Memgrep can find itself causing a false positive.

[MarcusChain]

Memgrep.exe -p 1676 -s "Olly In A Suit" -q memgrep - https://www.nccgroup.com/ - https://github.com/nccgroup/memgrep [i] Using the string 'Olly In A Suit' [*] Got unicode hit for Olly In A Suit at 0066EAB2 in GoogleUpdate.exe (1676) page starts at 00610000 [r x ] - mapped

This is in fact a false positive, shown by using -x and an appropriate value for -b:

Memgrep.exe -p 1676 -s "Olly In A Suit" -q -b 64 -x memgrep - https://www.nccgroup.com/ - https://github.com/nccgroup/memgrep [i] Will print 64 bytes before hit [i] Using the string 'Olly In A Suit' [*] Got unicode hit for Olly In A Suit at 0066EAB2 in GoogleUpdate.exe (1676) page starts at 00610000 [r x ] - mapped 0000 72 00 6f 00 6d 00 70 00 74 00 20 00 2d 00 20 00 r.o.m.p. t. .-. . 0010 4d 00 65 00 6d 00 67 00 72 00 65 00 70 00 2e 00 M.e.m.g. r.e.p... 0020 65 00 78 00 65 00 20 00 2d 00 70 00 20 00 31 00 e.x.e. . -.p. .1. 0030 36 00 37 00 36 00 20 00 2d 00 73 00 20 00 22 00 6.7.6. . -.s. .". 0040 4f 00 6c 00 6c 00 79 00 20 00 49 00 6e 00 20 00 O.l.l.y. .I.n. . 0050 41 00 20 00 53 00 75 00 69 00 74 00 A. .S.u. i.t.

No big deal in the grand scheme of things, found it originally when digging through a page via attached IDB after a "hit" but might confuse and then rabbit-hole some users.

[olliencc]

So this is a symptom of the command line of a console window being mapped into other processes (never worked out why this happens) the easiest way to stop this from happening is to put the strings in a file and use that option.