Recently i started to view event logs with following content:

WNP Transport Layer received command for the Data Connection with Verb: PNG, Trid: 159, Namespace: CON containing 81 bytes of payload: 0x4D532D43563A204C37693232655A5154556171656D6B6A354D762F4B412E300D0A0D0A3C70696E672D726573706F6E7365 3E3C776169743E34373C2F776169743E3C2F70696E672D726573706F6E73653E.

Converting payload data from HEX to string says following:

MS-CV: L7i22eZQTUaqemkj5Mv/KA.0<ping-response><wait>47</wait></ping-response>

It looks like establishing some connection and potentially data exfiltration.

Event log level = Verbose
Verbose 100 Useful primarily to help developers debug low-level code failures. Not generally useful to anyone who does not have access to source code or symbols. Most event tracing that does not need to be enabled all the time should be set at the Verbose level.
Keywords = Developer Debug: Debugging Cloud Connectivity - Is device connected?,Developer Debug: Debugging Cloud Connectivity,WNP Transport Layer

I scanned the system and antivirus (kaspersky) did not find the viruses in the system, does anyone know what could be done in this case?