This detection rule is designed to identify instances where the "msedge_proxy.exe" process is used to download files from arbitrary URLs. The detection relies on analyzing the command line issued to the process, specifically looking for command lines that contain HTTP or HTTPS requests, as these are indicative of a file download operation. Additionally, the rule includes checks to confirm that the executing binary is indeed "msedge_proxy.exe" by verifying its image path or original filename to mitigate false positives from other processes. The rule is categorized under process creation logs within the Windows environment and targets potential evasion tactics employed by malicious actors to download unauthorized files through legitimate processes. Given its classification as a medium-level threat, it necessitates moderation in response actions, examining potential false positives carefully. The rule was authored by Swachchhanda Shrawan Poudel and is part of a proactive measure to bolster defenses against file download exploits that may occur during attack scenarios.