This detection rule identifies the execution of Chromium-based browsers such as Brave, Chrome, Edge, Opera, or Vivaldi in headless mode that utilize the "dump-dom" command to download files. It specifically targets the command line arguments that indicate headless execution and file downloading behavior. This combination of parameters suggests potentially suspicious activity, often associated with automated processes that could be used in command-and-control operations. The detection relies on monitoring process creation events on Windows systems, looking for specific patterns in their command line usage.