IIS w3wp.exe Spawning LOLBins - ViewState Deserialization RCE Detection

Detects IIS Application Pool Worker Process (w3wp.exe) spawning Living-off-the-Land binaries and scripting engines, the primary execution chain for successful ViewState deserialization attacks such as CVE-2025-53690 in Sitecore where exposed ASP.NET machineKey values enable .NET object injection leading to unauthenticated remote code execution on internet-facing web applications