If you copy the INetSim + Wireshark Setup from the Debugging section this should be relatively straightforward. You will likely see the Windows machine contacting multiple domains, but only one is clearly anomalous.
Alternatively, debug the application to the point where a domain is resolved and check the arguments.