Manipulation of Windows service binaries is one variation if this technique. Adversaries may replace a legitimate service executable with their own executable to gain persistence and/or privilege escalation to the account context the service is set to execute under (local/domain account, SYSTEM, Local-service, or Network Service). Once the service is started, either directly by the user (if appropriate access is available) or through some other means, such as a system restart if the service start on bootup, the replaced executable will run instead of the original service executable.