Some runtime dumped encrypted strings Vanguard is performing Scan of, on physical memory.
Might be useful for some people for sure.
Bytes array are delimited by orange lines.

[Image: VkTBT1U_d.webp?maxwidth=760&fidelity=grand]
if these strings (Bytes array) match then report acc.

Edit: Updated 20th November dump.
I think interception is no longer in the list.
[Image: w9FE2Uj.gif]