Coming from another box, I could identify the path to root just by listing permissions manually with the native windows tool.
Now researching privesc to that user.
Is the user H****h a rabbit hole?
Dropped some peas to catch second credentials, but could not identify the path manually. Nudges?