your report from 2022-12-18 on a921626e17c9db33af1962c8ff8685a7039bf48c3df48ddf9849795d23632764 has the one positive. By now on the same hash this isn’t reported anymore - so the heuristic / rules for the one product (which one btw?) changed to ignore what it deemed suspicious before.
Those IPs are Microsoft/Akamai, if pakets were sent from within uninstall.exe it is the Nullsoft Installer (for Window peeps) that does/did telemetry probably - would need the old link. It has a history of running into this - NSIS False Positives - NSIS
Scrolling through NSIS I guess it contacts some Microsoft on uninstall. Would be interesting what it does, but it’s not the easy-installer itself it trips/tripped on, but the Windows Installer.
Could be as simple as the analyzer following a-href anchors (a web browser) on the UI elements / help texts.