From d57d7c1e5b58eb7e520f50ba140bed4b7cfa6607 Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Thu, 26 Nov 2020 22:59:35 -0300
Subject: [PATCH] Remove Additional backslash

---
 rules/windows/process_creation/win_apt_bear_activity_gtr19.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/win_apt_bear_activity_gtr19.yml b/rules/windows/process_creation/win_apt_bear_activity_gtr19.yml
index 965a89fcb..248e3d652 100644
--- a/rules/windows/process_creation/win_apt_bear_activity_gtr19.yml
+++ b/rules/windows/process_creation/win_apt_bear_activity_gtr19.yml
@@ -30,7 +30,7 @@ detection:
         CommandLine|contains|all: 
             - '-snapshot' 
             - '""' 
-            - 'c:\users\\'
+            - 'c:\users\'
     condition: selection1 or selection2
 falsepositives:
     - unknown