AmmyAdmin Logs
Overview
Section titled “Overview”Evidence: AmmyAdmin Logs
Description: Collect AmmyAdmin Logs
Category: Applications
Platform: windows
Short Name: aammyadmnlg
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”AMMYY Admin (AmmyAdmin) is a remote desktop application that has been used both legitimately and by threat actors. The software maintains logs of remote connections and sessions.
Data Collected
Section titled “Data Collected”This collector gathers structured data about ammyadmin logs.
Collection Method
Section titled “Collection Method”This collector gathers log files from the AMMYY ProgramData directory containing connection history and activity records.
Forensic Value
Section titled “Forensic Value”AmmyAdmin logs are important for investigations as the software has been used by scammers and threat actors for unauthorized access. Logs reveal remote connection attempts, session times, and can identify malicious use of the tool.