I think I got to the bottom of it. I’ll share a bit for future visitors with a similar issue.
My concern was that a malware infection may have hijacked system services, and used those for malicious purposes. Just because an executable is trusted (like iexplore.exe) it doesn’t mean that everything it does or can do is safe.
In this case, I continued monitoring my system behavior, and I was able to identify a correlation between this “Tor Onion routing” traffic, and activity from my seldom-used bittorrent client.
To be honest, I don’t know everything about how this client was designed, and it’s very possible that the developers use Tor for something or another. The client is reputable, so I’m willing to give it the benefit of the doubt, and go on with my life.
Thanks for being responsive, and thanks for working on Glasswire. It’s the best.