Suspicious Activity Detected on Network Printer

The author of the post mentions noticing suspicious activity on one machine out of thousands using their SIEM. They observed that spoolsv.exe is executing route.exe under the system account, adding and then removing a route to a network HP printer at specific intervals. This activity resembles that of PrintNightmare, but no malicious activity has been detected by their EDR, firewall, or SOC. The author asks for suggestions to further investigate and identify the nature of this activity.