deletions | additions       diff --git a/4.3.1. Dynamic Bit Signature (DBS) for EPROCESS Detection2.tex b/4.3.1. Dynamic Bit Signature (DBS) for EPROCESS Detection2.tex  index 8ab534b..0e97428 100644  --- a/4.3.1. Dynamic Bit Signature (DBS) for EPROCESS Detection2.tex  +++ b/4.3.1. Dynamic Bit Signature (DBS) for EPROCESS Detection2.tex 
...
It is obvious that initial bytes of each structure are identical, but further bytes are different. The conclusion was made, that if we search for some typical EPROCESS structure fragments it is possible to find all EPROCESS structures regardless of whether they are hidden or not. It is shown below how to do this.  \textun{Stealth \textbf{Stealth  process detection approach:} \begin{enumerate}  \item Create dynamic bit signature (DBS) as a template, which matches to all EPROCESS.  \item With the help of probabilistic search of DBS in kernel memory find all EPROCESS structures, either hidden or not. As a result, get the author’s list.