On Vista and higher, events are stored in “Applications and Services Logs/Microsoft/Windows/Sysmon/Operational”, and on older systems events are written to the System event log. Event timestamps are in UTC standard time.

Below illustrates an event for visiting a website where the destination IP is logged (you will see below that the DestinationHostname is blank. Sysmon uses reverse DNS to populate this field which will not provide results where the destination IP is behind a load balancer or content delivery network).