Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Kernel-General

Event ID 1 v2

Message:

The system time has changed to %{NewTime} from %{OldTime}.

Change Reason: %{Reason}.
Process: '%{ProcessName}' (PID %{ProcessID}).

Event Data:

# Name In Type
Out Type
1 NewTime win:FILETIME xs:dateTime
2 OldTime win:FILETIME xs:dateTime
3 Reason win:UInt32 xs:unsignedInt
4 ProcessName win:UnicodeString xs:string
5 ProcessID win:UInt32 win:PID

Observed Windows Versions:

Version: 2

Fingerprint: BAWY5R7CNJFJW