I tried “guessing”, then I got really really (really) dumb about password management. Got access to one “user” and found a neat file in another users directory with a very common tool (that isnt evil). Then I found a crumb that worked for another user inside of the neat file after I exfiltrated. I was able to use a more evil tool with the 2nd set of creds from the neat file. Absolutely zero brute forcing is required, but a little mist or spray might make your privilege garden grow ( 
). If youre throwing word/dict lists at this box, youre doing it wrong (like I was when I first started, lol).
Im saving root for another day, but I have a feeling it has something to do with the steaming pile of microsoft called A***E and how it (poorly) “handles” creds.
Thanks to the creator, I like these winblows boxes! Its a nice change of pace.