EFS

The challenge description was very helpful. First, we knew that we were looking for an encrypted file. Second, we knew that the data was only metadata, not actual file data. The hexdump of the file told us that the metadata was the metadata of an NTFS filesystem, due to the MFT record and FILE0 entries: