If an attacker uses phishing to obtain user credentials for an employee without administrator access and needs to install a rootkit backdoor that requires system level access, what might be the attacker's next course of action to gain the administrator privileges?

Set a scheduled task to install the rootkit the following day under the current user account.

Attempt to extract local administrator credentials stored on the machine in running memory or the registry.

Try to brute force that user$$s password for an RDP connection to the user$$s workstation.

Change the IP address of the user$$s computer from DHCP$-$assigned to static.