Introduction to Command Line Skills Assessment N10

I’ve gone as far as to read all of the messages in the Event log using Get-WinEvent -FilterHashTable @{Logname=‘security’;ID=‘4265’} | select-object -ExpandProperty where I see a large number of login attempts for administrator and user0 but neither of those selections seems correct. Help would be much appreciated, thank you in advance.

After Using Get-WinEvent -FilterHashTable @{LogName='Security'; ID=;4625'} I was able to drill down

to several entries from the 21 and 22 of November.
Setting variables $StartTime and $EndTime I was able to drill down using

Get-WinEvent -FilterHashTable @{LogName='Security'; ID='4625';StartTime=$StartTime;EndTime=$EndTime} | Select-Object -ExpandProperty Message

I’m given three account names that have successive log on (administrator, user0, and user1).

However none of the three are the correct answer. A little help would be much appreciated

So after a little digging and a lot of research on active directory commands in powershell I ended up counting bad password attempts Get-ADUser -Filter * -Properties AccountLockoutTime,LastBadPasswordAttempt,BadPwdCount,LockedOut