From 3f48eb4963657da1b7c7efbf6416b77f87659055 Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Tue, 20 Dec 2022 10:42:21 +0100
Subject: [PATCH] fix: selection name and add old path

---
 .../proc_creation_win_sqlite_chrome_cookies.yml             | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/rules/windows/process_creation/proc_creation_win_sqlite_chrome_cookies.yml b/rules/windows/process_creation/proc_creation_win_sqlite_chrome_cookies.yml
index 75d842f59..f1d7d7055 100644
--- a/rules/windows/process_creation/proc_creation_win_sqlite_chrome_cookies.yml
+++ b/rules/windows/process_creation/proc_creation_win_sqlite_chrome_cookies.yml
@@ -18,8 +18,10 @@ detection:
         - Image|endswith:
             - '\sqlite.exe'
             - '\sqlite3.exe'
-    selection_firefox:
-        CommandLine|contains: '\Google\Chrome\User Data\Default\Network\Cookies'
+    selection_chrome:
+        CommandLine|contains:
+            - '\Google\Chrome\User Data\Default\Network\Cookies' # Latest chrome versions
+            - '\Google\Chrome\User Data\Default\Cookies' # Older chrome versions
     condition: all of selection_*
 falsepositives:
     - Unknown