Your network is the target of a Man-in-the-Middle (MiTM) attack.
In this scenario, the system performs a Man-in-the-Middle (MiTM) attack on the network. The attacker deceives hosts by impersonating a legitimate proxy in the segment. He does this by exploiting the Web Proxy Auto-Discovery (WPAD) Domain Name System (DNS) queries.
Once all traffic from the user segment goes though the attacker, sensitive data is extracted and exfiltrated to the CNC server on the internet using two different methods - ICMP packets and DNS queries.