use volatility 2

./vol2 -f stream-ctf.vhd mftparser

you will see like following

$DATA
0000000000: 70 61 73 73 77 6f 72 64 3a 41 74 6f 6f 73 61 password:Atoosa

$DATA ADS Name: lookbehind
0000000000: 50 4b 03 04 14 00 09 00 63 00 93 51 0f 57 97 e3 PK......c..Q.W..
0000000010: 45 d5 33 00 00 00 15 00 00 00 0d 00 0b 00 75 63 E.3...........uc
0000000020: 74 66 5f 66 6c 61 67 2e 74 78 74 01 99 07 00 01 tf_flag.txt.....
0000000030: 00 41 45 03 08 00 77 eb 89 44 25 f1 f3 e2 17 43 .AE...w..D%....C
0000000040: f9 d5 29 54 52 08 df e5 34 78 f3 5c 88 8f b6 fd ..)TR...4x.\....
0000000050: 29 ac a6 3c ec f5 52 36 33 57 fc 3e 58 4c d0 70 )..<..R63W.>XL.p
0000000060: dc ad cc dc 77 c4 11 55 05 50 4b 07 08 97 e3 45 ....w..U.PK....E
0000000070: d5 33 00 00 00 15 0a 00 00 50 4b 01 02 1f 00 14 .3.......PK.....
0000000080: 00 09 00 63 00 93 51 0f 57 97 e3 45 d5 33 00 00 ...c..Q.W..E.3..
0000000090: 00 15 00 00 00 0d 00 2f 00 00 00 00 00 00 00 20 ......./........
00000000a0: 00 00 00 00 00 00 00 75 63 74 66 5f 66 6c 61 67 .......uctf_flag
00000000b0: 2e 74 78 74 0a 00 20 00 00 00 00 00 01 00 18 00 .txt............
00000000c0: c4 91 91 af 43 cf d9 01 c4 91 91 af 43 cf d9 01 ....C.......C...
00000000d0: b3 c7 50 7b 3b cf d9 01 01 99 07 00 01 00 41 45 ..P{;.........AE
00000000e0: 03 08 00 50 4b 05 06 00 00 00 00 01 00 01 00 6a ...PK..........j
00000000f0: 00 00 00 79 00 00 00 00 00 ...y.....

***************************************************************************
***************************************************************************

create another zip file by hexaedit and unzip it by password 'Atoosa' and get the flag