Glossary
DCC2 (MS-Cache v2)
The salted, iterated verifier Windows caches so a domain user can log on offline. Crackable but not usable for pass-the-hash.
DCC2, also called MS-Cache v2, is the cached domain-logon verifier
stored in the SECURITY hive under Cache\NL$<n>. When a domain account signs
in without reaching a domain controller, Windows checks the password against
this cached value.
Unlike an NT hash, DCC2 is PBKDF2(HMAC-SHA1, …) over
the NT hash, salted with the lowercase username and run for a high iteration
count (10240 by default). That makes it non-reversible — you can crack it
offline but cannot pass-the-hash with it. Dumpers emit it as
$DCC2$10240#user#<hex>.