Couple that with monitoring the vast amount of ETW logging providers Windows gives you, and you'll see why. E.g.: the WinHTTP provider of who (PID) contacted where including URL, DNS ETW for lookups and who (PID), etc.
While I realize it's not a solution to the issue you raised, it's worth pointing out that Microsoft does a decent* job of documenting the types of telemetry taken across the Windows platform:
https://learn.microsoft.com/en-us/windows/privacy/configure-...
* When I say decent, I mean this absolutely should be the bare minimum, but this type of thing feels rare in the industry.
