If this is from a scammer, it is most likely going to be in the Downloads folder, or the Desktop. To check which way this application is being run, look at the file properties of the AnyDesk application. However the artefacts discussed here will be the same in both locations. The way the software is run, will dictate the artefact locations on the disk. There are also several options within AnyDesk that will allow the attacker to lock the victim out of their own machine, giving complete control to the attacker.ĪnyDesk have taken steps to present the victim with alerts, and even disallow certain actions by the remote device, but the scammers utilise social engineering techniques to bypass these easily.ĪnyDesk can be downloaded from the AnyDesk website here Technical AspectsĪnyDesk can be run in two ways installed like a tradition piece of software, or as a portable executable (PE). It is the scammer’s tool of choice because it is very easy to download and set up. Click here to view this research on my YouTube channel What is AnyDesk?ĪnyDesk is a legitimate, non-malicious piece of software that is used by companies world wide to manage their IT systems, and can be used for free to help family members with IT issues.