Remote desktop user minwinPC altering security privileges while computer was ‘off’

Is it possible for windows to start the computer while it’s off? I installed a fresh copy of windows and was looking at the security event logger. It logged 5.2k security audits while I was asleep and when the computer was off (I checked it before going to sleep because of strange behavior).

The name is MINWINPC and its target is the built in domain using remote desktop users. TargetSID is S-1-5-32-555. Subject user ID is S-1-5-18. Security logs show altering stack tracing and escalation of privileges.

Account domain is included in WORKGROUP but all network discovery is off. NETSH shows no domain of WORKGROUP exist but event logger records active SYSTEM manipulations. User account shows N/A