Rating:

![image](https://user-images.githubusercontent.com/80063008/144764166-779fd08a-95c3-4fd6-8c4d-48013b5e3bf5.png)

Unzipped file presents us with a pcap file.

![image](https://user-images.githubusercontent.com/80063008/144764169-aba0b163-6ed9-4da6-88fe-cf76f1b64398.png)

Opened in wireshark and then followed TCP streams. Base64 encrypted string in TPC Stream number 30.

![image](https://user-images.githubusercontent.com/80063008/144764172-87fbac9f-ea9f-44b2-bf20-f96f655348de.png)

HTB{0k_n0w_3v3ry0n3_h4s_t0_dr0p_0ff_th3ir_l3tt3rs_4t_th3_p0st_0ff1c3_4g41n}

Original writeup (https://github.com/LazyTitan33/CTF-Writeups/blob/main/HTB%20-%20Cyber%20Santa%20is%20Coming%20to%20Town%202021/Forensics/BabyAPT.md).