[SOLVED] Rendering events using Win32 API, the printed time using the API is different from event viewer

Rendering events using Win32 API, the printed time using the API is different from event viewer

ullTimeStamp = pRenderedValues[EvtSystemTimeCreated].FileTimeVal;
ft.dwHighDateTime = (DWORD)((ullTimeStamp >> 32) & 0xFFFFFFFF);
ft.dwLowDateTime = (DWORD)(ullTimeStamp & 0xFFFFFFFF);

FileTimeToSystemTime(&ft, &st);
ullNanoseconds = (ullTimeStamp % 10000000) * 100;
wprintf(L"TimeCreated SystemTime: %02d/%02d/%02d %02d:%02d:%02d.%I64u)\n", 
    st.wMonth, st.wDay, st.wYear, st.wHour, st.wMinute, st.wSecond, ullNanoseconds);

wprintf(L"EventRecordID: %I64u\n", pRenderedValues[EvtSystemEventRecordId].UInt64Val);

This is code mentioned in the API for the conversion of the time...
Link: https://learn.microsoft.com/en-us/windows/win32/wes/rendering-events

What am I doing wrong while converting the fileTime to sysTime

Solution

Converting the SystemTime to that of the local zone resolves the issue.

ullTimeStamp = pRenderedValues[EvtSystemTimeCreated].FileTimeVal;
ft.dwHighDateTime = (DWORD)((ullTimeStamp >> 32) & 0xFFFFFFFF);
ft.dwLowDateTime = (DWORD)(ullTimeStamp & 0xFFFFFFFF);

TIME_ZONE_INFORMATION lpTimeZone;

FileTimeToSystemTime(&ft, &st);
GetTimeZoneInformation(&lpTimeZone);
SystemTimeToTzSpecificLocalTime(&lpTimeZone, &st, &stLocal);