4733: A member was removed from a security-enabled local group
This event can be interpreted as:
"<subjectUserName> removed <memberSid> from group <targetUserName>. This action was performed from <computer>."
Helpful Hints:
To get the username of an account by SID, you can use the following command (note: this works well for local accounts, there may be a better way to do this in AD):
wmic useraccount where sid="S-1-5-21-3696241878-1170446952-3831691710-1002" get nameNameSuperHacker