DcRat

DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

Dcrat family

Process spawned unexpected child process

This typically indicates the parent process was compromised via an exploit or macro.

DCRat payload

Detects payload of DCRat, commonly dropped by NSIS installers.

Disables Task Manager via registry modification