> For the complete documentation index, see [llms.txt](https://book.ice-wzl.xyz/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://book.ice-wzl.xyz/c2-frameworks/dcrat/modules.md).

# Modules

* See below for each modules documentation
* To get to modules right click a call back and you will see the following options

| Surveillance                          |
| ------------------------------------- |
| Remote Shell                          |
| Remote Screen                         |
| Remote Camera                         |
| Remote Regedit                        |
| File Manager                          |
| Process Manager                       |
| Netstat                               |
| Record                                |
| Program Notifications (Start \| Stop) |

### Remote Shell

* Exactly what it sounds like
* Click on the module wait for below to appear

```
Microsoft Windows [Version 10.0.20348.1787]
(c) Microsoft Corporation. All rights reserved.
```

* This is a `cmd.exe` prompt not a powershell prompt!
* Use the white bar at the bottom to execute commands

<figure><img src="/files/cEHhMSbYVncRezvRB5h2" alt=""><figcaption></figcaption></figure>

### Remote Screen

* Also exactly what it sounds like
* View the remote screen of the remote system
* It can take a second to load, please be patient.
* Screen sharing can be controlled (off/on) with the `Start` button at the top left
* Option to `View only` or control the remote machine via your `mouse` and `keyboard`
* To turn either on press the respective button at the top
* Can also take auto screenshots with the `Camera` button also at the top

  * By default it will capture the screen every \~3 seconds
  * IMO that is far too fast, I am working on tuning it to roughly every 30 seconds to drop the amount of network traffic that is required with the screenshots.

  <figure><img src="/files/JVNqMW82gi939RpEEnhN" alt=""><figcaption></figcaption></figure>

### Remote Camera

* View the remote systems webcam
* Requires loading `RemoteCamera.dll` into memory which will happen automatically
* If no camera if found the pop up will exit automatically

### Remote Regedit

* Remotely view the registry in addition to creation of new keys or modification of existing keys

<figure><img src="/files/iDIwbhcclkYFoJMEdm2s" alt=""><figcaption></figcaption></figure>

* To create a new key click on `Edit` at the top and follow the prompts
* It is nearly identical to the normal `Regedit` program on Windows

### File Manager

* File manager for remote upload, download, compressing and general file manager options
* Just point and click
* To move up a directory after traversing down the file system ensure you `Right Click --> Back`
  * That took me longer to figure out than I care to admit pubically

<figure><img src="/files/smNVeET8cMFx5vmRiten" alt=""><figcaption></figcaption></figure>

* When you download a file a `ClientsFolder` will get created, you can find your exfil'ed file there

```
DcRat\Binaries\Debug\ClientsFolder\1427F5A9B444217138E1 #String is client id
```

### Process Manager

* Exactly like it sounds
* View running process
* Right Click to `Refresh` or `Kill` a specific process
* Refreshes pulls a up to date process list
* It is better opsec to not constantly upload as that can greatly increate the amount of network traffic

<figure><img src="/files/la2Yj4iIgVgByeIqmSh8" alt=""><figcaption></figcaption></figure>

### Netstat

* Exactly like it sounds
* View network connection on the remote host
* `Right Click` and select `Refresh` or `Kill`
* Selecting `Kill` attempts to kill the process creating that network connection

<figure><img src="/files/vqizPA3Zch4uLEZCtqja" alt=""><figcaption></figcaption></figure>

### Record

* Record the audio off the remote systems microphone

<figure><img src="/files/GT6YJTmdEwoXGUNKGH1T" alt=""><figcaption></figcaption></figure>

* If the remote system has no microphone you will get an error in the logs

<figure><img src="/files/2wmMck4DIofSagHrYw8G" alt=""><figcaption></figcaption></figure>

* Requires the `Audio.dll` file to be automatically loaded onto the remote systems memory

### Program Notification

* Alert the operator when a specific remote process is launched on the system
* Defaults to `Uplay,QQ,Chrome,Edge,Word,Excel,PowerPoint,Epic,Steam`
* Currently changed to:

```
Chrome,Edge,Firefox,Word,Excel,PowerPoint,Task Manager
```

<figure><img src="/files/Qi9JFilrNNekObBJWAoi" alt=""><figcaption></figcaption></figure>

| Control          |          |                   |                     |
| ---------------- | -------- | ----------------- | ------------------- |
| Send File -->    | From URL | Send File to Disk | Send File to Memory |
| Run Shellcode    |          |                   |                     |
| Message Box      |          |                   |                     |
| Chat             |          |                   |                     |
| Visit Website    |          |                   |                     |
| Change Wallpaper |          |                   |                     |
| Keylogger        |          |                   |                     |
| File Search      |          |                   |                     |

### Send File

### Run Shellcode

### MessageBox

### Chat

### Visit Website

### Change Wallpaper

### Keylogger

### File Search

| Malware           |         |         |
| ----------------- | ------- | ------- |
| DDOS              |         |         |
| Ransomware -->    | Encrypt | Decrypt |
| Disable WD        |         |         |
| Password Recovery |         |         |
| Disable UAC       |         |         |

### DDOS

### Ransomware

### Disable WD

### Password Recovery

### Disable UAC

\-- All modules not currently listed yet


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://book.ice-wzl.xyz/c2-frameworks/dcrat/modules.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.