Replace YARA string that causes ambigious matches

Author: Oliver Old

volatility/plugins/overlays/windows/win10.py

@@ -228,7 +228,7 @@ def findcookie(self, kernel_space):
                 return False
             # Did not find nt!ObGetObjectType, trying with YARA instead.
             if model == "32bit":
-                s = "8B FF 55 8B EC 8B 4D 08"
+                s = "8B FF 55 8B EC 8B 4D 08 8D 41 E8"
             else:
                 s = "48 8D 41 D0 0F B6 49 E8"
             rules = yara.compile(sources = {