How does Invoke-WScriptBypassUAC bypass UAC on Windows 7?

The technique exploits the `wusa.exe` utility to extract CAB files to high-privilege directories like `C:\Windows` without administrator rights. It first creates a specially crafted `wscript.exe.manifest` file that requests administrative execution level, then uses `makecab.exe` to compress it along with a copy of `wscript.exe`. By running `wusa` to extract these files to `C:\Windows`, an attacker can then execute `C:\Windows\wscript.exe` with admin-level privileges, effectively bypassing UAC. For full details, see the original analysis.