How to find an infected PC in a corporate network?

Hello, I am a novice system administrator, I work in a hospital. (2 days)
The bottom line is - we have an Internet channel for 1Gbps. From all over the hospital there were complaints about the slow operation of the Internet / local network.
We called the provider, they answered that our channel was clogged, packets were sent day and night to receive and send without interruption.
There is an opinion that one or more PCs are infected (Kaspersky has not been updated since 14, it has not been working since 17, there is a license until 20, but antivirus cannot update the databases, while I am waiting for a response from technical support, I need to figure it out with my own hands), it is necessary find which PCs are infected.
I installed WireShark and NetworkMonitor on the server, but what to do next? Yes, I intercept all connections, but what to do with it? How to analyze traffic, what filters to use to find consuming PC traffic?
Upd: The resource monitor on the server shows 15-20 megabits per second. network usage, as far as I understand, this does not include the use of the network by other PCs. Although it is strange because the server is used as a gateway to the Internet, and common documents on it.
Thanks in advance.
UPD: The traffic monitor showed that the httpd.exe process from port 4904 was sending 10 gigabytes of traffic, 17 million packets, 700bps and from port 13624 about the same values, how to find out from which particular PC this is coming?