Took me quite a while, first time I’ve done anything like this. Really fun challenge. The hard part is just learning how to use wireshark imo, it’s such a complex tool with so many capabilities that it can be difficult to figure out how to use them and what they do.
If you’re at the spot that I was stuck on for a while, and most other people seem to be stuck on, where you think you’ve found out what was stolen, but only have 4 lines or so, you’re on the right track. Refer to the link in @TazWake’s previous post and research how to perform this action in wireshark. There’s some pretty good tutorials out there.