# Windows binary C++ Agent

Deploy a Stage 1 Windows agent with a low-footprint terminal shell, plus lifecycle controls (stage2 to upgrade, exit, killagent). When elevated to Stage-2, the agent expands to host/context discovery (currentpath, systeminfo, getuid), screen capture (screenshot), file transfer (download\_file, upload\_file ), storage & process enumeration (drives, listproc), targeted diagnostics (per-PID memory dump), and controlled migration to another process (migrate ). If detected early, only the lean Stage-1 footprint is exposed.

<figure><img src="https://1112023788-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MU9W-baGw5TeUzNXoyo%2Fuploads%2FRoccEJZlXbeRs3a4LwLz%2FScreenshotCP.jpg?alt=media&#x26;token=28b2977a-b305-4259-af5b-085ef8fda72f" alt=""><figcaption></figcaption></figure>

Advanced features, such as encrypting user files (for ransomware simulation), process hollowing, or persistence using a process watchdog, are only available in Stage 2.