Can you walk through the exploitation of the NDP461-KB3102438-Web.exe DLL hijacking vulnerability?

First, Process Monitor filters are set to capture all DLL load attempts (excluding successful loads initially) to find `NAME NOT FOUND` entries. Running NDP461-KB3102438-Web.exe reveals it tries to load `CRYPTSP.dll` unsuccessfully because the DLL is missing from its directory. A malicious DLL (e.g., one that pops a calculator) renamed to `CRYPTSP.dll` is placed in the same directory. Upon re-running the program, ProcessMonitor shows a successful load (`Result: SUCCESS`) of `C:\test\CRYPTSP.dll`, and the calculator executes, proving hijacking. This step-by-step is detailed in the Rattler article.