Malware analysis ni-diadem-2023-en_23.3_online.exe Malicious activity

Add for printing

File name:	ni-diadem-2023-en_23.3_online.exe
Full analysis:	https://app.any.run/tasks/eaa732e1-7342-43d7-ba02-957b0a3fc264
Verdict:	Malicious activity
Analysis date:	August 14, 2025, 14:04:42
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	arch-doc
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:	0392C3F2401BE4D8CCA91012B6AF97BE
SHA1:	0637E9CE1F5EDB6C59BBD1272789801AD46C06A4
SHA256:	935D3D3874B84E927EB03C7B411CD6CF7D1B0778A17C21A5357581442EFDFC4B
SSDEEP:	98304:WzXo9+x+Vf5Y/BrAoDdDKa+USixCn6irnWly+K3QYYte8dkrffTtsU9Cf/a3t4Fd:MC7GMW+E

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (133.0.6943.127)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (133.0.3065.92)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (136.0)
Mozilla Maintenance Service (136.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Reads security settings of Internet Explorer
  - ni-diadem-2023-en_23.3_online.exe (PID: 888)
  - Install.exe (PID: 2716)
  - ni-diadem-2023-en_23.3_online.exe (PID: 2192)
- Application launched itself
  - ni-diadem-2023-en_23.3_online.exe (PID: 888)
- Executable content was dropped or overwritten
  - ni-diadem-2023-en_23.3_online.exe (PID: 2192)
  - Install.exe (PID: 2716)
- Reads the Windows owner or organization settings
  - msiexec.exe (PID: 3832)
  - Install.exe (PID: 2716)
INFO
- Checks supported languages
  - ni-diadem-2023-en_23.3_online.exe (PID: 888)
  - ni-diadem-2023-en_23.3_online.exe (PID: 2192)
  - Install.exe (PID: 2716)
  - msiexec.exe (PID: 3832)
  - msiexec.exe (PID: 5032)
  - msiexec.exe (PID: 6756)
  - msiexec.exe (PID: 6688)
  - msiexec.exe (PID: 6656)
  - msiexec.exe (PID: 1352)
  - msiexec.exe (PID: 6860)
- The sample compiled with english language support
  - ni-diadem-2023-en_23.3_online.exe (PID: 888)
  - msiexec.exe (PID: 3832)
  - Install.exe (PID: 2716)
  - ni-diadem-2023-en_23.3_online.exe (PID: 2192)
- Process checks computer location settings
  - ni-diadem-2023-en_23.3_online.exe (PID: 888)
  - ni-diadem-2023-en_23.3_online.exe (PID: 2192)
- Reads the computer name
  - ni-diadem-2023-en_23.3_online.exe (PID: 888)
  - ni-diadem-2023-en_23.3_online.exe (PID: 2192)
  - msiexec.exe (PID: 3832)
  - msiexec.exe (PID: 5032)
  - msiexec.exe (PID: 6656)
  - msiexec.exe (PID: 6756)
  - msiexec.exe (PID: 1352)
  - msiexec.exe (PID: 6688)
  - msiexec.exe (PID: 6860)
  - Install.exe (PID: 2716)
- Reads the machine GUID from the registry
  - ni-diadem-2023-en_23.3_online.exe (PID: 2192)
  - msiexec.exe (PID: 3832)
  - Install.exe (PID: 2716)
- Create files in a temporary directory
  - ni-diadem-2023-en_23.3_online.exe (PID: 2192)
  - Install.exe (PID: 2716)
- Reads Environment values
  - ni-diadem-2023-en_23.3_online.exe (PID: 2192)
  - Install.exe (PID: 2716)
- Creates files in the program directory
  - Install.exe (PID: 2716)
- Checks proxy server information
  - Install.exe (PID: 2716)
- Creates files or folders in the user directory
  - msiexec.exe (PID: 3832)
  - Install.exe (PID: 2716)
- Executable content was dropped or overwritten
  - msiexec.exe (PID: 3832)
- Reads the software policy settings
  - msiexec.exe (PID: 3832)
- Creates a software uninstall entry
  - msiexec.exe (PID: 3832)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable MS Visual C++ (generic) (42.2)
.exe	\|	Win64 Executable (generic) (37.3)
.dll	\|	Win32 Dynamic Link Library (generic) (8.8)
.exe	\|	Win32 Executable (generic) (6)
.exe	\|	Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2023:03:27 20:36:40+00:00
ImageFileCharacteristics:	Executable, 32-bit, Removable run from swap, Net run from swap
PEType:	PE32
LinkerVersion:	14
CodeSize:	872960
InitializedDataSize:	4688384
UninitializedDataSize:	-
EntryPoint:	0x526c9
OSVersion:	6
ImageVersion:	23.3
SubsystemVersion:	6
Subsystem:	Windows GUI
FileVersionNumber:	23.3.0.49294
ProductVersionNumber:	23.3.0.49294
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Windows NT 32-bit
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	National Instruments Corporation
LegalCopyright:	Copyright © 2000-2023 National Instruments Corporation. All Rights Reserved.
ProductName:	NI Package Manager
OriginalFileName:	preinstall.template
FileDescription:	NI Package Installer
ProductVersion:	23.3.0f142
FileVersion:	23.3.0f142
InternalName:	PREINSTALL 23.3.0f142
Comments:	2023/03/27 15:26:14, preinstall/win32U/i386/msvc-14.0/release

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

147

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

888

"C:\Users\admin\AppData\Local\Temp\ni-diadem-2023-en_23.3_online.exe"

C:\Users\admin\AppData\Local\Temp\ni-diadem-2023-en_23.3_online.exe

—

explorer.exe

User:

admin

Company:

National Instruments Corporation

Integrity Level:

MEDIUM

Description:

NI Package Installer

Version:

23.3.0f142

Modules

Images
c:\users\admin\appdata\local\temp\ni-diadem-2023-en_23.3_online.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll

1352

C:\Windows\syswow64\MsiExec.exe -Embedding B8DD24295BD0A1B3DF66FCBB292B6E3B

C:\Windows\SysWOW64\msiexec.exe

—

msiexec.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows® installer

Exit code:

Version:

5.0.19041.3636 (WinBuild.160101.0800)

Modules

Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll

2192

"C:\Users\admin\AppData\Local\Temp\ni-diadem-2023-en_23.3_online.exe" --relaunched

C:\Users\admin\AppData\Local\Temp\ni-diadem-2023-en_23.3_online.exe

ni-diadem-2023-en_23.3_online.exe

User:

admin

Company:

National Instruments Corporation

Integrity Level:

HIGH

Description:

NI Package Installer

Version:

23.3.0f142

Modules

Images
c:\users\admin\appdata\local\temp\ni-diadem-2023-en_23.3_online.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll

2716

"C:\Users\admin\AppData\Local\Temp\nipkg_preinstall-02a0-31b9-23a2-d98d\payload\Install.exe" install ni-package-manager ni-package-manager-upgrader ni-package-manager-released-feed --hide-completion --prevent-reboot --config="\\?\C:\Users\admin\AppData\Local\Temp\nipkg_preinstall-02a0-31b9-23a2-d98d\nipkg.ini" --update-feeds --force-essential --force-locked

C:\Users\admin\AppData\Local\Temp\nipkg_preinstall-02a0-31b9-23a2-d98d\payload\Install.exe

ni-diadem-2023-en_23.3_online.exe

User:

admin

Company:

National Instruments

Integrity Level:

HIGH

Description:

NI Package Manager Installer

Version:

23.3.0.49294

Modules

Images
c:\users\admin\appdata\local\temp\nipkg_preinstall-02a0-31b9-23a2-d98d\payload\install.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

3832

C:\WINDOWS\system32\msiexec.exe /V

C:\Windows\System32\msiexec.exe

services.exe

User:

SYSTEM

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Windows® installer

Version:

5.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll

5032

C:\Windows\syswow64\MsiExec.exe -Embedding ABEC130A8A39A09176E820F64E0B3E46

C:\Windows\SysWOW64\msiexec.exe

—

msiexec.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows® installer

Exit code:

Version:

5.0.19041.3636 (WinBuild.160101.0800)

Modules

Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll

5576

C:\WINDOWS\System32\slui.exe -Embedding

C:\Windows\System32\slui.exe

—

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Activation Client

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll

6656

C:\Windows\syswow64\MsiExec.exe -Embedding 309371435BA92EAEE5303CBF6E46EF21 C

C:\Windows\SysWOW64\msiexec.exe

—

msiexec.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows® installer

Exit code:

Version:

5.0.19041.3636 (WinBuild.160101.0800)

Modules

Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll

6688

C:\Windows\syswow64\MsiExec.exe -Embedding 2E316A5E8A30CEFCEB4D7ACA0358D248

C:\Windows\SysWOW64\msiexec.exe

—

msiexec.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows® installer

Exit code:

Version:

5.0.19041.3636 (WinBuild.160101.0800)

Modules

Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll

6756

C:\Windows\syswow64\MsiExec.exe -Embedding DD219B812B636B916FB3D409918404F5

C:\Windows\SysWOW64\msiexec.exe

—

msiexec.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows® installer

Exit code:

Version:

5.0.19041.3636 (WinBuild.160101.0800)

Modules

Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll

Add for printing

Total events

13 773

Read events

13 147

Write events

590

Delete events

Modification events


(PID) Process:	(3832) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Operation:	write	Name:	C:\Config.Msi\
Value:
(PID) Process:	(3832) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:	write	Name:	C:\Config.Msi\193040.rbs
Value: 31198500
(PID) Process:	(3832) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
Operation:	write	Name:	C:\Config.Msi\193040.rbsLow
Value:
(PID) Process:	(3832) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C28D4630C66244942AF0B3E46161AA78
Operation:	write	Name:	E4CEDFED2D55F124990699EFABA1C1C0
Value: 02:\SOFTWARE\National Instruments\Common\Installer\MIF\MIFSystemUtility\DllNameFullPath
(PID) Process:	(3832) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\316C532A89A394748BFE98BE2152180B
Operation:	write	Name:	E4CEDFED2D55F124990699EFABA1C1C0
Value: C:\Program Files (x86)\National Instruments\Shared\MIF\NIMSIProperties\MIFSystemUtility.dll
(PID) Process:	(3832) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A3AE03A05B0DB5845BB857F3927AF4A6
Operation:	write	Name:	E4CEDFED2D55F124990699EFABA1C1C0
Value: C:\Program Files (x86)\National Instruments\Shared\MDF\Manifests\NI MSI Properties {DEFDEC4E-55D2-421F-9960-99FEBA1A1C0C}.xml
(PID) Process:	(3832) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B3AE03A05B0DB5845BB857F3927AF4A6
Operation:	write	Name:	E4CEDFED2D55F124990699EFABA1C1C0
Value: C:\Program Files (x86)\National Instruments\Shared\WinMIF\ni-msiproperties_25.5.0.49240-0+f88_windows_x64 {DEFDEC4E-55D2-421F-9960-99FEBA1A1C0C}.control
(PID) Process:	(3832) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\f4cedfeD2d55f124990699efaba1c1c0
Operation:	write	Name:	E4CEDFED2D55F124990699EFABA1C1C0
Value: 02:\SOFTWARE\National Instruments\Common\Installer\Parts\{DEFDEC4E-55D2-421F-9960-99FEBA1A1C0C}\ProductName
(PID) Process:	(3832) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Operation:	write	Name:	C:\Program Files (x86)\National Instruments\Shared\MDF\Manifests\
Value:
(PID) Process:	(3832) msiexec.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Operation:	write	Name:	C:\Program Files (x86)\National Instruments\Shared\MDF\
Value:

Add for printing

Executable files

109

Suspicious files

103

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2192	ni-diadem-2023-en_23.3_online.exe	C:\Users\admin\AppData\Local\Temp\nipkg_preinstall-02a0-31b9-23a2-d98d\payload\ca-bundle.crt		text
		MD5:8E1DF0329F3E7ED0B7A03341F33A0630	SHA256:30E5CBA3E0FEBBF8A6E98BC7EEFEC3D66A18E79F0452C401D88AFB83A383E83D
2192	ni-diadem-2023-en_23.3_online.exe	C:\Users\admin\AppData\Local\Temp\nipkg_preinstall-02a0-31b9-23a2-d98d\payload\de\Install.resources.dll		executable
		MD5:E456873B8419A0BCE63898EB014B9F52	SHA256:410A056020BD756CA898482EAADE072BBFC5677D76C67C3D1BCA7164D3489A34
2192	ni-diadem-2023-en_23.3_online.exe	C:\Users\admin\AppData\Local\Temp\nipkg_preinstall-02a0-31b9-23a2-d98d\payload.tar.gz		compressed
		MD5:855E10FE5FA9DB297CEF7C753D8A7966	SHA256:790069A5212EBC96884082B2921CBB9D1EE86BD4EA310D792BBDF23E3A0C11F3
2192	ni-diadem-2023-en_23.3_online.exe	C:\Users\admin\AppData\Local\Temp\nipkg_preinstall-02a0-31b9-23a2-d98d\payload\nipkg.ini		text
		MD5:5E13F56ED85CBC736441FA21EF4C40CA	SHA256:4A512D3E9BA964354AA8A26B6E33BC4936D2E6F64F7C15F24892F5DFC25B924B
2716	Install.exe	C:\ProgramData\National Instruments\NI Package Manager\raw\ni-package-manager-packages\data		text
		MD5:A52DE4C53C2424CE1C03B42DA02B6E3F	SHA256:BE52239D7F4F331096DBFD2F5382FDD561B31C5D47A2B544DB00B6CBA5227723
2716	Install.exe	C:\ProgramData\National Instruments\NI Package Manager\Agents\file\installed.dat-journal		binary
		MD5:6A87B6F389DE6103B6ED3B40F048C843	SHA256:506F314776E3874D6C8DA441321BEFDF1B98F60D38FF003EA7AF7565A2E0968C
2716	Install.exe	C:\ProgramData\National Instruments\NI Package Manager\raw\ni-package-manager-packages\Packages		text
		MD5:A52DE4C53C2424CE1C03B42DA02B6E3F	SHA256:BE52239D7F4F331096DBFD2F5382FDD561B31C5D47A2B544DB00B6CBA5227723
2192	ni-diadem-2023-en_23.3_online.exe	C:\Users\admin\AppData\Local\Temp\nipkg_preinstall-02a0-31b9-23a2-d98d\nipkg.ini		text
		MD5:5E13F56ED85CBC736441FA21EF4C40CA	SHA256:4A512D3E9BA964354AA8A26B6E33BC4936D2E6F64F7C15F24892F5DFC25B924B
2716	Install.exe	C:\ProgramData\National Instruments\NI Package Manager\Agents\file\installed.dat-wal		binary
		MD5:98060ED9EC6566770047A28CACC86EDA	SHA256:F6D54EDE6346916E3085AF1D059F24DF0FF44CF77DFA9784B8E0C97192F0BA39
2716	Install.exe	C:\ProgramData\National Instruments\NI Package Manager\Agents\wininst\installed.dat-journal		binary
		MD5:BB0A36AE462EE396988FF6464E505D03	SHA256:E9C0838267C2B8CD5CE129447160EB43EB62643993B76ADB5077E6C105E90BFD

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2716	Install.exe	HEAD	200	104.17.118.104:80	http://download.ni.com/support/nipkg/products/ni-package-manager/released/Packages.gz	unknown	—	—	unknown
2716	Install.exe	GET	200	104.17.118.104:80	http://download.ni.com/support/nipkg/products/ni-package-manager/released/Packages.gz	unknown	—	—	unknown
2716	Install.exe	GET	200	104.17.118.104:80	http://download.ni.com/support/nipkg/products/ni-package-manager/released/eula-ni-standard_25.5.0.49240-0+f88_windows_x64.nipkg	unknown	—	—	unknown
2716	Install.exe	GET	200	104.17.118.104:80	http://download.ni.com/support/nipkg/products/ni-package-manager/released/eula-ms-dotnet-4.8_25.5.0.49240-0+f88_windows_x64.nipkg	unknown	—	—	unknown
1268	svchost.exe	GET	200	23.35.229.160:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
1268	svchost.exe	GET	200	23.216.77.29:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
2232	svchost.exe	GET	200	184.30.131.245:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
2716	Install.exe	GET	—	104.17.118.104:80	http://download.ni.com/support/nipkg/products/ni-package-manager/released/ni-msiproperties_25.5.0.49240-0+f88_windows_x64.nipkg	unknown	—	—	unknown
3832	msiexec.exe	GET	200	184.30.131.245:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D	unknown	—	—	whitelisted
3832	msiexec.exe	GET	200	184.30.131.245:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAc8ObJVP%2F0Q2ub7RD%2FcLrg%3D	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
1268	svchost.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
4916	RUXIMICS.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
5944	MoUsoCoreWorker.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
2716	Install.exe	104.17.118.104:80	download.ni.com	CLOUDFLARENET	—	suspicious
1268	svchost.exe	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
1268	svchost.exe	23.216.77.29:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
1268	svchost.exe	23.35.229.160:80	www.microsoft.com	AKAMAI-AS	DE	whitelisted
5944	MoUsoCoreWorker.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	51.124.78.146 4.231.128.59 40.127.240.158	whitelisted
google.com	142.250.184.238	whitelisted
download.ni.com	104.17.118.104 104.17.119.104	unknown
crl.microsoft.com	23.216.77.29 23.216.77.28 23.216.77.37 23.216.77.31 23.216.77.39 23.216.77.35 23.216.77.34 23.216.77.30 23.216.77.33	whitelisted
www.microsoft.com	23.35.229.160	whitelisted
login.live.com	40.126.31.67 20.190.159.0 40.126.31.131 20.190.159.130 40.126.31.2 20.190.159.4 40.126.31.69 20.190.159.2	whitelisted
ocsp.digicert.com	184.30.131.245	whitelisted
go.microsoft.com	23.35.238.131	whitelisted
slscr.update.microsoft.com	74.178.240.61	whitelisted
fe3cr.delivery.mp.microsoft.com	40.69.42.241	whitelisted

Threats

PID	Process	Class	Message
—	—	Unknown Traffic	ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)

Add for printing

Process	Message
Install.exe	14:04:51.266609 CAPI: nipkg_InitializeW: callerId=Install, callerVersion=23.3.0.49294, currentNipkgCoreVersion=23.3.0.49294, userConfigurationFilePath='\\?\C:\Users\admin\AppData\Local\Temp\nipkg_preinstall-02a0-31b9-23a2-d98d\nipkg.ini'
Install.exe	14:04:51.282280 CAPI: nipkg_OpenRequest: Opening new request
Install.exe	14:04:51.282280 CAPI: nipkg_OpenRequest: Request (3848974248) opened with result of 0
Install.exe	14:04:51.297954 CLILIB: Transaction Request Type=35
Install.exe	14:04:51.297954 CAPI: nipkg_WaitUntilRequestCompletes: Waiting for request to complete (3848974248)
Install.exe	14:04:51.297954 CLILIB: RequestOption=1, 'value type = 8, m_count=1, value=0x000002DA5253355C'
Install.exe	14:04:51.297954 CLILIB: RequestOption=2, 'value type = 8, m_count=1, value=0x000002DA5253396C'
Install.exe	14:04:51.297954 CLILIB: RequestOption=3, 'value type = 8, m_count=1, value=0x000002DA5253373C'
Install.exe	14:04:51.297954 CLILIB: RequestOption=4, 'value type = 8, m_count=1, value=0x000002DA5253382C'
Install.exe	14:04:51.297954 CLILIB: RequestOption=5, 'value type = 9, m_count=1, value=0x000002DA380D12F0'

General Info

ni-diadem-2023-en_23.3_online.exe

0392C3F2401BE4D8CCA91012B6AF97BE

0637E9CE1F5EDB6C59BBD1272789801AD46C06A4

935D3D3874B84E927EB03C7B411CD6CF7D1B0778A17C21A5357581442EFDFC4B

98304:WzXo9+x+Vf5Y/BrAoDdDKa+USixCn6irnWly+K3QYYte8dkrffTtsU9Cf/a3t4Fd:MC7GMW+E

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Reads security settings of Internet Explorer

Application launched itself

Executable content was dropped or overwritten

Reads the Windows owner or organization settings

INFO

Checks supported languages

The sample compiled with english language support

Process checks computer location settings

Reads the computer name

Reads the machine GUID from the registry

Create files in a temporary directory

Reads Environment values

Creates files in the program directory

Checks proxy server information

Creates files or folders in the user directory

Executable content was dropped or overwritten

Reads the software policy settings

Creates a software uninstall entry

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings