This detection rule is designed to identify the execution of known cryptocurrency mining tools on Windows systems, specifically targeting the process 'ethminer.exe'. When such a process is executed, it indicates potential unauthorized use of system resources for cryptocurrency mining, also known as cryptojacking. The rule watches for specific command line arguments, hashes corresponding to mining tool executables, and several relevant event details to confirm its execution. The detection utilizes logs from Crowdstrike to assess activity around the process and examine its integrity and parent processes. It operates under critical severity considering the potential negative impact of cryptocurrency mining tools on system performance and network security.