Isolation prevents lateral movement and further data exfiltration.
Why this answer
The high volume of DNS queries to a malicious domain indicates possible C2 communication. Immediate actions: block the domain at the firewall/DNS, isolate affected hosts to prevent further spread, and conduct a forensic investigation to understand the infection. Checking antivirus is good but not immediate; logs for later analysis are secondary.