We using security onion to find a malware in our network. file traffic network can download here:
file pcap
First, open file pcap by wireshark and take a look to see if anything is wrong.
In the filter, type:

http.request

Here is all http request traffic:

All network traffic is related the system has ip 192.168.22.94 and in column host we can see some strange domain. So we should replay network traffic from this file to see what happened.
Open terminal and type:

tcpreplay -t -i [interface] [path to file pcap]

The result:

All traffic network were replayed in the system and their event were wrote by Sguil, a collection of free software components
for Network Security Monitoring (NSM) and event driven analysis of IDS alerts
Open Squert in browser and we can see the result:

Down load file traffic of the system 192.168.22.94 and open it:

We can see source domain which communicate with the system, domain name nailcountryandtan.com, it so strange.
Open hybrid-analysis.com site to check this domain and we can see the result:

Yes! This can be a host of the malware. So the system ip 192.168.22.94 was attacked by malware.
To find the name of this system, return wireshark in the filter type:

ip.src == 192.168.22.94 and udp.dstport == 67

This is infomation issued by dhcp service

The name is pollerman-pc.