* binwalk for password hint and password-protected zip with flag inside
* identify password from song timestamps
* bruteforce if necessary

Original writeup (https://rainbowpigeon.netlify.app/posts/umdctf-2021/#coldplays-flags).