L
lovelyzoo
Guest
I cannot launch powershell at present. If I open an Administrator Command Prompt and type `powershell`, nothing happens.
Consulting event viewer reveals that there has been an Application Error, the faulting application is indeed, powershell.exe and the faulting module is named as bcryptPrimitives.dll. Associated exception code is c0000005 which I believe is an access violation.
A dump of the relevant WER file:
Version=1
EventType=APPCRASH
EventTime=132131956297028213
ReportType=2
Consent=1
UploadTime=132131956298271520
ReportStatus=268566528
ReportIdentifier=220bfc5a-77e4-4a43-a018-d3d44d355a3d
IntegratorReportIdentifier=49da8046-99c0-42bf-be4a-feec0b06bde5
Wow64Host=34404
NsAppName=powershell.exe
OriginalFilename=PowerShell.EXE
AppSessionGuid=00001d9c-0002-002a-a7de-756e506dd501
TargetAppId=W:0000f519feec486de87ed73cb92d3cac802400000000!00006cbce4a295c163791b60fc23d285e6d84f28ee4c!powershell.exe
TargetAppVer=2074//02//28:17:48:58!70a4d!powershell.exe
BootId=4294967295
TargetAsId=16248
IsFatal=1
EtwNonCollectReason=1
Response.BucketId=20b7cc3d364505321f1f828ce9dc78f6
Response.BucketTable=4
Response.LegacyBucketId=2242654681184368886
Response.type=4
Sig[0].Name=Application Name
Sig[0].Value=powershell.exe
Sig[1].Name=Application Version
Sig[1].Value=10.0.17763.1
Sig[2].Name=Application Timestamp
Sig[2].Value=c3eca48a
Sig[3].Name=Fault Module Name
Sig[3].Value=bcryptPrimitives.dll
Sig[4].Name=Fault Module Version
Sig[4].Value=10.0.17763.678
Sig[5].Name=Fault Module Timestamp
Sig[5].Value=94fbdec9
Sig[6].Name=Exception Code
Sig[6].Value=c0000005
Sig[7].Name=Exception Offset
Sig[7].Value=0000000000007f5e
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=10.0.17763.2.0.0.256.48
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=2057
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=b480
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=b4808dafa2b9f66fc395a7875859ccc9
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=5daa
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=5daa357a357174f311e8a8ec6f0790d5
UI[2]=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
LoadedModule[0]=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\Program Files\AVAST Software\Avast\aswhook.dll
LoadedModule[3]=C:\Windows\System32\KERNEL32.DLL
LoadedModule[4]=C:\Windows\System32\KERNELBASE.dll
LoadedModule[5]=C:\Windows\System32\msvcrt.dll
LoadedModule[6]=C:\Windows\System32\OLEAUT32.dll
LoadedModule[7]=C:\Windows\System32\msvcp_win.dll
LoadedModule[8]=C:\Windows\System32\ucrtbase.dll
LoadedModule[9]=C:\Windows\System32\combase.dll
LoadedModule[10]=C:\Windows\System32\RPCRT4.dll
LoadedModule[11]=C:\Windows\System32\bcryptPrimitives.dll
LoadedModule[12]=C:\Windows\System32\ADVAPI32.dll
LoadedModule[13]=C:\Windows\System32\sechost.dll
LoadedModule[14]=C:\Windows\System32\OLE32.dll
LoadedModule[15]=C:\Windows\System32\GDI32.dll
LoadedModule[16]=C:\Windows\System32\gdi32full.dll
LoadedModule[17]=C:\Windows\System32\USER32.dll
LoadedModule[18]=C:\Windows\System32\win32u.dll
LoadedModule[19]=C:\Windows\SYSTEM32\ATL.DLL
LoadedModule[20]=C:\Windows\SYSTEM32\mscoree.dll
LoadedModule[21]=C:\Windows\System32\IMM32.DLL
State[0].Key=Transport.DoneStage1
State[0].Value=1
OsInfo[0].Key=vermaj
OsInfo[0].Value=10
OsInfo[1].Key=vermin
OsInfo[1].Value=0
OsInfo[2].Key=verbld
OsInfo[2].Value=17763
OsInfo[3].Key=ubr
OsInfo[3].Value=737
OsInfo[4].Key=versp
OsInfo[4].Value=0
OsInfo[5].Key=arch
OsInfo[5].Value=9
OsInfo[6].Key=lcid
OsInfo[6].Value=1033
OsInfo[7].Key=geoid
OsInfo[7].Value=242
OsInfo[8].Key=sku
OsInfo[8].Value=48
OsInfo[9].Key=domain
OsInfo[9].Value=0
OsInfo[10].Key=prodsuite
OsInfo[10].Value=256
OsInfo[11].Key=ntprodtype
OsInfo[11].Value=1
OsInfo[12].Key=platid
OsInfo[12].Value=10
OsInfo[13].Key=sr
OsInfo[13].Value=0
OsInfo[14].Key=tmsi
OsInfo[14].Value=369588
OsInfo[15].Key=osinsty
OsInfo[15].Value=1
OsInfo[16].Key=iever
OsInfo[16].Value=11.737.17763.0-11.0.145
OsInfo[17].Key=portos
OsInfo[17].Value=0
OsInfo[18].Key=ram
OsInfo[18].Value=16071
OsInfo[19].Key=svolsz
OsInfo[19].Value=476
OsInfo[20].Key=wimbt
OsInfo[20].Value=0
OsInfo[21].Key=blddt
OsInfo[21].Value=180914
OsInfo[22].Key=bldtm
OsInfo[22].Value=1434
OsInfo[23].Key=bldbrch
OsInfo[23].Value=rs5_release
OsInfo[24].Key=bldchk
OsInfo[24].Value=0
OsInfo[25].Key=wpvermaj
OsInfo[25].Value=0
OsInfo[26].Key=wpvermin
OsInfo[26].Value=0
OsInfo[27].Key=wpbuildmaj
OsInfo[27].Value=0
OsInfo[28].Key=wpbuildmin
OsInfo[28].Value=0
OsInfo[29].Key=osver
OsInfo[29].Value=10.0.17763.737.amd64fre.rs5_release.180914-1434
OsInfo[30].Key=buildflightid
OsInfo[31].Key=edition
OsInfo[31].Value=Professional
OsInfo[32].Key=ring
OsInfo[32].Value=Retail
OsInfo[33].Key=expid
OsInfo[34].Key=containerid
OsInfo[35].Key=containertype
OsInfo[36].Key=edu
OsInfo[36].Value=0
FriendlyEventName=Stopped working
ConsentKey=APPCRASH
AppName=Windows PowerShell
AppPath=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
NsPartner=windows
NsGroup=windows8
ApplicationIdentity=0B4A4B25DE5264E6EF66F49054350153
MetadataHash=-1925654376
Continue reading...
Consulting event viewer reveals that there has been an Application Error, the faulting application is indeed, powershell.exe and the faulting module is named as bcryptPrimitives.dll. Associated exception code is c0000005 which I believe is an access violation.
A dump of the relevant WER file:
Version=1
EventType=APPCRASH
EventTime=132131956297028213
ReportType=2
Consent=1
UploadTime=132131956298271520
ReportStatus=268566528
ReportIdentifier=220bfc5a-77e4-4a43-a018-d3d44d355a3d
IntegratorReportIdentifier=49da8046-99c0-42bf-be4a-feec0b06bde5
Wow64Host=34404
NsAppName=powershell.exe
OriginalFilename=PowerShell.EXE
AppSessionGuid=00001d9c-0002-002a-a7de-756e506dd501
TargetAppId=W:0000f519feec486de87ed73cb92d3cac802400000000!00006cbce4a295c163791b60fc23d285e6d84f28ee4c!powershell.exe
TargetAppVer=2074//02//28:17:48:58!70a4d!powershell.exe
BootId=4294967295
TargetAsId=16248
IsFatal=1
EtwNonCollectReason=1
Response.BucketId=20b7cc3d364505321f1f828ce9dc78f6
Response.BucketTable=4
Response.LegacyBucketId=2242654681184368886
Response.type=4
Sig[0].Name=Application Name
Sig[0].Value=powershell.exe
Sig[1].Name=Application Version
Sig[1].Value=10.0.17763.1
Sig[2].Name=Application Timestamp
Sig[2].Value=c3eca48a
Sig[3].Name=Fault Module Name
Sig[3].Value=bcryptPrimitives.dll
Sig[4].Name=Fault Module Version
Sig[4].Value=10.0.17763.678
Sig[5].Name=Fault Module Timestamp
Sig[5].Value=94fbdec9
Sig[6].Name=Exception Code
Sig[6].Value=c0000005
Sig[7].Name=Exception Offset
Sig[7].Value=0000000000007f5e
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=10.0.17763.2.0.0.256.48
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=2057
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=b480
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=b4808dafa2b9f66fc395a7875859ccc9
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=5daa
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=5daa357a357174f311e8a8ec6f0790d5
UI[2]=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
LoadedModule[0]=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\Program Files\AVAST Software\Avast\aswhook.dll
LoadedModule[3]=C:\Windows\System32\KERNEL32.DLL
LoadedModule[4]=C:\Windows\System32\KERNELBASE.dll
LoadedModule[5]=C:\Windows\System32\msvcrt.dll
LoadedModule[6]=C:\Windows\System32\OLEAUT32.dll
LoadedModule[7]=C:\Windows\System32\msvcp_win.dll
LoadedModule[8]=C:\Windows\System32\ucrtbase.dll
LoadedModule[9]=C:\Windows\System32\combase.dll
LoadedModule[10]=C:\Windows\System32\RPCRT4.dll
LoadedModule[11]=C:\Windows\System32\bcryptPrimitives.dll
LoadedModule[12]=C:\Windows\System32\ADVAPI32.dll
LoadedModule[13]=C:\Windows\System32\sechost.dll
LoadedModule[14]=C:\Windows\System32\OLE32.dll
LoadedModule[15]=C:\Windows\System32\GDI32.dll
LoadedModule[16]=C:\Windows\System32\gdi32full.dll
LoadedModule[17]=C:\Windows\System32\USER32.dll
LoadedModule[18]=C:\Windows\System32\win32u.dll
LoadedModule[19]=C:\Windows\SYSTEM32\ATL.DLL
LoadedModule[20]=C:\Windows\SYSTEM32\mscoree.dll
LoadedModule[21]=C:\Windows\System32\IMM32.DLL
State[0].Key=Transport.DoneStage1
State[0].Value=1
OsInfo[0].Key=vermaj
OsInfo[0].Value=10
OsInfo[1].Key=vermin
OsInfo[1].Value=0
OsInfo[2].Key=verbld
OsInfo[2].Value=17763
OsInfo[3].Key=ubr
OsInfo[3].Value=737
OsInfo[4].Key=versp
OsInfo[4].Value=0
OsInfo[5].Key=arch
OsInfo[5].Value=9
OsInfo[6].Key=lcid
OsInfo[6].Value=1033
OsInfo[7].Key=geoid
OsInfo[7].Value=242
OsInfo[8].Key=sku
OsInfo[8].Value=48
OsInfo[9].Key=domain
OsInfo[9].Value=0
OsInfo[10].Key=prodsuite
OsInfo[10].Value=256
OsInfo[11].Key=ntprodtype
OsInfo[11].Value=1
OsInfo[12].Key=platid
OsInfo[12].Value=10
OsInfo[13].Key=sr
OsInfo[13].Value=0
OsInfo[14].Key=tmsi
OsInfo[14].Value=369588
OsInfo[15].Key=osinsty
OsInfo[15].Value=1
OsInfo[16].Key=iever
OsInfo[16].Value=11.737.17763.0-11.0.145
OsInfo[17].Key=portos
OsInfo[17].Value=0
OsInfo[18].Key=ram
OsInfo[18].Value=16071
OsInfo[19].Key=svolsz
OsInfo[19].Value=476
OsInfo[20].Key=wimbt
OsInfo[20].Value=0
OsInfo[21].Key=blddt
OsInfo[21].Value=180914
OsInfo[22].Key=bldtm
OsInfo[22].Value=1434
OsInfo[23].Key=bldbrch
OsInfo[23].Value=rs5_release
OsInfo[24].Key=bldchk
OsInfo[24].Value=0
OsInfo[25].Key=wpvermaj
OsInfo[25].Value=0
OsInfo[26].Key=wpvermin
OsInfo[26].Value=0
OsInfo[27].Key=wpbuildmaj
OsInfo[27].Value=0
OsInfo[28].Key=wpbuildmin
OsInfo[28].Value=0
OsInfo[29].Key=osver
OsInfo[29].Value=10.0.17763.737.amd64fre.rs5_release.180914-1434
OsInfo[30].Key=buildflightid
OsInfo[31].Key=edition
OsInfo[31].Value=Professional
OsInfo[32].Key=ring
OsInfo[32].Value=Retail
OsInfo[33].Key=expid
OsInfo[34].Key=containerid
OsInfo[35].Key=containertype
OsInfo[36].Key=edu
OsInfo[36].Value=0
FriendlyEventName=Stopped working
ConsentKey=APPCRASH
AppName=Windows PowerShell
AppPath=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
NsPartner=windows
NsGroup=windows8
ApplicationIdentity=0B4A4B25DE5264E6EF66F49054350153
MetadataHash=-1925654376
Continue reading...