This analytic rule is designed to detect the installation and loading of the XMRIG coinminer driver, specifically targeting the 'WinRing0x64.sys' driver. This driver is commonly associated with XMRIG, an open-source CPU mining software that has been widely abused by threat actors for illicit cryptocurrency mining. The detection leverages Sysmon EventCode 6 logs, which provide rich data about driver loading events on Windows systems. By analyzing these logs for specific signatures and the loading of the associated driver, the rule aims to recognize potentially malicious activity that could lead to unauthorized resource usage and financial losses due to cryptocurrency mining. Confirmed incidents necessitate immediate remedial action to prevent further resource drain and system performance degradation.