-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathPersistence-Taskschedule.ps1
32 lines (25 loc) · 1.26 KB
/
Persistence-Taskschedule.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# Nome da Tarefa Agendada
$taskName = "taskname"
# Caminho completo para o arquivo .exe que você deseja executar como um serviço
$binPath = "C:\Arquivo.exe"
$eventName = "MeuEventoPersonalizado"
# ID do evento para disparar a tarefa
$eventID = 12345
# Verifica se a Tarefa Agendada já existe
$existingTask = Get-ScheduledTask -TaskName $taskName -ErrorAction SilentlyContinue
if ($existingTask -eq $null) {
# Cria uma nova Tarefa Agendada
$action = New-ScheduledTaskAction -Execute $binPath
$triggerLogon = New-ScheduledTaskTrigger -AtLogOn
$triggerEvent = New-ScheduledTaskTrigger -OnEvent `
-EventID $eventID `
-LogName 'Windows PowerShell' `
-Source 'PowerShell' `
-XPath "*[System[Provider[@Name='PowerShell'] and (EventID=$eventID)]]"
$principal = New-ScheduledTaskPrincipal -UserID "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount -RunLevel Highest
$settings = New-ScheduledTaskSettingsSet
Register-ScheduledTask -TaskName $taskName -Action $action -Trigger @($triggerLogon, $triggerEvent) -Principal $principal -Settings $settings
Write-Host "Tarefa Agendada '$taskName' criada com sucesso." -ForegroundColor Green
} else {
Write-Host "A Tarefa Agendada '$taskName' já existe." -ForegroundColor Red
}