amsi patch in memory detector — free browser tool | fatcousin | fatcousin

tools→browse every utility in one place.manifesto→why fatcousin exists — local-first, no uploads.forensics→case-organized forensics tools for power users.

disclaimer·acceptable use·grading rubric·manifesto

no warranty · outputs require independent verification · all processing happens on your device · this is not legal, forensic, medical, or financial advice

ready

local

// fatcousin · local process monitor

00:00:00

// session started —

// tool · amsi-patch-in-memory-detector

// origin · —

// user agent · —

// verdict · files processed locally · verify by watching NET events below

▮

NET · no outbound requests · all processing local

this panel shows everything. if something looks wrong, it is wrong. that's the contract.

drop amsi.dll region scan · detect amsi bypass patch bytes · runs locally

[input]

drop memory dump · hex · volatility export (multi-file)

or click

Select file

scans for AmsiScanBuffer patch bytes · E_INVALIDARG / xor eax ret · amsi string anchors

[limits]

heuristic screener · parses artifacts locally · not definitive proof

[status]

>ready