I believe the one you're referring to is the "Windows Platform Binary Table (WPBT)" feature, which has a slot in UEFI where an exe can be put, which is run by Windows during an install.
It actually runs on every boot, even worse. This is how overbroad nanny software like Computrace works, you can remove it but Windows will just reinstall it at boot.
Kind of a glaring security issue.