What is the basic method to create a hidden account in Windows by cloning an existing account's registry key?

The basic method involves granting full control of the `HKEY_LOCAL_MACHINE\SAM\SAM` registry key to Administrators, then creating a username that ends with `$` (e.g., `test$`). You export the registry keys for the new account and the target account (e.g., Administrator), replace the `F` value in the new account's key with the Administrator's `F` value, delete the account via `net user`, and import the modified registry files. The result is a hidden account that appears neither in `net user` nor in the Control Panel. For more details, see Penetration Techniques - Account Hiding in Windows Systems.