Written in C# (C Sharp) using the .NET framework, making it relatively easy to reverse-engineer if it isn't obfuscated.
The stolen data is bundled and sent via an HTTP POST request to the attacker's Discord webhook. Risk Mitigation If you suspect an infection:
Some variants copy themselves to %APPDATA%\Local\Temp and add a registry key to ensure they run every time the computer reboots. Mercurial Grabber.exe
Primarily uses Discord Webhooks to exfiltrate stolen data directly to an attacker-controlled Discord channel. Key Capabilities
Specifically targets Minecraft (launch profiles) and Roblox (.ROBLOSECURITY cookies) to hijack gaming sessions. Written in C# (C Sharp) using the
The user runs the .exe . It may show a fake error message or a simple GUI to appear legitimate.
Fake "FiveM" cheats, Minecraft mods, or Roblox exploits. Cracked Software: Keygens or installers for paid software. Primarily uses Discord Webhooks to exfiltrate stolen data
Prioritize Discord, email, and gaming accounts. If you have 2FA enabled, your session tokens might still be at risk until you log out of all sessions.