yarox24
commented
2 years ago OK I added unit tests for time/date conversion and completely replaced code that is responsible for date/time conversion. It should be now fixed in released version 1.1
Closed AndrewRathbun closed 2 years ago
yarox24
commented
2 years ago OK I added unit tests for time/date conversion and completely replaced code that is responsible for date/time conversion. It should be now fixed in released version 1.1
AndrewRathbun
commented
2 years ago Appears to be fixed with thanks to https://github.com/yarox24/EvtxHussar/commit/3ed6f04498d6212d42b5f3f629ffbb4cf2cc8f8c. Thank you very much for the quick turnaround!
Hello! Looks like you have a promising tool here. Looking forward to watching it grow!
I noticed the event time that was parsed from a set of particular .evtx files were showing timestamps in the future. See below:
Another example I found was a 7045 event parsed with EvtxECmd where the timestamp in that output was
2022-03-10 08:48:46.496185but the timestamp parsed by EvtxHussar was2022.06.27 21:42:54.3145345for the very same 7045 event.