This detection rule aims to identify instances of the Advanced IP Scanner application being executed on Windows systems. The Advanced IP Scanner is widely recognized as a versatile network scanning tool, but it has also become a favored utility among ransomware groups. The rule specifies a condition that triggers an alert when a file event occurs that includes the target filename path consisting of 'Advanced IP Scanner 2' located in the user's local temporary files directory. This is relevant due to the potential misuse of the tool for reconnaissance in preparation for malicious attacks. It consists of a medium-level risks since this tool could also be used for legitimate administrative purposes, which introduces the possibility of false positives.