This detection rule targets the execution of AI_STUBS executables, specifically identifying the file `popupwrapper.exe` which is part of the MSIX Package Support Framework provided by Advanced Installer. The execution of these components may indicate the deployment of malicious MSIX packages that utilize the Package Support Framework to circumvent application whitelisting and control policies. The rule filters process creation logs to detect attempts to execute any AI_STUBS executable files that are identified by specific paths and the original file name. It is particularly focused on Windows environments where these types of packages could be leveraging vulnerabilities in the framework to execute potentially harmful code.