diff --git a/atomics/T1081/T1081.md b/atomics/T1081/T1081.md
index d5655dca..26f5bc32 100644
--- a/atomics/T1081/T1081.md
+++ b/atomics/T1081/T1081.md
@@ -6,18 +6,20 @@ It is possible to extract passwords from backups or saved virtual machines throu
 
 ## Atomic Tests
 
-- [Atomic Test #1 - Browser and System credentials](#atomic-test-1---browser-and-system-credentials)
+- [Atomic Test #1 - Extract Browser and System credentials with LaZagne](#atomic-test-1---extract-browser-and-system-credentials-with-lazagne)
 
-- [Atomic Test #2 - Extract credentials from files](#atomic-test-2---extract-credentials-from-files)
+- [Atomic Test #2 - Extract passwords with grep](#atomic-test-2---extract-passwords-with-grep)
 
-- [Atomic Test #3 - Mimikatz & Kittenz](#atomic-test-3---mimikatz--kittenz)
+- [Atomic Test #3 - Runs Mimikatz & Mimikittenz by name](#atomic-test-3---runs-mimikatz--mimikittenz-by-name)
 
-- [Atomic Test #4 - Extracting credentials from files](#atomic-test-4---extracting-credentials-from-files)
+- [Atomic Test #4 - Extracting passwords with findstr](#atomic-test-4---extracting-passwords-with-findstr)
+
+- [Atomic Test #5 - Access "unattend.xml"](#atomic-test-5---access-unattendxml)
 
 
 <br/>
 
-## Atomic Test #1 - Browser and System credentials
+## Atomic Test #1 - Extract Browser and System credentials with LaZagne
 [LaZagne Source](https://github.com/AlessandroZ/LaZagne)
 
 **Supported Platforms:** macOS
@@ -33,7 +35,7 @@ python2 laZagne.py all
 <br/>
 <br/>
 
-## Atomic Test #2 - Extract credentials from files
+## Atomic Test #2 - Extract passwords with grep
 Extracting credentials from files
 
 **Supported Platforms:** macOS, Linux
@@ -54,7 +56,7 @@ grep -ri password #{file_path}
 <br/>
 <br/>
 
-## Atomic Test #3 - Mimikatz & Kittenz
+## Atomic Test #3 - Runs Mimikatz & Mimikittenz by name
 Mimikatz/kittenz - This will require a Mimikatz executable or invoke-mimikittenz ps module.
 
 **Supported Platforms:** Windows
@@ -71,7 +73,7 @@ mimikatz.exe
 <br/>
 <br/>
 
-## Atomic Test #4 - Extracting credentials from files
+## Atomic Test #4 - Extracting passwords with findstr
 Extracting Credentials from Files
 
 **Supported Platforms:** Windows
@@ -85,4 +87,21 @@ ls -R | select-string -Pattern password
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #5 - Access "unattend.xml"
+Attempts to access unattend.xml, where credentials are commonly stored, within the Panther directory where installation logs are stored.
+
+**Supported Platforms:** Windows
+
+
+#### Run it with `command_prompt`!  Elevation Required (e.g. root or admin) 
+```
+cmd /c type C:\Windows\Panther\unattend.xml > nul 2>&1
+cmd /c type C:\Windows\Panther\Unattend\unattend.xml > nul 2>&1
+```
+
+
+
 <br/>
diff --git a/atomics/index.md b/atomics/index.md
index 23dcc2b4..5fcb9042 100644
--- a/atomics/index.md
+++ b/atomics/index.md
@@ -529,10 +529,11 @@
   - Atomic Test #11: GPP Passwords (findstr) [windows]
   - Atomic Test #12: GPP Passwords (Get-GPPPassword) [windows]
 - [T1081 Credentials in Files](./T1081/T1081.md)
-  - Atomic Test #1: Browser and System credentials [macos]
-  - Atomic Test #2: Extract credentials from files [macos, linux]
-  - Atomic Test #3: Mimikatz & Kittenz [windows]
-  - Atomic Test #4: Extracting credentials from files [windows]
+  - Atomic Test #1: Extract Browser and System credentials with LaZagne [macos]
+  - Atomic Test #2: Extract passwords with grep [macos, linux]
+  - Atomic Test #3: Runs Mimikatz & Mimikittenz by name [windows]
+  - Atomic Test #4: Extracting passwords with findstr [windows]
+  - Atomic Test #5: Access "unattend.xml" [windows]
 - [T1214 Credentials in Registry](./T1214/T1214.md)
   - Atomic Test #1: Enumeration for Credentials in Registry [windows]
 - T1212 Exploitation for Credential Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
diff --git a/atomics/index.yaml b/atomics/index.yaml
index bee32c3d..ff5fe7ae 100644
--- a/atomics/index.yaml
+++ b/atomics/index.yaml
@@ -15484,7 +15484,7 @@ credential-access:
       - SYSTEM
       identifier: T1081
     atomic_tests:
-    - name: Browser and System credentials
+    - name: Extract Browser and System credentials with LaZagne
       description: "[LaZagne Source](https://github.com/AlessandroZ/LaZagne)\n"
       supported_platforms:
       - macos
@@ -15493,7 +15493,7 @@ credential-access:
         command: 'python2 laZagne.py all
 
 '
-    - name: Extract credentials from files
+    - name: Extract passwords with grep
       description: 'Extracting credentials from files
 
 '
@@ -15510,7 +15510,7 @@ credential-access:
         command: 'grep -ri password #{file_path}
 
 '
-    - name: Mimikatz & Kittenz
+    - name: Runs Mimikatz & Mimikittenz by name
       description: 'Mimikatz/kittenz - This will require a Mimikatz executable or
         invoke-mimikittenz ps module.
 
@@ -15523,7 +15523,7 @@ credential-access:
         command: |
           invoke-mimikittenz
           mimikatz.exe
-    - name: Extracting credentials from files
+    - name: Extracting passwords with findstr
       description: 'Extracting Credentials from Files
 
 '
@@ -15535,6 +15535,19 @@ credential-access:
         command: |
           findstr /si pass *.xml | *.doc | *.txt | *.xls
           ls -R | select-string -Pattern password
+    - name: Access "unattend.xml"
+      description: 'Attempts to access unattend.xml, where credentials are commonly
+        stored, within the Panther directory where installation logs are stored.
+
+'
+      supported_platforms:
+      - windows
+      executor:
+        name: command_prompt
+        elevation_required: true
+        command: |
+          cmd /c type C:\Windows\Panther\unattend.xml > nul 2>&1
+          cmd /c type C:\Windows\Panther\Unattend\unattend.xml > nul 2>&1
   T1214:
     technique:
       external_references:
diff --git a/atomics/linux-index.md b/atomics/linux-index.md
index a8ddb6b9..0bae3637 100644
--- a/atomics/linux-index.md
+++ b/atomics/linux-index.md
@@ -129,7 +129,7 @@
 - [T1110 Brute Force](./T1110/T1110.md)
 - [T1003 Credential Dumping](./T1003/T1003.md)
 - [T1081 Credentials in Files](./T1081/T1081.md)
-  - Atomic Test #2: Extract credentials from files [macos, linux]
+  - Atomic Test #2: Extract passwords with grep [macos, linux]
 - T1212 Exploitation for Credential Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1056 Input Capture](./T1056/T1056.md)
 - [T1040 Network Sniffing](./T1040/T1040.md)
diff --git a/atomics/macos-index.md b/atomics/macos-index.md
index f36d7026..4293cb48 100644
--- a/atomics/macos-index.md
+++ b/atomics/macos-index.md
@@ -183,8 +183,8 @@
 - [T1110 Brute Force](./T1110/T1110.md)
 - [T1003 Credential Dumping](./T1003/T1003.md)
 - [T1081 Credentials in Files](./T1081/T1081.md)
-  - Atomic Test #1: Browser and System credentials [macos]
-  - Atomic Test #2: Extract credentials from files [macos, linux]
+  - Atomic Test #1: Extract Browser and System credentials with LaZagne [macos]
+  - Atomic Test #2: Extract passwords with grep [macos, linux]
 - T1212 Exploitation for Credential Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1056 Input Capture](./T1056/T1056.md)
 - [T1141 Input Prompt](./T1141/T1141.md)
diff --git a/atomics/windows-index.md b/atomics/windows-index.md
index 8f0eb6df..9edb0fda 100644
--- a/atomics/windows-index.md
+++ b/atomics/windows-index.md
@@ -362,8 +362,9 @@
   - Atomic Test #11: GPP Passwords (findstr) [windows]
   - Atomic Test #12: GPP Passwords (Get-GPPPassword) [windows]
 - [T1081 Credentials in Files](./T1081/T1081.md)
-  - Atomic Test #3: Mimikatz & Kittenz [windows]
-  - Atomic Test #4: Extracting credentials from files [windows]
+  - Atomic Test #3: Runs Mimikatz & Mimikittenz by name [windows]
+  - Atomic Test #4: Extracting passwords with findstr [windows]
+  - Atomic Test #5: Access "unattend.xml" [windows]
 - [T1214 Credentials in Registry](./T1214/T1214.md)
   - Atomic Test #1: Enumeration for Credentials in Registry [windows]
 - T1212 Exploitation for Credential Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)