EventPeeker
Scan your Security and Sysmon logs·Detection guides
Event ID 41CriticalSystem

Windows Event ID 41Kernel Power — Unexpected Shutdown / Crash

Logged when Windows restarts unexpectedly without a clean shutdown — indicates a crash, power failure, or hard reset.

Why It Matters

Repeated unexpected shutdowns indicate hardware instability (overheating, failing PSU, RAM errors), driver bugs, or in rare cases, a kernel-level attack. Each event logs the BugcheckCode that caused the crash.

Key Fields

BugcheckCodeThe stop code — 0x0 means power loss, non-zero codes identify specific crash types
PowerButtonTimestampWhether the power button was held (deliberate hard power-off)

Investigation Tips

  1. 1.BugcheckCode 0x0 = power failure; correlate with UPS logs or power events.
  2. 2.Repeated crashes with the same non-zero BugcheckCode point to a specific driver or hardware failure.
  3. 3.Check for Event ID 1001 (WER) which provides the full crash dump analysis.

Seeing Event ID 41 in your own logs? Upload an .evtx file — EventPeeker flags kernel power — unexpected shutdown / crash automatically, maps it to MITRE ATT&CK, and writes the triage report. No account, files auto-deleted.

Analyze my logs →

Related Event IDs

1001Windows Error Reporting — crash analysis
6008Unexpected shutdown logged after the reboot
1074Clean shutdown/restart — present for intentional reboots, absent for crashes
6005Event Log service started — the boot after the crash

See Event ID 41 in your logs

Upload a Windows Event Log (.evtx) file — EventPeeker automatically detects kernel power — unexpected shutdown / crash patterns, maps findings to MITRE ATT&CK, and generates an AI triage report.

Analyze EVTX Logs Free →
← All detection guides·Analyze EVTX Logs Free →