Deleted-file forensics
A file that ran and was deleted still left its mark. anticheat.cloud cross-correlates the Windows forensic trail to surface it, then flags a removed cheat by its hash even after a rename.
anticheat.cloud reconstructs what actually ran on a player's PC: the DMA cards, the injected overlays, the loaders wiped before the screenshare. It reads the traces Windows can't fully erase.
A clean screenshare proves nothing if the cheat was closed first. These are the signals it can't hide.
A file that ran and was deleted still left its mark. anticheat.cloud cross-correlates the Windows forensic trail to surface it, then flags a removed cheat by its hash even after a rename.
PCIe and FPGA capture cards, spoofed devices, and VM or hypervisor cloaking that hides a cheat beneath the OS.
Stream-proof windows hidden from capture, and DLLs injected into dwm.exe from user-writable paths.
DNS and live connections to known cheat hosts and KeyAuth, highlighted around the alt:V launch window.
Cleared event logs, a reset USN journal, an emptied Prefetch, correlated into one “history wiped” flag.
One-time download links, a live machine list, remote end-check. Then the scanner removes itself.
Social Club account, IPv6 and MACs, and a full connection timeline. Who the player is, and where they reached.
No install on your side. The player runs one elevated executable; everything else is on the console.
From the console, mint a single-use download for a player or match. It works exactly once.
They launch the scanner. It elevates via UAC, shows a neutral loading screen, and auto-uploads.
Detections land grouped by category with timestamps, confidence and clickable VirusTotal hashes.
Tell us about your league or event and we'll show you exactly what we can lock down — from qualifiers to the grand final. One email starts it.
Sign in to the operator console to generate a link, manage Cheathunters, and review reports. Full documentation lives inside.
Open the console