thanks for any input
Hey FastFixx!
Do you have the script you use to move the file and run it as a service?
In the past I've used a script to move the working LMIR directory to something like C:\LMIR and then run as a service. Combofix and rkill only terminate applications that reside in certain locations.
If you found this discussion useful, why not register/sign-in? It only takes a minute to share your feedback, ask a question, or vote for a new feature!
