Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Windows default writable locations
- C:\$Recycle.Bin\<USER SID> (whoami /user)
- C:\PerfLogs
- C:\Windows\Tasks
- C:\Windows\tracing
- C:\Windows\PCHEALTH\ERRORREP\QHEADLES
- C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF
- C:\Windows\PLA\Reports
- C:\Windows\PLA\Rules
- C:\Windows\PLA\Templates
- C:\Windows\PLA\Reports\en-US
- C:\Windows\PLA\Rules\en-US
- C:\Windows\Registration\CRMLog
- C:\Windows\System32\FxsTmp
- C:\Windows\System32\LogFiles\WMI
- C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys
- C:\Windows\System32\spool\drivers\color
- C:\Windows\System32\spool\drivers\x64\*
- C:\Windows\SysWOW64\FxsTmp
- C:\Users\%USERNAME%\*
- C:\Users\Public\AccountPictures
- C:\Users\Public\Documents
- C:\Users\Public\Downloads
- C:\Users\Public\Libraries
- C:\Users\Public\Music
- C:\Users\Public\Pictures
- C:\Users\Public\Videos
- # Common non-default folders
- C:\TEMP
- If SCCM is in use:
- C:\Windows\CCM\Logs (very noisy)
- C:\Windows\CCM\Temp
- C:\Windows\CCM\Inventory\idmifs
- C:\Windows\CCM\Inventory\noidmifs
- C:\Windows\CCM\Inventory\noidmifs\badmifs
- C:\Windows\CCM\SystemTemp\AppVTempData\AppVCommandOutput
Add Comment
Please, Sign In to add comment
