The hints suggested using BlueChipCLI.

I was necessary to run Powershell as an Administrator and execute the command Set-ExecutionPolicy RemoteSigned before I could run

.\DeepBlue.ps1 .\Security.evtx

The best output filter was | ConvertTo-Csv. This ensured that I got all of the output.

The first thing to note is the list of usernames that attempts were made against:

Target Usernames: ygoldentrifle esparklesleigh hevergreen Administrator sgreenbells cjinglebuns tcandybaubles bbrandyleaves bevergreen lstripyleaves gchocolatewine wopenslae ltrufflefig supatree mstripysleigh pbrandyberry civysparkles sscarletpie ftwinklestockings cstripyfluff gcandyfluff smullingfluff hcandysnaps mbrandybells twinterfig civypears ygreenpie ftinseltoes smary ttinselbubbles dsparkleleaves

There were then successful logs made by: pminstix DC1$ supatree

As 'supatree' exists in both lists, it can be assumed that 'supatree's account was compromised.