AmmyAdmin Logs

Overview

Evidence: AmmyAdmin Logs Description: Collect AmmyAdmin Logs Category: Applications Platform: windows Short Name: aammyadmnlg Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

AMMYY Admin (AmmyAdmin) is a remote desktop application that has been used both legitimately and by threat actors. The software maintains logs of remote connections and sessions.

Data Collected

This collector gathers structured data about ammyadmin logs.

Collection Method

This collector gathers log files from the AMMYY ProgramData directory containing connection history and activity records.

Forensic Value

AmmyAdmin logs are important for investigations as the software has been used by scammers and threat actors for unauthorized access. Logs reveal remote connection attempts, session times, and can identify malicious use of the tool.

PreviousAmCache NextAntivirus Information

Last updated 4 days ago

Was this helpful?