Upon receiving certain request, IISNODE hits AV:

From event log:
Faulting application w3wp.exe, version 7.0.6002.18005, time stamp 0x49e03238, faulting module iisnode.dll, version 0.1.13.0, time stamp 0x4ef0c78a, exception code 0xc0000005, fault offset 0x0000000000003382, process id 0x4134, application start time 0x01ccc961d482957a.

It is not clear which exactly the request it was, but it might be the one that looks like that:

http://10.26.84.143:30000/Test/LocationHistory?Owner=Test%2FPerson%2FOr (via: rwwauth/__apps/rww/.shimmed.v2.index.js)

with headers:

{"x-auth":"","host":"rww.rwwauth.anodejs.org","cookie":"","content-type":"application/json","content-length":"0","connection":"keep-alive","x-anodejs-rewrite":"rwwauth/__apps/rww/.shimmed.v2.index.js","x-anodejs-app":"rww.rwwauth","x-anodejs-reqid":"b417de5b306743fd83688039cad1d760","x-forwarded-for":"65.52.57.152","x-forwarded-port":55677,"x-forwarded-roto":"http"}

IISNODE etl didn't include any valuable information.