After successful exploitation an agent will be installed. The process being exploited is usually run as an IUSR or IWAM user, specially created for IIS to answer anonymous requests.
CVE Link
Exploit Platform
Product Name