WTFBins

Windows executes a suspiciously named DLL export with a name of SusRunTask, and this DLL checks many various Scheduled Task and Autostart execution locations, such as Registry persistence locations and C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\, as well as spawning new processes that are not child processes.