I was under the impression Windows is unreliable for these kind of activities as they are "leakish".
I imagine it's not too difficult to narrow down the potential suspects with how much data points you'd get from ISP, Windows telemetry, and whatever.