EventPeeker
Scan your Security and Sysmon logs·Detection guides
Event ID 41CriticalSystem

Windows Event ID 41Kernel Power — Unexpected Shutdown / Crash

Logged when Windows restarts unexpectedly without a clean shutdown — indicates a crash, power failure, or hard reset.

Why It Matters

Repeated unexpected shutdowns indicate hardware instability (overheating, failing PSU, RAM errors), driver bugs, or in rare cases, a kernel-level attack. Each event logs the BugcheckCode that caused the crash.

Key Fields

BugcheckCodeThe stop code — 0x0 means power loss, non-zero codes identify specific crash types
PowerButtonTimestampWhether the power button was held (deliberate hard power-off)

Investigation Tips

  1. 1.BugcheckCode 0x0 = power failure; correlate with UPS logs or power events.
  2. 2.Repeated crashes with the same non-zero BugcheckCode point to a specific driver or hardware failure.
  3. 3.Check for Event ID 1001 (WER) which provides the full crash dump analysis.

Related Event IDs

1001Windows Error Reporting — crash analysis
6008Unexpected shutdown logged after the reboot

See Event ID 41 in your logs

Upload a Windows Event Log (.evtx) file — EventPeeker automatically detects kernel power — unexpected shutdown / crash patterns, maps findings to MITRE ATT&CK, and generates an AI triage report.

Analyze EVTX Logs Free →
← All detection guides·Analyze EVTX Logs Free →