What is the main technique for loading a DLL using xwizard.exe?

The technique involves copying xwizard.exe from `%windir%\system32\` to a different directory, then placing a malicious DLL named `xwizards.dll` in the same folder. When xwizard.exe runs with a parameter like `processXMLFile 1.txt`, it loads `xwizards.dll` from its current directory via `LoadLibraryEx` (which uses a relative path), effectively hijacking the legitimate DLL. This is covered in Use xwizard.exe to load dll.