You're making this harder than it needs to be. It's easier to just say... Mom downloads SuperCalculator.exe onto her desktop. She executes this program. While the calculator UI appears, it silently injects itself into Explorer, gains elevated abilities,
and sets up all sorts of nastyness.
No prompts. Nothing.
Yes. The problem scenario relies on an infected machine. This infection exploits UAC's default behavior to auto-elevate signed system binaries to achieve silent rights elevation. Of course, if UAC was a security
boundary, then it would not possess such behavior.