NOTES I updated all old Discord API versions on request links. For the account connections (linked accounts) like YouTube, Steam, Github... I could not use get function because converting it in dictionary is very hard because Discord API give it as list of dictionaries and I tried to split them but it was to difficult. Apart from that I added to the token grabber victim's account biography as footer text. I also managed to get banner as gif / png in the embed, I found that it was almost the same as avatar link but it was /banners/userid/bannerid instead of /avatars/userid/avatarid. And finally for linked accounts I still put them in the token grabber but only deleting the characters of list and dictionary to make it look more understandable. Thanks you if you found some solutions, send it in the Github pull requests.Please do not use the program maliciously. This program is intended to be used for educational purposes only. Mercurial is only used to demonstrate what type of information attackers can grab from a user's computer. This is a project was created to make it easier for malware analysts or ordinary users to understand how credential grabbing works and can be used for analysis, research, reverse engineering, or review.

What is malware?

Malware is a term that is used for malicious software that is designed to do damage or unwanted actions to a computer system. An explanation of this tool:

Google Chrome always store user data in the same place, so the stealer generated by Mercurial Grabber has no problem in finding it. In theory at least, this data is stored in encrypted form. However, if the malware has already penetrated the system, then its actions are done in your name.

Therefore, the malware simply finds a way to decrypt information stored on your computer (by making it seem like thie user is requesting it) . The stealer gets all your passwords and cookies.

The tool is also able to find Roblox cookies that are stored in the Windows Registry. By running the malicious .exe file, it is able to search for the Roblox cookie. The same goes for Minecraft sessions, Discord tokens, etc since it is stored in the user's computer.

Recommended tools for testing Mercurial: (when running the produced output after building)

Virtualbox VMware Process Hacker VirusTotal Tips to check if an exe file is safe:

Analyze the file with VirusTotal Check if the exe file has a publisher Check it in a sandbox Monitor the file’s network activity for strange behavior

• Solo propósito educativo
• Prohibida la reventa
• Puede usar el código fuente si mantiene los créditos (en incrustación + en rebajas), tiene que ser de código abierto
• NO somos responsables de nada de lo que haga con nuestro software (si es ilegal)

• Registrador de códigos QR
• Discord Login Stealer
• Nombre de usuario
• ID
• Token
• Bypass new security mechanisms
• Bypass Two-step verification!
• Bypass Inherent identity and need 5-digit verification code!
• Support SMTP Transport
• Support Telegram API Transport (With Proxy)
• Support FakeMessage
• Support Custom Icons
• Bypass A.V (Comming soon...)
• Inspect Element Detection
• Custom Design
• Cool design
• AntiAnalysis (VirtualBox, SandBox, Debugger, VirusTotal, Any.Run)
• Get system info (Version, CPU, GPU, RAM, IPs, BSSID, Location, Screen metrics, Installed apps)
• Chromium based browsers (passwords, credit cards, cookies, history, autofill, bookmarks)
• Firefox based browsers (db files, cookies, history, bookmarks)
• Internet explorer/Edge (passwords)
• Saved wifi networks & scan networks around device (SSID, BSSID)
• File grabber (Documents, Images, Source codes, Databases, USB)
• Detect banking & cryptocurrency services in browsers
• Steam, Uplay, Battle.Net, Minecraft session
• Install keylogger & clipper
• Desktop & Webcam screenshot
• ProtonVPN, OpenVPN, NordVPN
• Crypto Wallets
• Zcash, Armory, Bytecoin, Jaxx, Exodus, Ethereum, Electrum, AtomicWallet, Guarda, Coinomi, Litecoin, Dash, Bitcoin
• Crypto Wallet Extensions from Chrome & Edge
• Binance, coin98, Phantom, Mobox, XinPay, Math10, Metamask, BitApp, Guildwallet, iconx, Sollet, Slope Wallet, Starcoin, Swash, Finnie, KEPLR, Crocobit, OXYGEN, Nifty, Liquality, Auvitas wallet, Math wallet, MTV wallet, Rabet wallet, Ronin wallet, Yoroi wallet, ZilPay wallet, Exodus, Terra Station, Jaxx.
• Messenger Sessions, Accounts, Tokens
• Discord, Telegram, ICQ, Skype, Pidgin, Outlook, Tox, Element, Signal
• Directories structure
• Filezilla hosts
• Process list
• Product key
• Autorun module
• Instant transactions
• No contract required
• Anti Metamask Phishing Detections
• Support SMTP Transport!
• Support Telegram API Transport!
• Support FakeMessage!
• Support Custom Icon!
• Bypass Two-step confirmation
• Bypass Inherent identity and need 5-digit verification code
• Support for the official telegram desktop only windows !
• Contraseña (incluso cuando cambia)
• Email
• Badges
• Nitro
• Número de Tarjeta de Crédito
• CVC
• Vencimiento
• Facturación
• IP
• Nombre de host de la computadora
• Cerrar sesión al instante
• Deshabilitar código QR
• Incrustacion personalizada
• Estructura de código genial
• Cookies
• Contraseña
• Cookie Automatic Logger
• Metamask stealer
• Exodus stealer -Anti-Delte y Anti-Spam
• 0/64 Detecciones

Educational Purposes Only This tool demonstrates and makes it easy to create your own grabber. This shows what type of information attackers can grab from a victim's computer. Only use this on your own PC and do not use it on other people maliciously.