,00,00,b3,00,00,00,00,00,00,01,00,02,23,00,5a,00,01,19,47,4e,55,54,\
162.   45,4c,4c,41,20,50,49,4e,47,0d,0a,50,6f,72,74,3a,20,36,36,31,39,21,00,00,00,\
163.   00,00,1f,00,00,c8,00,00,00,00,01,00,06,00,01,00,00,00,00,01,08,47,4e,55,54,\
164.   45,4c,4c,41
165. "szDescr"="The sending machine has attempted to connect to the Morpheus (Gnutella) network."
166. "RGBValue"=dword:000080ff
167. "bFilterBasedAlarm"=dword:00000001
168. "szFolder"="Peer-To-Peer and Chat Client Filters"
169.  
170. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Peer-To-Peer Client) Soulseek]
171. "FilterBuffer"=hex:30,00,00,00,01,00,00,00,28,00,00,00,00,00,1f,00,00,3d,00,00,\
172.   00,00,01,00,06,00,02,3c,00,5a,00,01,0f,77,77,77,2e,73,6c,73,6b,6e,65,74,2e,\
173.   6f,72,67
174. "szDescr"="The sending station has attempted to log into the SoulSeek Server"
175. "RGBValue"=dword:000080ff
176. "bFilterBasedAlarm"=dword:00000001
177. "szFolder"="Peer-To-Peer and Chat Client Filters"
178.  
179. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Peer-To-Peer Client) WinMX]
180. "FilterBuffer"=hex:2e,00,00,00,01,00,00,00,26,00,00,00,00,00,1f,00,00,fb,00,00,\
181.   00,00,00,00,01,00,01,1a,01,00,00,01,0d,77,77,77,2e,77,69,6e,6d,78,2e,63,6f,\
182.   6d
183. "szDescr"="The sending station has attempted to log into the WinMX server"
184. "RGBValue"=dword:000080ff
185. "bFilterBasedAlarm"=dword:00000001
186. "szFolder"="Peer-To-Peer and Chat Client Filters"
187.  
188. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) ACKcmdc Trojan]
189. "FilterBuffer"=hex:68,00,00,00,03,00,00,00,2c,00,00,00,34,00,1f,00,00,5a,13,00,\
190.   02,00,00,00,01,00,01,22,00,00,00,01,04,00,50,04,1e,00,00,01,00,01,22,00,00,\
191.   00,01,04,04,1e,00,50,1d,00,00,00,51,00,1f,00,00,f5,00,00,00,00,01,00,02,00,\
192.   01,04,00,00,00,01,04,06,06,06,06,17,00,00,00,00,00,1e,00,00,27,01,06,00,50,\
193.   00,00,00,01,00,1e,04,00,00
194. "szDescr"="This event indicats that an attempt has been made to communicate with a possible ACKcmdS Trojan Server on the target machine using the ACKcmdC Client program . This uses ACK segments to communicate through some firewalls."
195. "RGBValue"=dword:00800080
196. "bFilterBasedAlarm"=dword:00000001
197. "szFolder"="Virus Filters"
198.  
199. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Agobot Mercy]
200. "FilterBuffer"=hex:05,01,00,00,0a,00,00,00,28,00,00,00,30,00,1f,00,00,ab,11,00,\
201.   01,00,00,00,01,00,01,2e,00,00,00,01,02,70,02,00,00,01,00,01,38,00,00,00,01,\
202.   02,05,b4,1d,00,00,00,4d,00,1f,00,01,d1,00,00,00,00,00,00,01,00,01,3a,00,00,\
203.   00,01,04,01,01,04,02,17,00,64,00,00,00,1e,00,00,ee,02,06,00,87,00,00,00,00,\
204.   00,00,00,00,00,17,00,7b,00,00,00,1e,00,00,3c,02,06,00,b9,0a,00,00,00,00,00,\
205.   00,00,00,17,00,92,00,00,00,1e,00,00,fb,02,06,00,01,04,00,00,00,00,00,00,00,\
206.   00,17,00,a9,00,00,00,1e,00,00,cf,02,06,00,05,04,00,00,00,00,00,00,00,00,17,\
207.   00,c0,00,00,00,1e,00,00,1b,02,06,00,f1,17,00,00,00,00,00,00,00,00,17,00,d7,\
208.   00,00,00,1e,00,00,d5,02,06,00,34,0d,00,00,00,00,00,00,00,00,17,00,ee,00,00,\
209.   00,1e,00,00,7e,02,06,00,37,0c,00,00,00,00,00,00,00,00,17,00,00,00,00,00,1e,\
210.   00,00,3a,02,06,00,ea,08,00,00,00,00,00,00,00,00
211. "szDescr"="This filter captures traffic being sent to and or from an infected system."
212. "bFilterBasedAlarm"=dword:00000001
213. "RGBValue"=dword:00800080
214. "szFolder"="Virus Filters"
215.  
216. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Ascetic.a]
217. "FilterBuffer"=hex:9c,05,00,00,30,00,00,00,1c,00,3b,00,24,00,35,00,50,42,00,00,\
218.   c3,b9,b9,c3,00,00,00,00,00,00,00,00,00,00,00,00,17,00,00,00,57,00,20,00,00,\
219.   19,00,11,00,35,00,00,00,00,00,00,00,00,00,1c,00,04,01,24,00,35,00,50,0c,00,\
220.   00,d9,74,e0,fd,00,00,00,00,00,00,00,00,00,00,00,00,3c,00,93,00,00,00,1f,00,\
221.   00,ae,1c,00,02,00,01,00,07,00,01,0c,00,00,00,00,0d,6d,69,63,72,6f,73,6f,66,\
222.   74,2e,63,6f,6d,01,00,07,00,01,0c,00,00,00,00,0b,62,69,67,66,6f,6f,74,2e,63,\
223.   6f,6d,38,00,cb,00,00,00,1f,00,00,54,18,00,02,00,01,00,07,00,01,0c,00,00,00,\
224.   00,09,79,61,68,6f,6f,2e,63,6f,6d,01,00,07,00,01,0c,00,00,00,00,0b,74,2d,6f,\
225.   6e,6c,69,6e,65,2e,64,65,39,00,00,00,00,00,1f,00,00,da,19,00,02,00,01,00,07,\
226.   00,01,0c,00,00,00,00,0a,67,6f,6f,67,6c,65,2e,63,6f,6d,01,00,07,00,01,0c,00,\
227.   00,00,00,0b,68,6f,74,6d,61,69,6c,2e,63,6f,6d,1c,00,20,01,24,00,35,00,50,f0,\
228.   00,00,83,ae,08,0e,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,3c,01,24,00,35,\
229.   00,50,d8,00,00,d4,f2,58,02,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,58,01,\
230.   24,00,35,00,50,bb,00,00,40,29,48,8a,00,00,00,00,00,00,00,00,00,00,00,00,1c,\
231.   00,74,01,24,00,35,00,50,92,00,00,52,c3,ea,02,00,00,00,00,00,00,00,00,00,00,\
232.   00,00,1c,00,90,01,24,00,35,00,50,5f,00,00,8d,28,0a,23,00,00,00,00,00,00,00,\
233.   00,00,00,00,00,1c,00,ac,01,24,00,35,00,50,3c,00,00,81,bb,10,01,00,00,00,00,\
234.   00,00,00,00,00,00,00,00,1c,00,c8,01,24,00,35,00,50,1f,00,00,81,bb,0a,19,00,\
235.   00,00,00,00,00,00,00,00,00,00,00,1c,00,e4,01,24,00,35,00,50,0d,00,00,d4,05,\
236.   56,a3,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,00,02,24,00,35,00,50,dd,00,\
237.   00,cf,d9,78,2b,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,1c,02,24,00,35,00,\
238.   50,bf,00,00,d1,eb,6b,0e,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,38,02,24,\
239.   00,35,00,50,39,00,00,cf,45,bc,ba,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,\
240.   54,02,24,00,35,00,50,ef,00,00,a6,3c,0c,0b,00,00,00,00,00,00,00,00,00,00,00,\
241.   00,1c,00,70,02,24,00,35,00,50,d5,00,00,c0,23,e8,22,00,00,00,00,00,00,00,00,\
242.   00,00,00,00,1c,00,8c,02,24,00,35,00,50,b7,00,00,d1,fd,71,02,00,00,00,00,00,\
243.   00,00,00,00,00,00,00,1c,00,a8,02,24,00,35,00,50,98,00,00,cc,46,80,01,00,00,\
244.   00,00,00,00,00,00,00,00,00,00,1c,00,c4,02,24,00,35,00,50,7d,00,00,97,c9,00,\
245.   27,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,e0,02,24,00,35,00,50,5a,00,00,\
246.   91,fd,02,ab,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,fc,02,24,00,35,00,50,\
247.   32,00,00,d9,ed,96,21,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,18,03,24,00,\
248.   35,00,50,12,00,00,d9,ed,97,a1,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,34,\
249.   03,24,00,35,00,50,ee,00,00,d9,ed,96,e1,00,00,00,00,00,00,00,00,00,00,00,00,\
250.   1c,00,50,03,24,00,35,00,50,d2,00,00,d2,42,f1,01,00,00,00,00,00,00,00,00,00,\
251.   00,00,00,1c,00,6c,03,24,00,35,00,50,b6,00,00,cb,a2,00,0b,00,00,00,00,00,00,\
252.   00,00,00,00,00,00,1c,00,88,03,24,00,35,00,50,a4,00,00,c3,70,c3,22,00,00,00,\
253.   00,00,00,00,00,00,00,00,00,1c,00,a4,03,24,00,35,00,50,7f,00,00,c2,d1,72,01,\
254.   00,00,00,00,00,00,00,00,00,00,00,00,1c,00,c0,03,24,00,35,00,50,5e,00,00,d9,\
255.   05,61,89,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,dc,03,24,00,35,00,50,31,\
256.   00,00,c1,c1,90,0c,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,f8,03,24,00,35,\
257.   00,50,14,00,00,d4,07,80,a2,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,14,04,\
258.   24,00,35,00,50,f4,00,00,d4,07,80,a5,00,00,00,00,00,00,00,00,00,00,00,00,1c,\
259.   00,30,04,24,00,35,00,50,d7,00,00,c1,c1,9e,0a,00,00,00,00,00,00,00,00,00,00,\
260.   00,00,1c,00,4c,04,24,00,35,00,50,b9,00,00,c2,19,02,81,00,00,00,00,00,00,00,\
261.   00,00,00,00,00,1c,00,68,04,24,00,35,00,50,99,00,00,d3,a7,61,43,00,00,00,00,\
262.   00,00,00,00,00,00,00,00,1c,00,84,04,24,00,35,00,50,72,00,00,c8,4a,d6,f6,00,\
263.   00,00,00,00,00,00,00,00,00,00,00,1c,00,a0,04,24,00,35,00,50,35,00,00,d9,ed,\
264.   97,21,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,bc,04,24,00,35,00,50,0e,00,\
265.   00,3d,5f,86,a8,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,d8,04,24,00,35,00,\
266.   50,df,00,00,d4,47,61,9c,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,f4,04,24,\
267.   00,35,00,50,cc,00,00,3d,08,00,71,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,\
268.   10,05,24,00,35,00,50,81,00,00,83,f3,40,03,00,00,00,00,00,00,00,00,00,00,00,\
269.   00,1c,00,2c,05,24,00,35,00,50,9d,00,00,c3,b6,60,1d,00,00,00,00,00,00,00,00,\
270.   00,00,00,00,1c,00,48,05,24,00,35,00,50,62,00,00,91,fd,02,8b,00,00,00,00,00,\
271.   00,00,00,00,00,00,00,1c,00,64,05,00,00,35,00,50,60,00,00,3e,68,17,28,00,00,\
272.   00,00,00,00,00,00,00,00,00,00,1c,00,80,05,00,00,35,00,50,3d,00,00,83,bc,03,\
273.   de,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,00,00,00,00,35,00,50,aa,00,00,\
274.   c0,48,48,0a,00,00,00,00,00,00,00,00,00,00,00,00
275. "szDescr"="The sending machine may be infrected with the Ascetic.a virus."
276. "szFolder"="Virus Filters"
277. "bFilterBasedAlarm"=dword:00000001
278. "RGBValue"=dword:00800080
279.  
280. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Beagle / Bagle]
281. "FilterBuffer"=hex:b8,04,00,00,0c,00,00,00,64,00,6c,00,00,00,1f,00,00,34,2f,00,\
282.   02,00,01,00,07,00,01,0c,00,00,00,01,20,20,46,48,46,48,46,48,43,4f,45,4a,46,\
283.   45,43,4e,45,4e,46,44,45,44,43,4f,45,45,45,46,43,41,43,41,41,01,00,07,00,01,\
284.   0c,00,00,00,01,20,20,46,48,46,48,46,48,43,4f,44,46,46,49,44,42,44,43,43,4f,\
285.   46,43,46,46,43,41,43,41,43,41,43,41,41,64,00,d0,00,00,00,1f,00,00,bf,2f,00,\
286.   02,00,01,00,07,00,01,0c,00,00,00,01,20,20,46,48,46,48,46,48,43,4f,45,4e,45,\
287.   50,45,4f,46,45,45,42,45,4f,45,4a,45,42,43,4f,45,45,45,46,41,01,00,07,00,01,\
288.   0c,00,00,00,01,20,20,46,47,46,47,45,44,45,48,45,4f,43,4f,45,45,45,46,43,41,\
289.   43,41,43,41,43,41,43,41,43,41,43,41,41,64,00,34,01,00,00,1f,00,00,07,2f,00,\
290.   02,00,01,00,07,00,01,0c,00,00,00,01,20,20,46,48,46,48,46,48,43,4f,45,43,45,\
291.   4a,45,4f,45,50,44,49,44,49,43,4f,45,45,45,46,43,41,43,41,41,01,00,07,00,01,\
292.   0c,00,00,00,01,20,20,46,48,46,48,46,48,43,4f,45,43,45,49,45,42,45,4e,45,4a,\
293.   45,45,46,4a,43,4f,45,45,45,46,43,41,41,64,00,98,01,00,00,1f,00,00,48,2f,00,\
294.   02,00,01,00,07,00,01,0c,00,00,00,01,20,20,45,43,45,50,46,44,45,46,43,4e,45,\
295.   42,46,46,45,45,45,4a,45,50,43,4f,45,4f,45,46,46,45,43,41,41,01,00,07,00,01,\
296.   0c,00,00,00,01,20,20,46,48,46,48,46,48,43,4f,46,41,45,50,45,4d,45,50,45,49,\
297.   45,46,46,49,45,46,43,4f,45,45,45,46,41,64,00,fc,01,00,00,1f,00,00,90,2f,00,\
298.   02,00,01,00,07,00,01,0c,00,00,00,01,20,20,45,42,45,4f,46,45,45,50,45,4d,43,\
299.   4e,45,44,45,50,43,4f,46,43,46,46,43,41,43,41,43,41,43,41,41,01,00,07,00,01,\
300.   0c,00,00,00,01,20,20,46,48,46,48,46,48,43,4f,44,46,46,49,44,42,44,43,43,4f,\
301.   46,43,46,46,43,41,43,41,43,41,43,41,41,64,00,60,02,00,00,1f,00,00,b7,2f,00,\
302.   02,00,01,00,07,00,01,0c,00,00,00,01,20,20,46,48,46,48,46,48,43,4f,45,44,45,\
303.   45,46,43,45,50,45,4e,45,44,45,42,43,4f,45,44,45,50,45,4e,41,01,00,07,00,01,\
304.   0c,00,00,00,01,20,20,46,47,45,4a,46,41,46,48,45,46,45,43,43,4f,46,43,46,46,\
305.   43,41,43,41,43,41,43,41,43,41,43,41,41,64,00,c4,02,00,00,1f,00,00,f8,2f,00,\
306.   02,00,01,00,07,00,01,0c,00,00,00,01,20,20,46,48,46,48,46,48,43,4f,45,4a,46,\
307.   45,43,4e,45,4e,46,44,45,44,43,4f,45,45,45,46,43,41,43,41,41,01,00,07,00,01,\
308.   0c,00,00,00,01,20,20,46,48,46,48,46,48,43,4f,45,45,45,4e,45,45,45,46,46,44,\
309.   45,4a,45,48,45,4f,43,4f,45,45,45,46,41,64,00,28,03,00,00,1f,00,00,1a,2f,00,\
310.   02,00,01,00,07,00,01,0c,00,00,00,01,20,20,46,48,46,48,46,48,43,4f,45,4e,45,\
311.   50,45,4f,46,45,45,42,45,4f,45,4a,45,42,43,4f,45,45,45,46,41,01,00,07,00,01,\
312.   0c,00,00,00,01,20,20,46,47,46,47,45,44,45,48,45,4f,43,4f,45,45,45,46,43,41,\
313.   43,41,43,41,43,41,43,41,43,41,43,41,41,64,00,8c,03,00,00,1f,00,00,50,2f,00,\
314.   02,00,01,00,07,00,01,0c,00,00,00,01,20,20,45,42,45,4f,46,45,45,50,45,4d,43,\
315.   4e,45,44,45,50,43,4f,46,43,46,46,43,41,43,41,43,41,43,41,41,01,00,07,00,01,\
316.   0c,00,00,00,01,20,20,45,43,45,50,46,44,45,46,43,4e,45,42,46,46,45,45,45,4a,\
317.   45,50,43,4f,45,4f,45,46,46,45,43,41,41,64,00,f0,03,00,00,1f,00,00,47,2f,00,\
318.   02,00,01,00,07,00,01,0c,00,00,00,01,20,20,46,47,45,4a,46,41,46,48,45,46,45,\
319.   43,43,4f,46,43,46,46,43,41,43,41,43,41,43,41,43,41,43,41,41,01,00,07,00,01,\
320.   0c,00,00,00,01,20,20,46,48,46,48,46,48,43,4f,46,41,45,50,45,4d,45,50,45,49,\
321.   45,46,46,49,45,46,43,4f,45,45,45,46,41,64,00,54,04,00,00,1f,00,00,3b,2f,00,\
322.   02,00,01,00,07,00,01,0c,00,00,00,01,20,20,46,48,46,48,46,48,43,4f,45,44,45,\
323.   45,46,43,45,50,45,4e,45,44,45,42,43,4f,45,44,45,50,45,4e,41,01,00,07,00,01,\
324.   0c,00,00,00,01,20,20,46,48,46,48,46,48,43,4f,45,43,45,4a,45,4f,45,50,44,49,\
325.   44,49,43,4f,45,45,45,46,43,41,43,41,41,64,00,00,00,00,00,1f,00,00,30,2f,00,\
326.   02,00,01,00,07,00,01,0c,00,00,00,01,20,20,46,48,46,48,46,48,43,4f,45,45,45,\
327.   4e,45,45,45,46,46,44,45,4a,45,48,45,4f,43,4f,45,45,45,46,41,01,00,07,00,01,\
328.   0c,00,00,00,01,20,20,46,48,46,48,46,48,43,4f,45,43,45,49,45,42,45,4e,45,4a,\
329.   45,45,46,4a,43,4f,45,45,45,46,43,41,41
330. "szDescr"="The sending machine may be infected with the W.32 Beagle virus."
331. "RGBValue"=dword:00800080
332. "szFolder"="Virus Filters"
333. "bFilterBasedAlarm"=dword:00000001
334.  
335. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Beagle.a / Bagle.a]
336. "FilterBuffer"=hex:b6,03,00,00,22,00,00,00,1c,00,24,00,00,00,35,00,50,f6,00,00,\
337.   d4,e3,7f,e0,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,40,00,00,00,35,00,50,\
338.   ac,00,00,c0,43,c6,37,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,5c,00,00,00,\
339.   35,00,50,63,00,00,d4,e3,77,55,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,78,\
340.   00,00,00,35,00,50,13,00,00,c0,43,c6,33,00,00,00,00,00,00,00,00,00,00,00,00,\
341.   1c,00,94,00,00,00,35,00,50,d0,00,00,d9,a0,1f,2b,00,00,00,00,00,00,00,00,00,\
342.   00,00,00,1c,00,b0,00,00,00,35,00,50,8f,00,00,d4,e3,7c,09,00,00,00,00,00,00,\
343.   00,00,00,00,00,00,1c,00,cc,00,00,00,35,00,50,2f,00,00,c0,43,c6,04,00,00,00,\
344.   00,00,00,00,00,00,00,00,00,1c,00,e8,00,00,00,35,00,50,f2,00,00,d4,e3,7f,df,\
345.   00,00,00,00,00,00,00,00,00,00,00,00,1c,00,04,01,00,00,35,00,50,a3,00,00,53,\
346.   d1,8e,1b,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,20,01,00,00,35,00,50,b2,\
347.   00,00,c0,43,c6,34,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,3c,01,00,00,35,\
348.   00,50,91,00,00,c0,43,c6,31,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,58,01,\
349.   00,00,35,00,50,48,00,00,c0,43,c6,04,00,00,00,00,00,00,00,00,00,00,00,00,1c,\
350.   00,74,01,00,00,35,00,50,28,00,00,c0,43,c6,07,00,00,00,00,00,00,00,00,00,00,\
351.   00,00,1c,00,90,01,00,00,35,00,50,59,00,00,c0,43,c6,33,00,00,00,00,00,00,00,\
352.   00,00,00,00,00,1c,00,ac,01,00,00,35,00,50,99,00,00,51,d1,94,1e,00,00,00,00,\
353.   00,00,00,00,00,00,00,00,1c,00,c8,01,00,00,35,00,50,3b,00,00,d4,e3,76,47,00,\
354.   00,00,00,00,00,00,00,00,00,00,00,1c,00,e4,01,00,00,35,00,50,d5,00,00,d4,e3,\
355.   7f,d8,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,00,02,00,00,35,00,50,65,00,\
356.   00,8d,4c,78,0a,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,1c,02,00,00,35,00,\
357.   50,53,00,00,80,f2,c3,25,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,38,02,00,\
358.   00,35,00,50,05,00,00,c3,5a,83,e4,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,\
359.   54,02,00,00,35,00,50,bc,00,00,c3,5a,83,e4,00,00,00,00,00,00,00,00,00,00,00,\
360.   00,1c,00,70,02,00,00,35,00,50,62,00,00,40,bf,07,1d,00,00,00,00,00,00,00,00,\
361.   00,00,00,00,1c,00,8c,02,00,00,35,00,50,fb,00,00,40,bf,20,ee,00,00,00,00,00,\
362.   00,00,00,00,00,00,00,1c,00,a8,02,00,00,35,00,50,b4,00,00,3e,68,17,d7,00,00,\
363.   00,00,00,00,00,00,00,00,00,00,1c,00,c4,02,00,00,35,00,50,66,00,00,a8,90,62,\
364.   a7,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,e0,02,00,00,35,00,50,19,00,00,\
365.   a8,90,06,67,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,fc,02,00,00,35,00,50,\
366.   d3,00,00,d8,62,86,f7,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,18,03,00,00,\
367.   35,00,50,a6,00,00,d8,62,88,f8,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,34,\
368.   03,00,00,35,00,50,6d,00,00,40,b0,e4,0d,00,00,00,00,00,00,00,00,00,00,00,00,\
369.   1c,00,50,03,00,00,35,00,50,3e,00,00,c0,43,c6,34,00,00,00,00,00,00,00,00,00,\
370.   00,00,00,12,00,62,03,00,00,01,00,10,03,00,00,d4,e3,7f,6b,00,00,1c,00,7e,03,\
371.   00,00,35,00,50,f5,00,00,d4,e3,7f,5f,00,00,00,00,00,00,00,00,00,00,00,00,1c,\
372.   00,9a,03,00,00,35,00,50,2c,00,00,40,bf,20,e8,00,00,00,00,00,00,00,00,00,00,\
373.   00,00,1c,00,00,00,00,00,35,00,50,f0,00,00,d9,a0,5a,a0,00,00,00,00,00,00,00,\
374.   00,00,00,00,00
375. "szDescr"="The sending machine may be infected with the W.32 Beagle.a virus."
376. "RGBValue"=dword:00800080
377. "szFolder"="Virus Filters"
378. "bFilterBasedAlarm"=dword:00000000
379.  
380. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Beagle.aa / Bagle.aa]
381. "FilterBuffer"=hex:43,00,00,00,02,00,00,00,17,00,00,00,1f,00,20,00,00,8f,00,06,\
382.   00,50,00,00,00,00,00,00,00,00,00,24,00,00,00,00,00,1f,00,00,39,00,00,00,00,\
383.   01,00,00,00,01,28,00,00,00,01,0b,47,45,54,20,2f,35,2e,70,68,70,3f
384. "szDescr"="The sending machien may be infected with the Beagle.aa virus"
385. "RGBValue"=dword:00800080
386. "szFolder"="Virus Filters"
387. "bFilterBasedAlarm"=dword:00000001
388.  
389. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Beagle.ag / Bagle.ag]
390. "FilterBuffer"=hex:42,00,00,00,02,00,00,00,17,00,00,00,1f,00,20,00,00,4a,00,06,\
391.   00,50,00,00,00,00,00,00,00,00,00,23,00,00,00,00,00,1f,00,00,47,00,00,00,00,\
392.   01,00,00,00,01,28,00,00,00,01,0a,47,45,54,20,2f,6f,2e,70,68,70
393. "szDescr"="The sending machine may be infected with the Beagle.ag virus. "
394. "RGBValue"=dword:00800080
395. "szFolder"="Virus Filters"
396. "bFilterBasedAlarm"=dword:00000001
397.  
398. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Beagle.av / Bagle.av]
399. "FilterBuffer"=hex:ed,01,00,00,0a,00,00,00,17,00,00,00,1f,00,20,00,00,d1,00,06,\
400.   00,19,00,00,00,00,00,00,00,00,00,36,00,85,00,55,00,1f,00,00,d6,18,00,02,00,\
401.   01,00,06,00,02,e0,00,00,04,00,09,50,72,69,63,65,2e,63,6f,6d,01,00,06,00,02,\
402.   e0,00,00,04,00,09,50,72,69,63,65,2e,63,70,6c,30,00,b9,00,00,00,1f,00,00,6f,\
403.   12,00,02,00,01,00,06,00,02,e0,00,00,04,00,03,52,65,3a,01,00,06,00,02,e0,00,\
404.   00,04,00,09,52,65,3a,20,48,65,6c,6c,6f,34,00,17,01,55,00,1f,00,00,04,17,00,\
405.   02,00,01,00,06,00,02,e0,00,00,04,00,08,4a,6f,6b,65,2e,65,78,65,01,00,06,00,\
406.   02,e0,00,00,04,00,08,4a,6f,6b,65,2e,73,63,72,26,00,df,00,00,00,1f,00,00,3f,\
407.   00,00,00,00,01,00,06,00,02,e0,00,00,04,00,0d,52,65,3a,20,54,68,61,6e,6b,73,\
408.   20,3a,29,38,00,00,00,00,00,1f,00,00,ee,15,00,02,00,01,00,06,00,02,e0,00,00,\
409.   04,00,06,52,65,3a,20,48,69,01,00,06,00,02,e0,00,00,04,00,0e,52,65,3a,20,54,\
410.   68,61,6e,6b,20,79,6f,75,21,34,00,4b,01,55,00,1f,00,00,9d,17,00,02,00,01,00,\
411.   06,00,02,e0,00,00,04,00,08,4a,6f,6b,65,2e,63,6f,6d,01,00,06,00,02,e0,00,00,\
412.   04,00,08,4a,6f,6b,65,2e,63,70,6c,36,00,81,01,55,00,1f,00,00,33,18,00,02,00,\
413.   01,00,06,00,02,e0,00,00,04,00,09,70,72,69,63,65,2e,65,78,65,01,00,06,00,02,\
414.   e0,00,00,04,00,09,70,72,69,63,65,2e,73,63,72,36,00,b7,01,55,00,1f,00,00,c0,\
415.   18,00,01,00,01,00,06,00,02,e0,00,00,04,00,09,70,72,69,63,65,2e,63,6f,6d,01,\
416.   00,06,00,02,e0,00,00,04,00,09,70,72,69,63,65,2e,63,70,6c,36,00,00,00,55,00,\
417.   1f,00,00,4d,18,00,02,00,01,00,06,00,02,e0,00,00,04,00,09,50,72,69,63,65,2e,\
418.   65,78,65,01,00,06,00,02,e0,00,00,04,00,09,50,72,69,63,65,2e,73,63,72
419. "szDescr"="The sending machine may be infected with the Beagle.av virus. "
420. "RGBValue"=dword:00800080
421. "szFolder"="Virus Filters"
422. "bFilterBasedAlarm"=dword:00000001
423.  
424. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Beagle.az / Bagle.az]
425. "FilterBuffer"=hex:4e,02,00,00,09,00,00,00,35,00,3d,00,00,00,1f,00,00,8c,18,00,\
426.   02,00,01,00,06,00,02,00,00,c6,05,01,09,70,72,69,63,65,2e,73,63,72,01,00,06,\
427.   00,02,00,00,c6,05,01,08,4a,6f,6b,65,2e,73,63,72,46,00,83,00,00,00,1f,00,00,\
428.   59,1a,00,01,00,01,00,06,00,02,00,00,c6,05,01,0b,47,45,54,20,2f,77,73,2e,6a,\
429.   70,67,01,00,07,00,01,0c,00,00,00,01,17,03,77,77,77,0d,62,6f,74,74,6f,6d,62,\
430.   6f,75,6e,63,65,72,03,63,6f,6d,00,17,00,00,00,9a,00,20,00,00,ac,00,11,00,35,\
431.   00,00,00,00,00,00,00,00,00,41,00,db,00,00,00,1f,00,00,70,20,00,02,00,01,00,\
432.   07,00,01,0c,00,00,00,00,11,77,77,77,2e,61,76,74,72,6f,6e,69,63,73,2e,63,6f,\
433.   6d,01,00,07,00,01,0c,00,00,00,00,0c,77,77,77,2e,68,6f,6d,65,2e,63,6f,6d,48,\
434.   00,23,01,00,00,1f,00,00,d5,28,00,01,00,01,00,07,00,01,0c,00,00,00,00,19,77,\
435.   77,77,2e,2e,65,62,61,6e,6f,6e,2d,6f,6e,6c,69,6e,65,2e,63,6f,6d,2e,6c,62,01,\
436.   00,07,00,01,0c,00,00,00,00,0b,77,77,77,2e,67,74,6f,2e,6e,65,74,54,00,77,01,\
437.   00,00,1f,00,00,5e,27,00,02,00,01,00,07,00,01,0c,00,00,00,00,18,77,77,77,2e,\
438.   67,72,61,70,68,69,63,73,64,65,73,69,67,6e,65,72,2e,63,6f,6d,01,00,07,00,01,\
439.   0c,00,00,00,00,18,77,77,77,2e,6d,73,64,69,72,65,63,74,73,65,72,76,69,63,65,\
440.   73,2e,63,6f,6d,58,00,cf,01,00,00,1f,00,00,55,1f,00,02,00,01,00,07,00,01,0c,\
441.   00,00,00,00,10,77,77,77,2e,6d,69,6d,61,78,2e,63,62,73,2e,64,6b,01,00,07,00,\
442.   01,0c,00,00,00,00,24,77,77,77,2e,77,69,6e,64,6f,77,73,2e,67,75,69,2e,61,73,\
443.   6d,33,32,2e,65,6c,69,74,65,2e,63,6f,64,65,72,2e,63,6f,40,00,0f,02,00,00,1f,\
444.   00,00,1b,21,00,02,00,01,00,07,00,01,0c,00,00,00,00,12,77,77,77,2e,66,61,6b,\
445.   65,64,6f,6d,61,69,6e,2e,63,6f,6d,01,00,07,00,01,0c,00,00,00,00,0a,77,77,77,\
446.   2e,74,69,6e,2e,69,74,3f,00,00,00,00,00,1f,00,00,a3,1f,00,02,00,01,00,07,00,\
447.   01,0c,00,00,00,00,10,77,77,77,2e,69,6e,6e,6f,63,65,6e,74,2e,63,6f,6d,01,00,\
448.   07,00,02,0c,00,00,00,00,0b,77,77,77,2e,67,6d,78,2e,6e,65,74
449. "szDescr"="The sending machine may be infected with the Beagle.az virus. "
450. "RGBValue"=dword:00800080
451. "szFolder"="Virus Filters"
452. "bFilterBasedAlarm"=dword:00000001
453.  
454. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Beagle.bb / Bagle.bb]
455. "FilterBuffer"=hex:0c,01,00,00,06,00,00,00,23,00,2b,00,00,00,1f,00,00,8b,00,00,\
456.   00,00,01,00,06,00,01,00,00,00,00,00,0a,47,45,54,20,2f,67,2e,6a,70,67,17,00,\
457.   00,00,42,00,20,00,00,d3,00,06,00,19,00,00,00,00,00,00,00,00,00,47,00,b5,00,\
458.   89,00,1f,00,00,8c,20,00,02,00,01,00,06,00,02,00,00,dc,05,00,11,41,74,74,61,\
459.   63,68,6d,65,6e,74,20,3a,20,4a,6f,6b,65,01,00,06,00,02,00,00,dc,05,00,12,41,\
460.   74,74,61,63,68,6d,65,6e,74,20,3a,20,50,72,69,63,65,2c,00,e0,00,00,00,1f,00,\
461.   00,f2,13,00,02,00,01,00,06,00,02,00,00,dc,05,00,04,2e,65,78,65,01,00,06,00,\
462.   02,00,00,dc,05,00,04,2e,63,6f,6d,2b,00,00,00,89,00,1f,00,00,97,00,00,00,00,\
463.   01,00,06,00,02,00,00,dc,05,00,12,41,74,74,61,63,68,6d,65,6e,74,20,3a,20,70,\
464.   72,69,63,65,2c,00,00,00,00,00,1f,00,00,5b,13,00,02,00,01,00,06,00,02,00,00,\
465.   dc,05,00,04,2e,73,63,72,01,00,06,00,02,00,00,dc,05,00,04,2e,63,70,6c
466. "szDescr"="The sending station may be infected with the Beagle.bb / Bagle.bb virus"
467. "RGBValue"=dword:00800080
468. "szFolder"="Virus Filters"
469. "bFilterBasedAlarm"=dword:00000001
470.  
471. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Beagle.bd]
472. "FilterBuffer"=hex:bc,01,00,00,09,00,00,00,17,00,4b,00,1f,00,20,00,00,cd,00,06,\
473.   00,50,00,00,00,00,00,00,00,00,00,2c,00,00,00,00,00,1f,00,00,08,00,00,00,00,\
474.   01,00,06,00,01,00,00,00,00,01,13,47,45,54,20,2f,67,2e,6a,70,67,20,48,54,54,\
475.   50,2f,31,2e,31,17,00,00,00,62,00,20,00,00,0b,00,06,00,19,00,00,00,00,00,00,\
476.   00,00,00,38,00,9a,00,00,00,1f,00,00,03,19,00,02,00,01,00,06,00,02,00,00,58,\
477.   02,01,0a,22,4a,6f,6b,65,2e,65,78,65,22,00,00,01,00,02,00,00,58,02,01,0a,22,\
478.   4a,6f,6b,65,2e,63,6f,6d,22,3a,00,d4,00,00,00,1f,00,00,30,1a,00,02,00,01,00,\
479.   06,00,02,00,00,58,02,01,0b,22,4a,6f,6b,65,2e,2e,73,63,72,22,01,00,06,00,02,\
480.   00,00,58,02,01,0b,22,4a,6f,6b,65,2e,2e,63,70,6c,22,3a,00,0e,01,00,00,1f,00,\
481.   00,5e,1a,00,02,00,01,00,06,00,02,00,00,58,02,01,0b,22,70,72,69,63,65,2e,65,\
482.   78,65,22,01,00,06,00,02,00,00,58,02,01,0b,22,70,72,69,63,65,2e,63,6f,6d,22,\
483.   3a,00,48,01,00,00,1f,00,00,94,1a,00,02,00,01,00,06,00,02,00,00,58,02,01,0b,\
484.   22,70,72,69,63,65,2e,73,63,72,22,01,00,06,00,02,00,00,58,02,01,0b,22,70,72,\
485.   69,63,65,2e,63,70,6c,22,3a,00,82,01,00,00,1f,00,00,c2,1a,00,02,00,01,00,06,\
486.   00,02,00,00,58,02,01,0b,22,50,72,69,63,65,2e,65,78,65,22,01,00,06,00,02,00,\
487.   00,58,02,01,0b,22,50,72,69,63,65,2e,63,6f,6d,22,3a,00,00,00,00,00,1f,00,00,\
488.   ff,1a,00,02,00,01,00,06,00,02,00,00,58,02,01,0b,22,50,72,69,63,65,2e,73,63,\
489.   72,22,01,00,06,00,02,00,00,58,02,01,0b,22,50,72,69,63,65,2e,63,70,6c,22
490. "szDescr"="The sending machine may be infected with the Beagle.bd virus. "
491. "RGBValue"=dword:00800080
492. "szFolder"="Virus Filters"
493. "bFilterBasedAlarm"=dword:00000001
494.  
495. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Beagle.bj / Bagle.bj]
496. "FilterBuffer"=hex:64,01,00,00,09,00,00,00,17,00,46,00,1f,00,1e,00,00,e6,00,06,\
497.   00,50,00,00,00,00,00,00,00,00,00,27,00,00,00,00,00,1f,00,00,2d,00,00,00,00,\
498.   01,00,06,00,01,00,00,00,00,00,0e,47,45,54,20,2f,65,72,72,6f,72,2e,6a,70,67,\
499.   17,00,00,00,5d,00,1e,00,00,59,00,06,00,19,00,00,00,00,00,00,00,00,00,30,00,\
500.   b9,00,8d,00,1f,00,00,06,14,00,02,00,01,00,06,00,02,00,00,dc,05,00,05,77,73,\
501.   64,30,31,01,00,06,00,02,00,00,dc,05,00,07,76,69,75,70,64,30,32,2c,00,eb,00,\
502.   00,00,1f,00,00,7a,13,00,02,00,01,00,06,00,02,00,00,dc,05,00,04,2e,65,78,65,\
503.   01,00,06,00,02,00,00,dc,05,00,04,2e,63,6f,6d,32,00,17,01,8d,00,1f,00,00,08,\
504.   16,00,02,00,01,00,06,00,02,00,00,dc,05,00,07,73,69,75,70,64,30,32,01,00,06,\
505.   00,02,00,00,dc,05,00,07,67,75,75,70,64,30,32,2c,00,00,00,00,00,1f,00,00,33,\
506.   13,00,02,00,01,00,06,00,02,00,00,dc,05,00,04,2e,73,63,72,01,00,06,00,02,00,\
507.   00,dc,05,00,04,2e,63,70,6c,2f,00,46,01,8d,00,1f,00,00,8a,15,00,02,00,01,00,\
508.   06,00,02,00,00,dc,05,00,06,7a,75,70,64,30,32,01,00,06,00,02,00,00,dc,05,00,\
509.   05,75,70,64,30,32,1e,00,00,00,8d,00,1f,00,00,cc,00,00,00,00,01,00,06,00,02,\
510.   00,00,dc,05,00,05,4a,6f,6c,30,33
511. "szDescr"="The sending station may be infected with the Beagle.bj / Bagle.bj virus."
512. "RGBValue"=dword:00800080
513. "szFolder"="Virus Filters"
514. "bFilterBasedAlarm"=dword:00000001
515.  
516. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Beagle.dldr / Bagle.dldr]
517. "FilterBuffer"=hex:5c,00,00,00,02,00,00,00,17,00,00,00,1f,00,1e,00,00,07,00,06,\
518.   00,50,00,00,00,00,00,00,00,00,00,3d,00,00,00,00,00,1f,00,00,49,1c,00,02,00,\
519.   01,00,06,00,01,00,00,00,00,00,0d,47,45,54,20,20,2f,7a,30,32,2e,6a,70,67,01,\
520.   00,06,00,01,00,00,00,00,00,0c,47,45,54,20,2f,7a,6f,6f,2e,6a,70,67
521. "szDescr"="The sending machine may be attempting to download a file that contains a virus infected payload."
522. "szFolder"="Virus Filters"
523. "RGBValue"=dword:00800080
524. "bFilterBasedAlarm"=dword:00000001
525.  
526. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Beagle.u / Bagle.u]
527. "FilterBuffer"=hex:4c,00,00,00,02,00,00,00,17,00,00,00,1f,00,20,00,00,d4,00,06,\
528.   00,50,00,00,00,00,00,00,00,00,00,2d,00,00,00,00,00,1f,00,00,63,00,00,00,00,\
529.   00,00,01,00,01,72,00,00,00,01,14,48,6f,73,74,3a,20,77,77,77,2e,77,65,72,64,\
530.   65,2e,64,65,0d,0a
531. "szDescr"="The sending machine may be infected with the Beagle.u / Bagle.u virus"
532. "RGBValue"=dword:00800080
533. "szFolder"="Virus Filters"
534. "bFilterBasedAlarm"=dword:00000001
535.  
536. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Bofra (A through E)]
537. "FilterBuffer"=hex:6d,05,00,00,18,00,00,00,17,00,52,00,1f,00,20,00,00,ba,00,06,\
538.   00,19,00,00,00,00,00,00,00,00,00,33,00,d5,00,69,00,1f,00,00,6c,12,00,02,00,\
539.   01,00,06,00,02,00,00,90,01,00,03,48,69,21,01,00,06,00,02,00,00,90,01,00,0c,\
540.   43,6f,6e,66,69,72,6d,61,74,69,6f,6e,17,00,52,03,16,03,1e,00,00,05,00,06,00,\
541.   0b,1a,00,00,00,00,00,00,00,00,6c,00,7e,01,0d,01,1f,00,00,57,39,00,02,00,01,\
542.   00,06,00,02,00,00,78,05,00,2a,58,2d,41,6e,74,69,56,69,72,75,73,3a,20,73,63,\
543.   61,6e,6e,65,64,20,66,6f,72,20,76,69,72,75,73,65,73,20,62,79,20,41,4d,61,56,\
544.   69,53,01,00,06,00,02,00,00,78,05,00,1e,58,2d,41,6e,74,69,56,69,72,75,73,3a,\
545.   20,43,68,65,63,6b,65,64,20,62,79,20,44,72,2e,57,65,62,38,00,f9,02,69,00,1f,\
546.   00,00,0e,1e,00,02,00,01,00,06,00,02,00,00,90,01,00,0f,66,75,6e,6e,79,20,70,\
547.   68,6f,74,6f,73,20,3a,29,01,00,06,00,02,00,00,90,01,00,05,68,65,6c,6c,6f,71,\
548.   00,ba,01,00,00,1f,00,00,a0,3e,00,01,00,01,00,06,00,02,00,00,78,05,00,2f,4c,\
549.   6f,6f,6b,20,61,74,20,6d,79,20,68,6f,6d,65,70,61,67,65,20,77,69,74,68,20,6d,\
550.   79,20,6c,61,73,74,20,77,65,62,63,61,6d,20,70,68,6f,74,6f,73,21,00,00,01,00,\
551.   02,00,00,78,05,00,1e,46,52,45,45,20,41,44,55,4c,54,20,56,49,44,45,4f,21,20,\
552.   53,49,47,4e,20,55,50,20,4e,4f,57,21,3c,00,00,00,0d,01,1f,00,00,23,00,00,00,\
553.   00,01,00,06,00,02,00,00,78,05,00,23,58,2d,41,6e,74,69,56,69,72,75,73,3a,20,\
554.   43,68,65,63,6b,65,64,20,66,6f,72,20,76,69,72,75,73,65,73,20,62,79,58,00,12,\
555.   02,00,00,1f,00,00,13,30,00,02,00,01,00,06,00,02,00,00,78,05,00,21,48,69,21,\
556.   20,49,20,61,6d,20,6c,6f,6f,6b,69,6e,67,20,66,6f,72,20,6e,65,77,20,66,72,69,\
557.   65,6e,64,73,2e,01,00,06,00,02,00,00,78,05,00,13,49,20,61,6d,20,66,72,6f,6d,\
558.   20,4d,69,61,6d,69,2c,20,46,4c,80,00,92,02,00,00,1f,00,00,3e,44,00,02,00,01,\
559.   00,06,00,02,00,00,78,05,00,35,43,6f,6e,67,72,61,74,75,6c,61,74,69,6f,6e,73,\
560.   21,20,50,61,79,50,61,6c,20,68,61,73,20,73,75,63,63,65,73,73,66,75,6c,6c,79,\
561.   20,63,68,61,72,67,65,64,20,24,31,37,35,01,00,06,00,02,00,00,78,05,00,27,44,\
562.   4f,20,4e,4f,54,20,52,45,50,4c,59,20,54,4f,20,54,48,49,53,20,4d,45,53,53,41,\
563.   47,45,20,56,49,41,20,45,4d,41,49,4c,21,67,00,00,00,00,00,1f,00,00,d0,34,00,\
564.   02,00,01,00,06,00,02,00,00,78,05,00,25,54,6f,20,73,65,65,20,64,65,74,61,69,\
565.   6c,73,20,70,6c,65,61,73,65,20,63,6c,69,63,6b,20,74,68,69,73,20,6c,69,6e,6b,\
566.   01,00,06,00,02,00,00,78,05,00,1e,53,65,65,20,6d,79,20,68,6f,6d,65,70,61,67,\
567.   65,20,77,69,74,68,20,6d,79,20,77,65,62,6c,6f,67,1d,00,00,00,69,00,1f,00,00,\
568.   4f,00,00,00,00,01,00,06,00,02,00,00,90,01,00,04,68,65,79,21,3c,00,00,00,69,\
569.   03,1f,00,00,52,1f,00,02,00,00,00,01,00,02,00,00,1e,00,00,10,2e,65,75,2e,75,\
570.   6e,64,65,72,6e,65,74,2e,6f,72,67,01,00,06,00,02,00,00,1e,00,00,08,2e,64,61,\
571.   6c,2e,6e,65,74,17,00,07,05,dd,04,1e,00,00,f6,00,06,00,71,00,00,00,00,00,00,\
572.   00,00,00,3d,00,a6,03,00,00,1f,00,00,c0,1d,00,01,00,01,00,06,00,02,00,00,1e,\
573.   00,00,0e,62,72,6f,61,64,77,61,79,2e,6e,79,2e,75,73,01,00,06,00,02,00,00,1e,\
574.   00,00,0b,62,72,75,73,73,65,6c,73,2e,62,65,33,00,d9,03,00,00,1f,00,00,9c,15,\
575.   00,02,00,01,00,06,00,02,00,00,1e,00,00,06,71,69,73,2e,6d,64,01,00,06,00,02,\
576.   00,00,1e,00,00,09,76,61,6e,63,6f,75,76,65,72,33,00,0c,04,00,00,1f,00,00,24,\
577.   17,00,02,00,00,00,01,00,02,00,00,1e,00,00,08,6c,75,6c,65,61,2e,73,65,01,00,\
578.   06,00,02,00,00,1e,00,00,07,6f,7a,62,79,74,65,73,3b,00,47,04,00,00,1f,00,00,\
579.   d6,18,00,02,00,01,00,06,00,02,00,00,1e,00,00,09,6c,6f,6e,64,6f,6e,2e,75,6b,\
580.   01,00,06,00,02,00,00,1e,00,00,0e,6c,6f,73,2d,61,6e,67,65,6c,65,73,2e,63,61,\
581.   36,00,7d,04,00,00,1f,00,00,ea,1a,00,02,00,01,00,06,00,02,00,00,1e,00,00,0b,\
582.   66,6c,61,6e,64,65,72,73,2e,62,65,01,00,06,00,02,00,00,1e,00,00,07,67,72,61,\
583.   7a,2e,61,74,2e,00,ab,04,00,00,1f,00,00,9d,16,00,02,00,01,00,06,00,02,00,00,\
584.   1e,00,00,07,63,61,65,6e,2e,66,72,01,00,06,00,02,00,00,1e,00,00,03,63,65,64,\
585.   32,00,00,00,00,00,1f,00,00,dd,14,00,02,00,01,00,06,00,02,00,00,1e,00,00,05,\
586.   63,6f,69,6e,73,01,00,06,00,02,00,00,1e,00,00,09,64,69,65,6d,65,6e,2e,6e,6c,\
587.   2a,00,00,00,00,00,1f,00,00,73,12,00,02,00,01,00,06,00,02,00,00,78,05,00,03,\
588.   49,52,43,01,00,06,00,02,00,00,78,05,00,03,69,72,63,17,00,56,05,1e,05,1e,00,\
589.   00,c5,00,06,00,67,06,00,00,00,00,00,00,00,00,38,00,00,00,00,00,1f,00,00,f7,\
590.   1a,00,02,00,01,00,06,00,02,00,00,1e,00,00,0b,72,65,61,63,74,6f,72,2e,68,74,\
591.   6d,01,00,06,00,02,00,00,1e,00,00,09,69,6e,64,65,78,2e,68,74,6d,17,00,00,00,\
592.   1e,05,1e,00,00,17,00,06,00,68,06,00,00,00,00,00,00,00,00
593. "szDescr"="The sending or receiving machine may be infected with the Bofra virus. This looks for variants a through e of this virus."
594. "RGBValue"=dword:00800080
595. "szFolder"="Virus Filters"
596. "bFilterBasedAlarm"=dword:00000001
597.  
598. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Bropia.worm.p]
599. "FilterBuffer"=hex:a5,01,00,00,08,00,00,00,17,00,8f,00,1f,00,1e,00,00,eb,00,06,\
600.   00,50,00,00,00,00,00,00,00,00,00,70,00,00,00,00,00,1f,00,00,7c,35,00,02,00,\
601.   01,00,06,00,01,00,00,00,00,00,26,47,45,54,20,2f,6c,6f,6c,5f,66,2a,2a,2a,5f,\
602.   79,6f,75,5f,6c,6f,6c,2f,6c,30,6c,5f,35,33,78,79,5f,6c,30,6c,2e,6a,70,67,01,\
603.   00,06,00,01,00,00,00,00,00,26,47,45,54,20,2f,6c,6f,6c,5f,66,75,63,6b,5f,79,\
604.   6f,75,5f,6c,6f,6c,2f,6c,30,6c,5f,35,33,78,79,5f,6c,30,6c,2e,6a,70,67,17,00,\
605.   00,00,a6,00,20,00,00,6a,00,06,00,19,00,00,00,00,00,00,00,00,00,2a,00,00,00,\
606.   d0,00,1f,00,00,f7,00,00,00,00,01,00,06,00,02,00,00,dc,05,00,11,6d,65,6d,62,\
607.   65,72,73,2e,63,68,65,6c,6c,6f,2e,6e,6c,39,00,09,01,00,00,1f,00,00,56,1e,00,\
608.   02,00,00,00,01,00,02,00,00,dc,05,00,0f,43,48,45,43,4b,20,54,48,49,53,20,4c,\
609.   4f,4c,21,00,00,01,00,02,00,00,00,00,00,06,43,55,53,54,4f,4d,3a,00,43,01,00,\
610.   00,1f,00,00,a9,20,00,02,00,00,00,01,00,02,00,00,dc,05,00,11,48,75,67,65,20,\
611.   54,75,72,64,20,68,61,68,61,61,68,21,00,00,01,00,02,00,00,dc,05,00,05,4c,4f,\
612.   4f,4b,21,30,00,73,01,00,00,1f,00,00,08,14,00,02,00,00,00,01,00,02,00,00,dc,\
613.   05,00,05,6e,69,63,65,21,00,00,01,00,02,00,00,dc,05,00,07,6f,77,6e,61,67,65,\
614.   21,32,00,00,00,00,00,1f,00,00,3a,00,00,00,00,00,00,01,00,02,00,00,dc,05,00,\
615.   19,70,61,72,69,73,20,68,69,6c,74,6f,6e,20,67,6f,74,20,68,61,63,6b,65,64,21,\
616.   21
617. "szDescr"="The sending machine is attempting to download a .jpg file. This file is downloaded upon execution of the Bropia worm."
618. "RGBValue"=dword:00800080
619. "szFolder"="Virus Filters"
620. "bFilterBasedAlarm"=dword:00000001
621.  
622. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) BugBear.b]
623. "FilterBuffer"=hex:5c,00,00,00,02,00,00,00,2a,00,32,00,00,00,1f,00,00,f1,12,00,\
624.   01,00,00,00,01,00,01,50,00,00,00,01,03,5c,57,49,00,00,01,00,01,59,00,00,00,\
625.   01,03,4e,4f,54,2a,00,00,00,00,00,1f,00,00,69,12,00,01,00,00,00,01,00,01,50,\
626.   00,00,00,01,03,5c,50,52,00,00,01,00,01,5f,00,00,00,01,03,57,49,4e
627. "szDescr"="The offending station may have been infected with the W32.BugBear.B virus."
628. "RGBValue"=dword:00800080
629. "bFilterBasedAlarm"=dword:00000001
630. "szFolder"="Virus Filters"
631.  
632. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) BugBear.k]
633. "FilterBuffer"=hex:f6,01,00,00,09,00,00,00,17,00,60,00,1f,00,20,00,00,d4,00,06,\
634.   00,6e,00,00,00,00,00,00,00,00,00,41,00,77,00,00,00,1f,00,00,79,1f,00,02,00,\
635.   01,00,06,00,02,00,00,78,05,00,10,61,30,30,30,30,33,32,2e,6a,70,67,20,2e,73,\
636.   63,72,01,00,06,00,02,00,00,78,05,00,0d,73,6f,6e,67,2e,77,61,76,20,2e,73,63,\
637.   72,17,00,00,00,1f,00,20,00,00,13,00,06,00,19,00,00,00,00,00,00,00,00,00,40,\
638.   00,b7,00,00,00,1f,00,00,fb,1d,00,02,00,01,00,06,00,02,00,00,78,05,00,0e,6d,\
639.   75,73,69,63,2e,6d,70,33,20,2e,73,63,72,01,00,06,00,02,00,00,78,05,00,0e,76,\
640.   69,64,65,6f,2e,61,76,69,20,2e,73,63,72,40,00,f7,00,00,00,1f,00,00,7f,1d,00,\
641.   02,00,01,00,06,00,02,00,00,78,05,00,0e,70,68,6f,74,6f,2e,6a,70,67,20,2e,73,\
642.   63,72,01,00,06,00,02,00,00,78,05,00,0e,67,69,72,6c,73,2e,6a,70,67,20,2e,73,\
643.   63,72,40,00,37,01,00,00,1f,00,00,fa,1b,00,02,00,01,00,06,00,02,00,00,78,05,\
644.   00,0c,70,69,63,2e,6a,70,67,20,2e,73,63,72,01,00,06,00,02,00,00,78,05,00,10,\
645.   6d,65,73,73,61,67,65,2e,74,78,74,20,2e,73,63,72,3f,00,76,01,00,00,1f,00,00,\
646.   6b,1d,00,02,00,01,00,06,00,02,00,00,78,05,00,0e,69,6d,61,67,65,2e,6a,70,67,\
647.   20,2e,73,63,72,01,00,06,00,02,00,00,78,05,00,0d,6e,65,77,73,2e,64,6f,63,20,\
648.   2e,73,63,72,40,00,b6,01,00,00,1f,00,00,f9,1f,00,02,00,01,00,06,00,02,00,00,\
649.   78,05,00,10,6d,79,70,68,6f,74,6f,2e,6a,70,67,20,2e,73,63,72,01,00,06,00,02,\
650.   00,00,78,05,00,0c,79,6f,75,2e,6a,70,67,20,2e,73,63,72,40,00,00,00,00,00,1f,\
651.   00,00,7a,1c,00,01,00,01,00,06,00,02,00,00,78,05,00,0d,6c,6f,76,65,2e,6a,70,\
652.   67,20,2e,73,63,72,01,00,06,00,02,00,00,78,05,00,0f,72,65,61,64,6d,65,2e,74,\
653.   78,74,20,2e,73,63,72
654. "RGBValue"=dword:00800080
655. "szDescr"="The sending machine may have been infected with the BugBear.k Virus."
656. "szFolder"="Virus Filters"
657. "bFilterBasedAlarm"=dword:00000001
658.  
659. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Eicar Anti-Virus Test Filter]
660. "FilterBuffer"=hex:64,00,00,00,01,00,00,00,5c,00,00,00,00,00,1f,00,00,61,00,00,\
661.   00,00,00,00,01,00,02,3c,00,dc,05,00,43,58,35,4f,21,50,25,40,41,50,5b,34,5c,\
662.   50,5a,58,35,34,28,50,5e,29,37,43,43,29,37,7d,24,45,49,43,41,52,2d,53,54,41,\
663.   4e,44,41,52,44,2d,41,4e,54,49,56,49,52,55,53,2d,54,45,53,54,2d,46,49,4c,45,\
664.   21,24,48,2b,48
665. "szDescr"="This filter captures the Eicar.Com file which is used to test Anti Virus programs. Eicar is NOT a real virus, but a small file that most anti virus programs see as a virus for testing purposes."
666. "szFolder"="Virus Filters"
667. "RGBValue"=dword:00800080
668.  
669. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Explet.a]
670. "FilterBuffer"=hex:dc,02,00,00,06,00,00,00,17,00,00,00,1f,00,20,00,00,ce,00,06,\
671.   00,19,00,00,00,00,00,00,00,00,00,83,00,a2,00,00,00,1f,00,00,b4,00,00,00,00,\
672.   01,00,06,00,02,00,00,78,05,00,6a,48,65,72,65,20,69,73,20,74,68,65,20,61,72,\
673.   63,68,69,76,65,20,77,69,74,68,20,74,68,6f,73,65,20,69,6e,66,6f,72,6d,61,74,\
674.   69,6f,6e,2c,20,79,6f,75,20,61,73,6b,65,64,20,6d,65,2e,20,41,6e,64,20,64,6f,\
675.   6e,27,74,20,66,6f,72,67,65,74,2c,20,69,74,20,69,73,20,73,74,72,6f,6e,67,6c,\
676.   79,20,63,6f,6e,66,69,64,65,6e,63,69,61,6c,21,21,21,4d,00,ef,00,00,00,1f,00,\
677.   00,fe,00,00,00,00,01,00,06,00,02,00,00,78,05,00,34,4c,6f,6f,6b,20,61,74,20,\
678.   6d,79,20,6e,65,77,20,73,63,72,65,65,6e,73,61,76,65,72,2e,20,49,20,68,6f,70,\
679.   65,20,79,6f,75,20,77,69,6c,6c,20,65,6e,6a,6f,79,2e,2e,2e,a9,00,98,01,00,00,\
680.   1f,00,00,a1,00,00,00,00,01,00,06,00,02,00,00,78,05,00,90,4d,79,20,66,72,69,\
681.   65,6e,64,20,67,61,76,65,20,6d,65,20,74,68,69,73,20,61,63,63,6f,75,6e,74,20,\
682.   67,65,6e,65,72,61,74,6f,72,20,66,6f,72,20,68,74,74,70,3a,2f,2f,77,77,77,2e,\
683.   70,61,6e,74,79,6f,6c,61,2e,63,6f,6d,20,49,20,77,61,6e,6e,61,20,73,68,61,72,\
684.   65,20,69,74,20,77,69,74,68,20,79,6f,75,20,3a,29,20,41,6e,64,20,70,6c,65,61,\
685.   73,65,20,64,6f,20,6e,6f,74,20,64,69,73,74,72,69,62,75,74,65,20,69,74,2e,20,\
686.   49,74,27,73,20,70,72,69,76,61,74,65,2e,e5,00,7d,02,00,00,1f,00,00,06,00,00,\
687.   00,00,00,00,01,00,02,00,00,78,05,00,cc,49,20,6f,66,66,65,72,20,79,6f,75,20,\
688.   66,75,6c,6c,20,62,61,73,65,20,6f,66,20,61,63,63,6f,75,6e,74,73,20,77,69,74,\
689.   68,20,70,61,73,73,77,6f,72,64,73,20,6f,66,20,6d,61,69,6c,20,73,65,72,76,65,\
690.   72,20,79,61,68,6f,6f,2e,63,6f,6d,2e,20,48,65,72,65,20,69,73,20,61,72,63,68,\
691.   69,76,65,20,77,69,74,68,20,73,6d,61,6c,6c,20,70,61,72,74,20,6f,66,20,69,74,\
692.   2e,20,59,6f,75,20,63,61,6e,20,73,65,65,20,74,68,61,74,20,61,6c,6c,20,69,6e,\
693.   66,6f,72,6d,61,74,69,6f,6e,20,69,73,20,72,65,61,6c,2e,20,49,66,20,79,6f,75,\
694.   20,77,61,6e,74,20,74,6f,20,62,75,79,20,66,75,6c,6c,20,62,61,73,65,2c,20,70,\
695.   6c,65,61,73,65,20,72,65,70,6c,79,20,6d,65,2e,2e,2e,5f,00,00,00,00,00,1f,00,\
696.   00,4a,00,00,00,00,00,00,01,00,02,00,00,78,05,00,46,48,69,2c,20,4e,69,63,6b,\
697.   2e,20,49,6e,20,74,68,69,73,20,61,72,63,68,69,76,65,20,79,6f,75,20,63,61,6e,\
698.   20,66,69,6e,64,20,61,6c,6c,20,74,68,6f,73,65,20,74,68,69,6e,67,73,2c,20,79,\
699.   6f,75,20,61,73,6b,65,64,20,6d,65,2e
700. "szDescr"="An email containing the Explet.a has either been sent and received from the captured stations."
701. "RGBValue"=dword:00800080
702. "szFolder"="Virus Filters"
703. "bFilterBasedAlarm"=dword:00000001
704.  
705. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Gaggle.E]
706. "FilterBuffer"=hex:b1,03,00,00,0b,00,00,00,17,00,bb,00,1f,00,20,00,00,02,00,06,\
707.   00,19,00,00,00,00,00,00,00,00,00,9c,00,cd,00,00,00,1f,00,00,48,47,00,02,00,\
708.   01,00,06,00,02,00,00,78,05,00,38,52,65,73,75,6c,74,61,64,6f,20,64,65,6c,20,\
709.   41,6e,df,6c,69,73,69,73,3a,20,4d,65,6e,73,61,6a,65,20,79,20,41,64,6a,75,6e,\
710.   74,6f,20,6c,69,62,72,65,20,64,65,20,76,69,72,75,73,01,00,06,00,02,00,00,78,\
711.   05,00,40,52,65,73,75,6c,74,20,67,69,76,65,73,20,74,68,65,20,41,6e,61,6c,79,\
712.   73,69,73,3a,20,4d,65,73,73,61,67,65,20,61,6e,64,20,41,64,64,65,64,20,66,72,\
713.   65,65,20,68,65,20,67,69,76,65,73,20,76,69,72,75,73,12,00,95,03,1f,00,01,00,\
714.   10,05,00,00,3e,25,ec,8c,00,00,6b,00,38,01,00,00,1f,00,00,e5,1f,00,02,00,01,\
715.   00,06,00,02,00,00,78,05,00,10,70,6c,65,61,73,65,20,6f,70,65,6e,20,66,69,6c,\
716.   65,01,00,06,00,02,00,00,78,05,00,37,45,6c,20,63,6f,72,72,65,6f,20,6e,6f,20,\
717.   70,75,64,6f,20,73,65,72,20,65,6e,76,69,61,64,6f,20,61,20,75,6e,6f,20,6f,20,\
718.   6d,df,73,20,64,65,73,74,69,6e,61,74,61,72,69,6f,73,72,00,aa,01,00,00,1f,00,\
719.   00,1d,3c,00,02,00,01,00,06,00,02,00,00,78,05,00,2d,4d,69,72,61,20,6c,61,20,\
720.   66,6f,74,6f,20,61,64,6a,75,6e,74,61,20,32,30,20,73,65,67,75,6e,64,6f,73,20,\
721.   79,20,76,65,72,61,73,20,61,6c,67,6f,01,00,06,00,02,00,00,78,05,00,21,54,65,\
722.   20,65,6e,76,69,6f,20,6c,61,73,20,69,6d,61,67,65,6e,65,73,20,71,75,65,20,70,\
723.   65,64,69,73,74,65,5c,00,06,02,00,00,1f,00,00,75,29,00,02,00,01,00,06,00,02,\
724.   00,00,78,05,00,1a,53,69,67,6e,69,66,69,63,61,64,6f,20,64,65,20,6c,6f,73,20,\
725.   6e,6f,6d,62,72,65,73,01,00,06,00,02,00,00,78,05,00,1e,51,75,69,65,72,65,73,\
726.   20,63,6f,6e,71,75,69,73,74,61,72,20,75,6e,61,20,70,61,72,65,6a,61,3f,4e,00,\
727.   54,02,00,00,1f,00,00,4f,20,00,02,00,01,00,06,00,02,00,00,78,05,00,11,4d,69,\
728.   72,61,20,6c,61,20,70,6f,73,74,61,6c,20,3d,29,01,00,06,00,02,00,00,78,05,00,\
729.   19,48,61,62,65,72,20,71,75,65,20,74,65,20,70,61,72,65,63,65,20,61,20,74,69,\
730.   3f,79,00,cd,02,00,00,1f,00,00,13,3a,00,02,00,01,00,06,00,02,00,00,78,05,00,\
731.   2b,48,61,20,72,65,63,69,62,69,64,6f,20,75,6e,61,20,70,6f,73,74,61,6c,20,64,\
732.   65,73,64,65,20,65,73,74,61,20,64,69,72,65,63,63,69,6f,6e,01,00,06,00,02,00,\
733.   00,78,05,00,2a,4e,75,65,73,74,72,61,20,70,61,67,69,6e,61,20,64,65,20,43,61,\
734.   72,74,6f,6f,6e,73,20,76,69,65,6e,65,20,72,65,63,61,72,67,61,64,61,64,00,31,\
735.   03,00,00,1f,00,00,ab,33,00,02,00,01,00,06,00,02,00,00,78,05,00,24,4d,69,72,\
736.   61,20,65,73,74,65,20,73,63,72,65,65,6e,73,61,76,65,72,2c,20,79,20,73,69,20,\
737.   74,65,20,67,75,73,74,61,01,00,06,00,02,00,00,78,05,00,1c,53,61,62,65,73,20,\
738.   6c,6f,20,71,75,65,20,65,73,20,65,6c,20,46,6f,72,64,57,61,72,65,3f,64,00,00,\
739.   00,00,00,1f,00,00,d4,36,00,02,00,01,00,06,00,02,00,00,78,05,00,27,44,65,62,\
740.   69,64,6f,20,61,20,6c,61,20,6e,75,65,76,61,20,70,6f,6c,69,74,69,63,61,20,64,\
741.   65,6c,20,73,65,72,76,69,64,6f,72,01,00,06,00,02,00,00,78,05,00,19,43,6f,6e,\
742.   6f,63,65,73,20,65,6c,20,73,65,78,6f,20,74,61,6e,74,72,69,63,6f,3f,1c,00,00,\
743.   00,1f,00,35,00,50,68,00,00,40,04,32,63,00,00,00,00,00,00,00,00,00,00,00,00
744. "szDescr"="The sending machine may be infected with the Gaggle.E virus."
745. "RGBValue"=dword:00800080
746. "szFolder"="Virus Filters"
747. "bFilterBasedAlarm"=dword:00000001
748.  
749. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Gaobot.bqj]
750. "FilterBuffer"=hex:3f,02,00,00,14,00,00,00,1c,00,3b,00,24,00,35,00,50,b6,00,00,\
751.   82,59,01,10,00,00,00,00,00,00,00,00,00,00,00,00,17,00,00,00,57,00,20,00,00,\
752.   ae,00,06,00,50,00,00,00,00,00,00,00,00,00,1c,00,74,00,24,00,35,00,50,8b,00,\
753.   00,cf,9b,fc,49,00,00,00,00,00,00,00,00,00,00,00,00,1d,00,00,00,00,00,1f,00,\
754.   00,2d,00,00,00,00,01,00,06,00,01,00,00,00,00,00,04,2f,47,45,54,1c,00,90,00,\
755.   24,00,35,00,50,70,00,00,82,3b,0a,28,00,00,00,00,00,00,00,00,00,00,00,00,1c,\
756.   00,ac,00,24,00,35,00,50,cf,00,00,81,15,02,f5,00,00,00,00,00,00,00,00,00,00,\
757.   00,00,1c,00,c8,00,24,00,35,00,50,8e,00,00,42,60,c0,dc,00,00,00,00,00,00,00,\
758.   00,00,00,00,00,1c,00,e4,00,24,00,35,00,50,36,00,00,ca,f8,14,44,00,00,00,00,\
759.   00,00,00,00,00,00,00,00,1c,00,00,01,24,00,35,00,50,e4,00,00,8c,72,48,2d,00,\
760.   00,00,00,00,00,00,00,00,00,00,00,1c,00,1c,01,24,00,35,00,50,a4,00,00,d1,f5,\
761.   13,2a,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,38,01,24,00,35,00,50,73,00,\
762.   00,ca,38,80,38,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,54,01,24,00,35,00,\
763.   50,2b,00,00,26,09,33,14,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,70,01,24,\
764.   00,35,00,50,e3,00,00,42,60,c0,c9,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,\
765.   8c,01,24,00,35,00,50,76,00,00,80,72,01,05,00,00,00,00,00,00,00,00,00,00,00,\
766.   00,1c,00,a8,01,24,00,35,00,50,c5,00,00,d5,82,2c,25,00,00,00,00,00,00,00,00,\
767.   00,00,00,00,1c,00,c4,01,24,00,35,00,50,03,00,00,c3,14,e0,59,00,00,00,00,00,\
768.   00,00,00,00,00,00,00,1c,00,e0,01,24,00,35,00,50,49,00,00,cf,7e,60,ab,00,00,\
769.   00,00,00,00,00,00,00,00,00,00,1c,00,fc,01,24,00,35,00,50,9e,00,00,81,8f,02,\
770.   09,00,00,00,00,00,00,00,00,00,00,00,00,17,00,00,00,13,02,1e,00,00,93,02,06,\
771.   00,58,1b,00,00,00,00,00,00,00,00,2c,00,00,00,00,00,1f,00,00,17,13,00,02,00,\
772.   01,00,06,00,01,00,00,00,00,00,04,3a,69,72,63,01,00,06,00,01,00,00,00,00,00,\
773.   04,69,72,63,3a
774. "szDescr"="The sending machine may be infected with the Gaobot.bqj worm."
775. "RGBValue"=dword:00800080
776. "szFolder"="Virus Filters"
777. "bFilterBasedAlarm"=dword:00000001
778.  
779. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Gletta.a Trojan]
780. "FilterBuffer"=hex:5c,00,00,00,02,00,00,00,17,00,00,00,1f,00,20,00,00,9f,00,06,\
781.   00,19,00,00,00,00,00,00,00,00,00,3d,00,00,00,00,00,1f,00,00,45,21,00,01,00,\
782.   01,00,06,00,02,00,00,78,05,00,12,42,75,73,69,6e,65,73,73,20,4e,65,77,73,20,\
783.   66,72,6f,6d,01,00,06,00,02,00,00,78,05,00,07,6d,61,69,6c,2e,72,75
784. "szDescr"="The sending machine may be infected with the Gletta.a Trojan. This virus sends sensitive information to the destination server via Email."
785. "RGBValue"=dword:00800080
786. "szFolder"="Virus Filters"
787. "bFilterBasedAlarm"=dword:00000001
788.  
789. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) JS.Scob.Trojan]
790. "FilterBuffer"=hex:d8,01,00,00,07,00,00,00,12,00,1a,00,00,00,01,00,10,4d,00,00,\
791.   d9,6b,da,93,00,00,37,00,51,00,00,00,1f,00,00,1e,16,00,01,00,01,00,06,00,02,\
792.   00,00,78,05,00,07,6d,6d,73,5c,3a,2f,2f,01,00,06,00,02,00,00,78,05,00,0c,41,\
793.   44,4f,44,42,2e,53,74,72,65,61,6d,47,00,98,00,00,00,1f,00,00,8f,21,00,01,00,\
794.   01,00,06,00,02,00,00,78,05,00,12,25,35,33,25,37,34,25,37,32,25,36,35,25,36,\
795.   31,25,36,44,01,00,05,01,02,00,00,78,05,00,11,34,31,25,34,34,25,34,46,25,34,\
796.   34,25,34,32,25,32,45,a8,00,40,01,00,00,1f,00,00,f9,00,00,00,00,01,00,06,00,\
797.   02,00,00,78,05,00,8f,42,41,20,41,43,20,43,37,20,41,44,20,43,37,20,34,38,20,\
798.   38,33,20,44,31,20,43,41,20,36,38,20,38,31,20,32,36,20,38,42,20,36,43,20,46,\
799.   33,20,32,39,20,30,30,20,32,38,20,41,33,20,32,45,20,30,30,20,33,38,20,41,33,\
800.   20,33,36,20,30,32,20,36,45,20,33,46,20,32,35,20,38,42,20,36,43,20,38,37,20,\
801.   45,35,20,44,38,20,33,41,20,44,30,20,41,44,20,43,46,20,34,38,20,39,37,20,37,\
802.   36,20,45,31,20,39,32,20,45,46,20,32,36,20,39,42,20,32,43,20,38,37,20,34,32,\
803.   32,00,72,01,00,00,1f,00,00,4c,00,00,00,00,01,00,06,00,02,00,00,78,05,00,19,\
804.   76,61,72,20,71,78,63,6f,37,3d,64,6f,63,75,6d,65,6e,74,2e,63,6f,6f,6b,69,65,\
805.   3f,00,b1,01,00,00,1f,00,00,f0,1d,00,01,00,01,00,06,00,02,00,00,78,05,00,0e,\
806.   71,78,63,6f,37,3d,64,6f,63,75,6d,65,6e,74,01,00,06,00,02,00,00,78,05,00,0d,\
807.   71,78,63,6f,37,2e,69,6e,64,65,78,4f,66,27,00,00,00,00,00,1f,00,00,ce,00,00,\
808.   00,00,01,00,06,00,02,00,00,00,00,00,0e,66,75,6e,63,74,69,6f,6e,20,67,63,30,\
809.   39,39
810. "szDescr"="This filter detects someone accessing an infected Web Page or has already been infected by the trojan"
811. "RGBValue"=dword:00800080
812. "szFolder"="Virus Filters"
813. "bFilterBasedAlarm"=dword:00000001
814.  
815. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Kongo.w]
816. "FilterBuffer"=hex:4e,01,00,00,0c,00,00,00,12,00,1a,00,00,00,01,00,10,74,00,00,\
817.   42,5a,41,fc,00,00,1c,00,36,00,00,00,35,00,50,30,00,00,d5,db,d8,32,00,00,00,\
818.   00,00,00,00,00,00,00,00,00,1c,00,52,00,00,00,35,00,50,06,00,00,cd,d1,b8,b4,\
819.   00,00,00,00,00,00,00,00,00,00,00,00,1c,00,6e,00,00,00,35,00,50,c7,00,00,d5,\
820.   84,c4,cd,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,8a,00,00,00,35,00,50,4d,\
821.   00,00,d4,f8,15,64,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,a6,00,00,00,35,\
822.   00,50,b7,00,00,45,14,68,03,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,c2,00,\
823.   00,00,35,00,50,0d,00,00,c2,87,1e,c0,00,00,00,00,00,00,00,00,00,00,00,00,1c,\
824.   00,de,00,00,00,35,00,50,08,00,00,d5,1c,fe,3c,00,00,00,00,00,00,00,00,00,00,\
825.   00,00,1c,00,fa,00,00,00,35,00,50,1c,00,00,d1,19,d5,3a,00,00,00,00,00,00,00,\
826.   00,00,00,00,00,1c,00,16,01,00,00,35,00,50,ab,00,00,c3,16,a1,45,00,00,00,00,\
827.   00,00,00,00,00,00,00,00,1c,00,32,01,00,00,35,00,50,a3,00,00,d9,90,61,a2,00,\
828.   00,00,00,00,00,00,00,00,00,00,00,1c,00,00,00,00,00,35,00,50,85,00,00,d4,18,\
829.   3f,41,00,00,00,00,00,00,00,00,00,00,00,00
830. "szDescr"="The sending machine may be infected with the Kongo.w virus."
831. "RGBValue"=dword:00800080
832. "szFolder"="Virus Filters"
833. "bFilterBasedAlarm"=dword:00000001
834.  
835. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Korgo.g]
836. "FilterBuffer"=hex:b9,03,00,00,1a,00,00,00,17,00,43,00,1f,00,1e,00,00,a3,00,06,\
837.   00,0b,1a,00,00,00,00,00,00,00,00,24,00,5f,00,00,00,1f,00,00,62,00,00,00,00,\
838.   01,00,06,00,01,00,00,00,00,00,0b,3a,69,72,63,2e,74,73,6b,2e,72,75,1c,00,4d,\
839.   02,00,00,35,00,50,51,00,00,42,5a,41,fc,00,00,00,00,00,00,00,00,00,00,00,00,\
840.   2b,00,8a,00,00,00,1f,00,00,be,00,00,00,00,01,00,06,00,01,00,00,00,00,00,12,\
841.   3a,6d,6f,73,63,6f,77,2d,61,64,76,6f,6b,61,74,2e,72,75,31,00,bb,00,00,00,1f,\
842.   00,00,65,00,00,00,00,01,00,06,00,01,00,00,00,00,00,18,3a,67,72,61,7a,2e,61,\
843.   74,2e,65,75,2e,75,6e,64,65,72,6e,65,74,2e,6f,72,67,35,00,f0,00,00,00,1f,00,\
844.   00,27,00,00,00,00,01,00,06,00,01,00,00,00,00,00,1c,3a,66,6c,61,6e,64,65,72,\
845.   73,2e,62,65,2e,65,75,2e,75,6e,64,65,72,6e,65,74,2e,6f,72,67,31,00,21,01,00,\
846.   00,1f,00,00,ea,00,00,00,00,01,00,06,00,01,00,00,00,00,00,18,3a,63,61,65,6e,\
847.   2e,66,72,2e,65,75,2e,75,6e,64,65,72,6e,65,74,2e,6f,72,67,35,00,56,01,00,00,\
848.   1f,00,00,6f,00,00,00,00,01,00,06,00,01,00,00,00,00,00,1c,3a,62,72,75,73,73,\
849.   65,6c,73,2e,62,65,2e,65,75,2e,75,6e,64,65,72,6e,65,74,2e,6f,72,67,38,00,8e,\
850.   01,00,00,1f,00,00,2b,00,00,00,00,01,00,06,00,01,00,00,00,00,00,1f,3a,6c,6f,\
851.   73,2d,61,6e,67,65,6c,65,73,2e,63,61,2e,75,73,2e,75,6e,64,65,72,6e,65,74,2e,\
852.   6f,72,67,2e,00,bc,01,00,00,1f,00,00,e6,00,00,00,00,01,00,06,00,01,00,00,00,\
853.   00,00,15,3a,67,61,73,70,6f,64,65,2e,7a,61,6e,65,74,2e,6f,72,67,2e,7a,61,27,\
854.   00,e3,01,00,00,1f,00,00,38,00,00,00,00,01,00,06,00,01,00,00,00,00,00,0e,3a,\
855.   6c,69,61,2e,7a,61,6e,65,74,2e,6e,65,74,37,00,1a,02,00,00,1f,00,00,87,00,00,\
856.   00,00,01,00,06,00,01,00,00,00,00,00,1e,3a,77,61,73,68,69,6e,67,74,6f,6e,2e,\
857.   64,63,2e,75,73,2e,75,6e,64,65,72,6e,65,74,2e,6f,72,67,33,00,00,00,00,00,1f,\
858.   00,00,cf,00,00,00,00,01,00,06,00,01,00,00,00,00,00,1a,3a,6c,6f,6e,64,6f,6e,\
859.   2e,75,6b,2e,65,75,2e,75,6e,64,65,72,6e,65,74,2e,6f,72,67,1c,00,69,02,00,00,\
860.   35,00,50,3f,00,00,d9,90,61,18,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,85,\
861.   02,00,00,35,00,50,cb,00,00,d4,18,3f,41,00,00,00,00,00,00,00,00,00,00,00,00,\
862.   1c,00,a1,02,00,00,35,00,50,81,00,00,d8,c2,46,04,00,00,00,00,00,00,00,00,00,\
863.   00,00,00,1c,00,bd,02,00,00,35,00,50,5d,00,00,d5,f8,36,4f,00,00,00,00,00,00,\
864.   00,00,00,00,00,00,1c,00,d9,02,00,00,35,00,50,d6,00,00,c2,87,1e,c0,00,00,00,\
865.   00,00,00,00,00,00,00,00,00,1c,00,f5,02,00,00,35,00,50,7d,00,00,45,14,3a,22,\
866.   00,00,00,00,00,00,00,00,00,00,00,00,1c,00,11,03,00,00,35,00,50,1f,00,00,d1,\
867.   19,d5,3a,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,2d,03,00,00,35,00,50,31,\
868.   00,00,40,ed,38,5d,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,49,03,00,00,35,\
869.   00,50,d3,00,00,80,79,b3,64,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,65,03,\
870.   00,00,35,00,50,b2,00,00,d5,84,c4,cd,00,00,00,00,00,00,00,00,00,00,00,00,1c,\
871.   00,81,03,00,00,35,00,50,25,00,00,cd,d1,bd,f0,00,00,00,00,00,00,00,00,00,00,\
872.   00,00,1c,00,9d,03,00,00,35,00,50,bc,00,00,41,4b,bf,62,00,00,00,00,00,00,00,\
873.   00,00,00,00,00,1c,00,00,00,00,00,35,00,50,54,00,00,c1,db,05,90,00,00,00,00,\
874.   00,00,00,00,00,00,00,00
875. "szDescr"="The sending machine may be infected with the virus.as itis trying to connect to an IRC server that is used by the Korgo.g virus."
876. "szFolder"="Virus Filters"
877. "RGBValue"=dword:00800080
878. "bFilterBasedAlarm"=dword:00000001
879.  
880. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Korgo.w]
881. "FilterBuffer"=hex:4e,01,00,00,0c,00,00,00,12,00,1a,00,00,00,01,00,10,74,00,00,\
882.   42,5a,41,fc,00,00,1c,00,36,00,00,00,35,00,50,30,00,00,d5,db,d8,32,00,00,00,\
883.   00,00,00,00,00,00,00,00,00,1c,00,52,00,00,00,35,00,50,06,00,00,cd,d1,b8,b4,\
884.   00,00,00,00,00,00,00,00,00,00,00,00,1c,00,6e,00,00,00,35,00,50,c7,00,00,d5,\
885.   84,c4,cd,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,8a,00,00,00,35,00,50,4d,\
886.   00,00,d4,f8,15,64,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,a6,00,00,00,35,\
887.   00,50,b7,00,00,45,14,68,03,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,c2,00,\
888.   00,00,35,00,50,0d,00,00,c2,87,1e,c0,00,00,00,00,00,00,00,00,00,00,00,00,1c,\
889.   00,de,00,00,00,35,00,50,08,00,00,d5,1c,fe,3c,00,00,00,00,00,00,00,00,00,00,\
890.   00,00,1c,00,fa,00,00,00,35,00,50,1c,00,00,d1,19,d5,3a,00,00,00,00,00,00,00,\
891.   00,00,00,00,00,1c,00,16,01,00,00,35,00,50,ab,00,00,c3,16,a1,45,00,00,00,00,\
892.   00,00,00,00,00,00,00,00,1c,00,32,01,00,00,35,00,50,a3,00,00,d9,90,61,a2,00,\
893.   00,00,00,00,00,00,00,00,00,00,00,1c,00,00,00,00,00,35,00,50,85,00,00,d4,18,\
894.   3f,41,00,00,00,00,00,00,00,00,00,00,00,00
895. "szDescr"="The sending machine may be infected with the virus.as itis trying to connect to an IRC server that is used by the Korgo.w virus."
896. "RGBValue"=dword:00800080
897. "szFolder"="Virus Filters"
898. "bFilterBasedAlarm"=dword:00000001
899.  
900. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Korgo.x]
901. "FilterBuffer"=hex:5b,01,00,00,0d,00,00,00,17,00,31,00,1f,00,20,00,00,46,00,06,\
902.   00,50,00,00,00,00,00,00,00,00,00,12,00,48,00,00,00,01,00,10,76,00,00,42,5a,\
903.   41,fc,00,00,17,00,44,01,1f,00,20,00,00,88,00,06,00,bb,01,00,00,00,00,00,00,\
904.   00,00,1c,00,64,00,00,00,35,00,50,c3,00,00,cd,d1,bd,f0,00,00,00,00,00,00,00,\
905.   00,00,00,00,00,1c,00,80,00,00,00,35,00,50,f5,00,00,d5,84,c4,cd,00,00,00,00,\
906.   00,00,00,00,00,00,00,00,1c,00,9c,00,00,00,35,00,50,ac,00,00,45,14,68,03,00,\
907.   00,00,00,00,00,00,00,00,00,00,00,1c,00,b8,00,00,00,35,00,50,6e,00,00,c2,87,\
908.   1e,c0,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,d4,00,00,00,35,00,50,23,00,\
909.   00,c1,db,05,90,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,f0,00,00,00,35,00,\
910.   50,cd,00,00,d1,19,d5,3a,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,0c,01,00,\
911.   00,35,00,50,2f,00,00,d4,18,3f,41,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,\
912.   28,01,00,00,35,00,50,45,00,00,d8,c2,46,04,00,00,00,00,00,00,00,00,00,00,00,\
913.   00,1c,00,00,00,00,00,35,00,50,9e,00,00,d9,90,61,a2,00,00,00,00,00,00,00,00,\
914.   00,00,00,00,17,00,00,00,1f,00,20,00,00,b9,00,11,00,50,00,00,00,00,00,00,00,\
915.   00,00
916. "szDescr"="The sending machine may be infected with the Korgo.x virus. It may be attempting to connect to a remote server in order to update the virus code."
917. "RGBValue"=dword:00800080
918. "szFolder"="Virus Filters"
919. "bFilterBasedAlarm"=dword:00000001
920.  
921. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Lovesan]
922. "FilterBuffer"=hex:99,00,00,00,06,00,00,00,12,00,31,00,1a,00,23,00,00,5c,f2,03,\
923.   00,00,00,00,00,00,17,00,00,00,48,00,1e,00,00,03,02,06,00,87,00,00,00,00,00,\
924.   00,00,00,00,17,00,00,00,7d,00,1e,00,00,25,02,06,00,87,00,00,00,00,00,00,00,\
925.   00,00,1b,00,00,00,63,00,1f,00,00,44,00,00,00,00,00,00,01,00,01,4c,00,00,00,\
926.   01,02,04,00,1a,00,00,00,00,00,1f,00,01,5e,00,00,00,00,00,00,01,00,02,87,05,\
927.   95,05,01,01,00,1c,00,00,00,00,00,1f,00,00,7b,00,00,00,00,00,00,01,00,01,ca,\
928.   03,00,00,01,03,90,90,90
929. "szDescr"="This event indicates that the sending machine may be infected with the MS Blaster (Lovesan) virus."
930. "RGBValue"=dword:00800080
931. "bFilterBasedAlarm"=dword:00000001
932. "szFolder"="Virus Filters"
933.  
934. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Lovgate]
935. "FilterBuffer"=hex:95,01,00,00,07,00,00,00,17,00,75,00,1f,00,1e,00,00,08,02,06,\
936.   00,8b,00,00,00,00,00,00,00,00,00,56,00,00,00,00,00,1f,00,00,8b,28,00,02,00,\
937.   01,00,06,00,02,00,00,78,05,01,19,ef,9f,d1,4c,a3,40,4f,47,6c,3b,0a,3f,0e,32,\
938.   98,3e,34,ab,48,60,cf,88,7e,b1,5a,01,00,06,00,02,00,00,78,05,01,19,f1,4d,e7,\
939.   6b,52,dc,0b,5a,43,2e,df,90,ba,7b,40,d5,67,a5,a8,1a,98,e2,dc,cf,f8,17,00,13,\
940.   01,8c,00,1e,00,00,ad,02,06,00,bd,01,00,00,00,00,00,00,00,00,87,00,00,00,00,\
941.   00,1f,00,00,bd,28,00,02,00,01,00,06,00,02,00,00,78,05,01,19,ef,9f,d1,4c,a3,\
942.   40,4f,47,6c,3b,0a,3f,0e,32,98,3e,34,ab,48,60,cf,88,7e,b1,5a,01,00,06,00,02,\
943.   00,00,78,05,00,4a,66,31,20,34,64,20,65,37,20,36,62,20,35,32,20,64,63,20,30,\
944.   62,20,35,61,20,34,33,20,32,65,20,64,66,20,39,30,20,62,61,20,37,62,20,34,30,\
945.   20,64,35,20,36,37,20,61,35,20,61,38,20,31,61,20,39,38,20,65,32,20,64,63,20,\
946.   63,66,20,66,38,17,00,7e,01,2a,01,1e,00,00,a2,01,06,00,44,04,00,00,00,00,00,\
947.   00,00,00,54,00,00,00,00,00,1f,00,00,df,2e,00,02,00,01,00,06,00,02,00,00,78,\
948.   05,00,1f,53,6f,72,72,79,2c,20,59,6f,75,72,20,50,61,73,73,57,6f,72,64,20,4e,\
949.   6f,74,20,52,69,67,68,74,2e,01,00,06,00,02,00,00,78,05,00,11,4f,4b,21,20,50,\
950.   6c,65,61,73,65,20,45,6e,74,65,72,3a,17,00,00,00,00,00,1e,00,00,e0,01,06,00,\
951.   c8,4e,00,00,00,00,00,00,00,00
952. "szDescr"="The sending machine may be infected with Lovgate filter. This filter may cause false positives when triggered only on port 20168. "
953. "RGBValue"=dword:00800080
954. "szFolder"="Virus Filters"
955. "bFilterBasedAlarm"=dword:00000001
956.  
957. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Lovgate.AB]
958. "FilterBuffer"=hex:e7,00,00,00,03,00,00,00,17,00,00,00,1f,00,20,00,01,49,00,06,\
959.   00,50,00,00,00,00,00,00,00,00,00,78,00,97,00,00,00,1f,00,00,d8,3b,00,01,00,\
960.   01,00,06,00,02,00,00,78,05,00,2c,49,66,20,79,6f,75,20,63,61,6e,20,6b,65,65,\
961.   70,20,79,6f,75,72,20,68,65,61,64,20,77,68,65,6e,20,61,6c,6c,20,61,62,6f,75,\
962.   74,20,79,6f,75,01,00,06,00,02,00,00,78,05,00,28,41,72,65,20,6c,6f,73,69,6e,\
963.   67,20,74,68,65,69,72,73,20,61,6e,64,20,62,6c,61,6d,69,6e,67,20,69,74,20,6f,\
964.   6e,20,79,6f,75,3b,50,00,00,00,00,00,1f,00,00,f6,00,00,00,00,01,00,06,00,02,\
965.   00,00,78,05,00,37,49,74,27,73,20,74,68,65,20,6c,6f,6e,67,2d,61,77,61,69,74,\
966.   65,64,20,66,69,6c,6d,20,76,65,72,73,69,6f,6e,20,6f,66,20,74,68,65,20,42,72,\
967.   6f,61,64,77,61,79,20,68,69,74,2e
968. "szDescr"="The sending machine may be infected with the Lovgate.AB virus."
969. "RGBValue"=dword:00800080
970. "szFolder"="Virus Filters"
971. "bFilterBasedAlarm"=dword:00000001
972.  
973. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Mimail.c]
974. "FilterBuffer"=hex:94,00,00,00,02,00,00,00,42,00,4a,00,00,00,1f,00,00,8a,1e,00,\
975.   02,00,01,00,07,00,01,0c,00,00,00,00,0f,64,61,72,6b,70,72,6f,66,69,74,73,2e,\
976.   63,6f,6d,01,00,07,00,01,0c,00,00,00,00,0f,64,61,72,6b,70,72,6f,66,69,74,73,\
977.   2e,6e,65,74,4a,00,00,00,00,00,1f,00,00,2c,22,00,02,00,01,00,07,00,01,0c,00,\
978.   00,00,00,13,77,77,77,2e,64,61,72,6b,70,72,6f,66,69,74,73,2e,63,6f,6d,01,00,\
979.   07,00,01,0c,00,00,00,00,13,77,77,77,2e,64,61,72,6b,70,72,6f,66,69,74,73,2e,\
980.   6e,65,74
981. "szDescr"="The sending machine may be infected with the Mimail.c virus."
982. "RGBValue"=dword:00800080
983. "szFolder"="Virus Filters"
984. "bFilterBasedAlarm"=dword:00000001
985.  
986. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Mimail.i]
987. "FilterBuffer"=hex:68,00,00,00,02,00,00,00,30,00,38,00,00,00,1f,00,00,1c,19,00,\
988.   01,00,01,00,07,00,01,1a,00,00,00,00,0a,63,65,6e,74,72,75,6d,2e,63,7a,01,00,\
989.   07,00,01,26,00,00,00,01,02,00,0f,30,00,00,00,00,00,1f,00,00,c8,19,00,01,00,\
990.   00,00,01,00,01,2c,00,00,00,00,0a,6d,61,69,6c,31,35,2e,63,6f,6d,01,00,07,00,\
991.   01,26,00,00,00,01,02,00,0f
992. "szDescr"="The sending machine may be infected with the Mimail.i virus."
993. "bFilterBasedAlarm"=dword:00000001
994. "RGBValue"=dword:00800080
995. "szFolder"="Virus Filters"
996.  
997. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Misodene Trojan]
998. "FilterBuffer"=hex:7e,00,00,00,02,00,00,00,17,00,00,00,1f,00,20,00,00,14,00,06,\
999.   00,19,00,00,00,00,00,00,00,00,00,5f,00,00,00,00,00,1f,00,00,95,00,00,00,00,\
1000.   01,00,06,00,02,00,00,b0,04,00,46,51,75,69,20,73,61,62,65,20,65,6c,20,50,65,\
1001.   6e,74,61,67,6f,6e,6f,20,73,6f,62,72,65,20,75,73,74,65,64,20,20,28,57,68,61,\
1002.   74,20,74,68,65,20,50,65,6e,74,61,67,6f,6e,20,6b,6e,6f,77,73,20,61,62,6f,75,\
1003.   74,20,79,6f,75,29
1004. "szDescr"="This filter captures incoming and outgoing infected messages."
1005. "RGBValue"=dword:00800080
1006. "szFolder"="Virus Filters"
1007. "bFilterBasedAlarm"=dword:00000001
1008.  
1009. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Moo.b Trojan]
1010. "FilterBuffer"=hex:36,00,00,00,02,00,00,00,12,00,1a,00,00,00,01,00,10,88,00,00,\
1011.   c3,e1,b0,03,00,00,1c,00,00,00,00,00,35,00,50,a9,00,00,c3,e1,b1,0e,00,00,00,\
1012.   00,00,00,00,00,00,00,00,00
1013. "bFilterBasedAlarm"=dword:00000001
1014. "szDescr"="This filter captures traffic going to specific machines that are used by the trojan to spread itself."
1015. "RGBValue"=dword:00800080
1016. "szFolder"="Virus Filters"
1017.  
1018. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) MyDoom - Novarg - Shimg]
1019. "FilterBuffer"=hex:41,00,00,00,01,00,00,00,39,00,00,00,00,00,1f,00,00,73,00,00,\
1020.   00,00,00,00,01,00,02,00,00,78,05,01,20,20,46,48,46,48,46,48,43,4f,46,44,45,\
1021.   44,45,50,43,4f,45,44,45,50,45,4e,43,41,43,41,43,41,43,41,41
1022. "szDescr"="The sending machine may be infected with the MyDoom - Novarg - Shimg virus. Also captures someone downloading the virus executable from p2p programs like Kazaa"
1023. "bFilterBasedAlarm"=dword:00000001
1024. "RGBValue"=dword:00800080
1025. "szFolder"="Virus Filters"
1026. "dwVersion"=dword:00000000
1027. "bDeleted"=dword:00000000
1028.  
1029. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Mydoom.ag / ah]
1030. "FilterBuffer"=hex:d7,02,00,00,0a,00,00,00,17,00,5f,00,1f,00,20,00,00,e2,00,11,\
1031.   00,35,00,00,00,00,00,00,00,00,00,40,00,a1,00,00,00,1f,00,00,5e,20,00,02,00,\
1032.   01,00,07,00,02,00,00,dc,05,00,11,71,69,73,2e,6d,64,2e,75,73,2e,64,61,6c,2e,\
1033.   6e,65,74,01,00,07,00,02,00,00,dc,05,00,0b,63,65,64,2e,64,61,6c,2e,6e,65,74,\
1034.   42,00,00,00,00,00,1f,00,00,0f,1e,00,02,00,01,00,06,00,02,00,00,dc,05,00,0f,\
1035.   3a,31,36,33,39,2f,69,6e,64,65,78,2e,68,74,6d,01,00,07,00,02,00,00,dc,05,00,\
1036.   0f,3a,31,36,33,39,2f,69,6e,64,65,78,2e,68,74,6d,56,00,f7,00,00,00,1f,00,00,\
1037.   16,2a,00,02,00,00,00,01,00,02,00,00,dc,05,00,1b,66,6c,61,6e,64,65,72,73,2e,\
1038.   62,65,2e,65,75,2e,75,6e,64,65,72,6e,65,74,2e,6f,72,67,00,00,01,00,02,00,00,\
1039.   dc,05,00,17,67,72,61,7a,2e,61,74,2e,65,75,2e,75,6e,64,65,72,6e,65,74,2e,6f,\
1040.   72,67,56,00,4d,01,00,00,1f,00,00,6d,2a,00,02,00,00,00,01,00,02,00,00,dc,05,\
1041.   00,1b,62,72,75,73,73,65,6c,73,2e,62,65,2e,65,75,2e,75,6e,64,65,72,6e,65,74,\
1042.   2e,6f,72,67,00,00,01,00,02,00,00,dc,05,00,17,63,61,65,6e,2e,66,72,2e,65,75,\
1043.   2e,75,6e,64,65,72,6e,65,74,2e,6f,72,67,5f,00,ac,01,00,00,1f,00,00,07,2c,00,\
1044.   02,00,00,00,01,00,02,00,00,dc,05,00,1d,77,61,73,68,69,6e,67,74,6f,6e,2e,64,\
1045.   63,2e,75,73,2e,75,6e,64,65,72,6e,65,74,2e,6f,72,67,00,00,01,00,02,00,00,dc,\
1046.   05,00,1e,6c,6f,73,2d,61,6e,67,65,6c,65,73,2e,63,61,2e,75,73,2e,75,6e,64,65,\
1047.   72,6e,65,74,2e,6f,72,67,56,00,02,02,00,00,1f,00,00,b4,28,00,02,00,00,00,01,\
1048.   00,02,00,00,dc,05,00,19,64,69,65,6d,65,6e,2e,6e,6c,2e,65,75,2e,75,6e,64,65,\
1049.   72,6e,65,74,2e,6f,72,67,00,00,01,00,02,00,00,dc,05,00,19,6c,6f,6e,64,6f,6e,\
1050.   2e,75,6b,2e,65,75,2e,75,6e,64,65,72,6e,65,74,2e,6f,72,67,49,00,4b,02,00,00,\
1051.   1f,00,00,58,1c,00,02,00,00,00,01,00,02,00,00,dc,05,00,0d,63,6f,69,6e,73,2e,\
1052.   64,61,6c,2e,6e,65,74,00,00,01,00,02,00,00,dc,05,00,18,6c,75,6c,65,61,2e,73,\
1053.   65,2e,65,75,2e,75,6e,64,65,72,6e,65,74,2e,6f,72,67,49,00,94,02,00,00,1f,00,\
1054.   00,06,1e,00,02,00,00,00,01,00,02,00,00,dc,05,00,0f,6f,7a,62,79,74,65,73,2e,\
1055.   64,61,6c,2e,6e,65,74,00,00,01,00,02,00,00,dc,05,00,16,62,72,6f,61,64,77,61,\
1056.   79,2e,6e,79,2e,75,73,2e,64,61,6c,2e,6e,65,74,43,00,00,00,00,00,1f,00,00,b5,\
1057.   1d,00,02,00,00,00,01,00,02,00,00,dc,05,00,0e,76,69,6b,69,6e,67,2e,64,61,6c,\
1058.   2e,6e,65,74,00,00,01,00,02,00,00,dc,05,00,11,76,61,6e,63,6f,75,76,65,72,2e,\
1059.   64,61,6c,2e,6e,65,74
1060. "szDescr"="The sending machine may be infected with either the mydoom.ag or mydoom.ah virus."
1061. "RGBValue"=dword:00800080
1062. "szFolder"="Virus Filters"
1063. "bFilterBasedAlarm"=dword:00000001
1064.  
1065. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) MyDoom.ah]
1066. "FilterBuffer"=hex:52,04,00,00,0a,00,00,00,17,00,00,00,1f,00,20,00,00,6b,00,06,\
1067.   00,19,00,00,00,00,00,00,00,00,00,2b,00,ea,00,4a,00,1f,00,00,02,12,00,02,00,\
1068.   01,00,06,00,02,00,00,dc,05,00,03,48,69,21,01,00,06,00,02,00,00,dc,05,00,04,\
1069.   68,65,79,21,a0,00,84,01,1a,01,1f,00,00,2a,55,00,02,00,00,00,01,00,02,00,00,\
1070.   dc,05,00,46,58,2d,41,6e,74,69,56,69,72,75,73,3a,20,73,63,61,6e,6e,65,64,20,\
1071.   66,6f,72,20,76,69,72,75,73,65,73,20,62,79,20,41,4d,61,56,69,53,20,30,2e,32,\
1072.   2e,31,20,28,68,74,74,70,3a,2f,20,2f,61,6d,61,76,69,73,2e,6f,72,67,2f,29,00,\
1073.   00,01,00,02,00,00,dc,05,00,36,58,2d,41,6e,74,69,56,69,72,75,73,3a,20,43,68,\
1074.   65,63,6b,65,64,20,62,79,20,44,72,2e,57,65,62,20,28,68,74,74,70,3a,2f,20,2f,\
1075.   77,77,77,2e,64,72,77,65,62,2e,6e,65,74,29,30,00,00,00,4a,00,1f,00,00,b7,1b,\
1076.   00,02,00,01,00,06,00,02,00,00,dc,05,00,0c,43,6f,6e,66,69,72,6d,61,74,69,6f,\
1077.   6e,00,00,01,00,02,00,00,dc,05,00,00,6a,00,40,02,dd,01,1f,00,00,30,30,00,01,\
1078.   00,01,00,06,00,02,00,00,dc,05,00,21,48,69,21,20,49,20,61,6d,20,6c,6f,6f,6b,\
1079.   69,6e,67,20,66,6f,72,20,6e,65,77,20,66,72,69,65,6e,64,73,2e,01,00,06,00,02,\
1080.   00,00,dc,05,00,25,4d,79,20,6e,61,6d,65,20,69,73,20,4a,61,6e,65,2c,20,49,20,\
1081.   61,6d,20,66,72,6f,6d,20,4d,69,61,6d,69,2c,20,46,4c,2e,59,00,00,00,1a,01,1f,\
1082.   00,00,60,00,00,00,00,00,00,01,00,02,00,00,dc,05,00,40,58,2d,41,6e,74,69,56,\
1083.   69,72,75,73,3a,20,43,68,65,63,6b,65,64,20,66,6f,72,20,76,69,72,75,73,65,73,\
1084.   20,62,79,20,47,6f,72,64,61,6e,6f,27,73,20,41,6e,74,69,56,69,72,75,73,20,53,\
1085.   6f,66,74,77,61,72,65,63,00,00,00,00,00,1f,00,00,b9,46,00,01,00,01,00,06,00,\
1086.   02,00,00,dc,05,00,37,53,65,65,20,6d,79,20,68,6f,6d,65,70,61,67,65,20,20,77,\
1087.   69,74,68,20,6d,79,20,77,65,62,6c,6f,67,20,61,6e,64,20,6c,61,73,74,20,77,65,\
1088.   62,63,61,6d,20,70,68,6f,74,6f,73,21,01,00,06,00,02,00,00,dc,05,00,08,53,65,\
1089.   65,20,79,6f,75,21,83,00,c3,02,00,00,1f,00,00,03,00,00,00,00,00,00,01,00,02,\
1090.   00,00,dc,05,00,6a,48,69,21,20,49,20,61,6d,20,6c,6f,6f,6b,69,6e,67,20,66,6f,\
1091.   72,20,6e,65,77,20,66,72,69,65,6e,64,73,2e,20,49,20,61,6d,20,66,72,6f,6d,20,\
1092.   4d,69,61,6d,69,2c,20,46,4c,2e,20,59,6f,75,20,63,61,6e,20,73,65,65,20,6d,79,\
1093.   20,68,6f,6d,65,70,61,67,65,20,77,69,74,68,20,6d,79,20,6c,61,73,74,20,77,65,\
1094.   62,63,61,6d,20,70,68,6f,74,6f,73,21,53,01,00,00,16,04,1f,00,00,22,bb,00,01,\
1095.   00,00,00,01,00,02,00,00,dc,05,00,ac,43,6f,6e,67,72,61,74,75,6c,61,74,69,6f,\
1096.   6e,73,21,20,50,61,79,50,61,6c,20,68,61,73,20,73,75,63,63,65,73,73,66,75,6c,\
1097.   6c,79,20,63,68,61,72,67,65,64,20,24,31,37,35,20,74,6f,20,79,6f,75,72,20,63,\
1098.   72,65,64,69,74,20,63,61,72,64,2e,20,59,6f,75,72,20,6f,72,64,65,72,20,74,72,\
1099.   61,63,6b,69,6e,67,20,6e,75,6d,62,65,72,20,69,73,20,41,38,36,36,44,45,43,30,\
1100.   2c,20,61,6e,64,20,79,6f,75,72,20,69,74,65,6d,20,77,69,6c,6c,20,62,65,20,73,\
1101.   68,69,70,70,65,64,20,77,69,74,68,69,6e,20,74,68,72,65,65,20,62,75,73,69,6e,\
1102.   65,73,73,20,64,61,79,73,2e,00,00,01,00,02,00,00,dc,05,00,83,44,4f,20,4e,4f,\
1103.   54,20,52,45,50,4c,59,20,54,4f,20,54,48,49,53,20,4d,45,53,53,41,47,45,20,56,\
1104.   49,41,20,45,4d,41,49,4c,21,20,54,68,69,73,20,65,6d,61,69,6c,20,69,73,20,62,\
1105.   65,69,6e,67,20,73,65,6e,74,20,62,79,20,61,6e,20,61,75,74,6f,6d,61,74,65,64,\
1106.   20,6d,65,73,73,61,67,65,20,73,79,73,74,65,6d,20,61,6e,64,20,74,68,65,20,72,\
1107.   65,70,6c,79,20,77,69,6c,6c,20,6e,6f,74,20,62,65,20,72,65,63,65,69,76,65,64,\
1108.   2e,3c,00,00,00,00,00,1f,00,00,67,00,00,00,00,01,00,06,00,02,00,00,dc,05,00,\
1109.   23,54,68,61,6e,6b,20,79,6f,75,20,66,6f,72,20,75,73,69,6e,67,20,50,61,79,50,\
1110.   61,6c,2e,3c,2f,69,3e,3c,2f,70,3e
1111. "szDescr"="The sending machine may be infected with the MyDoom.ah virus."
1112. "RGBValue"=dword:00800080
1113. "szFolder"="Virus Filters"
1114. "bFilterBasedAlarm"=dword:00000001
1115.  
1116. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) MyDoom.ai]
1117. "FilterBuffer"=hex:11,02,00,00,07,00,00,00,17,00,00,00,1f,00,20,00,00,e7,00,06,\
1118.   00,19,00,00,00,00,00,00,00,00,00,33,00,c3,00,52,00,1f,00,00,6d,12,00,02,00,\
1119.   01,00,06,00,02,00,00,dc,05,00,03,48,69,21,01,00,06,00,02,00,00,dc,05,00,0c,\
1120.   43,6f,6e,66,69,72,6d,61,74,69,6f,6e,71,00,00,00,fb,00,1f,00,00,20,3e,00,02,\
1121.   00,01,00,06,00,02,00,00,dc,05,00,2f,4c,6f,6f,6b,20,61,74,20,6d,79,20,68,6f,\
1122.   6d,65,70,61,67,65,20,77,69,74,68,20,6d,79,20,6c,61,73,74,20,77,65,62,63,61,\
1123.   6d,20,70,68,6f,74,6f,73,21,01,00,06,00,02,00,00,dc,05,00,1e,46,52,45,45,20,\
1124.   41,44,55,4c,54,20,56,49,44,45,4f,21,20,53,49,47,4e,20,55,50,20,4e,4f,57,21,\
1125.   38,00,f4,01,52,00,1f,00,00,a9,1e,00,02,00,01,00,06,00,02,00,00,dc,05,00,0f,\
1126.   66,75,6e,6e,79,20,70,68,6f,74,6f,73,20,3a,29,01,00,06,00,02,00,00,dc,05,00,\
1127.   05,68,65,6c,6c,6f,a0,00,9b,01,00,00,1f,00,00,c2,55,00,02,00,01,00,06,00,02,\
1128.   00,00,dc,05,00,46,58,2d,41,6e,74,69,56,69,72,75,73,3a,20,73,63,61,6e,6e,65,\
1129.   64,20,66,6f,72,20,76,69,72,75,73,65,73,20,62,79,20,41,4d,61,56,69,53,20,30,\
1130.   2e,32,2e,31,20,28,68,74,74,70,3a,2f,20,2f,61,6d,61,76,69,73,2e,6f,72,67,2f,\
1131.   29,01,00,06,00,02,00,00,dc,05,00,36,58,2d,41,6e,74,69,56,69,72,75,73,3a,20,\
1132.   43,68,65,63,6b,65,64,20,62,79,20,44,72,2e,57,65,62,20,28,68,74,74,70,3a,2f,\
1133.   20,2f,77,77,77,2e,64,72,77,65,62,2e,6e,65,74,29,59,00,00,00,00,00,1f,00,00,\
1134.   11,00,00,00,00,01,00,06,00,02,00,00,dc,05,00,40,58,2d,41,6e,74,69,56,69,72,\
1135.   75,73,3a,20,43,68,65,63,6b,65,64,20,66,6f,72,20,76,69,72,75,73,65,73,20,62,\
1136.   79,20,47,6f,72,64,61,6e,6f,27,73,20,41,6e,74,69,56,69,72,75,73,20,53,6f,66,\
1137.   74,77,61,72,65,1d,00,00,00,52,00,1f,00,00,db,00,00,00,00,01,00,06,00,02,00,\
1138.   00,dc,05,00,04,68,65,79,21
1139. "szDescr"="The sending machine may be infected with the MyDoom.ai virus."
1140. "RGBValue"=dword:00800080
1141. "szFolder"="Virus Filters"
1142. "bFilterBasedAlarm"=dword:00000001
1143.  
1144. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) MyDoom.aj]
1145. "FilterBuffer"=hex:52,04,00,00,09,00,00,00,17,00,00,00,1f,00,20,00,00,05,00,06,\
1146.   00,19,00,00,00,00,00,00,00,00,00,2e,00,f7,00,4d,00,1f,00,00,64,15,00,02,00,\
1147.   01,00,06,00,02,00,00,c2,01,00,06,68,65,6c,6c,6f,21,01,00,06,00,02,00,00,c2,\
1148.   01,00,04,68,65,79,21,aa,00,63,02,2a,01,1f,00,00,29,55,00,02,00,01,00,06,00,\
1149.   02,e0,00,dc,05,00,46,58,2d,41,6e,74,69,56,69,72,75,73,3a,20,73,63,61,6e,6e,\
1150.   65,64,20,66,6f,72,20,76,69,72,75,73,65,73,20,62,79,20,41,4d,61,56,69,53,20,\
1151.   30,2e,32,2e,31,20,28,68,74,74,70,3a,2f,20,2f,61,6d,61,76,69,73,2e,6f,72,67,\
1152.   2f,29,01,00,06,00,02,00,00,dc,05,00,40,58,2d,41,6e,74,69,56,69,72,75,73,3a,\
1153.   20,43,68,65,63,6b,65,64,20,66,6f,72,20,76,69,72,75,73,65,73,20,62,79,20,47,\
1154.   6f,72,64,61,6e,6f,27,73,20,41,6e,74,69,56,69,72,75,73,20,53,6f,66,74,77,61,\
1155.   72,65,33,00,00,00,4d,00,1f,00,00,f3,1b,00,02,00,01,00,06,00,02,00,00,c2,01,\
1156.   00,0c,43,6f,6e,66,69,72,6d,61,74,69,6f,6e,00,00,01,00,02,00,00,c2,01,00,03,\
1157.   48,69,21,39,01,b2,02,00,00,1f,00,00,f8,79,00,02,00,01,00,06,00,02,00,00,dc,\
1158.   05,00,6a,48,69,21,20,49,20,61,6d,20,6c,6f,6f,6b,69,6e,67,20,66,6f,72,20,6e,\
1159.   65,77,20,66,72,69,65,6e,64,73,2e,20,49,20,61,6d,20,66,72,6f,6d,20,4d,69,61,\
1160.   6d,69,2c,20,46,4c,2e,20,59,6f,75,20,63,61,6e,20,73,65,65,20,6d,79,20,68,6f,\
1161.   6d,65,70,61,67,65,20,77,69,74,68,20,6d,79,20,6c,61,73,74,20,77,65,62,63,61,\
1162.   6d,20,70,68,6f,74,6f,73,21,01,00,06,00,02,00,00,dc,05,00,ab,43,6f,6e,67,72,\
1163.   61,74,75,6c,61,74,69,6f,6e,73,21,20,50,61,79,50,61,6c,20,68,61,73,20,73,75,\
1164.   63,63,65,73,73,66,75,6c,6c,79,20,63,68,61,72,67,65,64,20,24,31,37,35,20,74,\
1165.   6f,20,79,6f,75,72,20,63,72,65,64,69,74,20,63,61,72,64,2e,20,59,6f,75,72,20,\
1166.   6f,72,64,65,72,20,74,72,61,63,6b,69,6e,67,20,6e,75,6d,62,65,72,20,69,73,20,\
1167.   41,38,36,36,44,45,43,30,2c,20,61,6e,64,20,79,6f,75,72,20,69,74,65,6d,20,77,\
1168.   69,6c,6c,20,62,65,20,73,68,69,70,70,65,64,20,77,69,74,68,69,6e,20,74,68,72,\
1169.   65,65,20,62,75,73,69,6e,65,73,73,20,64,61,79,73,4f,00,00,00,2a,01,1f,00,00,\
1170.   ec,00,00,00,00,01,00,06,00,02,00,00,dc,05,00,36,58,2d,41,6e,74,69,56,69,72,\
1171.   75,73,3a,20,43,68,65,63,6b,65,64,20,62,79,20,44,72,2e,57,65,62,20,28,68,74,\
1172.   74,70,3a,2f,20,2f,77,77,77,2e,64,72,77,65,62,2e,6e,65,74,29,69,00,6a,03,1b,\
1173.   03,1f,00,00,a4,2f,00,01,00,01,00,06,00,02,00,00,dc,05,00,20,48,69,21,20,49,\
1174.   20,61,6d,20,6c,6f,6f,6b,69,6e,67,20,66,6f,72,20,6e,65,77,20,66,72,69,65,6e,\
1175.   64,73,01,00,06,00,02,00,00,dc,05,00,25,4d,79,20,6e,61,6d,65,20,69,73,20,4a,\
1176.   61,6e,65,2c,20,49,20,61,6d,20,66,72,6f,6d,20,4d,69,61,6d,69,2c,20,46,4c,2e,\
1177.   4f,00,00,00,00,00,1f,00,00,ed,00,00,00,00,01,00,06,00,02,00,00,dc,05,00,36,\
1178.   53,65,65,20,6d,79,20,68,6f,6d,65,70,61,67,65,20,77,69,74,68,20,6d,79,20,77,\
1179.   65,62,6c,6f,67,20,61,6e,64,20,6c,61,73,74,20,77,65,62,63,61,6d,20,70,68,6f,\
1180.   74,6f,73,21,e8,00,00,00,00,00,1f,00,00,99,34,00,02,00,01,00,06,00,02,00,00,\
1181.   dc,05,00,25,54,6f,20,73,65,65,20,64,65,74,61,69,6c,73,20,70,6c,65,61,73,65,\
1182.   20,63,6c,69,63,6b,20,74,68,69,73,20,6c,69,6e,6b,01,00,06,00,02,00,00,dc,05,\
1183.   00,9f,44,4f,20,4e,4f,54,20,52,45,50,4c,59,20,54,4f,20,54,48,49,53,20,4d,45,\
1184.   53,53,41,47,45,20,56,49,41,20,45,4d,41,49,4c,21,20,54,68,69,73,20,65,6d,61,\
1185.   69,6c,20,69,73,20,62,65,69,6e,67,20,73,65,6e,74,20,62,79,20,61,6e,20,61,75,\
1186.   74,6f,6d,61,74,65,64,20,6d,65,73,73,61,67,65,20,73,79,73,74,65,6d,20,61,6e,\
1187.   64,20,74,68,65,20,72,65,70,6c,79,20,77,69,6c,6c,20,6e,6f,74,20,62,65,20,72,\
1188.   65,63,65,69,76,65,64,2e,20,54,68,61,6e,6b,20,79,6f,75,20,66,6f,72,20,75,73,\
1189.   69,6e,67,20,50,61,79,50,61,6c,2e
1190. "szDescr"="The sending machine may be infected with the MyDoom.aj virus."
1191. "bFilterBasedAlarm"=dword:00000001
1192. "RGBValue"=dword:00800080
1193. "szFolder"="Virus Filters"
1194.  
1195. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) MyDoom.bb/bc/bd/be]
1196. "FilterBuffer"=hex:ed,02,00,00,0c,00,00,00,17,00,5f,00,1f,00,20,00,00,cd,00,06,\
1197.   00,50,00,00,00,00,00,00,00,00,00,40,00,ab,00,76,00,1f,00,00,e2,1b,00,02,00,\
1198.   01,00,06,00,01,00,00,00,00,00,0c,47,45,54,20,2f,73,65,61,72,63,68,3f,01,00,\
1199.   06,00,01,00,00,00,00,00,10,47,45,54,20,2f,59,61,42,42,49,6d,61,67,65,73,2f,\
1200.   17,00,00,00,62,02,20,00,00,a1,00,06,00,19,00,00,00,00,00,00,00,00,00,35,00,\
1201.   e6,00,00,00,1f,00,00,6a,00,00,00,00,01,00,06,00,02,00,00,58,02,00,1c,48,6f,\
1202.   73,74,3a,20,77,77,77,2e,61,61,72,74,61,6e,72,69,64,67,65,2e,6f,72,67,2e,75,\
1203.   6b,3b,00,24,02,76,00,1f,00,00,41,1a,00,02,00,01,00,06,00,01,00,00,00,00,00,\
1204.   0b,47,45,54,20,2f,34,70,6c,61,79,2f,01,00,06,00,01,00,00,00,00,00,0c,47,45,\
1205.   54,20,2f,62,61,6e,6e,65,72,73,33,00,19,01,00,00,1f,00,00,67,00,00,00,00,01,\
1206.   00,06,00,02,00,00,58,02,00,1a,48,6f,73,74,3a,20,77,77,77,2e,69,6d,6f,67,65,\
1207.   6e,68,65,61,70,2e,63,6f,2e,75,6b,5a,00,73,01,00,00,1f,00,00,2a,30,00,02,00,\
1208.   01,00,06,00,02,00,00,58,02,00,21,48,6f,73,74,3a,20,77,77,77,2e,6e,65,77,67,\
1209.   65,6e,65,72,61,74,69,6f,6e,63,6f,6d,69,63,73,2e,6e,65,74,01,00,06,00,02,00,\
1210.   00,58,02,00,15,48,6f,73,74,3a,20,77,77,77,2e,68,6f,6f,70,69,6e,67,2e,6f,72,\
1211.   67,56,00,c9,01,00,00,1f,00,00,91,25,00,02,00,01,00,06,00,02,00,00,58,02,00,\
1212.   16,48,6f,73,74,3a,20,77,77,77,2e,66,6f,78,61,6c,70,68,61,2e,63,6f,6d,01,00,\
1213.   06,00,02,00,00,58,02,00,1c,48,6f,73,74,3a,20,77,77,77,2e,73,75,6e,64,61,79,\
1214.   72,69,64,65,72,73,2e,63,6f,2e,75,6b,5b,00,00,00,00,00,1f,00,00,1b,27,00,02,\
1215.   00,01,00,06,00,02,00,00,58,02,00,18,48,6f,73,74,3a,20,77,77,77,2e,72,69,62,\
1216.   61,66,6f,72,61,64,61,2e,6e,65,74,01,00,06,00,02,00,00,58,02,00,1f,48,6f,73,\
1217.   74,3a,20,77,77,77,2e,65,61,73,74,63,6f,61,73,74,63,68,6f,6f,6e,73,2e,63,6f,\
1218.   2e,75,6b,3e,00,00,00,76,00,1f,00,00,85,1b,00,02,00,01,00,06,00,01,00,00,00,\
1219.   00,00,0c,47,45,54,20,2f,63,68,61,72,74,65,2f,01,00,06,00,01,00,00,00,00,00,\
1220.   0e,47,45,54,20,2f,61,72,63,68,69,76,65,73,2f,3b,00,00,00,9d,02,1f,00,00,30,\
1221.   18,00,01,00,01,00,06,00,02,00,00,78,05,00,09,44,65,61,72,20,75,73,65,72,00,\
1222.   00,01,00,02,00,00,78,05,00,0e,75,73,65,64,20,74,6f,20,73,65,6e,64,20,61,50,\
1223.   00,00,00,00,00,1f,00,00,bf,1a,00,01,00,01,00,06,00,02,00,00,78,05,00,0b,6d,\
1224.   65,73,73,61,67,65,20,77,61,73,00,00,01,00,02,00,00,78,05,00,21,64,65,6c,69,\
1225.   76,65,72,65,64,20,62,65,63,61,75,73,65,20,74,68,65,20,64,65,73,74,69,6e,61,\
1226.   74,69,6f,6e
1227. "szDescr"="The sending machine may be infected with the MyDoom.bb/bc/bd or be varient. It is attempting to download the BackDoor-CEB.f trojan from a known website that contains the varient."
1228. "RGBValue"=dword:00800080
1229. "szFolder"="Virus Filters"
1230. "bFilterBasedAlarm"=dword:00000001
1231.  
1232. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) MyDoom.o]
1233. "FilterBuffer"=hex:99,00,00,00,02,00,00,00,44,00,4c,00,00,00,1f,00,00,50,19,00,\
1234.   01,00,01,00,00,00,01,28,00,00,00,01,0a,47,45,54,20,2f,73,65,61,72,63,01,00,\
1235.   00,00,01,de,00,00,00,01,16,48,6f,73,74,3a,20,77,77,77,2e,67,6f,6f,67,6c,65,\
1236.   2e,63,6f,6d,0d,0a,4d,00,00,00,00,00,1f,00,00,eb,1f,00,01,00,01,00,00,00,01,\
1237.   28,00,00,00,01,10,47,45,54,20,2f,77,65,62,2f,72,65,73,75,6c,74,73,00,00,01,\
1238.   00,01,da,00,00,00,01,19,48,6f,73,74,3a,20,77,77,77,2e,61,6c,74,61,76,69,73,\
1239.   74,61,2e,63,6f,6d,0d,0a
1240. "szDescr"="The sending machine may be infected with the MyDoom.o virus."
1241. "szFolder"="Virus Filters"
1242. "RGBValue"=dword:00800080
1243. "bFilterBasedAlarm"=dword:00000001
1244.  
1245. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Netsky.ag]
1246. "FilterBuffer"=hex:52,03,00,00,12,00,00,00,17,00,00,00,1f,00,20,00,00,a4,00,06,\
1247.   00,19,00,00,00,00,00,00,00,00,00,32,00,7d,00,51,00,1f,00,00,61,16,00,02,00,\
1248.   01,00,06,00,02,64,00,90,01,00,07,56,61,64,69,61,7a,21,01,00,06,00,02,64,00,\
1249.   90,01,00,07,73,61,6d,70,61,21,21,2c,00,b5,00,00,00,1f,00,00,32,13,00,02,00,\
1250.   01,00,06,00,02,64,00,90,01,00,04,2e,7a,69,70,01,00,06,00,02,64,00,90,01,00,\
1251.   04,2e,70,69,66,38,00,0d,01,51,00,1f,00,00,65,17,00,02,00,01,00,06,00,02,64,\
1252.   00,90,01,00,08,6c,6f,74,65,72,69,61,73,01,00,06,00,02,64,00,90,01,00,0c,4d,\
1253.   73,6e,4d,73,67,72,73,2e,65,78,65,2c,00,e1,00,00,00,1f,00,00,d3,13,00,02,00,\
1254.   01,00,06,00,02,64,00,90,01,00,04,2e,73,63,72,01,00,06,00,02,64,00,90,01,00,\
1255.   04,2e,62,61,74,2c,00,00,00,00,00,1f,00,00,b7,13,00,02,00,01,00,06,00,02,64,\
1256.   00,90,01,00,04,2e,63,6f,6d,01,00,06,00,02,64,00,90,01,00,04,2e,65,78,65,2f,\
1257.   00,3c,01,51,00,1f,00,00,cf,14,00,02,00,01,00,06,00,02,64,00,90,01,00,05,66,\
1258.   6c,69,70,65,01,00,06,00,02,64,00,90,01,00,06,7a,65,61,72,64,6f,2f,00,6b,01,\
1259.   51,00,1f,00,00,4d,16,00,02,00,01,00,06,00,02,64,00,90,01,00,07,69,6d,70,6f,\
1260.   73,74,6f,01,00,06,00,02,64,00,90,01,00,04,64,69,67,61,2d,00,98,01,51,00,1f,\
1261.   00,00,89,14,00,02,00,01,00,06,00,02,64,00,90,01,00,05,77,61,72,33,21,01,00,\
1262.   06,00,02,64,00,90,01,00,04,76,61,63,61,2f,00,c7,01,51,00,1f,00,00,1a,14,00,\
1263.   02,00,01,00,06,00,02,64,00,90,01,00,05,6a,6f,67,6f,21,01,00,06,00,02,64,00,\
1264.   90,01,00,06,72,6f,62,6f,73,21,30,00,f7,01,51,00,1f,00,00,a6,16,00,02,00,01,\
1265.   00,06,00,02,64,00,90,01,00,07,66,65,73,74,61,21,21,01,00,06,00,02,64,00,90,\
1266.   01,00,05,67,72,61,6e,61,35,00,2c,02,51,00,1f,00,00,2f,17,00,02,00,01,00,06,\
1267.   00,02,64,00,90,01,00,08,64,6f,63,73,2e,7a,69,70,01,00,06,00,02,64,00,90,01,\
1268.   00,09,65,6d,61,69,6c,2e,7a,69,70,2e,00,5a,02,51,00,1f,00,00,91,14,00,02,00,\
1269.   01,00,06,00,02,64,00,90,01,00,05,61,71,75,61,21,01,00,06,00,02,64,00,90,01,\
1270.   00,05,41,49,44,53,21,32,00,8c,02,51,00,1f,00,00,10,16,00,02,00,01,00,06,00,\
1271.   02,64,00,90,01,00,07,63,61,72,72,6f,73,21,01,00,06,00,02,64,00,90,01,00,07,\
1272.   61,67,72,61,64,6f,75,30,00,bc,02,51,00,1f,00,00,95,15,00,02,00,01,00,06,00,\
1273.   02,64,00,90,01,00,06,3a,28,2e,7a,69,70,01,00,06,00,02,64,00,90,01,00,06,62,\
1274.   61,6e,63,6f,21,31,00,ed,02,51,00,1f,00,00,c7,14,00,02,00,01,00,06,00,02,64,\
1275.   00,90,01,00,05,74,65,74,61,73,01,00,06,00,02,64,00,90,01,00,08,63,69,72,63,\
1276.   75,6c,61,72,2f,00,1c,03,51,00,1f,00,00,4b,14,00,02,00,01,00,06,00,02,64,00,\
1277.   90,01,00,05,76,69,70,73,21,01,00,06,00,02,64,00,90,01,00,06,6c,75,6c,61,6f,\
1278.   21,36,00,00,00,51,00,1f,00,00,ae,19,00,02,00,01,00,06,00,02,64,00,90,01,00,\
1279.   0a,30,31,32,33,34,35,36,37,38,39,01,00,06,00,02,64,00,90,01,00,08,4c,49,4e,\
1280.   55,53,54,4f,52
1281. "szDescr"="The sending machine may be infected with the Netsky.ag virus."
1282. "RGBValue"=dword:00800080
1283. "szFolder"="Virus Filters"
1284. "bFilterBasedAlarm"=dword:00000001
1285.  
1286. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Netsky.b]
1287. "FilterBuffer"=hex:6d,05,00,00,18,00,00,00,17,00,00,00,1f,00,20,00,00,30,00,06,\
1288.   00,19,00,00,00,00,00,00,00,00,00,29,00,00,00,48,00,1f,00,00,cf,00,00,00,00,\
1289.   01,00,06,00,02,00,00,78,05,00,10,73,6b,79,6e,65,74,40,73,6b,79,6e,65,74,2e,\
1290.   64,65,2b,00,b5,00,73,00,1f,00,00,85,11,00,02,00,01,00,06,00,02,00,00,2c,01,\
1291.   00,02,68,69,01,00,06,00,02,00,00,2c,01,00,05,68,65,6c,6c,6f,42,00,fd,00,00,\
1292.   00,1f,00,00,70,1b,00,02,00,01,00,06,00,02,00,00,bc,02,00,0c,61,6e,79,74,68,\
1293.   69,6e,67,20,6f,6b,3f,01,00,06,00,02,00,00,bc,02,00,12,77,68,61,74,20,64,6f,\
1294.   65,73,20,69,74,20,6d,65,61,6e,3f,48,00,e9,04,73,00,1f,00,00,7b,22,00,02,00,\
1295.   01,00,06,00,02,00,00,2c,01,00,13,72,65,61,64,20,69,74,20,69,6d,6d,65,64,69,\
1296.   61,74,65,6c,79,01,00,06,00,02,00,00,2c,01,00,11,73,6f,6d,65,74,68,69,6e,67,\
1297.   20,66,6f,72,20,79,6f,75,45,00,42,01,00,00,1f,00,00,8c,1f,00,02,00,01,00,06,\
1298.   00,02,00,00,bc,02,00,10,66,72,6f,6d,20,74,68,65,20,63,68,61,74,74,65,72,01,\
1299.   00,06,00,02,00,00,bc,02,00,11,68,65,72,65,2c,20,74,68,65,20,73,65,72,69,61,\
1300.   6c,73,4a,00,8c,01,00,00,1f,00,00,a2,25,00,02,00,01,00,06,00,02,00,00,bc,02,\
1301.   00,16,68,65,72,65,2c,20,74,68,65,20,69,6e,74,72,6f,64,75,63,74,69,6f,6e,01,\
1302.   00,06,00,02,00,00,bc,02,00,10,68,65,72,65,2c,20,74,68,65,20,63,68,65,61,74,\
1303.   73,3d,00,c9,01,00,00,1f,00,00,da,20,00,02,00,01,00,06,00,02,00,00,bc,02,00,\
1304.   11,69,6e,66,6f,72,6d,61,74,69,6f,6e,20,61,62,6f,75,74,01,00,06,00,02,00,00,\
1305.   bc,02,00,08,61,62,6f,75,74,20,6d,65,46,00,0f,02,00,00,1f,00,00,ec,1f,00,02,\
1306.   00,01,00,06,00,02,00,00,bc,02,00,10,73,74,75,66,66,20,61,62,6f,75,74,20,79,\
1307.   6f,75,3f,01,00,06,00,02,00,00,bc,02,00,12,73,6f,6d,65,74,68,69,6e,67,20,69,\
1308.   73,20,67,6f,69,6e,67,34,00,43,02,00,00,1f,00,00,e9,16,00,02,00,01,00,06,00,\
1309.   02,00,00,bc,02,00,07,73,65,65,20,79,6f,75,01,00,06,00,02,00,00,bc,02,00,09,\
1310.   67,72,65,65,74,69,6e,67,73,31,00,74,02,00,00,1f,00,00,00,11,00,02,00,01,00,\
1311.   4d,01,02,00,00,bc,02,00,02,6f,6b,01,00,06,00,02,00,00,bc,02,00,0b,69,27,6d,\
1312.   20,77,61,69,74,69,6e,67,4a,00,be,02,00,00,1f,00,00,67,20,00,02,00,01,00,06,\
1313.   00,02,00,00,bc,02,00,11,72,65,61,64,20,74,68,65,20,64,65,74,61,69,6c,73,2e,\
1314.   01,00,06,00,02,00,00,bc,02,00,15,68,65,72,65,20,69,73,20,74,68,65,20,64,6f,\
1315.   63,75,6d,65,6e,74,2e,3f,00,fd,02,00,00,1f,00,00,7a,23,00,02,00,01,00,06,00,\
1316.   02,00,00,bc,02,00,14,72,65,61,64,20,69,74,20,69,6d,6d,65,64,69,61,74,65,6c,\
1317.   79,21,01,00,06,00,02,00,00,bc,02,00,07,6d,79,20,68,65,72,6f,35,00,32,03,00,\
1318.   00,1f,00,00,92,13,00,02,00,01,00,06,00,02,00,00,bc,02,00,04,68,65,72,65,01,\
1319.   00,06,00,02,00,00,bc,02,00,0d,69,73,20,74,68,61,74,20,74,72,75,65,3f,49,00,\
1320.   7b,03,00,00,1f,00,00,54,20,00,02,00,01,00,06,00,02,00,00,bc,02,00,11,69,73,\
1321.   20,74,68,61,74,20,79,6f,75,72,20,6e,61,6d,65,01,00,06,00,02,00,00,bc,02,00,\
1322.   14,69,73,20,74,68,61,74,20,79,6f,75,72,20,61,63,63,6f,75,6e,74,46,00,c1,03,\
1323.   00,00,1f,00,00,a3,21,00,02,00,01,00,06,00,02,00,00,bc,02,00,12,69,20,77,61,\
1324.   69,74,20,66,6f,72,20,61,20,72,65,70,6c,79,01,00,06,00,02,00,00,bc,02,00,10,\
1325.   69,73,20,74,68,61,74,20,66,72,6f,6d,20,79,6f,75,4c,00,0d,04,00,00,1f,00,00,\
1326.   d8,23,00,02,00,01,00,06,00,02,00,00,bc,02,00,14,79,6f,75,20,61,72,65,20,61,\
1327.   20,62,61,64,20,77,72,69,74,65,72,01,00,06,00,02,00,00,bc,02,00,14,73,6f,6d,\
1328.   65,74,68,69,6e,67,20,61,62,6f,75,74,20,79,6f,75,21,41,00,4e,04,00,00,1f,00,\
1329.   00,1b,1a,00,02,00,01,00,06,00,02,00,00,bc,02,00,0b,49,20,68,61,76,65,20,79,\
1330.   6f,75,72,01,00,06,00,02,00,00,bc,02,00,12,6b,69,6c,6c,20,74,68,65,20,77,72,\
1331.   69,74,65,72,20,6f,66,3c,00,8a,04,00,00,1f,00,00,f6,1b,00,02,00,01,00,06,00,\
1332.   02,00,00,bc,02,00,0c,69,20,68,6f,70,65,20,69,74,20,69,73,01,00,06,00,02,00,\
1333.   00,bc,02,00,0c,79,6f,75,72,20,6e,61,6d,65,20,69,73,3b,00,c5,04,00,00,1f,00,\
1334.   00,d5,1b,00,02,00,01,00,06,00,02,00,00,bc,02,00,0c,69,20,66,6f,75,6e,64,20,\
1335.   74,68,69,73,01,00,06,00,02,00,00,bc,02,00,0b,79,65,73,2c,20,72,65,61,6c,6c,\
1336.   79,24,00,00,00,00,00,1f,00,00,f5,00,00,00,00,01,00,06,00,02,00,00,bc,02,00,\
1337.   0b,74,68,61,74,20,69,73,20,62,61,64,36,00,1f,05,73,00,1f,00,00,ab,16,00,02,\
1338.   00,01,00,06,00,02,00,00,2c,01,00,07,77,61,72,6e,69,6e,67,01,00,06,00,02,00,\
1339.   00,2c,01,00,0b,69,6e,66,6f,72,6d,61,74,69,6f,6e,2e,00,4d,05,73,00,1f,00,00,\
1340.   17,15,00,02,00,01,00,06,00,02,00,00,2c,01,00,06,73,74,6f,6c,65,6e,01,00,06,\
1341.   00,02,00,00,2c,01,00,04,66,61,6b,65,20,00,00,00,73,00,1f,00,00,0b,00,00,00,\
1342.   00,01,00,06,00,02,00,00,2c,01,00,07,75,6e,6b,6e,6f,77,6e
1343. "szDescr"="The sending machine may be infected with the Netsky.b virus."
1344. "szFolder"="Virus Filters"
1345. "RGBValue"=dword:00800080
1346. "bFilterBasedAlarm"=dword:00000001
1347.  
1348. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Netsky.c]
1349. "FilterBuffer"=hex:da,02,00,00,1a,00,00,00,17,00,00,00,1f,00,20,00,00,2d,00,11,\
1350.   00,35,00,00,00,00,00,00,00,00,00,1b,00,00,00,3a,00,1f,00,00,ef,00,00,00,00,\
1351.   00,00,01,00,01,ce,00,00,00,01,02,00,01,1c,00,56,00,00,00,35,00,50,23,00,00,\
1352.   91,fd,02,ab,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,72,00,00,00,35,00,50,\
1353.   44,00,00,d5,bf,4a,13,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,8e,00,00,00,\
1354.   35,00,50,33,00,00,d9,05,61,89,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,aa,\
1355.   00,00,00,35,00,50,fb,00,00,3e,9b,ff,10,00,00,00,00,00,00,00,00,00,00,00,00,\
1356.   1c,00,c6,00,00,00,35,00,50,d3,00,00,d4,07,80,a5,00,00,00,00,00,00,00,00,00,\
1357.   00,00,00,1c,00,e2,00,00,00,35,00,50,aa,00,00,d4,07,80,a2,00,00,00,00,00,00,\
1358.   00,00,00,00,00,00,1c,00,fe,00,00,00,35,00,50,89,00,00,d4,2c,a0,08,00,00,00,\
1359.   00,00,00,00,00,00,00,00,00,1c,00,1a,01,00,00,35,00,50,69,00,00,d4,b9,fd,46,\
1360.   00,00,00,00,00,00,00,00,00,00,00,00,1c,00,36,01,00,00,35,00,50,45,00,00,d4,\
1361.   b9,fc,49,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,52,01,00,00,35,00,50,1f,\
1362.   00,00,d4,b9,fc,88,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,6e,01,00,00,35,\
1363.   00,50,f6,00,00,c3,14,e0,ea,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,8a,01,\
1364.   00,00,35,00,50,cf,00,00,c3,b9,b9,c3,00,00,00,00,00,00,00,00,00,00,00,00,1c,\
1365.   00,a6,01,00,00,35,00,50,9f,00,00,c2,19,02,86,00,00,00,00,00,00,00,00,00,00,\
1366.   00,00,1c,00,c2,01,00,00,35,00,50,16,00,00,c3,b9,b9,c3,00,00,00,00,00,00,00,\
1367.   00,00,00,00,00,1c,00,de,01,00,00,35,00,50,bc,00,00,c2,19,02,85,00,00,00,00,\
1368.   00,00,00,00,00,00,00,00,1c,00,fa,01,00,00,35,00,50,91,00,00,c2,19,02,84,00,\
1369.   00,00,00,00,00,00,00,00,00,00,00,1c,00,16,02,00,00,35,00,50,6f,00,00,c2,19,\
1370.   02,83,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,32,02,00,00,35,00,50,46,00,\
1371.   00,c2,19,02,82,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,4e,02,00,00,35,00,\
1372.   50,22,00,00,c2,19,02,81,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,6a,02,00,\
1373.   00,35,00,50,05,00,00,c1,c1,9e,0a,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,\
1374.   86,02,00,00,35,00,50,e7,00,00,c1,c1,90,0c,00,00,00,00,00,00,00,00,00,00,00,\
1375.   00,1c,00,a2,02,00,00,35,00,50,c6,00,00,c1,bd,f4,cd,00,00,00,00,00,00,00,00,\
1376.   00,00,00,00,1c,00,be,02,00,00,35,00,50,98,00,00,c1,8d,28,2a,00,00,00,00,00,\
1377.   00,00,00,00,00,00,00,1c,00,00,00,00,00,35,00,50,6c,00,00,97,bd,0d,23,00,00,\
1378.   00,00,00,00,00,00,00,00,00,00
1379. "szDescr"="The sending machine may be infected with the Netsky.c virus"
1380. "RGBValue"=dword:00800080
1381. "szFolder"="Virus Filters"
1382. "bFilterBasedAlarm"=dword:00000001
1383.  
1384. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Netsky.f]
1385. "FilterBuffer"=hex:79,05,00,00,24,00,00,00,17,00,3a,00,1f,00,1e,00,00,3b,02,11,\
1386.   00,35,00,00,00,00,00,00,00,00,00,1b,00,00,00,51,00,1f,00,00,a9,00,00,00,00,\
1387.   00,00,01,00,01,2e,00,00,00,01,02,00,01,17,00,00,00,cb,02,20,00,00,1b,00,06,\
1388.   00,19,00,00,00,00,00,00,00,00,00,12,00,63,00,00,00,01,00,10,be,00,00,d4,2c,\
1389.   a0,08,00,00,1c,00,7f,00,00,00,35,00,50,c6,00,00,3e,9b,ff,10,00,00,00,00,00,\
1390.   00,00,00,00,00,00,00,1c,00,9b,00,00,00,35,00,50,a8,00,00,d4,b9,fc,49,00,00,\
1391.   00,00,00,00,00,00,00,00,00,00,1c,00,b7,00,00,00,35,00,50,8d,00,00,d4,b9,fd,\
1392.   46,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,d3,00,00,00,35,00,50,6c,00,00,\
1393.   d4,b9,fc,88,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,ef,00,00,00,35,00,50,\
1394.   4d,00,00,c2,19,02,81,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,0b,01,00,00,\
1395.   35,00,50,33,00,00,c2,19,02,82,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,27,\
1396.   01,00,00,35,00,50,14,00,00,c3,14,e0,ea,00,00,00,00,00,00,00,00,00,00,00,00,\
1397.   1c,00,43,01,00,00,35,00,50,fa,00,00,c1,c1,90,0c,00,00,00,00,00,00,00,00,00,\
1398.   00,00,00,1c,00,5f,01,00,00,35,00,50,af,00,00,d9,05,61,89,00,00,00,00,00,00,\
1399.   00,00,00,00,00,00,1c,00,7b,01,00,00,35,00,50,38,00,00,d4,07,80,a2,00,00,00,\
1400.   00,00,00,00,00,00,00,00,00,1c,00,97,01,00,00,35,00,50,1c,00,00,d4,07,80,a5,\
1401.   00,00,00,00,00,00,00,00,00,00,00,00,1c,00,b3,01,00,00,35,00,50,fe,00,00,c1,\
1402.   c1,9e,0a,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,cf,01,00,00,35,00,50,e2,\
1403.   00,00,c2,19,02,83,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,eb,01,00,00,35,\
1404.   00,50,ce,00,00,c2,19,02,84,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,07,02,\
1405.   00,00,35,00,50,ba,00,00,c2,19,02,85,00,00,00,00,00,00,00,00,00,00,00,00,1c,\
1406.   00,23,02,00,00,35,00,50,a5,00,00,c2,19,02,86,00,00,00,00,00,00,00,00,00,00,\
1407.   00,00,1c,00,3f,02,00,00,35,00,50,84,00,00,c1,8d,28,2a,00,00,00,00,00,00,00,\
1408.   00,00,00,00,00,1c,00,5b,02,00,00,35,00,50,65,00,00,91,fd,02,ab,00,00,00,00,\
1409.   00,00,00,00,00,00,00,00,1c,00,77,02,00,00,35,00,50,47,00,00,c1,bd,f4,cd,00,\
1410.   00,00,00,00,00,00,00,00,00,00,00,1c,00,93,02,00,00,35,00,50,23,00,00,d5,bf,\
1411.   4a,13,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,af,02,00,00,35,00,50,f9,00,\
1412.   00,97,bd,0d,23,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,00,00,00,00,35,00,\
1413.   50,db,00,00,c3,b9,b9,c3,00,00,00,00,00,00,00,00,00,00,00,00,53,00,58,03,1e,\
1414.   03,1f,00,00,a6,20,00,02,00,01,00,06,00,02,00,00,dc,05,00,11,48,65,72,65,20,\
1415.   69,73,20,74,68,65,20,66,69,6c,65,2e,00,00,01,00,02,00,00,dc,05,00,1e,50,6c,\
1416.   65,61,73,65,20,72,65,61,64,20,74,68,65,20,61,74,74,61,63,68,65,64,20,66,69,\
1417.   6c,65,2e,3a,00,ac,03,00,00,1f,00,00,b9,18,00,02,00,01,00,06,00,02,00,00,dc,\
1418.   05,00,09,79,6f,75,72,73,2e,70,69,66,01,00,06,00,02,00,00,dc,05,00,0d,79,6f,\
1419.   75,72,5f,74,65,78,74,2e,70,69,66,54,00,00,00,1e,03,1f,00,00,6d,25,00,02,00,\
1420.   01,00,06,00,02,00,00,dc,05,00,16,59,6f,75,72,20,66,69,6c,65,20,69,73,20,61,\
1421.   74,74,61,63,68,65,64,2e,01,00,06,00,02,00,00,dc,05,00,1a,59,6f,75,72,20,64,\
1422.   6f,63,75,6d,65,6e,74,20,69,73,20,61,74,74,61,63,68,65,64,2e,46,00,f2,03,00,\
1423.   00,1f,00,00,42,1f,00,02,00,01,00,06,00,02,00,00,dc,05,00,10,79,6f,75,72,5f,\
1424.   70,69,63,74,75,72,65,2e,70,69,66,01,00,06,00,02,00,00,dc,05,00,12,64,6f,63,\
1425.   75,6d,65,6e,74,5f,65,78,63,65,6c,2e,70,69,66,43,00,35,04,00,00,1f,00,00,c1,\
1426.   1f,00,01,00,01,00,06,00,02,00,00,dc,05,00,10,61,6c,6c,5f,64,6f,63,75,6d,65,\
1427.   6e,74,2e,70,69,66,01,00,06,00,02,00,00,dc,05,00,0f,61,70,70,6c,69,63,61,74,\
1428.   69,6f,6e,2e,70,69,66,45,00,7a,04,00,00,1f,00,00,4b,1f,00,02,00,01,00,06,00,\
1429.   02,00,00,dc,05,00,10,79,6f,75,72,5f,64,65,74,61,69,6c,73,2e,70,69,66,01,00,\
1430.   06,00,02,00,00,dc,05,00,11,64,6f,63,75,6d,65,6e,74,5f,77,6f,72,64,2e,70,69,\
1431.   66,43,00,bd,04,00,00,1f,00,00,d1,1f,00,02,00,01,00,06,00,02,00,00,dc,05,00,\
1432.   10,79,6f,75,72,5f,70,72,6f,64,75,63,74,2e,70,69,66,01,00,06,00,02,00,00,dc,\
1433.   05,00,0f,79,6f,75,72,5f,6c,65,74,74,65,72,2e,70,69,66,41,00,fe,04,00,00,1f,\
1434.   00,00,34,1c,00,02,00,01,00,06,00,02,00,00,dc,05,00,0d,79,6f,75,72,5f,66,69,\
1435.   6c,65,2e,70,69,66,01,00,06,00,02,00,00,dc,05,00,10,79,6f,75,72,5f,77,65,62,\
1436.   73,69,74,65,2e,70,69,66,3e,00,3c,05,00,00,1f,00,00,b0,1b,00,02,00,01,00,06,\
1437.   00,02,00,00,dc,05,00,0c,64,6f,63,75,6d,65,6e,74,2e,70,69,66,01,00,06,00,02,\
1438.   00,00,dc,05,00,0e,6d,79,5f,64,65,74,61,69,6c,73,2e,70,69,66,3d,00,00,00,00,\
1439.   00,1f,00,00,39,1c,00,02,00,01,00,06,00,02,00,00,dc,05,00,0d,79,6f,75,72,5f,\
1440.   62,69,6c,6c,2e,70,69,66,01,00,06,00,02,00,00,dc,05,00,0c,6d,70,33,6d,75,73,\
1441.   69,63,2e,70,69,66
1442. "szDescr"="The sending machine may be infected with the Netsky.f virus"
1443. "szFolder"="Virus Filters"
1444. "RGBValue"=dword:00800080
1445. "bFilterBasedAlarm"=dword:00000001
1446.  
1447. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Netsky.h]
1448. "FilterBuffer"=hex:d2,00,00,00,04,00,00,00,17,00,00,00,1f,00,20,00,00,1b,00,06,\
1449.   00,50,00,00,00,00,00,00,00,00,00,35,00,00,00,54,00,1f,00,00,b1,00,00,00,00,\
1450.   00,00,01,00,01,36,00,00,00,01,1c,47,45,54,20,2f,73,63,72,2e,68,70,3f,70,3d,\
1451.   32,37,34,35,20,48,54,50,2f,31,2e,31,0d,0a,4f,00,a3,00,00,00,1f,00,00,94,22,\
1452.   00,02,00,00,00,01,00,01,74,00,00,00,01,13,48,6f,73,74,3a,20,70,6f,73,74,65,\
1453.   72,74,6f,67,2e,64,65,0d,00,00,01,00,01,74,00,00,00,01,18,48,6f,73,74,3a,20,\
1454.   77,77,77,2e,6d,61,69,6b,6c,69,62,69,73,2e,64,65,0d,0a,2f,00,00,00,00,00,1f,\
1455.   00,00,61,00,00,00,00,00,00,01,00,01,74,00,00,00,01,16,48,6f,73,74,3a,20,77,\
1456.   77,77,2e,67,66,6f,74,78,74,2e,6e,65,74,0d,0a
1457. "szDescr"="The sending machine may be infected with the Netsky.h virus."
1458. "szFolder"="Virus Filters"
1459. "RGBValue"=dword:00800080
1460. "bFilterBasedAlarm"=dword:00000001
1461.  
1462. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Netsky.p]
1463. "FilterBuffer"=hex:62,04,00,00,0e,00,00,00,17,00,00,00,1f,00,20,00,00,4a,00,06,\
1464.   00,19,00,00,00,00,00,00,00,00,00,3b,00,be,00,5a,00,1f,00,00,f6,1e,00,02,00,\
1465.   01,00,06,00,02,00,00,dc,05,00,0f,53,74,6f,6c,65,6e,20,64,6f,63,75,6d,65,6e,\
1466.   74,01,00,06,00,02,00,00,dc,05,00,08,52,65,3a,48,65,6c,6c,6f,64,00,df,00,00,\
1467.   00,1f,00,00,26,2f,00,02,00,01,00,06,00,02,00,00,dc,05,00,20,49,20,66,6f,75,\
1468.   6e,64,20,74,68,69,73,20,64,6f,63,75,6d,65,6e,74,20,61,62,6f,75,74,20,79,6f,\
1469.   75,2e,01,00,06,00,02,00,00,dc,05,00,20,49,20,68,61,76,65,20,61,74,74,61,63,\
1470.   68,65,64,20,69,74,20,74,6f,20,74,68,69,73,20,6d,61,69,6c,2e,21,00,56,03,5a,\
1471.   00,1f,00,00,a1,00,00,00,00,01,00,06,00,02,00,00,dc,05,00,08,50,6f,73,74,63,\
1472.   61,72,64,a4,00,83,01,00,00,1f,00,00,27,6e,00,01,00,01,00,06,00,02,00,00,dc,\
1473.   05,00,5f,49,66,20,74,68,65,20,6d,65,73,73,61,67,65,20,77,69,6c,6c,20,6e,6f,\
1474.   74,20,64,69,73,70,6c,61,79,65,64,20,61,75,74,6f,6d,61,74,69,63,61,6c,6c,79,\
1475.   2c,20,66,6f,6c,6c,6f,77,20,74,68,65,20,6c,69,6e,6b,20,74,6f,20,72,65,61,64,\
1476.   20,74,68,65,20,64,65,6c,69,76,65,72,65,64,20,6d,65,73,73,61,67,65,2e,01,00,\
1477.   06,00,02,00,00,dc,05,00,21,52,65,63,65,69,76,65,64,20,6d,65,73,73,61,67,65,\
1478.   20,69,73,20,61,76,61,69,6c,61,62,6c,65,20,61,74,3a,6a,00,ed,01,00,00,1f,00,\
1479.   00,8f,32,00,02,00,01,00,06,00,02,00,00,dc,05,00,23,43,6f,6e,67,72,61,74,75,\
1480.   6c,61,74,69,6f,6e,73,21,2c,20,79,6f,75,72,20,62,65,73,74,20,66,72,69,65,6e,\
1481.   64,2e,01,00,06,00,02,00,00,dc,05,00,23,47,72,65,65,74,69,6e,67,73,20,66,72,\
1482.   6f,6d,20,66,72,61,6e,63,65,2c,20,79,6f,75,72,20,66,72,69,65,6e,64,2e,62,00,\
1483.   4f,02,00,00,1f,00,00,0d,25,00,01,00,01,00,06,00,02,00,00,dc,05,00,16,59,6f,\
1484.   75,72,20,66,69,6c,65,20,69,73,20,61,74,74,61,63,68,65,64,2e,01,00,06,00,02,\
1485.   00,00,dc,05,00,28,46,6f,72,20,66,75,72,74,68,65,72,20,64,65,74,61,69,6c,73,\
1486.   20,73,65,65,20,74,68,61,74,20,61,74,74,61,63,68,6d,65,6e,74,2e,52,00,a1,02,\
1487.   00,00,1f,00,00,86,27,00,02,00,01,00,06,00,02,00,00,dc,05,00,18,48,65,72,65,\
1488.   20,69,73,20,6d,79,20,70,68,6f,6e,65,20,6e,75,6d,62,65,72,2e,01,00,06,00,02,\
1489.   00,00,dc,05,00,16,49,20,63,61,6e,6e,6f,74,20,62,65,6c,69,65,76,65,20,74,68,\
1490.   61,74,2e,65,00,06,03,00,00,1f,00,00,0c,2d,00,02,00,01,00,06,00,02,00,00,dc,\
1491.   05,00,1e,50,72,6f,74,65,63,74,65,64,20,6d,65,73,73,61,67,65,20,69,73,20,61,\
1492.   76,61,69,6c,61,62,6c,65,01,00,06,00,02,00,00,dc,05,00,23,44,6f,20,6e,6f,74,\
1493.   20,76,69,73,69,74,20,74,68,69,73,20,69,6c,6c,65,67,61,6c,20,77,65,62,73,69,\
1494.   74,65,73,21,50,00,00,00,00,00,1f,00,00,9e,2c,00,02,00,01,00,06,00,02,00,00,\
1495.   dc,05,00,1d,57,61,69,74,69,6e,67,20,66,6f,72,20,61,75,74,68,65,6e,74,69,66,\
1496.   69,63,61,74,69,6f,6e,2e,01,00,06,00,02,00,00,dc,05,00,0f,50,6c,65,61,73,65,\
1497.   20,63,6f,6e,66,69,72,6d,21,3f,00,95,03,5a,00,1f,00,00,65,1a,00,02,00,01,00,\
1498.   06,00,02,00,00,dc,05,00,0b,52,65,3a,51,75,65,73,74,69,6f,6e,01,00,06,00,02,\
1499.   00,00,dc,05,00,10,50,72,69,76,61,74,65,20,64,6f,63,75,6d,65,6e,74,54,00,e9,\
1500.   03,5a,00,1f,00,00,d9,26,00,02,00,01,00,06,00,02,00,00,dc,05,00,17,52,65,3a,\
1501.   45,78,74,65,6e,64,65,64,20,4d,61,69,6c,20,53,79,73,74,65,6d,01,00,06,00,02,\
1502.   00,00,dc,05,00,19,52,65,3a,50,72,6f,63,74,65,63,74,65,64,20,4d,61,69,6c,20,\
1503.   53,79,73,74,65,6d,41,00,2a,04,5a,00,1f,00,00,d5,1c,00,02,00,01,00,06,00,02,\
1504.   00,00,dc,05,00,0d,4d,61,69,6c,20,44,65,6c,69,76,65,72,79,01,00,06,00,02,00,\
1505.   00,dc,05,00,10,50,72,69,76,61,74,65,20,64,6f,63,75,6d,65,6e,74,38,00,00,00,\
1506.   5a,00,1f,00,00,5a,18,00,02,00,01,00,06,00,02,00,00,dc,05,00,09,52,65,3a,4e,\
1507.   6f,74,69,66,79,01,00,06,00,02,00,00,dc,05,00,0b,52,65,3a,64,6f,63,75,6d,65,\
1508.   6e,74
1509. "szDescr"="The sending machine may be infected with the Netsky.p virus."
1510. "RGBValue"=dword:00800080
1511. "szFolder"="Virus Filters"
1512. "bFilterBasedAlarm"=dword:00000001
1513.  
1514. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Netsky.y]
1515. "FilterBuffer"=hex:54,03,00,00,1a,00,00,00,17,00,b9,00,1f,00,20,00,00,87,00,06,\
1516.   00,19,00,00,00,00,00,00,00,00,00,9a,00,00,00,00,00,1f,00,00,ec,00,00,00,00,\
1517.   01,00,06,00,02,00,00,78,05,00,81,2d,2d,2d,20,4d,61,69,6c,20,50,61,72,74,20,\
1518.   44,65,6c,69,76,65,72,65,64,20,2d,2d,2d,0d,0a,32,32,30,20,57,65,6c,63,6f,6d,\
1519.   65,20,74,6f,20,0d,0a,4d,61,69,6c,20,74,79,70,65,3a,20,6d,75,6c,74,69,70,61,\
1520.   72,74,2f,72,65,6c,61,74,65,64,0d,0a,2d,2d,2d,20,74,65,78,74,2f,68,74,6d,6c,\
1521.   20,52,46,43,20,32,35,30,34,0d,0a,4d,58,20,5b,4d,61,69,6c,20,45,78,63,68,61,\
1522.   6e,67,65,72,5d,20,6d,78,2e,6d,74,32,2e,6b,6c,17,00,00,00,d0,00,20,00,00,a9,\
1523.   00,06,00,35,00,00,00,00,00,00,00,00,00,1c,00,ec,00,00,00,35,00,50,c9,00,00,\
1524.   d4,b9,fc,49,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,08,01,00,00,35,00,50,\
1525.   7e,00,00,d5,bf,4a,13,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,24,01,00,00,\
1526.   35,00,50,d8,00,00,d4,2c,a0,08,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,40,\
1527.   01,00,00,35,00,50,9c,00,00,97,bd,0d,23,00,00,00,00,00,00,00,00,00,00,00,00,\
1528.   1c,00,5c,01,00,00,35,00,50,ba,00,00,c3,b9,b9,c3,00,00,00,00,00,00,00,00,00,\
1529.   00,00,00,1c,00,78,01,00,00,35,00,50,2e,00,00,91,fd,02,ab,00,00,00,00,00,00,\
1530.   00,00,00,00,00,00,1c,00,94,01,00,00,35,00,50,5b,00,00,c1,bd,f4,cd,00,00,00,\
1531.   00,00,00,00,00,00,00,00,00,1c,00,b0,01,00,00,35,00,50,0c,00,00,c1,8d,28,2a,\
1532.   00,00,00,00,00,00,00,00,00,00,00,00,1c,00,cc,01,00,00,35,00,50,e7,00,00,c2,\
1533.   19,02,86,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,e8,01,00,00,35,00,50,95,\
1534.   00,00,c3,14,e0,ea,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,04,02,00,00,35,\
1535.   00,50,d0,00,00,c2,19,02,85,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,20,02,\
1536.   00,00,35,00,50,a1,00,00,c2,19,02,84,00,00,00,00,00,00,00,00,00,00,00,00,1c,\
1537.   00,3c,02,00,00,35,00,50,52,00,00,c1,c1,9e,0a,00,00,00,00,00,00,00,00,00,00,\
1538.   00,00,1c,00,58,02,00,00,35,00,50,71,00,00,c2,19,02,83,00,00,00,00,00,00,00,\
1539.   00,00,00,00,00,1c,00,74,02,00,00,35,00,50,32,00,00,d4,07,80,a5,00,00,00,00,\
1540.   00,00,00,00,00,00,00,00,1c,00,90,02,00,00,35,00,50,cf,00,00,c2,19,02,81,00,\
1541.   00,00,00,00,00,00,00,00,00,00,00,1c,00,ac,02,00,00,35,00,50,0a,00,00,d4,07,\
1542.   80,a2,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,c8,02,00,00,35,00,50,ed,00,\
1543.   00,c1,c1,90,0c,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,e4,02,00,00,35,00,\
1544.   50,b0,00,00,d9,05,61,89,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,00,03,00,\
1545.   00,35,00,50,6e,00,00,c2,19,02,82,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,\
1546.   1c,03,00,00,35,00,50,44,00,00,c2,19,02,81,00,00,00,00,00,00,00,00,00,00,00,\
1547.   00,1c,00,38,03,00,00,35,00,50,fa,00,00,d4,b9,fd,46,00,00,00,00,00,00,00,00,\
1548.   00,00,00,00,1c,00,00,00,00,00,35,00,50,22,00,00,d4,b9,fc,88,00,00,00,00,00,\
1549.   00,00,00,00,00,00,00
1550. "szDescr"="The sending machine may be infected with the Netsky.y virus"
1551. "RGBValue"=dword:00800080
1552. "szFolder"="Virus Filters"
1553. "bFilterBasedAlarm"=dword:00000001
1554.  
1555. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Paps.a]
1556. "FilterBuffer"=hex:8b,05,00,00,09,00,00,00,bb,00,c3,00,00,00,1f,00,00,d2,52,00,\
1557.   02,00,01,00,06,00,02,00,00,78,05,00,43,48,69,20,64,75,21,20,48,61,62,20,6d,\
1558.   61,6c,20,73,63,68,6e,65,6c,6c,20,65,69,6e,20,70,61,61,72,20,46,6f,74,6f,73,\
1559.   20,6d,69,74,20,4d,65,69,6b,65,73,20,57,65,62,63,61,6d,20,67,65,73,63,68,6f,\
1560.   73,73,65,6e,2e,01,00,06,00,02,00,00,78,05,00,54,68,69,2c,20,49,20,61,6d,20,\
1561.   66,72,6f,6d,20,61,75,73,74,72,69,61,20,61,6e,64,20,79,6f,75,60,6c,6c,20,64,\
1562.   6f,6e,60,74,20,62,65,6c,69,65,76,65,20,6d,65,2c,20,62,75,74,20,61,20,74,72,\
1563.   6f,6a,61,6e,20,68,6f,72,73,65,20,69,6e,20,6f,6e,20,79,6f,75,72,20,50,43,2e,\
1564.   91,00,54,01,00,00,1f,00,00,3a,4b,00,02,00,01,00,06,00,02,00,00,78,05,00,3c,\
1565.   45,53,4d,54,50,20,5b,53,65,63,75,72,65,20,4d,61,69,6c,20,53,79,73,74,65,6d,\
1566.   20,23,33,33,34,5d,3a,20,53,65,63,75,72,65,20,6d,65,73,73,61,67,65,20,69,73,\
1567.   20,61,74,74,61,63,68,65,64,2e,01,00,06,00,02,00,00,78,05,00,31,77,68,79,20,\
1568.   64,69,64,20,79,6f,75,20,64,6f,20,74,68,61,74,3f,20,69,64,69,6f,74,21,20,59,\
1569.   6f,75,20,73,74,6f,6c,65,20,6d,79,20,6d,6f,6e,65,79,21,21,21,aa,00,fe,01,00,\
1570.   00,1f,00,00,bf,52,00,02,00,01,00,06,00,02,00,00,78,05,00,43,47,75,74,65,6e,\
1571.   20,54,61,67,21,20,44,69,65,20,61,6e,67,65,66,6f,72,64,65,72,74,65,6e,20,49,\
1572.   6e,66,6f,72,6d,61,74,69,6f,6e,65,6e,20,62,65,66,69,6e,64,65,6e,20,73,69,63,\
1573.   68,20,69,6d,20,41,6e,68,61,6e,67,2e,01,00,06,00,02,00,00,78,05,00,43,69,60,\
1574.   6d,20,76,65,72,79,20,76,65,72,79,20,73,6f,72,72,79,2c,20,62,75,74,20,61,6e,\
1575.   79,62,6f,64,79,20,68,61,76,65,20,73,65,6e,74,20,79,6f,75,72,20,6d,61,69,6c,\
1576.   20,74,6f,20,6d,79,20,61,64,64,72,65,73,73,2e,95,00,93,02,00,00,1f,00,00,40,\
1577.   4f,00,02,00,01,00,06,00,02,00,00,78,05,00,40,54,68,65,20,6d,65,73,73,61,67,\
1578.   65,20,68,61,73,20,62,65,65,6e,20,61,74,74,61,63,68,65,64,2e,20,0d,0a,2b,2b,\
1579.   2b,2b,20,41,74,74,61,63,68,6d,65,6e,74,3a,20,4e,6f,20,56,69,72,75,73,20,66,\
1580.   6f,75,6e,64,01,00,06,00,02,00,00,78,05,00,31,49,20,73,61,69,64,2c,20,49,20,\
1581.   6c,6f,76,65,20,79,6f,75,2e,2e,2e,61,6e,64,20,79,6f,75,20,73,61,69,64,20,4e,\
1582.   4f,54,48,49,4e,47,20,41,6e,64,20,6e,6f,77,b6,00,49,03,00,00,1f,00,00,99,65,\
1583.   00,02,00,01,00,06,00,02,00,00,78,05,00,56,53,69,65,20,74,61,75,73,63,68,65,\
1584.   6e,20,69,6c,6c,65,67,61,6c,20,6d,70,33,2d,66,69,6c,65,73,20,61,75,73,21,20,\
1585.   45,69,6e,20,47,65,72,69,63,68,74,73,76,65,72,66,61,68,72,65,6e,20,67,65,67,\
1586.   65,6e,20,53,69,65,20,77,75,72,64,65,20,65,69,6e,67,65,6c,65,69,74,65,74,2e,\
1587.   01,00,06,00,02,00,00,78,05,00,3c,48,61,6c,6c,6f,2c,20,69,63,68,20,62,69,6e,\
1588.   20,61,75,73,20,73,74,65,72,72,65,69,63,68,2e,20,49,63,68,20,68,61,62,20,67,\
1589.   65,72,61,64,65,20,6d,61,6c,20,6b,75,72,7a,20,64,65,69,6e,65,6e,96,00,df,03,\
1590.   00,00,1f,00,00,eb,41,00,02,00,01,00,06,00,02,00,00,78,05,00,32,48,65,72,65,\
1591.   2c,20,74,68,65,20,44,69,67,69,43,61,6d,20,70,68,6f,74,6f,73,2e,20,41,20,66,\
1592.   65,77,20,61,72,65,20,6f,76,65,72,65,78,70,6f,73,65,64,2e,2e,2e,01,00,06,00,\
1593.   02,00,00,78,05,00,40,57,61,72,75,6d,20,6d,61,63,68,65,6e,20,73,69,65,20,64,\
1594.   61,73,3f,20,53,69,65,20,49,64,69,6f,74,21,20,53,69,65,20,68,61,62,65,6e,20,\
1595.   6d,65,69,6e,20,47,65,6c,64,20,67,65,73,74,6f,6c,65,6e,21,21,21,9d,00,7c,04,\
1596.   00,00,1f,00,00,3e,4b,00,02,00,01,00,06,00,02,00,00,78,05,00,3c,45,53,4d,54,\
1597.   50,20,5b,53,65,63,75,72,65,20,4d,61,69,6c,20,53,79,73,74,65,6d,20,23,33,33,\
1598.   34,5d,3a,20,53,65,63,75,72,65,20,6d,65,73,73,61,67,65,20,69,73,20,61,74,74,\
1599.   61,63,68,65,64,2e,01,00,06,00,02,00,00,78,05,00,3d,44,61,73,20,6d,75,73,73,\
1600.   20,77,6f,68,6c,20,65,69,6e,20,46,65,68,6c,6c,75,66,65,72,20,73,65,69,6e,2e,\
1601.   20,49,72,67,65,6e,64,6a,65,6d,61,6e,64,20,68,61,74,20,65,69,6e,65,20,4d,61,\
1602.   69,6c,2c,ae,00,2a,05,00,00,1f,00,00,8e,5a,00,02,00,01,00,06,00,02,00,00,78,\
1603.   05,00,4b,2b,2b,2b,2b,20,41,74,74,61,63,68,6d,65,6e,74,3a,20,4e,6f,20,56,69,\
1604.   72,75,73,20,66,6f,75,6e,64,20,2b,2b,2b,20,4b,61,73,70,65,72,73,6b,79,20,41,\
1605.   6e,74,69,56,69,72,75,73,20,2d,20,77,77,77,2e,6b,61,73,70,65,72,73,6b,79,2e,\
1606.   63,6f,6d,01,00,06,00,02,00,00,78,05,00,3f,49,63,68,20,68,61,62,20,64,69,72,\
1607.   20,67,65,73,61,67,74,2c,20,64,61,73,20,69,63,68,20,64,69,63,68,20,6c,69,65,\
1608.   62,65,2e,2e,2e,75,6e,64,20,64,75,3f,3f,20,44,75,2e,2e,2e,2e,64,75,20,68,61,\
1609.   73,74,61,00,00,00,00,00,1f,00,00,1f,00,00,00,00,01,00,06,00,02,00,00,78,05,\
1610.   00,48,2b,2b,2b,2b,20,41,74,74,61,63,68,6d,65,6e,74,3a,20,4e,6f,20,56,69,72,\
1611.   75,73,20,66,6f,75,6e,64,20,2b,2b,2b,2b,20,4e,6f,72,74,6f,6e,20,41,6e,74,69,\
1612.   56,69,72,75,73,20,2d,20,77,77,77,2e,73,79,6d,61,6e,74,65,63,2e,63,6f,6d
1613. "szDescr"="The sending machine may be infected with the W.32 Paps.A virus"
1614. "szFolder"="Virus Filters"
1615. "RGBValue"=dword:00800080
1616. "bFilterBasedAlarm"=dword:00000001
1617.  
1618. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Sasser (generic)]
1619. "FilterBuffer"=hex:16,01,00,00,08,00,00,00,12,00,00,00,1a,00,23,00,00,c4,78,05,\
1620.   00,00,00,00,00,00,17,00,57,00,31,00,1e,00,00,95,02,06,00,bd,01,00,00,00,00,\
1621.   00,00,00,00,26,00,00,00,6e,00,1f,00,00,46,10,00,02,00,00,00,01,00,01,82,00,\
1622.   00,00,01,01,00,00,00,01,00,01,6e,00,00,00,01,01,00,17,00,00,00,31,00,1e,00,\
1623.   00,7f,02,06,00,8b,00,00,00,00,00,00,00,00,00,2a,00,98,00,00,00,1f,00,00,c8,\
1624.   12,00,01,00,00,00,01,00,01,35,00,00,00,01,03,00,05,00,00,00,01,00,01,35,00,\
1625.   00,00,01,03,00,05,02,2a,00,c2,00,00,00,1f,00,00,31,12,00,02,00,00,00,01,00,\
1626.   01,35,00,00,00,01,03,00,05,03,00,00,01,00,01,35,00,00,00,01,03,00,05,0b,2a,\
1627.   00,ec,00,00,00,1f,00,00,97,12,00,02,00,00,00,01,00,01,35,00,00,00,01,03,00,\
1628.   05,0c,00,00,01,00,01,35,00,00,00,01,03,00,05,0e,2a,00,00,00,00,00,1f,00,00,\
1629.   ec,12,00,02,00,00,00,01,00,01,35,00,00,00,01,03,00,05,0f,00,00,01,00,01,35,\
1630.   00,00,00,01,03,00,05,10
1631. "szDescr"="The sending machine may be infected with the Sasser worm. This is a generic filter for most variations of the worm."
1632. "RGBValue"=dword:00800080
1633. "szFolder"="Virus Filters"
1634. "bFilterBasedAlarm"=dword:00000001
1635.  
1636. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Sasser Worm]
1637. "FilterBuffer"=hex:76,00,00,00,04,00,00,00,17,00,3f,00,1f,00,1e,00,00,a2,00,06,\
1638.   00,0c,27,00,00,00,00,00,00,00,00,20,00,00,00,00,00,1f,00,00,06,00,00,00,00,\
1639.   01,00,06,00,02,00,00,b0,04,01,07,5f,75,70,2e,65,78,65,17,00,00,00,56,00,1e,\
1640.   00,00,f6,00,06,00,b2,15,00,00,00,00,00,00,00,00,20,00,00,00,00,00,1f,00,00,\
1641.   b5,00,00,00,00,01,00,06,00,02,00,00,b0,04,01,07,5f,75,70,2e,65,78,65
1642. "szDescr"="This filter captures the Sasser Worm sending its data to another machine in order to infect the other system. The sending station is already infected."
1643. "RGBValue"=dword:00800080
1644. "szFolder"="Virus Filters"
1645.  
1646. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Sasser.b Worm]
1647. "FilterBuffer"=hex:76,00,00,00,04,00,00,00,17,00,3f,00,1f,00,1e,00,00,a2,00,06,\
1648.   00,0c,27,00,00,00,00,00,00,00,00,20,00,00,00,00,00,1f,00,00,06,00,00,00,00,\
1649.   01,00,06,00,02,00,00,b0,04,01,07,5f,75,70,2e,65,78,65,17,00,00,00,56,00,1e,\
1650.   00,00,f6,00,06,00,b2,15,00,00,00,00,00,00,00,00,20,00,00,00,00,00,1f,00,00,\
1651.   b5,00,00,00,00,01,00,06,00,02,00,00,b0,04,01,07,5f,75,70,2e,65,78,65
1652. "szDescr"="The sending machine may be infected with the Sasser.b Worm which may be sending its data to another machine in order to infect the other system."
1653. "szFolder"="Virus Filters"
1654. "RGBValue"=dword:00800080
1655. "bFilterBasedAlarm"=dword:00000001
1656.  
1657. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Sasser.e Worm]
1658. "FilterBuffer"=hex:51,00,00,00,02,00,00,00,17,00,00,00,1f,00,1e,00,00,c2,00,06,\
1659.   00,fe,03,00,00,00,00,00,00,00,00,32,00,00,00,00,00,1f,00,00,89,12,00,01,00,\
1660.   01,00,06,00,01,00,00,00,00,01,03,31,35,30,01,00,06,00,02,00,00,2c,01,00,0b,\
1661.   5f,75,70,6c,6f,61,64,2e,65,78,65
1662. "szDescr"="The sending machine may be infected with the Sasser.e Worm which may be sending its data to another machine in order to infect the other system."
1663. "szFolder"="Virus Filters"
1664. "RGBValue"=dword:00800080
1665. "bFilterBasedAlarm"=dword:00000001
1666.  
1667. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Sbdot Trojan]
1668. "FilterBuffer"=hex:33,00,00,00,02,00,00,00,19,00,00,00,21,00,21,00,00,7f,00,00,\
1669.   00,00,01,00,02,00,00,00,00,00,00,00,00,12,00,00,00,00,00,01,00,10,f4,00,00,\
1670.   42,62,da,2e,00,00
1671. "szDescr"="The sending machine may be infected with the Sbdot Trojan"
1672. "RGBValue"=dword:00800080
1673. "szFolder"="Virus Filters"
1674. "bFilterBasedAlarm"=dword:00000001
1675.  
1676. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Sbdot.fv Trojan]
1677. "FilterBuffer"=hex:3b,00,00,00,02,00,00,00,17,00,00,00,1f,00,1e,00,00,10,02,06,\
1678.   00,6e,23,00,00,00,00,00,00,00,00,1c,00,00,00,00,00,35,00,50,77,00,00,d3,16,\
1679.   f7,1d,00,00,00,00,00,00,00,00,00,00,00,00
1680. "szDescr"="The sending machine may be infected with the Sdbot.fv Trojan"
1681. "RGBValue"=dword:00800080
1682. "szFolder"="Virus Filters"
1683. "bFilterBasedAlarm"=dword:00000001
1684.  
1685. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Sbdot.uh Trojan]
1686. "FilterBuffer"=hex:48,00,00,00,02,00,00,00,17,00,00,00,1f,00,1e,00,00,1f,00,06,\
1687.   00,0b,1a,00,00,00,00,00,00,00,00,29,00,00,00,00,00,1f,00,00,6a,00,00,00,00,\
1688.   01,00,06,00,01,00,00,00,00,00,10,3a,69,72,63,2e,74,33,6d,75,73,73,6f,2e,6e,\
1689.   65,74
1690. "szDescr"="The sending machine may be infected with the SBDOT.UH Trojan"
1691. "RGBValue"=dword:00800080
1692. "szFolder"="Virus Filters"
1693. "bFilterBasedAlarm"=dword:00000001
1694.  
1695. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Sober.j]
1696. "FilterBuffer"=hex:97,05,00,00,30,00,00,00,17,00,3b,00,1f,00,1e,00,00,92,00,06,\
1697.   00,25,00,00,00,00,00,00,00,00,00,1c,00,52,00,00,00,35,00,50,03,00,00,8b,60,\
1698.   40,0a,00,00,00,00,00,00,00,00,00,00,00,00,17,00,00,00,86,01,1e,00,00,5a,00,\
1699.   11,00,35,00,00,00,00,00,00,00,00,00,1c,00,6e,00,00,00,35,00,50,8c,00,00,c6,\
1700.   48,48,0a,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,8a,00,00,00,35,00,50,2b,\
1701.   00,00,c0,2b,e0,12,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,a6,00,00,00,35,\
1702.   00,50,ee,00,00,96,fe,b7,0f,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,c2,00,\
1703.   00,00,35,00,50,ab,00,00,c1,05,d8,0e,00,00,00,00,00,00,00,00,00,00,00,00,1c,\
1704.   00,de,00,00,00,35,00,50,2c,00,00,80,3b,27,30,00,00,00,00,00,00,00,00,00,00,\
1705.   00,00,1c,00,fa,00,00,00,35,00,50,e0,00,00,80,8a,8c,2c,00,00,00,00,00,00,00,\
1706.   00,00,00,00,00,1c,00,16,01,00,00,35,00,50,8d,00,00,84,a3,04,67,00,00,00,00,\
1707.   00,00,00,00,00,00,00,00,1c,00,32,01,00,00,35,00,50,46,00,00,86,e2,51,03,00,\
1708.   00,00,00,00,00,00,00,00,00,00,00,1c,00,4e,01,00,00,35,00,50,85,00,00,80,02,\
1709.   88,47,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,6a,01,00,00,35,00,50,31,00,\
1710.   00,83,bc,03,dc,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,00,00,00,00,35,00,\
1711.   50,ce,00,00,c1,cc,72,e9,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,de,01,a2,\
1712.   01,35,00,50,86,00,00,8d,28,0a,23,00,00,00,00,00,00,00,00,00,00,00,00,3c,00,\
1713.   fa,01,00,00,1f,00,00,32,1c,00,02,00,01,00,07,00,02,00,00,dc,05,00,0d,6d,69,\
1714.   63,72,6f,73,6f,66,74,2e,63,6f,6d,01,00,07,00,02,00,00,dc,05,00,0b,62,69,67,\
1715.   66,6f,6f,74,2e,63,6f,6d,1c,00,6b,02,a2,01,35,00,50,1a,00,00,a6,3c,0c,0b,00,\
1716.   00,00,00,00,00,00,00,00,00,00,00,39,00,33,02,00,00,1f,00,00,0f,19,00,02,00,\
1717.   01,00,07,00,02,00,00,dc,05,00,0a,67,6f,6f,67,6c,65,2e,63,6f,6d,01,00,07,00,\
1718.   02,00,00,dc,05,00,0b,68,6f,74,6d,61,69,6c,2e,63,6f,6d,38,00,00,00,00,00,1f,\
1719.   00,00,a5,18,00,02,00,01,00,07,00,02,00,00,dc,05,00,09,79,61,68,6f,6f,2e,63,\
1720.   6f,6d,01,00,07,00,02,00,00,dc,05,00,0b,74,2d,6f,6e,6c,69,6e,65,2e,64,65,1c,\
1721.   00,87,02,a2,01,35,00,50,fe,00,00,cf,45,bc,ba,00,00,00,00,00,00,00,00,00,00,\
1722.   00,00,1c,00,a3,02,a2,01,35,00,50,de,00,00,d9,ed,96,e1,00,00,00,00,00,00,00,\
1723.   00,00,00,00,00,1c,00,bf,02,a2,01,35,00,50,c5,00,00,c0,23,e8,22,00,00,00,00,\
1724.   00,00,00,00,00,00,00,00,1c,00,db,02,a2,01,35,00,50,ac,00,00,d4,47,61,9c,00,\
1725.   00,00,00,00,00,00,00,00,00,00,00,1c,00,f7,02,a2,01,35,00,50,93,00,00,c1,9e,\
1726.   7c,8f,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,13,03,a2,01,35,00,50,5f,00,\
1727.   00,3d,5f,86,a8,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,2f,03,a2,01,35,00,\
1728.   50,42,00,00,d9,74,e0,fd,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,4b,03,a2,\
1729.   01,35,00,50,23,00,00,d0,30,22,87,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,\
1730.   67,03,a2,01,35,00,50,07,00,00,81,bb,0a,19,00,00,00,00,00,00,00,00,00,00,00,\
1731.   00,1c,00,83,03,a2,01,35,00,50,ea,00,00,d1,eb,6b,0e,00,00,00,00,00,00,00,00,\
1732.   00,00,00,00,1c,00,9f,03,a2,01,35,00,50,cb,00,00,d8,cb,73,69,00,00,00,00,00,\
1733.   00,00,00,00,00,00,00,1c,00,bb,03,a2,01,35,00,50,9b,00,00,cf,d9,78,2b,00,00,\
1734.   00,00,00,00,00,00,00,00,00,00,1c,00,d7,03,a2,01,35,00,50,6e,00,00,83,ae,08,\
1735.   0e,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,f3,03,a2,01,35,00,50,4c,00,00,\
1736.   cb,a2,00,0b,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,0f,04,a2,01,35,00,50,\
1737.   28,00,00,c3,b6,60,1d,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,2b,04,a2,01,\
1738.   35,00,50,ff,00,00,91,fd,02,ab,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,47,\
1739.   04,a2,01,35,00,50,e3,00,00,3e,27,59,47,00,00,00,00,00,00,00,00,00,00,00,00,\
1740.   1c,00,63,04,a2,01,35,00,50,a2,00,00,8d,28,0a,23,00,00,00,00,00,00,00,00,00,\
1741.   00,00,00,1c,00,7f,04,a2,01,35,00,50,8b,00,00,81,bb,10,01,00,00,00,00,00,00,\
1742.   00,00,00,00,00,00,1c,00,9b,04,a2,01,35,00,50,6b,00,00,83,f3,40,03,00,00,00,\
1743.   00,00,00,00,00,00,00,00,00,1c,00,b7,04,a2,01,35,00,50,51,00,00,50,94,0b,e7,\
1744.   00,00,00,00,00,00,00,00,00,00,00,00,1c,00,d3,04,a2,01,35,00,50,33,00,00,c3,\
1745.   70,c3,22,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,ef,04,a2,01,35,00,50,0e,\
1746.   00,00,52,c3,ea,02,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,0b,05,a2,01,35,\
1747.   00,50,e9,00,00,97,c9,00,27,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,27,05,\
1748.   a2,01,35,00,50,ca,00,00,d4,f2,58,02,00,00,00,00,00,00,00,00,00,00,00,00,1c,\
1749.   00,43,05,a2,01,35,00,50,3f,00,00,d5,da,aa,06,00,00,00,00,00,00,00,00,00,00,\
1750.   00,00,1c,00,5f,05,a2,01,35,00,50,a8,00,00,c8,4a,d6,f6,00,00,00,00,00,00,00,\
1751.   00,00,00,00,00,1c,00,7b,05,a2,01,35,00,50,84,00,00,d5,ef,ea,6c,00,00,00,00,\
1752.   00,00,00,00,00,00,00,00,1c,00,00,00,a2,01,35,00,50,5e,00,00,d9,ed,97,21,00,\
1753.   00,00,00,00,00,00,00,00,00,00,00
1754. "szDescr"="The sending machine may be infected with the Sober.j virus."
1755. "szFolder"="Virus Filters"
1756. "RGBValue"=dword:00800080
1757. "bFilterBasedAlarm"=dword:00000001
1758.  
1759. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Sober.k]
1760. "FilterBuffer"=hex:1a,02,00,00,09,00,00,00,17,00,4a,00,1f,00,1e,00,00,80,00,06,\
1761.   00,50,00,00,00,00,00,00,00,00,00,2b,00,61,00,00,00,1f,00,00,76,00,00,00,00,\
1762.   01,00,06,00,02,00,00,dc,05,00,12,70,65,6f,70,6c,65,2e,66,72,65,65,6e,65,74,\
1763.   2e,64,65,2f,17,00,00,00,52,01,1e,00,00,fb,00,06,00,19,00,00,00,00,00,00,00,\
1764.   00,00,3b,00,9c,00,00,00,1f,00,00,35,1d,00,01,00,01,00,06,00,02,00,00,dc,05,\
1765.   00,0e,66,72,65,65,2e,70,61,67,65,73,2e,61,74,2f,01,00,06,00,02,00,00,dc,05,\
1766.   00,09,2f,73,76,6f,6f,2e,65,78,65,3a,00,d6,00,00,00,1f,00,00,ca,1d,00,01,00,\
1767.   01,00,06,00,02,00,00,dc,05,00,0e,68,6f,6d,65,2e,61,72,63,6f,72,2e,64,65,2f,\
1768.   01,00,06,00,02,00,00,dc,05,00,08,2f,71,79,79,2e,68,72,68,3e,00,14,01,00,00,\
1769.   1f,00,00,50,1d,00,01,00,01,00,06,00,02,00,00,dc,05,00,0e,68,6f,6d,65,2e,70,\
1770.   61,67,65,73,2e,61,74,2f,01,00,06,00,02,00,00,dc,05,00,0c,2f,63,6f,6a,66,78,\
1771.   2e,68,79,66,67,6f,3e,00,00,00,00,00,1f,00,00,df,1e,00,01,00,01,00,06,00,02,\
1772.   00,00,dc,05,00,0f,73,63,69,66,69,2e,70,61,67,65,73,2e,61,74,2f,01,00,06,00,\
1773.   02,00,00,dc,05,00,0b,2f,71,73,66,71,73,2e,61,6c,78,65,79,00,00,00,cb,01,1f,\
1774.   00,00,d7,38,00,02,00,01,00,06,00,02,00,00,dc,05,00,29,53,75,62,6a,65,63,74,\
1775.   3a,20,45,79,20,64,75,20,44,4f,4f,46,20,4e,61,73,65,2c,20,77,61,72,75,6d,20,\
1776.   62,65,61,6e,74,77,2e,2e,2e,01,00,06,00,02,00,00,dc,05,00,2c,53,75,62,6a,65,\
1777.   63,74,3a,20,49,27,76,65,20,67,6f,74,20,59,4f,55,52,20,65,6d,61,69,6c,20,6f,\
1778.   6e,20,6d,79,20,61,63,63,6f,75,6e,74,21,21,4f,00,00,00,00,00,1f,00,00,ad,24,\
1779.   00,02,00,01,00,06,00,02,00,00,dc,05,00,15,41,74,74,61,63,68,6d,65,6e,74,20,\
1780.   3a,20,54,45,58,54,2e,5a,49,50,01,00,06,00,02,00,00,dc,05,00,16,41,74,74,61,\
1781.   63,68,6d,65,6e,74,20,3a,20,54,45,58,54,45,2e,5a,49,50
1782. "szDescr"="The sending machine may be infected with the Sober.k virus."
1783. "szFolder"="Virus Filters"
1784. "RGBValue"=dword:00800080
1785. "bFilterBasedAlarm"=dword:00000001
1786.  
1787. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) SoBig.f]
1788. "FilterBuffer"=hex:47,03,00,00,29,00,00,00,17,00,31,00,1f,00,1e,00,00,23,02,11,\
1789.   00,7b,00,00,00,00,00,00,00,00,00,12,00,48,00,00,00,01,00,50,4b,00,00,83,bc,\
1790.   03,de,00,00,17,00,8c,01,7a,01,1e,00,00,54,02,11,00,26,23,00,00,00,00,00,00,\
1791.   00,00,12,00,5a,00,00,00,01,00,50,a5,00,00,81,84,02,15,00,00,12,00,6c,00,00,\
1792.   00,01,00,50,6c,00,00,89,5c,8c,50,00,00,12,00,7e,00,00,00,01,00,50,3e,00,00,\
1793.   c8,13,77,45,00,00,12,00,90,00,00,00,01,00,50,0d,00,00,8e,03,64,02,00,00,12,\
1794.   00,a2,00,00,00,01,00,50,d3,00,00,80,e9,03,65,00,00,12,00,b4,00,00,00,01,00,\
1795.   50,a4,00,00,d4,f2,56,ba,00,00,12,00,c6,00,00,00,01,00,50,59,00,00,8a,60,40,\
1796.   0a,00,00,12,00,d8,00,00,00,01,00,50,fc,00,00,c1,f0,72,e8,00,00,12,00,ea,00,\
1797.   00,00,01,00,50,ce,00,00,85,64,0b,08,00,00,12,00,fc,00,00,00,01,00,50,90,00,\
1798.   00,c1,43,4f,ca,00,00,12,00,0e,01,00,00,01,00,50,69,00,00,c1,05,d8,0e,00,00,\
1799.   12,00,20,01,00,00,01,00,50,47,00,00,83,bc,03,de,00,00,12,00,32,01,00,00,01,\
1800.   00,50,24,00,00,c1,4f,ed,0e,00,00,12,00,44,01,00,00,01,00,50,ff,00,00,84,b5,\
1801.   0c,0d,00,00,12,00,56,01,00,00,01,00,50,7b,00,00,c8,44,3c,f6,00,00,12,00,68,\
1802.   01,00,00,01,00,50,a2,00,00,3e,77,28,62,00,00,12,00,00,00,00,00,01,00,50,d7,\
1803.   00,00,96,fe,b7,0f,00,00,12,00,f1,01,00,00,01,00,50,a3,00,00,0c,9e,66,cd,00,\
1804.   00,65,00,00,00,00,00,1f,00,00,22,00,00,00,00,01,00,06,00,01,00,00,00,00,00,\
1805.   4c,56,44,76,64,4b,63,59,57,7a,6e,52,62,4c,52,50,61,64,51,2b,56,35,37,36,59,\
1806.   55,73,36,46,77,42,47,47,72,59,6e,72,37,63,71,59,6c,4c,49,39,2f,39,7a,77,72,\
1807.   66,65,39,54,30,74,4d,62,46,54,64,58,32,47,6d,51,66,6f,37,54,72,63,45,43,69,\
1808.   39,41,12,00,03,02,00,00,01,00,50,fd,00,00,41,5d,51,3b,00,00,12,00,15,02,00,\
1809.   00,01,00,50,d2,00,00,18,d2,b6,9c,00,00,12,00,27,02,00,00,01,00,50,4e,00,00,\
1810.   44,32,d0,60,00,00,12,00,39,02,00,00,01,00,50,c0,00,00,41,5c,50,da,00,00,12,\
1811.   00,4b,02,00,00,01,00,50,89,00,00,18,ce,4b,89,00,00,12,00,5d,02,00,00,01,00,\
1812.   50,11,00,00,3f,26,9f,a1,00,00,12,00,6f,02,00,00,01,00,50,c6,00,00,41,5c,ba,\
1813.   91,00,00,12,00,81,02,00,00,01,00,50,7a,00,00,18,ca,5b,2b,00,00,12,00,93,02,\
1814.   00,00,01,00,50,5d,00,00,43,09,f1,43,00,00,12,00,a5,02,00,00,01,00,50,25,00,\
1815.   00,41,b1,f0,c2,00,00,12,00,b7,02,00,00,01,00,50,f3,00,00,18,c5,8f,84,00,00,\
1816.   12,00,c9,02,00,00,01,00,50,97,00,00,43,49,15,06,00,00,12,00,db,02,00,00,01,\
1817.   00,50,5c,00,00,3f,fa,52,57,00,00,12,00,ed,02,00,00,01,00,50,2c,00,00,da,93,\
1818.   a4,1d,00,00,12,00,ff,02,00,00,01,00,50,b2,00,00,42,83,cf,51,00,00,12,00,11,\
1819.   03,00,00,01,00,50,0a,00,00,3d,26,bb,3b,00,00,12,00,23,03,00,00,01,00,50,53,\
1820.   00,00,0c,e8,68,dd,00,00,12,00,35,03,00,00,01,00,50,17,00,00,41,5f,c1,8a,00,\
1821.   00,12,00,00,00,00,00,01,00,50,d0,00,00,18,21,42,26,00,00
1822. "szDescr"="The sending station may have been infected with the W32.SoBig.F virus."
1823. "szFolder"="Virus Filters"
1824. "RGBValue"=dword:00800080
1825. "bFilterBasedAlarm"=dword:00000001
1826.  
1827. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) SQL Slammer Worm]
1828. "FilterBuffer"=hex:aa,00,00,00,04,00,00,00,29,00,5a,00,31,00,1f,00,00,97,11,00,\
1829.   01,00,01,00,02,00,01,24,00,00,00,01,02,05,9a,01,00,02,00,01,2a,00,00,00,01,\
1830.   03,04,01,01,29,00,00,00,00,00,1f,00,00,4c,12,00,01,00,00,00,01,00,01,8c,00,\
1831.   00,00,01,03,c9,b0,42,00,00,01,00,01,a0,01,00,00,01,02,eb,ca,27,00,00,00,81,\
1832.   00,1f,00,00,3f,11,00,01,00,00,00,01,00,01,10,00,00,00,01,02,05,9a,00,00,01,\
1833.   00,01,1c,00,00,00,01,01,04,29,00,00,00,00,00,1f,00,00,40,12,00,01,00,00,00,\
1834.   01,00,01,7e,00,00,00,01,03,c9,b0,42,00,00,01,00,01,c0,00,00,00,01,02,eb,ca
1835. "szDescr"="The sending machine may have been infected with the W32.SQLExp.Worm (SQL Slammer Worm)."
1836. "RGBValue"=dword:00800080
1837. "bFilterBasedAlarm"=dword:00000001
1838. "szFolder"="Virus Filters"
1839.  
1840. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Tubty.a]
1841. "FilterBuffer"=hex:30,01,00,00,02,00,00,00,17,00,00,00,1f,00,20,00,00,84,00,06,\
1842.   00,19,00,00,00,00,00,00,00,00,00,11,01,00,00,00,00,1f,00,00,2c,00,00,00,00,\
1843.   01,00,06,00,02,00,00,78,05,00,f8,48,65,6c,6c,6f,2c,20,49,27,6d,20,73,6f,72,\
1844.   72,79,20,61,62,6f,75,74,20,6c,61,73,74,20,6e,69,67,68,74,2e,20,49,20,77,61,\
1845.   73,20,61,63,74,69,6e,67,20,73,74,75,62,62,6f,72,6e,20,61,6e,64,20,69,6d,70,\
1846.   61,74,69,65,6e,74,20,61,6e,64,20,49,20,72,65,67,72,65,74,20,69,74,2e,20,53,\
1847.   6f,6d,65,74,69,6d,65,73,20,49,20,73,61,79,20,74,68,69,6e,67,73,20,77,69,74,\
1848.   68,6f,75,74,20,74,68,69,6e,6b,69,6e,67,20,61,6e,64,20,69,74,20,63,6f,6d,65,\
1849.   73,20,6f,75,74,20,77,72,6f,6e,67,2e,20,49,20,6e,65,76,65,72,20,6d,65,61,6e,\
1850.   20,74,6f,20,68,75,72,74,20,79,6f,75,2c,20,49,20,68,6f,70,65,20,79,6f,75,20,\
1851.   6b,6e,6f,77,20,74,68,61,74,2e,20,54,68,65,72,65,27,73,20,6f,6e,65,20,74,68,\
1852.   69,6e,67,20,79,6f,75,20,73,68,6f,75,6c,64,20,6b,6e,6f,77,20,61,62,6f,75,74,\
1853.   20,6d,65,2d,20,49,74,27,73
1854. "szDescr"="The sending machine may be infected with thte W32.Tubty.a virus."
1855. "szFolder"="Virus Filters"
1856. "RGBValue"=dword:00800080
1857. "bFilterBasedAlarm"=dword:00000001
1858.  
1859. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) W32.Kelvir (Varients)]
1860. "FilterBuffer"=hex:31,02,00,00,09,00,00,00,17,00,00,00,1f,00,1e,00,00,a4,00,06,\
1861.   00,46,14,00,00,00,00,00,00,00,00,4f,00,6e,00,00,00,1f,00,00,d4,21,00,02,00,\
1862.   01,00,06,00,02,00,00,dc,05,00,12,6f,6d,67,20,74,68,69,73,20,69,73,20,66,75,\
1863.   6e,6e,79,21,01,00,06,00,02,00,00,dc,05,00,19,6a,6f,73,65,2e,72,69,76,65,72,\
1864.   61,34,2e,68,6f,6d,65,2e,61,74,74,2e,6e,65,74,4d,00,bb,00,00,00,1f,00,00,8e,\
1865.   29,00,01,00,01,00,06,00,02,00,00,dc,05,00,1a,63,68,65,63,6b,20,74,68,69,73,\
1866.   20,6f,75,74,20,2e,2e,2e,20,68,74,74,70,3a,2f,2f,01,00,06,00,02,00,00,dc,05,\
1867.   00,0f,2e,78,69,68,6f,73,74,69,6e,67,2e,69,6e,66,6f,46,00,01,01,00,00,1f,00,\
1868.   00,ca,29,00,01,00,00,00,01,00,02,00,00,dc,05,00,1a,48,54,54,50,3a,2f,2f,68,\
1869.   6f,6d,65,2e,65,61,72,74,68,6c,69,6e,6b,2e,6e,65,74,2f,01,00,06,00,02,00,00,\
1870.   dc,05,00,08,2f,6f,6d,67,2e,70,69,66,3f,00,40,01,00,00,1f,00,00,2a,19,00,01,\
1871.   00,01,00,06,00,02,00,00,dc,05,00,0a,68,6f,74,20,70,69,63,21,21,7e,01,00,06,\
1872.   00,02,00,00,dc,05,00,11,2f,70,61,72,69,73,68,69,6c,74,6f,6e,2e,70,69,66,7e,\
1873.   49,00,89,01,00,00,1f,00,00,eb,26,00,01,00,01,00,06,00,02,00,00,dc,05,00,17,\
1874.   68,61,68,61,20,6c,6f,6f,6b,20,61,74,20,75,73,20,68,74,74,70,3a,2f,2f,01,00,\
1875.   06,00,02,00,00,dc,05,00,0e,5d,2f,79,6f,75,61,6e,64,6d,65,2e,70,69,66,35,00,\
1876.   be,01,00,00,1f,00,00,a9,19,00,01,00,01,00,06,00,02,00,00,dc,05,00,0a,2f,68,\
1877.   6f,74,74,74,2e,70,69,66,01,00,06,00,02,00,00,dc,05,00,07,68,74,74,70,3a,2f,\
1878.   2f,38,00,f6,01,00,00,1f,00,00,4a,1c,00,01,00,01,00,06,00,02,00,00,dc,05,00,\
1879.   0d,2e,6e,6c,2f,67,69,72,6c,73,2e,63,6f,6d,01,00,06,00,02,00,00,00,00,00,07,\
1880.   68,74,74,70,3a,2f,2f,3b,00,00,00,00,00,1f,00,00,f0,16,00,01,00,01,00,06,00,\
1881.   02,00,00,dc,05,00,07,68,74,74,70,3a,2f,2f,01,00,06,00,02,00,00,dc,05,00,10,\
1882.   2f,7e,64,65,6e,74,6f,6e,68,6f,6d,65,2f,78,2e,78
1883. "szDescr"="The sending machine may be infected with one of the Kelvir virus varients."
1884. "RGBValue"=dword:00800080
1885. "szFolder"="Virus Filters"
1886. "bFilterBasedAlarm"=dword:00000001
1887.  
1888. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) W32_SoBig.f]
1889. "FilterBuffer"=hex:47,03,00,00,29,00,00,00,17,00,31,00,1f,00,1e,00,00,23,02,11,\
1890.   00,7b,00,00,00,00,00,00,00,00,00,12,00,48,00,00,00,01,00,50,4b,00,00,83,bc,\
1891.   03,de,00,00,17,00,8c,01,7a,01,1e,00,00,54,02,11,00,26,23,00,00,00,00,00,00,\
1892.   00,00,12,00,5a,00,00,00,01,00,50,a5,00,00,81,84,02,15,00,00,12,00,6c,00,00,\
1893.   00,01,00,50,6c,00,00,89,5c,8c,50,00,00,12,00,7e,00,00,00,01,00,50,3e,00,00,\
1894.   c8,13,77,45,00,00,12,00,90,00,00,00,01,00,50,0d,00,00,8e,03,64,02,00,00,12,\
1895.   00,a2,00,00,00,01,00,50,d3,00,00,80,e9,03,65,00,00,12,00,b4,00,00,00,01,00,\
1896.   50,a4,00,00,d4,f2,56,ba,00,00,12,00,c6,00,00,00,01,00,50,59,00,00,8a,60,40,\
1897.   0a,00,00,12,00,d8,00,00,00,01,00,50,fc,00,00,c1,f0,72,e8,00,00,12,00,ea,00,\
1898.   00,00,01,00,50,ce,00,00,85,64,0b,08,00,00,12,00,fc,00,00,00,01,00,50,90,00,\
1899.   00,c1,43,4f,ca,00,00,12,00,0e,01,00,00,01,00,50,69,00,00,c1,05,d8,0e,00,00,\
1900.   12,00,20,01,00,00,01,00,50,47,00,00,83,bc,03,de,00,00,12,00,32,01,00,00,01,\
1901.   00,50,24,00,00,c1,4f,ed,0e,00,00,12,00,44,01,00,00,01,00,50,ff,00,00,84,b5,\
1902.   0c,0d,00,00,12,00,56,01,00,00,01,00,50,7b,00,00,c8,44,3c,f6,00,00,12,00,68,\
1903.   01,00,00,01,00,50,a2,00,00,3e,77,28,62,00,00,12,00,00,00,00,00,01,00,50,d7,\
1904.   00,00,96,fe,b7,0f,00,00,12,00,f1,01,00,00,01,00,50,a3,00,00,0c,9e,66,cd,00,\
1905.   00,65,00,00,00,00,00,1f,00,00,22,00,00,00,00,01,00,06,00,01,00,00,00,00,00,\
1906.   4c,56,44,76,64,4b,63,59,57,7a,6e,52,62,4c,52,50,61,64,51,2b,56,35,37,36,59,\
1907.   55,73,36,46,77,42,47,47,72,59,6e,72,37,63,71,59,6c,4c,49,39,2f,39,7a,77,72,\
1908.   66,65,39,54,30,74,4d,62,46,54,64,58,32,47,6d,51,66,6f,37,54,72,63,45,43,69,\
1909.   39,41,12,00,03,02,00,00,01,00,50,fd,00,00,41,5d,51,3b,00,00,12,00,15,02,00,\
1910.   00,01,00,50,d2,00,00,18,d2,b6,9c,00,00,12,00,27,02,00,00,01,00,50,4e,00,00,\
1911.   44,32,d0,60,00,00,12,00,39,02,00,00,01,00,50,c0,00,00,41,5c,50,da,00,00,12,\
1912.   00,4b,02,00,00,01,00,50,89,00,00,18,ce,4b,89,00,00,12,00,5d,02,00,00,01,00,\
1913.   50,11,00,00,3f,26,9f,a1,00,00,12,00,6f,02,00,00,01,00,50,c6,00,00,41,5c,ba,\
1914.   91,00,00,12,00,81,02,00,00,01,00,50,7a,00,00,18,ca,5b,2b,00,00,12,00,93,02,\
1915.   00,00,01,00,50,5d,00,00,43,09,f1,43,00,00,12,00,a5,02,00,00,01,00,50,25,00,\
1916.   00,41,b1,f0,c2,00,00,12,00,b7,02,00,00,01,00,50,f3,00,00,18,c5,8f,84,00,00,\
1917.   12,00,c9,02,00,00,01,00,50,97,00,00,43,49,15,06,00,00,12,00,db,02,00,00,01,\
1918.   00,50,5c,00,00,3f,fa,52,57,00,00,12,00,ed,02,00,00,01,00,50,2c,00,00,da,93,\
1919.   a4,1d,00,00,12,00,ff,02,00,00,01,00,50,b2,00,00,42,83,cf,51,00,00,12,00,11,\
1920.   03,00,00,01,00,50,0a,00,00,3d,26,bb,3b,00,00,12,00,23,03,00,00,01,00,50,53,\
1921.   00,00,0c,e8,68,dd,00,00,12,00,35,03,00,00,01,00,50,17,00,00,41,5f,c1,8a,00,\
1922.   00,12,00,00,00,00,00,01,00,50,d0,00,00,18,21,42,26,00,00
1923. "szDescr"="The sending station may have been infected with the W32.SoBig.F virus."
1924. "RGBValue"=dword:00800080
1925. "bFilterBasedAlarm"=dword:00000001
1926. "szFolder"="Virus Filters"
1927.  
1928. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Welchia]
1929. "FilterBuffer"=hex:4b,00,00,00,02,00,00,00,1a,00,00,00,22,00,21,00,00,30,00,00,\
1930.   00,00,01,00,04,00,01,00,00,00,00,01,01,08,29,00,00,00,00,00,1f,00,00,d8,00,\
1931.   00,00,00,01,00,0b,00,01,00,00,00,00,01,10,aa,aa,aa,aa,aa,aa,aa,aa,aa,aa,aa,\
1932.   aa,aa,aa,aa,aa
1933. "szDescr"="Detects machines that may be infected with the Welchia Virus"
1934. "RGBValue"=dword:00800080
1935. "szFolder"="Virus Filters"
1936. "bFilterBasedAlarm"=dword:00000001
1937.  
1938. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\(Virus) Zafi.B / Erkez.B]
1939. "FilterBuffer"=hex:45,04,00,00,16,00,00,00,12,00,31,00,1a,00,01,00,10,66,00,00,\
1940.   c1,e0,1c,03,00,00,17,00,00,00,4d,00,20,00,00,a0,00,06,00,50,00,00,00,00,00,\
1941.   00,00,00,00,1c,00,6a,00,1a,00,35,00,50,fb,00,00,d4,6c,c5,7c,00,00,00,00,00,\
1942.   00,00,00,00,00,00,00,1d,00,00,00,00,00,1f,00,00,f8,00,00,00,00,01,00,06,00,\
1943.   01,00,00,00,00,00,04,2f,47,45,54,1c,00,86,00,1a,00,35,00,50,29,00,00,c3,46,\
1944.   23,de,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,a2,00,1a,00,35,00,50,4f,00,\
1945.   00,c3,46,30,f5,00,00,00,00,00,00,00,00,00,00,00,00,17,00,00,00,b9,00,20,00,\
1946.   00,cd,00,06,00,19,00,00,00,00,00,00,00,00,00,5a,00,13,01,00,00,1f,00,00,61,\
1947.   00,00,00,00,01,00,06,00,02,00,00,78,05,00,41,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,\
1948.   2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,20,68,69,72,64,65,74,3d,45,39,73,\
1949.   20,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,2d,\
1950.   2d,2d,2d,2d,2d,51,00,64,01,00,00,1f,00,00,c4,00,00,00,00,01,00,06,00,02,00,\
1951.   00,78,05,00,38,48,61,6c,6c,6f,21,20,0d,0a,68,61,74,20,64,69,72,20,65,69,6e,\
1952.   65,20,65,6c,65,6b,74,72,6f,6e,69,73,63,68,65,20,46,6c,61,73,68,63,61,72,64,\
1953.   20,67,65,73,63,68,69,63,6b,74,2e,2d,00,91,01,00,00,1f,00,00,d8,00,00,00,00,\
1954.   01,00,06,00,02,00,00,78,05,00,14,43,6f,6e,74,65,6e,74,3a,20,54,65,20,61,6d,\
1955.   6f,2e,2e,2e,20,2c,2a,00,bb,01,00,00,1f,00,00,e2,00,00,00,00,01,00,06,00,02,\
1956.   00,00,78,05,00,11,57,20,44,6e,69,75,20,69,6d,69,65,6e,69,6e,2e,2e,2e,2f,00,\
1957.   ea,01,00,00,1f,00,00,ee,00,00,00,00,01,00,06,00,02,00,00,78,05,00,16,4c,69,\
1958.   6e,6b,73,6d,6f,20,67,69,6d,74,61,64,69,65,6e,6f,21,20,68,61,27,00,11,02,00,\
1959.   00,1f,00,00,f6,00,00,00,00,01,00,06,00,02,00,00,78,05,00,0e,49,6c,6f,69,73,\
1960.   74,61,20,6b,65,73,61,61,21,40,00,51,02,00,00,1f,00,00,0d,00,00,00,00,01,00,\
1961.   06,00,02,00,00,78,05,00,27,56,61,6b,72,65,20,72,6f,73,65,72,20,6a,65,67,20,\
1962.   73,61,6d,6d,65,6e,6c,69,67,6e,65,72,20,6d,65,64,20,64,65,67,2e,2e,2e,44,00,\
1963.   95,02,00,00,1f,00,00,13,00,00,00,00,01,00,06,00,02,00,00,78,05,00,2b,49,6e,\
1964.   66,6f,72,6d,61,63,69,6f,6e,20,69,6d,70,6f,72,74,61,6e,74,65,20,71,75,65,20,\
1965.   64,65,62,65,73,20,63,6f,6e,6f,63,65,72,2c,20,2d,33,00,c8,02,00,00,1f,00,00,\
1966.   18,00,00,00,00,01,00,06,00,02,00,00,78,05,00,1a,4d,69,74,20,68,6a,65,72,74,\
1967.   65,20,62,61,6e,6b,65,72,20,66,6f,72,20,64,69,67,21,4a,00,12,03,00,00,1f,00,\
1968.   00,1f,00,00,00,00,01,00,06,00,02,00,00,78,05,00,31,44,65,20,63,61,6e,64,20,\
1969.   74,65,2d,61,6d,20,63,75,6e,6f,73,63,75,74,20,69,6e,69,6d,61,20,6d,65,61,20,\
1970.   61,72,65,20,75,6e,20,6e,6f,75,20,72,69,74,6d,21,66,00,78,03,00,00,1f,00,00,\
1971.   fc,3f,00,02,00,01,00,06,00,02,00,00,78,05,00,30,54,69,73,7a,74,65,6c,74,20,\
1972.   66,65,6c,68,61,73,7a,6e,e1,6c,3f,0d,0a,d6,6e,6e,65,6b,20,6b,f3,70,65,73,6c,\
1973.   61,70,6a,61,20,f3,72,6b,65,7a,65,74,74,21,01,00,06,00,02,00,00,78,05,00,12,\
1974.   6b,65,70,65,73,6c,61,70,20,65,72,6b,65,7a,65,74,74,21,2c,00,a4,03,00,00,1f,\
1975.   00,00,26,00,00,00,00,01,00,06,00,02,00,00,78,05,00,13,54,69,6c,6c,20,6d,69,\
1976.   6e,20,41,6c,73,6b,61,64,65,2e,2e,2e,22,00,c6,03,00,00,1f,00,00,8b,00,00,00,\
1977.   00,01,00,06,00,02,00,00,78,05,00,09,57,48,41,54,53,4e,45,57,21,2e,00,f4,03,\
1978.   00,00,1f,00,00,67,00,00,00,00,01,00,06,00,02,00,00,78,05,00,15,43,68,65,63,\
1979.   6b,20,74,68,69,73,20,6f,75,74,20,6b,69,64,21,21,21,51,00,00,00,00,00,1f,00,\
1980.   00,b5,00,00,00,00,01,00,06,00,01,00,00,00,00,00,38,59,6f,75,27,76,65,20,67,\
1981.   6f,74,20,31,20,56,6f,69,63,65,4d,65,73,73,61,67,65,20,66,72,6f,6d,20,76,6f,\
1982.   69,63,65,6d,65,73,73,61,67,65,2e,63,6f,6d,20,77,65,62,73,69,74,65,21
1983. "szDescr"="The sending station may be infected with the Zafi.B / Erkez.B Virus."
1984. "szFolder"="Virus Filters"
1985. "RGBValue"=dword:00800080
1986. "bFilterBasedAlarm"=dword:00000001
1987.  
1988. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\AppleTalk]
1989. "FilterBuffer"=hex:21,00,00,00,01,00,00,00,19,00,00,00,00,00,21,00,00,ad,00,00,\
1990.   00,00,05,00,00,00,00,00,00,00,00,00,00
1991. "szDescr"="Captures only Appletalk packets"
1992. "RGBValue"=dword:00ff0000
1993. "bFilterBasedAlarm"=dword:00000000
1994. "szFolder"="Predefined Protocol Filters"
1995.  
1996. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\Complex Filter]
1997. "FilterBuffer"=hex:f1,00,00,00,08,00,00,00,12,00,00,00,1a,00,01,00,10,2a,00,00,\
1998.   c0,a8,01,01,00,00,17,00,4e,00,31,00,20,00,00,a4,00,06,00,50,00,00,00,00,00,\
1999.   00,00,00,00,1d,00,00,00,00,00,1f,00,00,00,00,00,00,00,01,00,06,00,01,00,00,\
2000.   00,00,00,04,2f,47,45,54,17,00,84,00,65,00,1e,00,00,36,02,06,00,dd,09,00,00,\
2001.   00,00,00,00,00,00,1f,00,00,00,00,00,1f,00,00,bd,00,00,00,00,01,00,06,00,01,\
2002.   00,00,00,00,01,06,0b,bf,1a,1a,aa,58,17,00,9b,00,65,00,1e,00,00,2b,02,06,00,\
2003.   de,09,00,00,00,00,00,00,00,00,32,00,cd,00,00,00,1f,00,00,f2,14,00,02,00,00,\
2004.   00,01,00,02,00,00,dc,05,00,05,6b,61,7a,61,61,00,00,01,00,02,00,00,dc,05,00,\
2005.   09,6d,65,73,73,65,6e,67,65,72,24,00,00,00,00,00,26,00,00,9a,01,00,06,00,03,\
2006.   37,00,02,00,00,ff,00,00,00,00,00,00,00,8d,3b,00,00,00,00,00,00
2007. "szDescr"="This sample shows how you can create complex filters to narrow down what you want to capture."
2008. "RGBValue"=dword:00ff0000
2009. "szFolder"="Sample Filters"
2010.  
2011. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\Multiple Addresses]
2012. "FilterBuffer"=hex:60,00,00,00,03,00,00,00,1e,00,26,00,00,00,09,00,50,7d,00,00,\
2013.   c0,a8,01,01,00,00,c0,a8,01,05,00,00,c0,a8,01,19,00,00,1c,00,42,00,00,00,35,\
2014.   00,50,7b,00,00,c0,a8,01,34,00,00,00,00,00,00,00,00,00,00,00,00,1e,00,00,00,\
2015.   00,00,09,00,50,1f,02,00,c0,a8,01,01,00,00,c0,a8,01,ff,00,00,c0,a8,01,0a,00,\
2016.   00
2017. "szDescr"="This sample shows some of the many Address filtering availible."
2018. "RGBValue"=dword:00ff0000
2019. "szFolder"="Sample Filters"
2020.  
2021. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\Multiple Protocols]
2022. "FilterBuffer"=hex:6e,00,00,00,04,00,00,00,1a,00,22,00,00,00,21,00,00,97,00,00,\
2023.   00,00,eb,93,eb,93,00,00,00,00,00,00,00,00,19,00,3b,00,00,00,21,00,00,1f,00,\
2024.   00,00,00,01,00,0c,00,00,00,00,00,00,00,00,1a,00,55,00,00,00,21,00,00,bc,00,\
2025.   00,00,00,e8,58,e8,58,00,00,00,00,00,00,00,00,19,00,00,00,00,00,21,00,00,fc,\
2026.   00,00,00,00,01,00,04,00,00,00,00,00,00,00,00
2027. "szDescr"="This sample shows how you can filter for multiple protocols."
2028. "RGBValue"=dword:00ff0000
2029. "szFolder"="Sample Filters"
2030.  
2031. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\Pattern Filters]
2032. "FilterBuffer"=hex:72,00,00,00,03,00,00,00,30,00,38,00,00,00,1f,00,00,ef,00,00,\
2033.   00,00,01,00,06,00,01,00,00,00,00,00,17,77,77,77,2e,68,61,63,6b,65,72,73,70,\
2034.   61,72,61,64,69,73,65,2e,63,6f,6d,1f,00,57,00,00,00,1f,00,00,5d,00,00,00,00,\
2035.   01,00,06,00,01,00,00,00,00,01,06,00,15,54,ab,ac,51,1b,00,00,00,00,00,1f,00,\
2036.   00,c2,00,00,00,00,01,00,06,00,01,00,00,00,00,02,02,34,08
2037. "szDescr"="This sample shows some of the many Pattern Filters availible."
2038. "RGBValue"=dword:00ff0000
2039. "szFolder"="Sample Filters"
2040.  
2041. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\Port Filters]
2042. "FilterBuffer"=hex:76,00,00,00,05,00,00,00,12,00,00,00,1a,00,02,00,00,4f,00,00,\
2043.   00,08,02,66,bc,b5,17,00,31,00,00,00,1e,00,00,5c,02,06,00,90,1f,00,00,00,00,\
2044.   00,00,00,00,17,00,48,00,00,00,1e,00,00,d7,00,11,00,23,00,00,00,00,00,00,00,\
2045.   00,00,17,00,5f,00,00,00,1e,00,00,02,00,02,00,9a,00,00,00,00,00,00,00,00,00,\
2046.   17,00,00,00,00,00,1e,00,00,82,00,03,00,97,00,00,00,00,00,00,00,00,00
2047. "szDescr"="This sample shows many of the types of Port Filters availible."
2048. "RGBValue"=dword:00ff0000
2049. "szFolder"="Sample Filters"
2050.  
2051. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\SNA]
2052. "FilterBuffer"=hex:21,00,00,00,01,00,00,00,19,00,00,00,00,00,21,00,00,50,00,00,\
2053.   00,00,06,00,00,00,00,00,00,00,00,00,00
2054. "szDescr"="Captures only SNA packets"
2055. "RGBValue"=dword:00ff0000
2056. "szFolder"="Predefined Protocol Filters"
2057.  
2058. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\TCP]
2059. "FilterBuffer"=hex:21,00,00,00,01,00,00,00,19,00,00,00,00,00,21,00,00,eb,00,00,\
2060.   00,00,01,00,02,00,00,00,00,00,00,00,00
2061. "szDescr"="Captures only TCP packets"
2062. "RGBValue"=dword:00ff0000
2063. "szFolder"="Sample Filters"
2064.  
2065. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\TCP Fin]
2066. "FilterBuffer"=hex:23,00,00,00,01,00,00,00,1b,00,00,00,00,00,1f,00,00,00,00,00,\
2067.   00,00,01,00,02,00,01,0d,00,00,00,02,02,01,00
2068. "szDescr"="Captures only TCP packets with the Fin flag set."
2069. "RGBValue"=dword:00ff0000
2070. "szFolder"="Sample Filters"
2071.  
2072. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\TCP Reset]
2073. "FilterBuffer"=hex:23,00,00,00,01,00,00,00,1b,00,00,00,00,00,1f,00,00,90,00,00,\
2074.   00,00,01,00,02,00,01,0d,00,00,00,02,02,04,00
2075. "szDescr"="Captures only TCP packets with the Reset flag set."
2076. "RGBValue"=dword:00ff0000
2077. "szFolder"="Sample Filters"
2078.  
2079. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\TCP Syn]
2080. "FilterBuffer"=hex:23,00,00,00,01,00,00,00,1b,00,00,00,00,00,1f,00,00,15,00,00,\
2081.   00,00,01,00,02,00,01,0d,00,00,00,02,02,02,00
2082. "szDescr"="Captures only TCP packets with the Syn flag set."
2083. "RGBValue"=dword:00ff0000
2084. "szFolder"="Sample Filters"
2085.  
2086. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\UDP]
2087. "FilterBuffer"=hex:21,00,00,00,01,00,00,00,19,00,00,00,00,00,21,00,00,c6,00,00,\
2088.   00,00,01,00,03,00,00,00,00,00,00,00,00
2089. "szDescr"="Captures only UDP"
2090. "RGBValue"=dword:00ff0000
2091. "szFolder"="Sample Filters"
2092.  
2093. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\Wireless Ad-Hoc Mode Station]
2094. "FilterBuffer"=hex:48,00,00,00,03,00,00,00,0c,00,00,00,14,00,27,00,01,21,01,00,\
2095.   19,00,00,00,2d,00,21,00,00,2e,00,00,00,00,0e,00,07,00,00,00,00,00,00,00,00,\
2096.   1b,00,00,00,00,00,1f,00,00,dc,00,00,00,00,00,00,01,00,01,22,00,00,00,02,02,\
2097.   02,00
2098. "szDescr"=""
2099. "RGBValue"=dword:00ff0000
2100. "bFilterBasedAlarm"=dword:00000001
2101. "FilterMatches"=dword:00000002
2102. "RatioFilterMatches"=dword:000000c8
2103. "TriggerLevel"=dword:00000001
2104. "TimeInterval"=dword:00000005
2105. "MatchType"=dword:00000000
2106. "szFolder"="Wireless Filters"
2107.  
2108. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\Wireless AP/Station with WEP Disabled]
2109. "FilterBuffer"=hex:48,00,00,00,03,00,00,00,0c,00,00,00,14,00,27,00,01,65,01,00,\
2110.   19,00,00,00,2d,00,21,00,00,2a,00,00,00,00,10,00,00,00,00,00,00,00,00,00,00,\
2111.   1b,00,00,00,00,00,1f,00,00,7e,00,00,00,00,00,00,01,00,01,01,00,00,00,02,02,\
2112.   00,40
2113. "szDescr"=""
2114. "bFilterBasedAlarm"=dword:00000001
2115. "RGBValue"=dword:00ff0000
2116. "FilterMatches"=dword:00000002
2117. "RatioFilterMatches"=dword:000000c8
2118. "TriggerLevel"=dword:00000001
2119. "TimeInterval"=dword:00000005
2120. "MatchType"=dword:00000000
2121. "szFolder"="Wireless Filters"
2122.  
2123. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\Wireless Authentication Failures Exceeded]
2124. "FilterBuffer"=hex:48,00,00,00,03,00,00,00,0c,00,00,00,14,00,27,00,01,fa,01,00,\
2125.   19,00,00,00,2d,00,21,00,00,b0,00,00,00,00,0e,00,0a,00,00,00,00,00,00,00,00,\
2126.   1b,00,00,00,00,00,1f,00,01,db,00,00,00,00,00,00,01,00,01,1c,00,00,00,01,02,\
2127.   00,00
2128. "szDescr"=""
2129. "bFilterBasedAlarm"=dword:00000001
2130. "RGBValue"=dword:00ff0000
2131. "FilterMatches"=dword:00000028
2132. "RatioFilterMatches"=dword:000000c8
2133. "TriggerLevel"=dword:00000001
2134. "TimeInterval"=dword:00000005
2135. "MatchType"=dword:00000000
2136. "szFolder"="Wireless Filters"
2137.  
2138. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\Wireless Data]
2139. "FilterBuffer"=hex:21,00,00,00,01,00,00,00,19,00,00,00,00,00,21,00,00,6c,00,00,\
2140.   00,00,10,00,00,00,00,00,00,00,00,00,00
2141. "szDescr"="Captures only Wireless Data"
2142. "RGBvalue"=dword:00ff0000
2143. "szFolder"="Wireless Filters"
2144.  
2145. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\Wireless Device Probing for AP]
2146. "FilterBuffer"=hex:4c,00,00,00,03,00,00,00,0c,00,00,00,14,00,27,00,01,99,01,00,\
2147.   19,00,00,00,2d,00,21,00,00,7c,00,00,00,00,0e,00,05,00,00,00,00,00,00,00,00,\
2148.   1f,00,00,00,00,00,1f,00,00,21,00,00,00,00,00,00,01,00,01,10,00,00,00,01,06,\
2149.   ff,ff,ff,ff,ff,ff
2150. "szDescr"=""
2151. "bFilterBasedAlarm"=dword:00000001
2152. "RGBValue"=dword:00ff0000
2153. "FilterMatches"=dword:00000080
2154. "RatioFilterMatches"=dword:000000c8
2155. "TriggerLevel"=dword:00000001
2156. "TimeInterval"=dword:00000005
2157. "MatchType"=dword:00000000
2158. "szFolder"="Wireless Filters"
2159.  
2160. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\Wireless DoS Attack: Association Flood]
2161. "FilterBuffer"=hex:2d,00,00,00,02,00,00,00,0c,00,00,00,14,00,27,00,01,1d,01,00,\
2162.   19,00,00,00,00,00,21,00,00,68,00,00,00,00,0e,00,01,00,00,00,00,00,00,00,00
2163. "szDescr"=""
2164. "bFilterBasedAlarm"=dword:00000001
2165. "RGBValue"=dword:00ff0000
2166. "FilterMatches"=dword:00000080
2167. "RatioFilterMatches"=dword:000000c8
2168. "TriggerLevel"=dword:00000001
2169. "TimeInterval"=dword:00000005
2170. "MatchType"=dword:00000000
2171. "szFolder"="Wireless Filters"
2172.  
2173. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\Wireless DoS Attack: Authentication Flood]
2174. "FilterBuffer"=hex:2d,00,00,00,02,00,00,00,0c,00,00,00,14,00,27,00,01,91,01,00,\
2175.   19,00,00,00,00,00,21,00,00,d1,00,00,00,00,0e,00,0a,00,00,00,00,00,00,00,00
2176. "szDescr"=""
2177. "bFilterBasedAlarm"=dword:00000001
2178. "RGBValue"=dword:00ff0000
2179. "FilterMatches"=dword:00000080
2180. "RatioFilterMatches"=dword:000000c8
2181. "TriggerLevel"=dword:00000001
2182. "TimeInterval"=dword:00000005
2183. "MatchType"=dword:00000000
2184. "szFolder"="Wireless Filters"
2185.  
2186. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\Wireless DoS Attack: De-authentication Flood]
2187. "FilterBuffer"=hex:2d,00,00,00,02,00,00,00,0c,00,00,00,14,00,27,00,01,b0,01,00,\
2188.   19,00,00,00,00,00,21,00,00,ef,00,00,00,00,0e,00,0b,00,00,00,00,00,00,00,00
2189. "szDescr"=""
2190. "bFilterBasedAlarm"=dword:00000001
2191. "RGBValue"=dword:00ff0000
2192. "FilterMatches"=dword:00000080
2193. "RatioFilterMatches"=dword:000000c8
2194. "TriggerLevel"=dword:00000001
2195. "TimeInterval"=dword:00000005
2196. "MatchType"=dword:00000000
2197. "szFolder"="Wireless Filters"
2198.  
2199. [HKEY_LOCAL_MACHINE\SOFTWARE\Network Instruments\Observer\Filters\Wireless DoS Attack: Disassociation Flood]
2200. "FilterBuffer"=hex:2d,00,00,00,02,00,00,00,0c,00,00,00,14,00,27,00,01,ea,01,00,\
2201.   19,00,00,00,00,00,21,00,00,1c,00,00,00,00,0e,00,09,00,00,00,00,00,00,00,00
2202. "szDescr"=""
2203. "bFilterBasedAlarm"=dword:00000001
2204. "RGBValue"=dword:00ff0000
2205. "FilterMatches"=dword:00000080
2206. "RatioFilterMatches"=dword:000000c8
2207. "TriggerLevel"=dword:00000001
2208. "TimeInterval"=dword:00000005
2209. "MatchType"=dword:00000000
2210. "szFolder"="Wireless Filters"
2211.  
2212.