How it works

Delete the file.
The evidence stays.

Every GORE scan runs six forensic layers against the parts of Windows that quietly log what executed. Below, each layer is shown with real-shaped scan output — click any terminal to re-run it.

LAYER 01

Execution artifacts

Prefetch, BAM, Amcache and ShimCache each record program execution independently. GORE parses all four and stitches them into one timeline — so a deleted aimbot.exe still shows up with a run count and a last-run timestamp.

PrefetchBAMAmcacheShimCache
artifacts.scanlive
LAYER 02

Browser history

Cheat marketplaces and fresh downloads leave a trail across Chrome, Edge and Firefox. GORE reads visit and download history — and flags the suspicious gaps where a chunk of history was wiped.

ChromeEdgeFirefoxDownloads
browser.scanlive
LAYER 03

Renamed-file analysis

Renaming a cheat doesn't change what's inside it. GORE inspects file content — PE headers, entropy, YARA signatures — to unmask binaries hiding under innocent names in Temp, Downloads and AppData.

PE headersEntropyYARA
content.scanlive
LAYER 04

Anti-forensic detection

The cover-up is the tell. Disabled logging, a freshly wiped Prefetch, cleared event logs, a truncated USN journal — GORE detects the clean-up itself and treats evasion as its own threat category.

Wiped PrefetchCleared logsDisabled logging
antitamper.scanlive
LAYER 05

DLL injection & side-loads

Modern cheats inject into the game process or side-load from Temp and Downloads. GORE enumerates loaded modules, flags unsigned and manually-mapped regions, and catches the hooks they install.

Module mapUnsignedRWX regions
modules.scanlive
LAYER 06

Gang dashboard

Owners see every member's status at a glance — clean or flagged, with the hits behind each result. Keys are hardware-locked and non-transferable, and admins can assign or revoke them on the spot.

Owner viewHW-locked keysAssign / revoke
gore-dashlive
Setup

Four steps to a protected crew.

STEP 01

Buy & assign keys

Grab Solo or Gang keys and assign them to members from the dashboard. Each key is locked to one machine and valid for 30 days.

STEP 02

Member runs the agent

The member downloads the one-click agent for Windows 10/11 and runs a scan — no persistent install, nothing left behind.

STEP 03

Six layers run

Execution artifacts, browser history, file content, anti-forensics, injection and integrity checks complete in seconds.

STEP 04

Verdict on the dashboard

A clean-or-flagged result — with the evidence behind it — appears on the owner dashboard for the whole gang.

gore setuplive
Scoped & authorized

Built to find cheats — used with consent.

GORE surfaces the signals that prove or clear a cheat — execution traces, hashes, injection and evasion markers — for server administrators running authorized checks on their own communities.

Keys are hardware-locked and time-limited, the agent leaves no background service, and results live on the owner's dashboard under their control.

Admin-authorized No persistence Hardware-locked keys 30-day validity
verdicts.streamlive
Next step

Give your staff receipts.

Pick a plan and run your first evidence-backed scan today.