This detection rule aims to identify unusual non-browser interactions with Google API endpoints, specifically targeting covert command-and-control (C2) activities that leverage Google services, such as Google Sheets. The rule detects processes not associated with common web browsers that communicate with certain Google-hosted domains, including 'drive.googleapis.com', 'oauth2.googleapis.com', 'sheets.googleapis.com', and 'www.googleapis.com'. When an application is detected making requests to these endpoints without being a recognized web browser, it raises an alert. The rule includes exclusions for well-known browser processes and other legitimate software such as Google Drive and Outlook to minimize false positives. The main condition flags any network connection attempts to the specified Google APIs, provided the initiating process is not identified as an allowed browser or application.