Link: https://github.com/subTee/AllTheThings By: Casey Smith (http://subt0x10.blogspot.com/ & https://twitter.com/subtee)
Thanx for posting, as it will be useful to those who havn't locked them down yet ! On my XP/SP2 i only have regsvr32.exe & rundll32.exe which i've had locked down with ProcessGuard for years. And before that even on 98SE with a similar App. I would advise those that havn't to so ASAP
The article only mentions .Net 4 but those same modules also exist for .Net 2 and 3 and have been used by malware. So they also have to have their execution monitored.