(no title)

This is almost certainly Windows performing certificate validation.

The "evidence" was just copy pasted from VirusTotal. In fact he forgot to copy from below the cut, which would have shown it also called out to www.microsoft.com - depending who you ask, definitely a malicious address!

VirusTotal just notes all network traffic during the time the binary executed in the sandbox. It doesn't mean it emanated from the binary.