How do I decode the "Faulting application start time" in a Windows event log entry?

windows time event-log event-viewer

Solution 1:

In Powershell, issue the following command, replacing the hex sequence:

[datetime]::FromFileTime(0x01ccfe1e3e206d42)

9 March 2012, 19:58:33

The answer is in local time, to match times in Event Viewer (here in Finland we're 2 hours East of UTC in March). To show it in UTC time, add UTC to the method name:

[datetime]::FromFileTimeUTC(0x01ccfe1e3e206d42)

9 March 2012, 17:58:33

Solution 2:

  1. In Powershell you could issue the following command:

    get-date 0x01ccfe1e3e206d42

    replace 0x01ccfe1e3e206d42 with the value you found in your eventlog.

  2. Alternatively you could switch to the Details tab of the event properties where you will find the CreationTime in a human readable format. E.g. 2012-01-12T13:33:38.171Z

Related

How does an atomic operation guarantee consistency from a hardware perspective?
Windows 7 Disk Management Spanned Volume vs Striped Volume
Recorder for AutoIt
Safe to shutdown by pressing power button 1. in bios setting mode 2. in bootloader?
laptop: Should one plug the AC first or to the laptop first [closed]
Selective update with pacman / yaourt?
localhost vs 127.0.0.1 vs computer name vs ip in url
Can I hide the mouse cursor in OpenBox?
mcedit - select all text
how to convert PDF to PNG without converting white background intro transparency
Can a faulty battery cause a laptop to crash?
How does winamp "save" the rating of songs?