The detection rule aims to identify potential cryptocurrency mining activities by analyzing command-line parameters or strings that are commonly associated with crypto miners. The criteria for detection are based on the existence of specific keywords within the command-line execution patterns. It utilizes a selection mechanism that triggers responses when the command-line parameters contain strings like ' --cpu-priority=', '--donate-level=0', and those typical of stratum connections (e.g., 'stratum+tcp://'). To reduce false positives, the rule includes a filter that disregards common command-line arguments related to standard operations and certain programming tasks. The rule is primarily configured for Windows environments and has a high severity level, indicating a significant risk of malicious activity if triggered. While effective, it does acknowledge potential legitimate use cases such as authorized crypto mining operations and specific software build frameworks that might generate similar command-line arguments, hence categorizing them as false positives.