[files]
Total=1

[cmd]
numSections=9
1=FILE_BASED VERB_FILE_COPY OBJ_FILE 1
Total=12
2=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 2
3=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 3
4=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 4
5=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 5
6=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 6
7=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 7
8=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 8
9=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 9
10=SERVICE_BASED VERB_SERVICE_STATE OBJ_SERVICE AdobeARMservice
11=CUSTOM_BASED VERB_RESTART_SYSTEM OBJ_OS 0
12=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 2

[1]
name=armsvc.exe.bak
orig=%ProgramFiles(x86)%\Common Files\Adobe\ARM\1.0\armsvc.exe
DateA=2024/02/13 01:32:37
SD=O:SYG:SYD:(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)(A;ID;0x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2)
attrib=32
DateC=2024/01/31 12:58:18
DateM=2024/01/31 12:58:18
hash=8E7B5CC1

[reg]
Total=8

[2]
hive=HKLM
type=REG_SZ
redir=0
empty=-1
DateM=2021/04/19 15:32:07
SD=O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;CIIOID;GA;;;CO)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;CIIOID;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)
key=System\CurrentControlSet\Services\AdobeARMservice
param=
data=
dataDecoded=
hash=00000000

[3]
hive=HKLM
type=REG_DWORD
redir=0
empty=0
key=System\CurrentControlSet\Services\AdobeARMservice
param=Type
data=16
dataDecoded=16
hash=483E80D4

[4]
hive=HKLM
type=REG_DWORD
redir=0
empty=0
key=System\CurrentControlSet\Services\AdobeARMservice
param=Start
data=2
dataDecoded=2
hash=1AD5BE0D

[5]
hive=HKLM
type=REG_DWORD
redir=0
empty=0
key=System\CurrentControlSet\Services\AdobeARMservice
param=ErrorControl
data=0
dataDecoded=0
hash=F4DBDF21

[6]
hive=HKLM
type=REG_EXPAND_SZ
redir=0
empty=0
key=System\CurrentControlSet\Services\AdobeARMservice
param=ImagePath
data=\u0022\u0043\u003A\u005C\u0050\u0072\u006F\u0067\u0072\u0061\u006D\u0020\u0046\u0069\u006C\u0065\u0073\u0020\u0028\u0078\u0038\u0036\u0029\u005C\u0043\u006F\u006D\u006D\u006F\u006E\u0020\u0046\u0069\u006C\u0065\u0073\u005C\u0041\u0064\u006F\u0062\u0065\u005C\u0041\u0052\u004D\u005C\u0031\u002E\u0030\u005C\u0061\u0072\u006D\u0073\u0076\u0063\u002E\u0065\u0078\u0065\u0022
dataDecoded="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
hash=58B6F518

[7]
hive=HKLM
type=REG_SZ
redir=0
empty=0
key=System\CurrentControlSet\Services\AdobeARMservice
param=DisplayName
data=\u0041\u0064\u006F\u0062\u0065\u0020\u0041\u0063\u0072\u006F\u0062\u0061\u0074\u0020\u0055\u0070\u0064\u0061\u0074\u0065\u0020\u0053\u0065\u0072\u0076\u0069\u0063\u0065
dataDecoded=Adobe Acrobat Update Service
hash=974F1BDB

[8]
hive=HKLM
type=REG_SZ
redir=0
empty=0
key=System\CurrentControlSet\Services\AdobeARMservice
param=ObjectName
data=\u004C\u006F\u0063\u0061\u006C\u0053\u0079\u0073\u0074\u0065\u006D
dataDecoded=LocalSystem
hash=63F2F08C

[9]
hive=HKLM
type=REG_SZ
redir=0
empty=0
key=System\CurrentControlSet\Services\AdobeARMservice
param=Description
data=\u0041\u0064\u006F\u0062\u0065\u0020\u0041\u0063\u0072\u006F\u0062\u0061\u0074\u0020\u0055\u0070\u0064\u0061\u0074\u0065\u0072\u0020\u006B\u0065\u0065\u0070\u0073\u0020\u0079\u006F\u0075\u0072\u0020\u0041\u0064\u006F\u0062\u0065\u0020\u0073\u006F\u0066\u0074\u0077\u0061\u0072\u0065\u0020\u0075\u0070\u0020\u0074\u006F\u0020\u0064\u0061\u0074\u0065\u002E
dataDecoded=Adobe Acrobat Updater keeps your Adobe software up to date.
hash=702B5EC4