diff --git a/rules/windows/process_creation/win_apt_bear_activity_gtr19.yml b/rules/windows/process_creation/win_apt_bear_activity_gtr19.yml
index 965a89fcb..248e3d652 100644
--- a/rules/windows/process_creation/win_apt_bear_activity_gtr19.yml
+++ b/rules/windows/process_creation/win_apt_bear_activity_gtr19.yml
@@ -30,7 +30,7 @@ detection:
         CommandLine|contains|all: 
             - '-snapshot' 
             - '""' 
-            - 'c:\users\\'
+            - 'c:\users\'
     condition: selection1 or selection2
 falsepositives:
     - unknown