This detection rule focuses on identifying instances where a browser process is initiated with a URL argument that references a file download. The rule is particularly designed to flag browser applications like Chrome, Edge, Brave, Opera, and Vivaldi when they are used to download files with extensions that can be potentially harmful or interesting, such as '.exe', '.dll', or '.zip'. The execution of such commands can be exploited by attackers to download arbitrary files, allowing them to use legitimate browser processes for malicious activity, which may go unnoticed by users if the browser is minimized or executed in the background. The rule captures the command line of the browser processes to check for specific file extensions associated with the download and utilizes criteria that look for HTTP URLs within the command line. Multiple conditions need to be met for a detection alert to be triggered, which aids in reducing false positives. The rule denotes a medium severity level, indicating a significant potential impact if exploited. The references provided offer additional context regarding the techniques described and related artifacts, while the authors are noted cybersecurity professionals with experience in the field.