Since we know that someone is sitting on the machine and we already have the power of the extended API, let's make use of it to manipulate the target's clipboard, as follows:
Well well! It looks like someone is copying credentials to some application. But wait! 192.168.0.190 is the IP address of the domain controller. Let's take note of these credentials, since we will try some more sophisticated attacks using them.