Windows binary C++ Agent

Deploy a Stage 1 Windows agent with a low-footprint terminal shell, plus lifecycle controls (stage2 to upgrade, exit, killagent). When elevated to Stage-2, the agent expands to host/context discovery (currentpath, systeminfo, getuid), screen capture (screenshot), file transfer (download_file, upload_file ), storage & process enumeration (drives, listproc), targeted diagnostics (per-PID memory dump), and controlled migration to another process (migrate ). If detected early, only the lean Stage-1 footprint is exposed.

Advanced features, such as encrypting user files (for ransomware simulation), process hollowing, or persistence using a process watchdog, are only available in Stage 2.