Yes, C:\Windows\SysWOW64\VMnat.exe is VMware NAT service. You can see this in services.msc.
The antivirus log shows a potential C&C callback; and the callback IP address belongs to Rackspace
https://whois.arin.net/rest/net/NET-65-61-137-64-1/pft?s=65.61.137.117
It is possible that one or more VMs you are running is infected with some virus that has Command and Control (C&C) capability that wants a "phone home".
As the destination IP address is a hosting provider, it is hard to determine whether it is a true C&C phone home or it is benign. You have to check the VMs that you were running during these times when these were blocked.