Description: Privilege escalation in UAC due to hyperlink in Certificate - CVE-2019-1388
What The Data Shows: If successfully exploited, SYSTEM privilege will be obtained. This happens from consent.exe(if URL association is present otherwise openwith is called). Consent.exe called default browser with NT Authority\System Privilege. the query looks for same. One can add more browsers depending on their environment as child process.
query=((parent_name:openwith.exe OR parent_name:consent.exe) AND (childproc_name:firefox.exe OR childproc_name:chrome.exe OR childproc_name:iexplore.exe)) AND username:system