Is there any known legitimate reason that notepad.exe would make network connections to a domain controller? I observed this behavior. The first connection was to port 135 and the second was to one of the Microsoft RPC dynamic ports. In addition I also observed an SNMP request (port 161 udp) to some random device where sysmon reported the source process as
I dont think there is any legitimate reason for notepad to be making SNMP requests, but what about to a DC on those ports listed above?