This detection rule identifies links within email bodies that auto-download suspicious file types, such as LNK, JS, and VBA files. It specifically targets links that lead to Google Drive, where automatic downloads that are abused by threat actors are common. The rule performs extensive analysis on links, including examining files that may be auto-downloaded, and recursively analyzing any archives to further inspect whether they contain malicious file types. The rule is designed to mitigate risks associated with unsolicited downloads, evasive malware techniques, and envelopes of social engineering that aim to compromise systems via deceptive email communications. By examining both solicited and unsolicited messages and analyzing the sender profile, the rule improves detection accuracy and reduces the likelihood of false positives, which can plague automated email filtering systems.