If it's a malware mock-up, look for registry keys or scheduled tasks hidden in accompanying scripts.
If the archive is password-protected, the filenames inside may also be encrypted. You may need to look for a password in a related "challenge description" or perform a dictionary attack if it's a brute-force exercise. 4. Forensic Investigation Steps Once extracted, perform the following: OCYG.rar
Some challenges use specific or obsolete compression methods to test your toolset. If it's a malware mock-up, look for registry
If there are images (like .png or .jpg ) inside, check for hidden data using StegSolve or binwalk . 5. Common "Flags" or Findings If it's a malware mock-up