REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Network Instruments\Observer\Filters\(Virus) Korgo.x]
"FilterBuffer"=hex:5b,01,00,00,0d,00,00,00,17,00,31,00,1f,00,20,00,00,46,00,06,\
  00,50,00,00,00,00,00,00,00,00,00,12,00,48,00,00,00,01,00,10,76,00,00,42,5a,\
  41,fc,00,00,17,00,44,01,1f,00,20,00,00,88,00,06,00,bb,01,00,00,00,00,00,00,\
  00,00,1c,00,64,00,00,00,35,00,50,c3,00,00,cd,d1,bd,f0,00,00,00,00,00,00,00,\
  00,00,00,00,00,1c,00,80,00,00,00,35,00,50,f5,00,00,d5,84,c4,cd,00,00,00,00,\
  00,00,00,00,00,00,00,00,1c,00,9c,00,00,00,35,00,50,ac,00,00,45,14,68,03,00,\
  00,00,00,00,00,00,00,00,00,00,00,1c,00,b8,00,00,00,35,00,50,6e,00,00,c2,87,\
  1e,c0,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,d4,00,00,00,35,00,50,23,00,\
  00,c1,db,05,90,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,f0,00,00,00,35,00,\
  50,cd,00,00,d1,19,d5,3a,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,0c,01,00,\
  00,35,00,50,2f,00,00,d4,18,3f,41,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,\
  28,01,00,00,35,00,50,45,00,00,d8,c2,46,04,00,00,00,00,00,00,00,00,00,00,00,\
  00,1c,00,00,00,00,00,35,00,50,9e,00,00,d9,90,61,a2,00,00,00,00,00,00,00,00,\
  00,00,00,00,17,00,00,00,1f,00,20,00,00,b9,00,11,00,50,00,00,00,00,00,00,00,\
  00,00
"szDescr"="The sending machine may be infected with the Korgo.x virus. It may be attempting to connect to a remote server in order to update the virus code."
"RGBValue"=dword:00800080
"szFolder"="Virus Filters"
"bFilterBasedAlarm"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Network Instruments\Observer\ProtocolPresetsV9]