This article documents the detection of Ransomware in RRM with APM.
RRM did not throw an alarm.
During run, W11 notifies that .NET 3.5 is required. RRM disables WUpdate .NET cannot install
Sample would not launch
After windows format and reinstall, new Windows install detects remnants.