iediagcmd.exe

While reviewing logs from server orion server , it is observed that iediagcmd.exe (C:\Program Files\internet explorer\iediagcmd.exe) created multiple below known processes.
C:\Windows\System32\netsh.exe
C:\Windows\System32\ROUTE.EXE
C:\Windows\System32\conhost.exe
C:\Windows\System32\dxdiag.exe
C:\Windows\System32\ipconfig.exe
C:\Windows\System32\makecab.exe
These exe's can be used by attackers for identifying network information , routing information , compressing files before exfiltration etc..
Is this expected behavior or not.