Use volatility to check processes, IE/cmdline history and MD5 the result to get the flag.

Full video walkthrough: https://www.youtube.com/watch?v=deg0CQwwN-M&t=2153s