https://www.bleepingcomputer.com/news/security/qbot-phishing-uses-windows-calculator-sideloading-to-infect-devices/

The operators of the QBot malware have been using the Windows Calculator to side-load the malicious payload on infected computers.

DLL side-loading is a common attack method that takes advantage of how Dynamic Link Libraries (DLLs) are handled in Windows. It consists of spoofing a legitimate DLL and placing it in a folder from where the operating system loads it instead of the legitimate one.