can I ask what these are? they automatically ran without me knowing

February 20, 2021

Time;Application;Operation;Target;Action;Rule;Additional information
2/19/2021 5:05:06 PM;C:\Windows\System32\LogonUI.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{D6886603-9D2F-4EB2-B667-1971041FA96B}\S-1-5-21-2775152818-1588230348-2558996214-1001\DestructiveResetInProgress;allowed;Automatic mode;
2/19/2021 5:05:07 PM;C:\Windows\System32\LogonUI.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{D6886603-9D2F-4EB2-B667-1971041FA96B}\S-1-5-21-2775152818-1588230348-2558996214-1001\TpmClearRecoveryInProgress;allowed;Automatic mode;
2/19/2021 5:05:09 PM;C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87BDED91-3F10-4383-B8C1-26886F49F141}\LocalServer32;allowed;Automatic mode;
2/19/2021 5:05:38 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AarSvc_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:38 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AarSvc_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:38 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BcastDVRUserService_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:38 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BcastDVRUserService_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:38 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BluetoothUserService_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:38 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BluetoothUserService_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:39 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CaptureService_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:39 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CaptureService_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:39 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cbdhsvc_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:39 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cbdhsvc_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:39 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CDPUserSvc_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:39 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CDPUserSvc_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:39 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ConsentUxUserSvc_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:39 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ConsentUxUserSvc_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:39 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CredentialEnrollmentManagerUserSvc_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:39 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CredentialEnrollmentManagerUserSvc_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:39 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DeviceAssociationBrokerSvc_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:39 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DeviceAssociationBrokerSvc_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:39 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DevicePickerUserSvc_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:40 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DevicePickerUserSvc_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:40 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DevicesFlowUserSvc_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:40 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DevicesFlowUserSvc_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:40 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MessagingService_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:40 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MessagingService_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:40 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OneSyncSvc_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:40 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OneSyncSvc_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:40 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PimIndexMaintenanceSvc_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:40 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PimIndexMaintenanceSvc_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:40 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PrintWorkflowUserSvc_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:40 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PrintWorkflowUserSvc_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:40 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UdkUserSvc_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:40 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UdkUserSvc_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:40 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UnistoreSvc_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:41 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UnistoreSvc_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:41 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UserDataSvc_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:41 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UserDataSvc_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:41 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WpnUserService_1f8ead56\Start;allowed;Automatic mode;
2/19/2021 5:05:41 PM;C:\Windows\System32\services.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WpnUserService_1f8ead56\ImagePath;allowed;Automatic mode;
2/19/2021 5:05:41 PM;C:\Windows\System32\svchost.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{D6886603-9D2F-4EB2-B667-1971041FA96B}\S-1-5-21-2775152818-1588230348-2558996214-1001\NgcFirst\ConsecutiveSwitchCount;allowed;Automatic mode;
2/19/2021 5:05:53 PM;C:\Windows\System32\ctfmon.exe;Modify startup settings;HKEY_USERS\S-1-5-21-2775152818-1588230348-2558996214-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internat.exe;allowed;Automatic mode;

Marcos · February 20, 2021

You have enabled debug logging of blocked operations in the advanced HIPS setup. Don't do that unless advised by customer care when troubleshooting a particular issue caused by HIPS.

Sign In

can I ask what these are? they automatically ran without me knowing

Recommended Posts

Guest migs

Link to comment

Marcos 4,713

Link to comment

Recently Browsing 0 members

Quick search

FAQ

Topics

Browse

Activity

My Activity Streams