I use Port Explorer v1.700 to do forensic analysis of hacked machines. We've been noticing that obviously compromised machines with active outgoing network connections show no illegal processes. Is there a rootkit technique to hide a process from PE? Will the newer version of PE detect these hidden processes? Thanks!