When a shell dialog (file open/save, print, etc.) is opened, network traffic generated by accesses to SMB file shares or other network resources will be attributed to the process that is accessing those resources. That means both direct connections to the system that is hosting the resource, and connections to the domain if services need to be discovered, policies need to be looked up, or authentication tokens need to be requested. As such, seeing traffic to port 135 from Notepad in a domain is not that unusual. It'd be even more likely if you're replicating user profiles to a central location so that a user can roam to other workstations.
Seeing SNMP from that process is rather unusual. One explanation might be if a security or monitoring product you have installed sends back telemetry from modules that are injected into running processes. I know that SolarWinds uses SNMP for some of its telemetry collection, but I'm not sure on the exact implementation.
If you don't have more information to go on, such as packet captures of the traffic in question, I would recommend being cautious and following your incident response plan. At minimum I would get someone qualified to do some forensic capture and investigation of the affected host.