diff --git a/rules/windows/process_creation/proc_creation_win_sqlite_chrome_cookies.yml b/rules/windows/process_creation/proc_creation_win_sqlite_chrome_cookies.yml
index 75d842f59..f1d7d7055 100644
--- a/rules/windows/process_creation/proc_creation_win_sqlite_chrome_cookies.yml
+++ b/rules/windows/process_creation/proc_creation_win_sqlite_chrome_cookies.yml
@@ -18,8 +18,10 @@ detection:
         - Image|endswith:
             - '\sqlite.exe'
             - '\sqlite3.exe'
-    selection_firefox:
-        CommandLine|contains: '\Google\Chrome\User Data\Default\Network\Cookies'
+    selection_chrome:
+        CommandLine|contains:
+            - '\Google\Chrome\User Data\Default\Network\Cookies' # Latest chrome versions
+            - '\Google\Chrome\User Data\Default\Cookies' # Older chrome versions
     condition: all of selection_*
 falsepositives:
     - Unknown