detecting-ransomware-encryption-behavior

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly requires administrative access and instructs actions that modify system state (install/configure Sysmon/auditd, suspend/kill processes, disable network adapters, create snapshots, capture memory), which would require elevated privileges and can change/compromise the host.