Thomas, thanks for the response. I did keep the files and willing to share. As someone with Info Sec experience my goal is to help improve any product that can help others. I'm just having a particularly hectic week and will do so as soon as possible.
I too would love to know. I put a lot of effort into keeping my computer applications (as well as my OS) up to date. But that of course doesn't mean that everything I've installed over the years is as reputable (or has remained reputable) as I once thought it was.
I took the clearly optimistic approach of examining the time stamps of the related files/directories and compared them to the OS software installion log (under System report) in an attempt to identify a particular install. Unfortunately, it was not going to be that easy. However, the fact that the outbound connection was something new leads me to believe it was a fairly recent install or update. So the log does provide some context and I now have a particular suspect. I just want to run a few tests before I point fingers publicly at a potential culprit. For now I'll just say it's a branch of a "free and open" media player that Malwarebytes has blogged about in the past. ;-)
I'll follow up as soon as I can.