Yea im lost with this. The tips that just say you don’t need to open it with wireshark and just look in the file, aren’t helpful lol. I can see the whole process of the “criminal” logging into the site as admin and extracting everything but I can’t see which user it is. I have no idea what I am supposed to be decoding here.
Any tips?