How can malware bypass the 260-character limit on command-line parameters in Windows shortcut (.lnk) files?

Malware can embed command-line parameters longer than 260 characters by manually constructing the .lnk file's binary structure. As demonstrated in Penetration Techniques - Parameter Hiding Techniques in Shortcut Files, the Windows shell allows the command-line arguments segment of the LNK format to store arbitrary lengths, while the default display (e.g., in `cmd`) only shows up to 260 characters. This technique conceals the full payload from casual inspection.