Complete Guide to Reporting Cheats in World of Warcraft

Date: January 23, 2026 Author: Hasan Scope: Game cheats, cybercrime tip reporting

Table of Contents

Preface
Part One: Security Preparations Before Reporting
Part Two: Evidence Collection and Preservation
Part Three: Reporting Process and Material Preparation
Part Four: Legal Risk Warnings
Appendix: Commonly Used Tools and Resources

Preface

Why Is This Guide Needed?

With the development of the online gaming industry, the cheat black market has formed a complete criminal chain. As a whistleblower, you not only need to master effective evidence collection methods but also protect your own safety during the reporting process to avoid:

✅ Personal information leakage
✅ Cyber retaliation (doxxing, personal threats)
✅ Your own actions touching legal red lines
✅ Evidence being excluded due to procedural flaws

Core Principles of This Guide

🔐 Safety First > Evidence Completeness > Legal Procedures

Three Pillars:

Anonymity: Never reveal real identity throughout the reporting process
Legality: Evidence collection complies with legal provisions
Effectiveness: Complete chain of evidence, usable for judicial determination

Part One: Security Preparations Before Reporting

⚠️ Important Warning

Before starting reporting actions, you must complete the following security measures. Cheat gangs usually possess certain technical capabilities and may use various means to counter-track whistleblowers.

1.1 Network-Level Security

A. Scientific Internet Access Infrastructure

Core Principle: Use front-end proxy + TOR/I2P network for double concealment

Recommended Solution:

[Your Device] → [Trusted VPN/Airport] → [TOR Network] → [Target Website]

Specific Implementation Steps:

🔹 Step 1: Choose Secure Front-end Proxy

⚠️ Mistakes to Avoid:

❌ Using domestic VPNs requiring real-name authentication
❌ Using server providers in heavily blocked regions
❌ Using outdated protocols (such as PPTP, L2TP/IPSec)

✅ Recommended Practices:

1. Self-built Proxy (Advanced Users)

Modern Protocol Selection (ranked by recommendation):

Protocol	Features	Use Cases	Anti-censorship Capability
Reality	No certificate, perfect camouflage	Highest concealment needs	⭐⭐⭐⭐⭐
Hysteria2	QUIC-based, packet loss resistant	Unstable network environments	⭐⭐⭐⭐⭐
TUIC	UDP proxy, low latency	Gaming/real-time communication	⭐⭐⭐⭐
Trojan	Disguises as HTTPS traffic	Balance performance & concealment	⭐⭐⭐⭐
VLESS+Reality	Next-generation protocol	Comprehensive scenarios	⭐⭐⭐⭐⭐
VMess	V2Ray native protocol	Compatibility needs	⭐⭐⭐

Recommended Configuration (Reality Protocol Example):

Server: Xray-core
Protocol: VLESS + Reality
Transport: TCP / gRPC / HTTP/2
Camouflage Target: www.microsoft.com / www.apple.com
Port: 443 (disguised as HTTPS)

Encryption Algorithms (Modern Standards):

Mainstream Encryption: XChaCha20-Poly1305 (preferred)
Alternative Encryption: AES-256-GCM
TLS Version: TLS 1.3 (required)
❌ Avoid: AES-128, unencrypted modes

VPS Selection Recommendations:

Regional Priority:
1. Hong Kong/Taiwan (low latency, 20-50ms)
2. Japan/Singapore (medium latency, 50-100ms)
3. US West Coast (high latency, 150-200ms)

Provider Recommendations:
- Vultr (supports cryptocurrency)
- DigitalOcean (requires overseas card)
- Linode (high stability)
- Bandwagon (CN2 GIA routes)

⚠️ Avoid:
- Alibaba Cloud International/Tencent Cloud International (may be associated)
- Russia/Iran and other high-risk regions

Client Recommendations (Latest 2025):

Platform	Recommended Client	Supported Protocols	Download Address
Windows	v2rayN / NekoRay	Reality/Hysteria2/All mainstream	GitHub latest version
Windows	Clash Verge Rev	Clash.Meta core	GitHub
macOS	V2Box / FuGfConfig	All protocols supported	GitHub
macOS	Surge (paid)	Professional network debugging	nssurge.com
Linux	sing-box	Next-generation unified platform	sing-box.sagernet.org
Android	v2rayNG / NekoBox	All protocols	Google Play / GitHub
Android	sing-box (recommended)	Optimal performance	GitHub
iOS	Shadowrocket (paid $2.99)	Most mature	US App Store
iOS	Stash (paid)	Clash core	US App Store

Network Architecture Example (2025 High Security Requirements):

Solution A (Highest Security): Local Device (sing-box client)
  ↑ 
  Reality disguised TLS Self-built VPS (Xray-core)
  ↑ 
  Tunnel transit IPLC dedicated line entrance (Residential IP)
  ↓
  TOR

Solution B (Balanced Solution): Local Device (Clash Verge) 
 ↑ 
 Hysteria2 protocol (packet loss resistant) Large airport (Multi-country node load balancing)
 ├─ Hong Kong IEPL (daily use)
 ├─ Japan CN2 (backup route)
 └─ US native IP (streaming media)
 ↓
 Connect to TOR as needed (sensitive operations)
 
 Solution C (Minimalist Solution): Local Device
 ↑ 
 WireGuard protocol Single VPS (Debian 12)
 └─ Install sing-box + TOR relay
                

Traffic Obfuscation Enhancement (For Deep Packet Inspection DPI):

Traditional Method (Outdated): - Simple obfuscation plugins ❌

Modern Method (2025 Recommended):
1. Reality Protocol (real TLS, no signature)
2. CDN Front Configuration: 
   Cloudflare Workers → Origin VPS
   └─ Traffic appears to be accessing Cloudflare
3. Port Hopping 
   Built-in feature of Hysteria2
4. Disguised SNI: 
   Use major company domains (microsoft.com/apple.com)

Incorrect Configuration Warnings:

❌ Common Fatal Errors:
1. Using default ports (8388/10086 etc.) 
   → Change to 443/80 or random high ports
2. TLS encryption not enabled 
   → Traffic will be identified and blocked
3. Expired or self-signed certificates 
   → Use Let's Encrypt auto-renewal
4. Server time not synchronized 
   → Install chrony to sync time
5. Firewall not configured 
   → Use ufw to open only necessary ports

Verify Proxy Security:

Testing Tools:
1. https://ip.skk.moe/ 
   Check: IP location/DNS leak/WebRTC leak
2. https://browserleaks.com/ 
   Complete browser fingerprinting detection
3. https://dnsleaktest.com/ 
   Specialized DNS leak detection
4. Command line test: 
   curl --proxy socks5://127.0.0.1:1080 https://ipinfo.io

3. Enterprise-Level Solution (Tech Enthusiasts)

Core Architecture: [Device] → [sing-box transparent proxy gateway] → [Multi-level proxy] → [Target]

Tech Stack:
- Router: OpenWrt + sing-box
- Protocol: Hysteria2 (primary) + Reality (backup)
- DNS: DoH over proxy (anti-pollution)
- Rules: Smart routing based on domain/IP

Advantages:
✓ All devices automatically bypass firewall
✓ Domestic and foreign traffic auto-split
✓ Ad filtering (AdGuard Home)
✓ Family members need no configuration

🔹 Step 2: Configure TOR Browser

Download and Installation:

Official Website: https://www.torproject.org/
Mirror Site (if blocked): Access using front-end proxy

Security Settings (Required):

Increase Security Level
Settings → Privacy & Security → Security Level → Safest
(This will disable JavaScript; some websites may not display properly)
Disable Dangerous Permissions
- ❌ Location access
- ❌ Camera
- ❌ Microphone
- ❌ Virtual Reality
Bridge Mode (if ISP blocks TOR)
- Use built-in Snowflake bridge
- Or manually configure obfs4 bridge

Usage Specifications:

✅ Use only for reporting-related operations
❌ Do not visit HTTP websites (HTTPS only)
❌ Do not download large files or use P2P
❌ Do not log into any daily accounts
❌ Do not visit the same website simultaneously with regular browsers

Recommended Connection Method:

Your Device → VPN/Proxy → TOR Network → Target

This way ISP can only see you connected to a proxy, proxy provider only knows you connected to TOR, but neither can see browsing content.

🔹 Step 3: DNS Encryption

Problem: Default DNS queries are transmitted in plaintext; ISP can know which websites you visited

Solution: Use DoH (DNS over HTTPS) / DoT (DNS over TLS)

Modern DNS Solutions (2025 Recommended):

Solution	Provider	Address	Features
DoH	Cloudflare	`https://1.1.1.1/dns-query`	Fastest
DoH	Google	`https://dns.google/dns-query`	Stable
DoH	Quad9	`https://dns.quad9.net/dns-query`	Privacy-first
DoT	Cloudflare	`1.1.1.1:853`	Lightweight
DNSCrypt	OpenDNS	-	Legacy solution

Client Configuration:

Windows 11 Native DoH:
Settings → Network & Internet → Properties → DNS Server Settings
Select "Manual" → IPv4 → Preferred DNS → 1.1.1.1
Check "Encrypted DNS" → Select "Encrypted only (DoH)"

macOS (via configuration profile):
Download: https://github.com/paulmillr/encrypted-dns
Install Cloudflare DoH configuration profile

Linux (systemd-resolved):
Edit /etc/systemd/resolved.conf
DNS=1.1.1.1
DNSOverTLS=yes

Browser Level (Firefox):
Settings → Privacy & Security → DNS over HTTPS
Provider: Cloudflare

Proxy Client Built-in DNS (Recommended):

Clash Configuration:
dns:
  enable: true
  ipv6: false
  enhanced-mode: fake-ip
  nameserver:
    - https://1.1.1.1/dns-query
    - https://8.8.8.8/dns-query
  fallback:
    - https://dns.quad9.net/dns-query

sing-box Configuration:
"dns": {
  "servers": [
    {
      "tag": "cloudflare",
      "address": "https://1.1.1.1/dns-query",
      "detour": "proxy"
    }
  ]
}

🔹 Step 4: Traffic Obfuscation

Purpose: Avoid signature identification

Methods:

Randomly visit video websites (YouTube/Netflix)
Write scripts to periodically refresh pages
Enable Cloudflare WARP (layered use)

B. Network Connection Precautions

🚫 Never Use These Network Environments:
- Public WiFi (cafes, airports, hotels)
- Campus networks (may be monitored)
- Corporate networks
- IoT devices (smart routers, etc.)

✅ Recommended Use:
- Self-built wired Ethernet connection
- Mobile hotspot via VPN (using non-registered SIM card)

1.2 Device and Account Security

A. Hardware Physical Isolation

Core Principle: Dedicated devices for specific purposes, never mix

Minimum Configuration Plan:

Device A (Daily Device)  ← Not used for any sensitive operations
Device B (Reporting Device)  ← Only for evidence collection and reporting
Device C (Offline Device)  ← For sensitive file editing (not connected to internet)

Recommended Hardware:

Second-hand mini PCs (such as Intel NUC, Lenovo M series)
Price: ¥500-1500
Configuration: 4GB RAM + 128GB SSD sufficient
Important: Avoid purchasing Chinese brand devices

Operating System Installation:

System installed on USB Live System (Tails OS)
Or independent SSD (convenient for physical destruction)

🔹 Physical Security Measures

Camera/Microphone Handling:

Solution 1 (Recommended): Physical removal
Solution 2 (Second choice): Seal with black tape
Solution 3 (Not recommended): Only disable system permissions

Other Sensors:

Disable Bluetooth module (remove antenna)
Disable WiFi module (use wired network only)
Remove GPS module (if present)

Computer Isolation:

Power off other devices and keep them away during reporting
Reason: Keyboard typing sounds can be analyzed and recognized by recording devices

B. Mobile Device Security

Basic Principle:

🚫 Never use smartphones for reporting operations
📱 If must use, adopt the following plan

Recommended Hardware Configuration:

Primary Phone: Google Pixel (flashed with GrapheneOS)
  ├─ No SIM card, WiFi only
  └─ Install Signal/Session for encrypted communication

Backup Phone: iPhone (US Apple ID)
  ├─ Only install necessary Chinese apps
  └─ Turn off iCloud sync

Feature Phone: Nokia/Xiaomi (receive verification codes)
  ├─ Insert battery and SIM only when needed
  └─ SIM card: Real-name registered by others or overseas card

SIM Card Selection Priority:

Virtual number (Google Voice)
  ↓
Overseas unregistered card (eSIM)
  ↓
Domestic card registered under someone else's name
  ↓
🚫 Never use your own real-name +86 number

Recommended Overseas Phone Cards:

Country/Region	Brand	Monthly Fee	Number Retention Requirements	Notes
🇺🇸 USA	Ultra Mobile PayGo	$3	Monthly renewal	Supports eSIM
🇬🇧 UK	Vodafone	£0	Send SMS every 6 months	Supports eSIM
🇭🇰 Hong Kong	ClubSIM	HK$6/year	Annual recharge	Supports eSIM
🇵🇭 Philippines	Globe	₱15/6mo	Recharge every 6 months	No eSIM

Acquisition Methods:

Taobao (purchasing agent, choose carefully)
Official website online purchase (requires foreign currency card)
eSIM platforms: Airalo, esimq.com

⚠️ Critical Warning:

❌ Never insert overseas phone card into phone that used +86 number
❌ Never share overseas number on Chinese social software
❌ Never install 360, Anti-fraud App on phone

C. Network Identity Management

Basic Principle:

One site one account + One site one email + One site one password

Identity Granularity Example:

Identity 1: Daily social (WeChat/QQ)
  └─ Only contact with family

Identity 2: Work communication (Enterprise WeChat/DingTalk)
  └─ Work-related only

Identity 3: Reporting action (Telegram/Signal)
  ├─ Register with overseas number
  ├─ Nickname: Random string
  ├─ Avatar: Solid color/no features
  └─ ⚠️ Absolutely no connection with Identity 1/2

Email Allocation Strategy:

Service Type	Recommended Email	Purpose
Daily Registration	Gmail (backup)	Low sensitivity
Medium Privacy	ProtonMail	Medium sensitivity
High Sensitivity	Tutanota/MailFence	Reporting only
Temporary Use	Guerrilla Mail/10MinuteMail	One-time use

Password Management:

Tool: KeePassXC (local) or Bitwarden (cloud)
Strategy: Generate independent 32-character random password for each service
Master password: Generated using Diceware (7+ words)

Two-Factor Authentication (2FA):

✅ Use: Aegis (Android)/Raivo OTP (iOS)
❌ Avoid: SMS verification codes
❌ Avoid: Biometric authentication (fingerprint/face)

D. Social Behavior Specifications

14 Iron Rules:

❌ Do not use same username for different services
❌ Do not use same email for different services
❌ Do not post photos that can be reverse searched to yourself (check EXIF)
❌ Do not discuss personal preferences/specific locations/time zone information
❌ Do not install any Chinese company software (isolate in VM if necessary)
❌ Do not reply to or blacklist spam (delete directly)
❌ Do not share unnecessary personal information
❌ Do not enable JavaScript on untrusted websites
❌ Do not expose personal language style
❌ Do not log into different identity accounts with real IP
❌ Do not log into multiple identities in same browser
❌ Do not operate reporting accounts outside TOR
❌ Do not send unencrypted data through TOR
❌ Do not discuss sensitive topics on WeChat/QQ and other domestic platforms

Advanced Anti-tracking Techniques:

Periodically post false information (e.g., "using Linux" when actually using Mac)
Set silent periods (intentionally offline for days)
Use scripts to send automatic messages at scheduled times to interfere with time analysis

1.3 Operating System and Software Security

A. Operating System Selection

Security Level Ranking:

Tails OS (Highest)
  ↓
Qubes OS + Whonix
  ↓
Linux Distributions (Arch/Debian)
  ↓
macOS (Downgrade iCloud and other services)
  ↓
Windows (Lowest, not recommended)

🔹 Recommended Solution 1: Tails OS

Features:

Forces all traffic through TOR
Runs from USB, leaves no traces
Automatically wipes memory on shutdown

Download: https://tails.boum.org/

Use Cases:

Visiting reporting websites
Sending encrypted emails
Downloading sensitive files

🔹 Recommended Solution 2: Qubes OS + Whonix

Features:

VM isolation (one VM per task)
Whonix provides TOR gateway
Prevents cross-VM information leakage

System Requirements:

CPU: Intel VT-x/AMD-V support
Memory: At least 8GB (16GB recommended)
Storage: 128GB+ SSD

VM Allocation Example:

VM1: Browser (reporting website access)
VM2: Email client (encrypted communication)
VM3: File processing (evidence organization)
VM4: Offline work (sensitive document editing)

🔹 Windows Users Must-Do Security Settings

⚠️ Only use when Linux is not an option

Disable Dangerous Services:

Press Win+R → Enter services.msc → Disable following services:

- Remote Desktop Configuration
- Remote Desktop Services
- Remote Registry
- Routing and Remote Access
- UPnP Device Host
- Volume Shadow Copy
- File History Service

Clean Unsafe Certificates:

Win+R → certmgr.msc
Go to "Trusted Root Certification Authorities" → "Certificates"
Right-click to disable following authorities:
- CNNIC (China Internet Network Information Center)
- WoSign
- StartCom
- Other China government-related CAs

Registry Optimization (Advanced):

# Disable telemetry
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v AllowTelemetry /t REG_DWORD /d 0 /f

# Disable Windows Defender upload
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f

Firewall Rules:

Block all outbound traffic, whitelist only
Use tools like Simplewall for fine-grained control

B. Browser Configuration

Recommended Browsers (by security ranking):

TOR Browser (Highest)
- Dedicated to reporting actions
- Built-in security configuration
Firefox (High)
- Requires manual hardening configuration
- Suitable for daily privacy browsing
Brave (Medium)
- Out-of-the-box
- Built-in ad blocking

Firefox Hardening Configuration:

Must-install Extensions:

Extension Name	Function	Priority
uBlock Origin	Ad/tracking blocker	⭐⭐⭐
Privacy Badger	Intelligent anti-tracking	⭐⭐⭐
HTTPS Everywhere	Force HTTPS	⭐⭐⭐
NoScript	JavaScript control	⭐⭐
CanvasBlocker	Fingerprint protection	⭐⭐
Cookie AutoDelete	Auto-delete cookies	⭐⭐
Decentraleyes	Offline CDN	⭐

Configuration File Modification (about:config):

// Disable WebRTC (prevent IP leak)
media.peerconnection.enabled = false

// Enable GPC
privacy.globalprivacycontrol.enabled = true

// Fingerprinting protection
privacy.resistFingerprinting = true

// Disable telemetry
toolkit.telemetry.enabled = false
datareporting.healthreport.uploadEnabled = false

Browser Fingerprint Testing:

https://coveryourtracks.eff.org/
https://browserleaks.com/

Goal: Display "Your browser has strong protection against tracking"

C. File Security and Encryption

🔹 Encrypted Container (VeraCrypt)

Configuration Recommendations:

Create Hidden Volume

Outer Volume (Decoy): Store less sensitive content
  └─ Password 1: Normal strength

Hidden Volume (Real): Store reporting evidence
  └─ Password 2: High strength (Diceware 7+ words)

Encryption Algorithm Selection
- Algorithm: AES-256
- Hash: SHA-512
- File System: exFAT (cross-platform)
Security Practices
- ✅ Regularly add files to outer volume (simulate usage)
- ✅ Outer volume content should have some sensitivity (credible)
- ✅ Immediately delete temporary files after unmounting
- ❌ Do not mount both volumes simultaneously in same system

USB Concealment Plan:

Install VeraCrypt on USB (portable version)
  ↓
Law enforcement officers checking computer won't find software
  ↓
Only insert USB in safe environment for use

🔹 File Metadata Removal

Dangerous Sources:

Photos: GPS coordinates, device model, shooting time
Office documents: Author name, company name, edit history
PDF: Creation software, system information

Removal Tools:

Platform	Tool	Usage
Windows	ExifTool	`exiftool -all= photo.jpg`
macOS	ImageOptim	Drag file for automatic cleaning
Linux	mat2	`mat2 --inplace document.pdf`

Office Document Cleaning (Manual):

Word/Excel:
File → Info → Inspect Document → Check for Issues →
Remove (Personal Information/Hidden Content/Document Properties)

Convert to PDF:

Do not send Office documents directly
Clean metadata again after converting to PDF
Use LibreOffice export (safer than Microsoft Office)

🔹 Secure Data Deletion

Wrong Approach:

❌ Right-click delete → Empty recycle bin (data can be recovered!)

Correct Approach:

Storage Type	Method
HDD	Multiple random overwrites (7+ passes)
SSD	ATA Secure Erase
USB/SD Card	Physical destruction (shred/thermite)

Tool Recommendations:

Windows: Eraser
Linux: shred -vfz -n 10 filename
SSD specific: hdparm --security-erase

Ultimate Solution:

If stored extremely sensitive data→
  ↓
Even ATA erase has residual risks→
  ↓
Physical destruction (thermite/cleaver/firecrackers)

D. Communication Encryption

🔹 Instant Messaging Software Selection

Security Level Ranking:

Session (Highest, no phone number required)
  ↓
Signal (High, requires phone number but end-to-end encrypted)
  ↓
Telegram (Medium, not encrypted by default)
  ↓
WhatsApp (Low, Meta-owned)
  ↓
🚫 WeChat/QQ (Never use)

Session Configuration:

Registration requires no personal information
Blockchain-based decentralized architecture
Message self-destruct feature
Download: https://getsession.org/

Telegram Safe Usage:

⚠️ Notes
- Default chats not end-to-end encrypted
- Must use "Secret Chat" mode
- Do not use third-party clients
- Disable "Add by phone number" feature

🔹 Email Encryption (PGP/GPG)

Tool Installation:

Windows: Gpg4win
macOS: GPG Suite
Linux: GnuPG (built-in)

Generate Key Pair:

gpg --full-generate-key

# Select:
Type: RSA and RSA
Length: 4096 bits
Validity: 1 year (change regularly)
Name: Pseudonym (not real name)
Email: Reporting-specific email

Export Public Key:

gpg --armor --export YourEmail > public-key.asc

Encrypt File:

gpg --encrypt --recipient RecipientEmail document.pdf

ProtonMail Integration:

Built-in PGP support
Web version access via TOR
Self-destruct email feature
Registration: https://proton.me/

Part Two: Evidence Collection and Preservation

📌 Three Principles of Evidence Collection

Comprehensiveness: Cover complete chain of evidence

Objectivity: Maintain original state, no tampering

Legality: Evidence collection methods comply with law

2.1 Sales Channel Evidence Collection

A. Domestic Platform Channels

Platform List:

Platform Type	Specific Platforms	Evidence Focus
E-commerce	Taobao/Xianyu/Pinduoduo	Product links, store homepage, reviews
Social Platforms	QQ groups/WeChat groups/Tieba	Group announcements, group files, chat logs
Video Platforms	Douyin/Bilibili/Kuaishou	Promotional videos, comment section traffic
In-game	World channel/PM/Guild	In-game ad screenshots

Collection Steps (Taobao Example):

Step 1: Complete product page screenshot
  └─ Include: Title/price/sales volume/seller nickname/store name

Step 2: Store homepage screenshot
  └─ Record: Store ID/registration time/location/main category

Step 3: Review section screenshot (at least 3 pages)
  └─ Focus: User real feedback/usage effects/customer service replies

Step 4: Details page screenshot (all)
  └─ Software function introduction/usage tutorial/contact information

Step 5: Seller profile (if visible)
  └─ Real-name authentication mark/business information

Screen Recording Requirements:

Tool: OBS Studio / Bandicam
Settings: 1920x1080 / 30fps / H.264 encoding
Duration: Complete operation process for each section
Audio: Record mouse click sounds (proves real operation)

QQ Group/WeChat Group Evidence:

Must-collect items:
✓ Group name/group number/group owner nickname
✓ Complete group announcement text (including cheat price/functions)
✓ Group file list (if installation packages/user manuals present)
✓ Member count (estimate user scale)
✓ Admin chat logs (ordering process/after-sales)
✓ Payment QR codes/bank accounts shared in group

Special Note:

⚠️ QQ groups may be dissolved at any time
→ Complete evidence collection immediately
→ Export chat logs as txt/html format
→ Tool: QQ Chat Log Export Assistant

B. Overseas Platform Channels

Platform List:

Platform	Purpose	Evidence Type
Discord	Community/customer service/distribution	Channel chat/announcements/files
Telegram	Groups/card-issuing bots	Group messages/Bot conversations
Official Website	Direct sales	Page snapshots/payment process

Telegram Bot Evidence:

Card-issuing Bot Example:
Username: @某某某_bot
Conversation Flow:
  1. /start triggers welcome message
  2. Select product type
  3. Generate payment address (BTC/USDT)
  4. Automatically issue card after payment

Collection Points:
✓ Bot username (@xxx)
✓ Complete conversation screenshots (with timestamps)
✓ Payment address (blockchain queryable)
✓ Received activation code/download link

Discord Server Evidence:

Channel Structure Example:
#announcements → Price list/update logs
#purchase → Ordering process instructions
#support → After-sales problem solving
#files → Client download/user manual

Collection Points:
✓ Server invite link
✓ Channel list screenshot
✓ Admin role assignments
✓ Pinned messages (often key information)

Official Website Evidence (Important):

Method 1: Real-time Capture
  - Use Webpage Screenshot plugin
  - Capture complete long page

Method 2: Historical Archive
  - Wayback Machine: https://web.archive.org/
  - Archive.today: https://archive.today/

Collection Content:
✓ Homepage/pricing page/download page/FAQ page
✓ Domain registration information (WHOIS query)
✓ Server IP address (ping command)
✓ Website filing information (if present)

Wayback Machine Usage Tips:

1. Enter target URL
2. View historical snapshot dates
3. Select earliest and most recent snapshots for comparison
4. Save as WARC format (complete archive)

C. Evidence Preservation Technical Specifications

Screenshot Specifications:

Must include following elements:
□ Complete browser address bar (showing URL)
□ System timestamp (taskbar/notification center)
□ Complete page content (no cropping)
□ Window title bar

Tool Recommendations:
- Snagit (with annotation feature)
- ShareX (open source free)
- System built-in: Win+Shift+S / Cmd+Shift+4

Screen Recording Specifications:

Scenario: Complete process of visiting cheat website

Recording Content:
1. Open browser (showing blank page)
2. Manually enter URL (entire process visible)
3. Page loading process
4. Browse various sections (price/features/contact)
5. Simulate ordering process (but don't pay)

Time Markers:
- Before starting recording, first open system time settings
- During recording, periodically switch to desktop to show time

File Saving Naming Specifications:

Format: [Date]_[Platform]_[Evidence Type]_[Number]

Examples:
20250115_Taobao_Product Page_001.png
20250115_Taobao_Review Section_002.png
20250115_QQ Group_Chat Log_001.html
20250115_Discord_Channel Screenshot_003.png

⚠️ Do not use Chinese paths! May cause garbled text in notary system

2.2 Cheat Client Sample Acquisition

⚠️ Legal Risk Warning

Purchasing cheats itself has legal controversy. Recommendations:

Immediately report to public security authorities after purchase

Use only for technical analysis and reporting

Do not actually use in game

A. Purchase Preparation

Hardware Preparation:

Dedicated Device (VM or independent computer)
  └─ Operating System: Clean installation of Windows/Linux
  └─ Network: Connect via VPN/TOR
  └─ Storage: Prepare independent USB drive (for sample storage)

Payment Method Preparation:

Method	Anonymity	Traceability	Notes
Cryptocurrency	⭐⭐⭐	Low (requires professional analysis)	Recommend BTC/XMR
Alipay/WeChat	⭐	High (real-name)	Will expose real identity
Bank Transfer	⭐	High (real-name)	Same as above

If must use Alipay/WeChat:

Solution: Use account registered under someone else's name
  ├─ Ask trusted friend to pay (transfer later)
  ├─ Or prepare a secondary account (not real-name registered by yourself)
  └─ ⚠️ Transaction records must be completely saved

B. Complete Purchase Process Recording

Step-by-Step Recording Requirements:

Stage 1: Finding Seller
  └─ Screen record: Search keywords → Find seller → Contact process

Stage 2: Consultation Communication
  ├─ Screenshots: Every chat message (with time)
  ├─ Inquire: Price/features/usage method/after-sales
  └─ Save: Any files/links provided by seller

Stage 3: Place Order and Pay
  ├─ Screen record: Complete payment process
  ├─ Screenshot: Payment success page
  │   └─ Must include: Order number/amount/payee info/time
  └─ Save: Payment proof (Alipay/WeChat bill screenshot)

Stage 4: Receive Product
  ├─ Method 1: Cloud drive link
  │   └─ Screenshot: Link page/download process/file list
  ├─ Method 2: Sent via chat
  │   └─ Save: Original file (do not rename)
  └─ Method 3: Card key activation
      └─ Record: Activation code/activation time/binding info

Complete Seller Information Recording:

Individual Seller:
□ Nickname/ID
□ Avatar (screenshot)
□ Personal signature/bio
□ QQ/WeChat/Telegram username
□ Alipay account name
□ WeChat payment QR code (if real-name info visible)
□ Phone number (if visible)

Store Seller:
□ Store name/ID
□ Store owner real-name info (if visible)
□ Business license number (required by e-commerce platforms)
□ Customer service account
□ Shipping address (if on courier slip)

C. Client Sample Handling

Storage Specifications:

Copies: At least 3 copies
  ├─ Original backup (do not extract/do not run)
  ├─ Analysis copy (can perform reverse engineering)
  └─ Submission copy (for police/game company)

Storage Locations:
  ├─ Encrypted USB (VeraCrypt hidden volume)
  ├─ Offline hard drive (not connected to internet)
  └─ Cloud encrypted backup (ProtonDrive etc.)

Hash Value Recording (Important):

# Calculate file fingerprint (prevent tampering)
# Windows CMD:
certutil -hashfile CheatClient.exe SHA256

# Linux/macOS:
sha256sum CheatClient.exe

# Output Example:
a3b5c72d98f1e...（64-character string)

⚠️ Record this Hash value in evidence list!

File Attributes Recording:

Right-click → Properties → Details

Recording Items:
□ File name
□ File size
□ Creation date
□ Modified date
□ File version (if present)
□ Product name
□ Company name
□ Digital signature (check if there's certificate)

D. VM Isolation Running (Optional)

Purpose: Observe cheat behavior without affecting real system

Recommended Virtualization Software:

VMware Workstation Pro
VirtualBox (free open source)

VM Configuration:

Operating System: Windows 10 (clean installation)
Network: Host-only mode (not connected to external network)
Snapshot: Create snapshot point before installation

Observations After Installing Cheat:
□ Registry changes (monitor with Process Monitor)
□ File creation locations
□ Network connection attempts (capture with Wireshark)
□ Process behavior (Process Explorer)

⚠️ Screen record entire running process

Behavior Analysis (Advanced):

Tools:
- Process Monitor (monitor file/registry operations)
- Wireshark (network communication analysis)
- API Monitor (Windows API call tracing)

Key Records:
□ Remote server IP/domain connected
□ Transmitted data packet content
□ Accessed game processes/memory addresses
□ Encryption method (if identifiable)

2.3 Complete Transaction Record Preservation

📌 Core Principle

Transaction records are direct evidence proving "illegal income amount" and must be completely preserved.

A. Alipay/WeChat Payment Records

Export Bills:

Alipay:
Me → Bills → Upper right settings → Download Bills
  └─ Select time range: Including purchase date
  └─ Format: Excel or PDF
  └─ Backup immediately after download

WeChat:
Me → Services → Wallet → Bills → FAQ → Download Bills
  └─ Select purpose: Personal reconciliation
  └─ Delivery method: Send to email

Screenshot Requirements:

Transaction details page must include:
□ Transaction number (unique identifier)
□ Transaction time (accurate to seconds)
□ Transaction amount
□ Payee information:
    ├─ Alipay: Real name/account
    └─ WeChat: Nickname/WeChat ID
□ Product name/notes
□ Transaction status (Transaction successful)

Seller Account Homepage Screenshot:

Alipay:
  Click payee avatar → Enter personal homepage
  □ Real name (if visible)
  □ Alipay account
  □ Avatar/personal signature

WeChat:
  Click payee avatar → Personal information
  □ Nickname
  □ WeChat ID
  □ Region
  □ Personal signature
  □ Moments cover

B. Bank Transfer Records

Applicable Scenario: Large transactions or specific requirements

Evidence Collection:

Online/Mobile Banking:
  Transaction Details → Filter date → Find corresponding record

Necessary Information:
□ Transfer serial number
□ Transfer time
□ Transfer amount
□ Receiving account:
    ├─ Payee name
    ├─ Receiving bank
    └─ Receiving account number
□ Note/Purpose (if filled)

Screenshots:
  ├─ Transfer record list page
  └─ Individual transaction details page

Bank Receipt (Recommended):

Acquisition Methods:
  Method 1: Download electronic receipt from online banking (PDF format)
  Method 2: Print paper receipt at ATM/counter

Advantages:
  ✓ Has bank stamp (high legal effect)
  ✓ Complete information (includes serial number/other party account etc.)

C. Complete Chat Log Preservation

QQ Chat Logs:

Method 1: Local Backup
  QQ main interface → Lower left menu → Message Manager
  └─ Select chat window with seller
  └─ Right-click → Export message records
  └─ Format selection: txt (text) or bak (includes images)

Method 2: Screenshot Preservation
  └─ Screenshot each message from first one
  └─ Ensure includes: Time/nickname/message content/images

WeChat Chat Logs:

⚠️ WeChat officially doesn't provide export function

Method 1: Screenshot each message (Recommended)
  └─ Long press message to see timestamp
  └─ Multi-select then forward merge to "File Transfer"
  └─ View and screenshot in PC version

Method 2: Third-party tools (Use cautiously)
  └─ WeChatExporter (GitHub open source)
  └─ Requires root/jailbreak permissions
  └─ ⚠️ May violate WeChat Terms of Service

Telegram/Discord:

Telegram:
  Chat window → Upper right three dots → Export chat history
  └─ Format: HTML or JSON
  └─ Include: Text/images/files

Discord:
  Use third-party tool: DiscordChatExporter
  └─ Export entire channel chat logs
  └─ Supports HTML format saving

2.4 Special Recording of Cryptocurrency Transactions

🪙 Why Special Recording?

Cryptocurrency transactions appear anonymous, but blockchain permanently records them. Mastering correct methods can precisely track fund flow.

A. Pre-Transaction Recording Preparation

Other Party's Wallet Address Recording:

Collection Content:
□ Complete wallet address (e.g.: bc1q...)
    └─ ⚠️ Copy completely, don't truncate
□ QR code screenshot (if provided)
    └─ Contains embedded address info
□ Coin type identifier: BTC/ETH/USDT etc.
□ Network type:
    ├─ USDT-TRC20 (TRON)
    ├─ USDT-ERC20 (Ethereum)
    └─ USDT-Omni (Bitcoin)

Payment Instructions in Chat:

Screenshot Points:
□ Receiving address sent by other party
□ Amount confirmation dialogue
    Example: "Please transfer 0.05 BTC to following address"
□ Timestamp (accurate to seconds)
□ Exchange rate agreement (if present)
    Example: "Calculate at 7000USD/BTC"

B. Transaction Process Core Evidence

Wallet Transfer Record:

Must screenshot/save:
□ Wallet balance before sending
□ Transfer amount (accurate to 8 decimal places)
    Example: 0.00512000 BTC
□ Miner fee/Gas fee
□ Receiving address (verify consistency)
□ Sending time
□ Balance after transfer

Example (Binance transfer):
  Withdrawal page → Fill address → Confirm →
  Copy transaction hash (TXID)

Transaction Hash (TXID):

This is the most important evidence!

Example:
3a5f8c9d7b2e1f4a6c8d9e0b3f5a7c2d1e9b4f8a6c...
  ↑
  64-character hexadecimal string

⚠️ Save properly, use for blockchain query

C. Blockchain Explorer Query and Evidence Preservation

Query Steps:

Step 1: Select corresponding blockchain explorer
  Bitcoin (BTC): blockchain.com / blockchair.com
  Ethereum (ETH): etherscan.io
  TRON (TRX): tronscan.org

Step 2: Enter transaction hash (TXID)

Step 3: Wait for page to load (complete transaction details)

Blockchain Explorer Screenshot Checklist:

Must screenshot following information:
□ Transaction overview page (overall information)
    ├─ Transaction hash
    ├─ Status: Confirmed
    ├─ Block height
    ├─ Timestamp (UTC time)
    └─ Confirmations

□ Sending address (From)
    └─ Your wallet address

□ Receiving address (To)
    └─ Seller wallet address

□ Transfer amount
    ├─ Cryptocurrency amount
    └─ Fiat value (USD/CNY)

□ Transaction fee
    └─ Miner Fee / Gas Fee

□ Transaction input/output (Advanced)
    └─ Can view complete fund flow between addresses

Complete Page Preservation:

Method 1: Complete webpage save
  Browser → Right-click → Save as →
  Select "Webpage, Complete"

Method 2: Generate PDF
  Ctrl+P → Print → Save as PDF
  ⚠️ Ensure all collapsed content is expanded

Method 3: Use Archive.today for permanent archiving
  Visit: https://archive.today/
  Enter blockchain explorer URL
  Generate permanent snapshot link

D. Key Technical Information Recording Table

Standardized Recording Template:

Item	Example Content	Notes
Coin Type	BTC	Bitcoin
Sending Address	bc1qxy2kgdygjrsqtzq2n…	Your wallet
Receiving Address	1A1zP1eP5QGefi2DMPTfTL…	Seller wallet
Transfer Amount	0.00512000 BTC	Accurate to 8 decimals
Fiat Value	¥2,304.00 CNY	Exchange rate at transaction
Transaction Hash	3a5f8c9d7b2e1f4a6c8d9e…	TXID
Transaction Time	2025-01-15 14:32:18 UTC	Blockchain record
Block Height	750,123	Block number packaged in
Confirmations	6 confirmations	More means more irreversible
Miner Fee	0.00001500 BTC	Network fee

Exchange Rate Recording (Important):

Why record?
  Because cryptocurrency prices fluctuate drastically
  Need to prove "actual value at time of transaction"

Recording Method:
□ Screenshot exchange price (Binance/OKX)
    └─ Candlestick chart with timestamp
□ Reference websites:
    ├─ CoinMarketCap
    ├─ CoinGecko
    └─ TradingView
□ Calculation formula:
    Fiat value = Cryptocurrency amount × Exchange rate at that time

E. Platform Intermediary Transaction Evidence

If through exchange or OTC platform:

Internal exchange transfer (e.g. Binance internal transfer):
  My Orders → View details → Screenshot
  □ Order number
  □ Time
  □ Other party UID (User ID)
  □ Transfer amount
  □ Status: Completed

C2C/OTC platform transactions (e.g. LocalBitcoins):
  Transaction History → Specific order → Complete screenshot
  □ Transaction number
  □ Counterparty information (nickname/rating)
  □ Chat records (built-in chat window)
  □ Payment proof upload record
  □ Coin release operation time

Appeal/Ticket Records:

If disputes occur:
  □ Appeal ticket number
  □ Platform customer service dialogue
  □ Arbitration result

⚠️ These records can prove transaction authenticity

F. Fund Flow Tracking (Advanced)

Why Track?

Scenario:
  You pay to Seller A →
  A transfers to Superior Agent B →
  B transfers to Developer C →
  C exchanges to fiat currency

Purpose:
  Track entire criminal chain's fund flow

Tracking Tools:

Tool	Function	Website
Chainalysis	Professional on-chain analysis (paid)	chainalysis.com
Crystal Blockchain	Fund flow visualization	crystalblockchain.com
Elliptic	Transaction risk scoring	elliptic.co
TRM Labs	Compliance investigation tool	trmlabs.com
OKLink	Free blockchain explorer	oklink.com

Manual Tracking Method (Free):

Step 1: Query seller address in blockchain explorer
Step 2: View "All transactions" of that address
Step 3: Record high-frequency interacting addresses (suspected superiors)
Step 4: Repeat steps 2-3 for new addresses

⚠️ This process is complex, suggest explaining to police
  and recommending police contact professional on-chain analysis company for assistance

Materials to Provide to Law Enforcement:

Besides regular evidence, additionally provide:
□ Complete transaction hash list
□ List of involved wallet addresses
□ Blockchain explorer screenshots (packed and compressed)
□ List of recommended on-chain analysis companies to contact
□ International cooperation suggestions for cross-border cases

2.5 Evidence Solidification and Notarization

⚖️ Why Notarization Needed?

Electronic evidence collected by oneself may be questioned for "authenticity" legally. Notarized evidence has stronger probative value.

A. Types of Evidence Suitable for Notarization

Evidence Suitable for Notarization:

✓ Webpage content (cheat sales website)
✓ Chat logs (QQ/WeChat/Telegram)
✓ Video recordings (purchase process screen recordings)
✓ Email correspondence
✓ Transaction record screenshots
✓ Software program itself (client files)

Not Recommended for Notarization:

✗ Unencrypted content containing personal privacy
  (Notarization document may be reviewed by opposing party in litigation)
✗ Evidence obtained illegally
  (such as through hacking)

B. Notary Office Processing Procedure

Preparation Materials:

1. Original ID card
2. Electronic evidence to be notarized:
    ├─ USB drive/CD/mobile hard drive
    ├─ Or operate on-site at notary office for evidence collection
3. Source explanation of evidence (written)
4. Notarization fee (varies by region, 200-500 yuan)

On-site Operation Procedure:

Step 1: Make appointment with notary office in advance
  └─ Phone/online appointment for "Evidence Preservation Notarization"

Step 2: Bring equipment on-site
  └─ Bring prepared evidence collection equipment
  └─ Or use notary office computer

Step 3: Operate under notary supervision
  ├─ Open browser
  ├─ Visit target website
  ├─ Screenshot/screen record
  └─ Save files

Step 4: Seal evidence
  └─ Burn CD/USB drive for sealing
  └─ Notary stamps across seams

Step 5: Issue notarization document
  └─ Collect in 5-7 working days

Notarization Document Content:

Includes:
□ Evidence collection time/location
□ Evidence collection process description
□ URL/IP address/domain name
□ Page content screenshots (attachments)
□ File Hash value
□ Notary signature + official seal

C. Electronic Evidence Preservation Platform (Alternative Solution)

Applicable Scenarios: Emergency situations or unable to go to notary office remotely

Trusted Platforms:

Platform	Features	Website
China Judicial Big Data Research Institute	Official endorsement, court recognized	No public platform currently
Third-party evidence preservation platforms	Blockchain evidence preservation	E.g.: Liangyirong, Cunzheng Cloud

Operation Process (Example platform):

1. Register account (real-name authentication)
2. Upload evidence files
3. System automatically:
    ├─ Calculate file hash
    ├─ Record upload time (trusted timestamp)
    ├─ Write to blockchain (tamper-proof)
4. Generate electronic certificate
5. Can apply for paper report if necessary

Advantages:

⚡ Real-time solidification (not limited by notary office working hours)
💰 Lower cost (dozens of yuan/time)
🌐 Online operation (no need to be present)

Disadvantages:

Legal effect slightly lower than traditional notarization (but gradually being recognized)

D. Timestamp Service (TSA)

What is Timestamp?

Time proof issued by authoritative institution
Proves a file existed at specific time and hasn't been modified

Free Services:

National Time Service Center: http://www.ntsc.ac.cn/
Safestamper: https://www.safestamper.com/

Usage Method:

1. Calculate file SHA-256 hash
2. Upload to timestamp service website
3. Server returns:
    ├─ Timestamp certificate (TST file)
    └─ Contains file hash + issuance time
4. Save TST file together with original file

Verification Method:

At any time in future, can:
1. Recalculate file hash
2. Compare with timestamp certificate
3. If consistent, proves file hasn't been modified

E. Evidence Management and Storage

File Organization Structure:

Reporting Evidence Folder/
├─ 01_Sales Channel Evidence/
│   ├─ Taobao/
│   │   ├─ 20250115_Product Page.png
│   │   ├─ 20250115_Store Info.png
│   │   └─ ...
│   ├─ QQ Groups/
│   └─ Discord/
│
├─ 02_Transaction Records/
│   ├─ Alipay Bill.xlsx
│   ├─ Chat Log_QQ.html
│   └─ Blockchain Transaction Screenshots/
│
├─ 03_Cheat Samples/
│   ├─ Original Files/
│   │   └─ client_v1.2.exe (don't manipulate)
│   ├─ Hash Value Record.txt
│   └─ Running Observation Video.mp4
│
├─ 04_Notarization Materials/
│   ├─ Notarization Document_Scan.pdf
│   └─ Timestamp Certificate.tst
│
└─ Evidence List.xlsx (Master Directory)

Evidence List Template:

| No. | Evidence Type | File Name | Source | Collection Time | Hash Value | Notes |
|-----|--------------|-----------|--------|----------------|------------|-------|
| 001 | Webpage Screenshot | Taobao Product Page.png | Taobao | 2025-01-15 | a3b5... | Notarized |
| 002 | Chat Log | QQ Chat.html | QQ | 2025-01-15 | c7d9... |  |
| ... | ... | ... | ... | ... | ... | ... |

Part Three: Reporting Process and Material Preparation

3.1 Selection of Reporting Targets

Three Reporting Paths:

Path 1: Game Operator (NetEase)
  └─ For: Account banning, technical countermeasures

Path 2: Online Platforms (Taobao/QQ etc.)
  └─ For: Remove products, ban accounts

Path 3: Public Security Authorities
  └─ For: Criminal case filing, pursue criminal liability

Recommended Strategy:

Report to all three parties simultaneously (three-pronged approach)
  ├─ Game company: Quick response, ban cheat users
  ├─ Platform: Cut off sales channels
  └─ Public security: Attack source (developers/agents)

3.2 Reporting to Game Operator

A. NetEase Reporting Channels

Official Channels:

Method 1: In-game reporting
  ESC → Help → Report Cheat

Method 2: Customer Service Hotline
  Phone: 95163808
  Online Customer Service: Client login interface

Method 3: Official Email
  cn_hacks@battlenet.com.cn

Method 4: Official WeChat Public Account
  Search "World of Warcraft" → Online Customer Service

Suggested Submission Materials:

Brief report letter + cheat sample
  ├─ Explanation: Cheat name/functions/harm
  ├─ Attachments:
  │   ├─ Cheat client compressed package
  │   ├─ Sales website/chat log screenshots
  │   └─ Function demonstration video (if available)
  └─ Request: Technical analysis, batch banning

3.3 Complaints to Online Platforms

A. Taobao/Xianyu

Complaint Entry:

Product page → Upper right "..." → Report
  or
Search "12315" mini-program → I want to complain

Complaint Type Selection:

Sale of prohibited items → Network fraud tools/hacker software

Complaint Materials:

□ Product link
□ Product detail screenshots
□ Promotional images (if containing words like "cheat" "auto farming")
□ Legal provision citations:
    Criminal Law Article 285
    Cybersecurity Law Article 27

B. QQ Groups/WeChat Groups

Tencent Report Center:

Website: https://110.qq.com/

QQ Group Reporting:
  Group chat interface → Upper right "..." → Report

WeChat Group Reporting:
  Group chat interface → Upper right "..." → Complain

Report Type:

Suspected illegal crime → Network fraud/black market

3.4 Reporting to Public Security Authorities

A. Pre-reporting Preparation

Choose Appropriate Jurisdiction Unit:

Priority 1: Cyber Security Brigade (Cyber Police)
  └─ Jurisdiction: Cybercrime cases

Priority 2: Economic Crime Investigation Brigade (Economic Police)
  └─ Jurisdiction: Large case amounts (illegal business operations)

Priority 3: Local Police Station
  └─ Can accept reports, then transfer to cyber police

How to Find Cyber Police Brigade:

Method 1: Call 110 for transfer
Method 2: Check contact information on municipal bureau website
Method 3: Visit municipal public security bureau lobby for inquiry

B. Report Material Preparation

Written Report Materials (Required):

【Report Letter Title】
Report Materials on XXX Cheat Software Suspected of Crime

【Body Structure】
I. Reporter Information
  Name/ID number/Contact/Address

II. Case Statement
  1. Basic Situation of Cheat Software
      Name/Functions/Technical Principles (brief)
  2. Discovery Process
      When/Where/How discovered
  3. Involved Personnel Information
      Already grasped suspect clues
  4. Estimated Case Amount
      Calculate based on sales volume/price

III. Suspected Crime Analysis
  1. Criminal Law Article 285 Paragraph 3
      Providing programs and tools for invasion,
      illegal control of computer information systems
  2. Criminal Law Article 217 (if applicable)
      Copyright infringement

IV. Evidence List
  See Attachment "Evidence Directory"

V. Request Items
  1. File criminal case
  2. Recover illegal gains
  3. Pursue criminal liability

Reporter Signature:
Date:

Evidence Directory (Excel Spreadsheet):

| No. | Evidence Name | Evidence Type | Storage Location | Proves | Notes |
|-----|--------------|--------------|------------------|--------|-------|
| 1 | Taobao Product Page Screenshot | Electronic Data | USB/001/ | Sales Behavior | Notarized |
| 2 | Alipay Transaction Record | Electronic Data | USB/002/ | Fund Flow | Includes Bill |
| 3 | Cheat Client | Physical Evidence | USB/003/ | Program Body | 3 Backups |
| 4 | QQ Chat Log | Electronic Data | USB/004/ | Transaction Process | HTML Format |
| 5 | Blockchain Transaction Record | Electronic Data | USB/005/ | Cryptocurrency Payment | Includes TXID |
| ... | ... | ... | ... | ... | ... |

Case Amount Statistics Table:

| Item | Quantity | Unit Price | Subtotal | Notes |
|------|---------|-----------|----------|-------|
| Cheat Monthly Card | 5000 pieces | ¥400 | ¥2M | Estimated users |
| Annual Card | 500 pieces | ¥4800 | ¥2.4M | Internal info |
| Loop Script | 3000 copies | ¥200 | ¥600K | Separately sold |
| **Total** |  |  | **¥5M** | 2024.8-2025.5 |

Basis:
□ Taobao sales volume records
□ QQ group member count statistics
□ Internal source cross-verification

C. On-site Reporting Procedure

Step 1: Appointment (Recommended)

Communicate by phone in advance:
  "Hello, I want to report a cybercrime case,
   involving provision of programs for illegal control of computer systems,
   case amount approximately XXX million yuan,
   relevant evidence materials are ready,
   when would be convenient to receive me?"

Step 2: Bring Materials On-site

Must-bring Checklist:
□ Original ID card
□ Written report materials (2 copies, keep one)
□ Evidence USB drive/CD (at least 2 copies)
□ Printed evidence list
□ Laptop (if on-site demonstration needed)

Step 3: Reception and Transcript

Police will:
1. Verify identity
2. Listen to case statement
3. Make inquiry transcript
    └─ Describe discovery process in detail
    └─ Sign for confirmation
4. Receive evidence materials
    └─ Issue receipt

⚠️ Statements in transcript must be accurate
    Don't exaggerate, don't conceal

Step 4: Await Review

Public security authorities will:
□ Review materials (within 7 days)
□ Decide whether to file case
□ Notify reporter after filing

If not filed:
  Can apply for reconsideration or apply to procuratorate for supervision

D. Investigation Cooperation Phase

Possible Cooperation Requirements:

1. Supplementary materials
    └─ Provide more evidence/explain details

2. On-site inspection
    └─ Assist technical personnel in analyzing cheat

3. Suspect identification
    └─ Identify after arrest if needed

4. Court testimony
    └─ Trial phase (if necessary)

Maintain Contact:

□ Save investigating officer's contact information
□ Regularly inquire about case progress
□ Promptly provide new clues

3.5 Special Handling of Cross-border Cases

If involved personnel overseas:

Explain to public security authorities:
  "Suspects may be in XXX country/region,
   suggest cooperation through Interpol (ICPO)
   or with that country's law enforcement"

Provide Clues:
□ Suspect IP address/server location
□ Social media accounts (Twitter/Discord etc.)
□ Payment platforms used (PayPal/Stripe etc.)
□ Possible real identity information

Cybercrime Reporting Platforms:

International:
  FBI IC3: https://www.ic3.gov/
  Europol: https://www.europol.europa.eu/

Domestic:
  Ministry of Public Security Cybercrime Report:
  https://www.cyberpolice.cn/

Part Four: Legal Risk Warnings

⚖️ Important Legal Disclaimer

The following content is for legal knowledge education and does not constitute legal advice. Please consult professional lawyers for specific cases.

4.1 Legal Risks Whistleblowers May Face

A. Legal Controversy of Purchasing Cheats

Controversy Focus:

Does purchasing behavior constitute crime?

Mainstream View:
  Simply purchasing for reporting → Not a crime
    └─ Subjectively: To maintain public interest
    └─ Objectively: Not actually used to damage game

But note:
  × Using in game after purchase → May violate rules/law
  × Reselling to others after purchase → Suspected of assisting crime

Recommendations:

✓ Immediately report to public security after purchase
✓ Written explanation "Only for reporting purpose"
✓ Keep complete evidence collection process recording throughout
✓ Don't actually run cheat in game

B. Legality Boundaries of Evidence Collection

Prohibited Evidence Collection Behaviors:

❌ Inducing other party to commit crime
    Example: "Can you develop an even stronger cheat?"
    → May constitute instigation

❌ Illegally invading other party's computer system
    Example: Hacking into cheat author's server to obtain user data
    → Violates Cybersecurity Law

❌ Spreading cheats to obtain more evidence
    Example: Sharing cheat on forums to attract more purchases
    → May constitute accomplice

❌ Violent threats/blackmail
    Example: "If you don't pay, I'll report you"
    → Constitutes extortion

Legal Evidence Collection Behaviors:

✓ Consulting and purchasing as ordinary user
✓ Truthfully recording information voluntarily provided by other party
✓ Obtaining evidence through public channels (websites/social media)
✓ Purchasing samples yourself for technical analysis

C. Personal Information Protection Obligations

Legal Liability for Collecting Others' Information:

Personal Information Protection Law stipulates:
  Collecting others' information requires legal basis
  and only for specific purposes

In reporting scenarios:
  ✓ Collecting cheat seller information → Legal
    (Used for reporting crime)

  ✗ Leaking, selling to others → Illegal
    (Violating personal information crime)

Correct Approach:

□ Collected information only submitted to:
    ├─ Judicial authorities
    ├─ Game companies
    └─ Online platforms (reporting)

□ Must not:
    ✗ Publish on forums/social media
    ✗ Sell to others
    ✗ Use for purposes other than reporting

4.2 Analysis of Possible Crimes

A. Cheat Developers/Sellers

Main Crimes:

1. Providing Programs and Tools for Invasion,
   Illegal Control of Computer Information Systems
   (Criminal Law Article 285 Paragraph 3)

   Elements:
   □ Providing programs/tools specifically for invasion, control
      of computer information systems
   □ Circumstances serious

   Sentencing:
   Basic sentence: Under 3 years imprisonment/detention + fine
   Aggravated sentence: 3-7 years imprisonment + fine

2. Copyright Infringement (Criminal Law Article 217)

   Elements:
   □ Copying and distributing game software (cracked version)
   □ Illegal gains substantial or circumstances serious

   Sentencing:
   Basic sentence: Under 3 years + fine
   Aggravated sentence: 3-10 years + fine

3. Illegal Business Operations (Criminal Law Article 225)

   Elements:
   □ Operating business prohibited by law without permission
   □ Disrupting market order, circumstances serious

   Sentencing:
   Under 5 years or 5-15 years (especially serious circumstances)

B. Cheat Users (Regular Players)

General Situation:

Simply using cheat → Not a crime
  └─ But violates:
      □ Game user agreement (civil breach)
      □ May be banned by game company

Exceptional Cases:
  Using cheat for following behaviors → May be criminal:

  1. Damaging Computer Information System
      Example: Using cheat causes server crash

  2. Theft
      Example: Using cheat to steal other player's game account/property

  3. Fraud
      Example: Using cheat to farm gold then pretend manual selling to others

C. Commercial Use like Power Leveling/Streaming

Legal Analysis:

Using cheat for power leveling/streaming → Illegal profit

Possible Crimes:
1. Providing Program Tools (Accomplice)
    └─ If systematically using cheat for profit

2. Illegal Business Operations
    └─ Disrupting game market order

3. Tax Evasion (Independent crime)
    └─ Income not declared for tax

Sentencing Considerations:

Illegal Gains Amount:
  □ Under 100K: Lighter
  □ 100-500K: General
  □ Over 500K: Serious
  □ Over 5M: Especially serious

Aggravating Circumstances:
  □ Multiple crimes
  □ Organized operation
  □ Cross-border crime

4.3 Whistleblower Protection Mechanism

A. Legal Protection Provisions

Criminal Procedure Law Article 62:

For whistleblowers, their safety shall be ensured.
Judicial authorities shall keep whistleblower information confidential,
must not disclose whistleblower identity information.

Anti-Unfair Competition Law Article 17:

Encourages and supports natural persons, legal persons to report
illegal business conduct.

Explicitly Request Confidentiality to Public Security:

Note in report materials:
  "Request strict confidentiality of reporter identity information,
   must not disclose to criminal suspects and other unrelated persons."

Confirm again after signing transcript:
  "Will my personal information be kept confidential?"

B. If Suffering Retaliation or Threats

Take Immediate Measures:

1. Call police (110)
    State: "I was threatened for reporting XX"

2. Report to original investigating officer
    Request strengthened protection measures

3. Preserve threat evidence
    □ Threatening phone call recordings
    □ SMS/social software screenshots
    □ Doxxing web posts

4. Apply for personal protection
    If threats serious, can apply for:
    □ Temporary protection measures
    □ Change of residence

Legal Consequences:

Retaliation against whistleblower → Heavier punishment

Crime of Retaliation Against Whistleblower (Independent crime):
  Criminal Law Article 254
  State organ staff abusing power,
  retaliating against whistleblower,
  shall be sentenced to imprisonment or detention of under 2 years.

Appendix: Commonly Used Tools and Resources

A1. Privacy Protection Tools

Operating Systems:

Tails OS: https://tails.boum.org/
Qubes OS: https://www.qubes-os.org/
Whonix: https://www.whonix.org/

Browsers:

Tor Browser: https://www.torproject.org/
Brave: https://brave.com/
Firefox: https://www.mozilla.org/firefox/

VPN/Proxy:

Shadowsocks: https://shadowsocks.org/
WireGuard: https://www.wireguard.com/

Encrypted Communication:

Signal: https://signal.org/
Session: https://getsession.org/
ProtonMail: https://proton.me/mail

File Encryption:

VeraCrypt: https://www.veracrypt.fr/
GPG: https://gnupg.org/

A2. Evidence Collection Tools

Screenshot/Screen Recording:

ShareX (Windows): https://getsharex.com/
OBS Studio (All platforms): https://obsproject.com/
Snagit (Paid): https://www.techsmith.com/

Metadata Removal:

ExifTool: https://exiftool.org/
MAT2 (Linux): https://0xacab.org/jvoisin/mat2

Data Recovery/Erasure:

Recuva (Recovery testing): https://www.ccleaner.com/recuva
Eraser (Secure deletion): https://eraser.heidi.ie/

Network Analysis:

Wireshark: https://www.wireshark.org/
Fiddler: https://www.telerik.com/fiddler

A3. Blockchain Query

BTC Bitcoin:

https://www.blockchain.com/explorer
https://blockchair.com/bitcoin

ETH Ethereum:

https://etherscan.io/
https://www.oklink.com/eth

TRX TRON:

https://tronscan.org/

A4. Emergency Contacts

Police/Emergency Assistance:

110 (Public security police)
12110 (Online reporting)
12321 (Bad online information reporting)

Legal Aid:

12348 (Judicial administration hotline)
Local legal aid centers

Game Companies:

NetEase Customer Service: 95163808
Blizzard Support: https://www.blizzard.com/support

A5. Legal Regulation References

Main Laws:

Criminal Law of the People's Republic of China
Cybersecurity Law of the People's Republic of China
Personal Information Protection Law of the People's Republic of China

Judicial Interpretations:

Interpretation on Several Issues Concerning Application of Law in Handling Criminal Cases Endangering Computer Information System Security
Interpretation on Several Issues Concerning Specific Application of Law in Handling Intellectual Property Infringement Criminal Cases

Online Query:

China Judgments Online: https://wenshu.court.gov.cn/
Supreme Court Gazette: http://www.court.gov.cn/

Conclusion

Reporting game cheats is an action requiring courage, wisdom and patience. This guide aims to provide comprehensive assistance, enabling you to effectively collect evidence and report legally while protecting your own safety.

Remember Three Core Principles:

Safety First - Protect your privacy and personal safety
Complete Evidence - Form complete chain of evidence
Legal Procedures - Ensure evidence collection and reporting behaviors are legal