it was too easy,
after opening the `logs.pcapng` file
i have exported a pdf file using wireshark through `File > export object > http > binod.exe`

which was a pdf file

after opening it with `sublimetext`

i noticed that there is an javascript object .. to know more read this [pdf file structure](https://en.wikipedia.org/wiki/PDF)
and this [reversing pdf malicious code](https://www.sentinelone.com/blog/malicious-pdfs-revealing-techniques-behind-attacks/)

```
3 0 obj
<<
/Type /Action
/S /JavaScript
/JS <616C65727428227265736574636F6E7B62316E30645F31245F6330306C5F31246E375F68333F7D22293B0A>
>>
endobj
```

so i decoded the js as hex value and i got the flag [here with cyber chef](https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')&input=NjE2QzY1NzI3NDI4MjI3MjY1NzM2NTc0NjM2RjZFN0I2MjMxNkUzMDY0NUYzMTI0NUY2MzMwMzA2QzVGMzEyNDZFMzc1RjY4MzMzRjdEMjIyOTNCMEE)

# Flag
`resetcon{b1n0d_1$_c00l_1$n7_h3?}`