notkearash/crowdwork.ps1

## crowdwork.ps1
$filePattern = "C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys"

function Boot-Into-SafeMode {
    if ((Get-WmiObject -Class Win32_OperatingSystem).BootMode -eq 1) {
        Write-Host "System is already in Safe Mode."
        return
    }

    Write-Host "[!] Rebooting system into Safe Mode. Please wait..."

    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SafeBoot\Option" -Name "OptionValue" -Value 1

    Restart-Computer -Force
}

function Delete-Files {
    param (
        [string]$pattern
    )

    $files = Get-ChildItem -Path $pattern -ErrorAction SilentlyContinue

    if ($files.Count -eq 0) {
        Write-Host "[-] No files found matching pattern: $pattern"
        return
    }

    foreach ($file in $files) {
        Write-Host "[+] Deleting file: $($file.FullName)"
        Remove-Item -Path $file.FullName -Force
    }
}

Boot-Into-SafeMode
Start-Sleep -Seconds 60
Delete-Files -pattern $filePattern
	$filePattern = "C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys"

	function Boot-Into-SafeMode {
	if ((Get-WmiObject -Class Win32_OperatingSystem).BootMode -eq 1) {
	Write-Host "System is already in Safe Mode."
	return
	}

	Write-Host "[!] Rebooting system into Safe Mode. Please wait..."

	Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SafeBoot\Option" -Name "OptionValue" -Value 1

	Restart-Computer -Force
	}

	function Delete-Files {
	param (
	[string]$pattern
	)

	$files = Get-ChildItem -Path $pattern -ErrorAction SilentlyContinue

	if ($files.Count -eq 0) {
	Write-Host "[-] No files found matching pattern: $pattern"
	return
	}

	foreach ($file in $files) {
	Write-Host "[+] Deleting file: $($file.FullName)"
	Remove-Item -Path $file.FullName -Force
	}
	}

	Boot-Into-SafeMode
	Start-Sleep -Seconds 60
	Delete-Files -pattern $filePattern