This detection rule identifies the execution of specific AI_STUBS executables, particularly 'popupwrapper.exe', which are part of the Advanced Installer MSIX Package Support Framework. These executables are strongly associated with malicious activity as attackers commonly embed harmful content within MSIX packages built with this framework to circumvent security measures. The rule leverages data sourced from Endpoint Detection and Response (EDR) systems and is focused on monitoring process paths and original filenames to spot potentially harmful activity. Detection of these executables may indicate attempts to execute arbitrary code, establish persistence, or deploy malware, ultimately threatening endpoint security.