Windows Versions: Fix broken OSDistinguisher

Something happened when picking _EPROCESS members before that caused
this to not function properly. This one relies on a more stable type
removal instead of _EPROCESS members.

Author: dgmcdona

volatility3/framework/symbols/windows/versions.py

@@ -152,8 +152,8 @@ def __call__(
 is_win10_10586_or_later = OsDistinguisher(
     version_check=lambda x: x >= (10, 0, 10586),
     fallback_checks=[
-        ("_EPROCESS", "SecurityDomain", False),
-        ("_EPROCESS", "ImageFilePointer", False),
+        ("_UNLOADED_DRIVERS", None, False),
+        ("ObHeaderCookie", None, True),
     ],
 )