malware – Any legitimate reason for notepad.exe to make network connections

Is there any known legitimate reason that notepad.exe would make network connections to a domain controller? I observed this behavior. The first connection was to port 135 and the second was to one of the Microsoft RPC dynamic ports. In addition I also observed an SNMP request (port 161 udp) to some random device where sysmon reported the source process as C:windowssystem32notepad.exe

I dont think there is any legitimate reason for notepad to be making SNMP requests, but what about to a DC on those ports listed above?