TLDR; The challenge consists of a single vmem file (VM memory dump). After some analysis, one of the things that stand out was that the mstsc.exe process was running. After a little bit of poking around, the flag could be found in one of the images preserved in the process memory.

Original writeup (https://billith.github.io/posts/justctf-2020-remote-password-manager/).