IIS Server Loads suspicious DLL
Hello, I am encountering an unusual behavior with the IIS Worker Process (w3wp.exe) and require assistance in understanding it. The process initiates with the following arguments: Application Pool: "TestApplicationAPI" CLR Version: "v4.0" Managed Pipeline Mode: Integrated Named Pipe: "\.\pipe\iisipmc[unique-id]" Configuration File: "C:\inetpub\temp\apppools\TestApplicationAPI\TestApplicationAPI.config" Other Parameters: Default settings Subsequently, a DLL is filelessly loaded into the process. The DLL has a name following the pattern "zx_[md5hash].dll", where [md5hash] represents a specific hash value. I have searched extensively but found no information regarding such fileless DLL loading in IIS, particularly with a name that seems to be dynamically generated. Can anyone provide insights into: The nature and purpose of this "zx_[md5hash].dll"? The implications of this behavior for the security and stability of the IIS environment? Any known issues or documentation related to this kind of scenario in IIS? Any help or guidance would be greatly appreciated. Thank you!