From 0f2d35484f9efe7644c9ef8f56af5917b7a0dfab Mon Sep 17 00:00:00 2001
From: clr2of8 <clr2of8@gmail.com>
Date: Mon, 22 May 2023 11:56:05 -0600
Subject: [PATCH] fix regex issue

---
 atomics/T1098/T1098.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/atomics/T1098/T1098.yaml b/atomics/T1098/T1098.yaml
index 1a832c77..045cd4d1 100644
--- a/atomics/T1098/T1098.yaml
+++ b/atomics/T1098/T1098.yaml
@@ -19,7 +19,7 @@ atomic_tests:
 
       foreach($member in $fmm) {
           if($member -like "*Administrator*") {
-              $account = $member.Name -replace ".+\\\","" # strip computername\
+              $account = $member.Name.Split("\")[-1] # strip computername\
               $originalDescription = (Get-LocalUser -Name $account).Description
               Set-LocalUser -Name $account -Description "atr:$account;$originalDescription".Substring(0,48) # Keep original name in description
               Rename-LocalUser -Name $account -NewName "HaHa_$x$y$z" # Required due to length limitation