The user runs the .exe . It may show a fake error message or a simple GUI to appear legitimate.
Collects machine info, including Windows product keys, IP addresses, hardware specs, and desktop screenshots. Mercurial Grabber.exe
Below is a technical breakdown of its typical behavior, delivery, and impact. Malware Type: Infostealer / Credential Grabber. The user runs the
The stolen data is bundled and sent via an HTTP POST request to the attacker's Discord webhook. Risk Mitigation If you suspect an infection: Below is a technical breakdown of its typical
Never download software from unofficial sources, especially those that ask you to disable your antivirus before running. Ransomware Roundup - DoDo and Proton | FortiGuard Labs
Some variants copy themselves to %APPDATA%\Local\Temp and add a registry key to ensure they run every time the computer reboots.
It silently scans for the targeted files and browser databases.