(Note that I have personally observed rundll32.exe in the same location; however, I have not yet been able to find any formal documentation of this behavior.)
This was the response I got when I asked Teramind's support if the rundll32.exe file was theirs. I'm not sure if this will suffice for documentation, but it's the best I've got right now.
(Note that I have personally observed rundll32.exe in the same location; however, I have not yet been able to find any formal documentation of this behavior.)