# AmmyAdmin Logs

## Overview

**Evidence:** AmmyAdmin Logs\
**Description:** Collect AmmyAdmin Logs\
**Category:** Applications\
**Platform:** windows\
**Short Name:** aammyadmnlg\
**Is Parsed:** No\
**Sent to Investigation Hub:** No\
**Collect File(s):** Yes

## Background

AMMYY Admin (AmmyAdmin) is a remote desktop application that has been used both legitimately and by threat actors. The software maintains logs of remote connections and sessions.

## Data Collected

This collector gathers structured data about ammyadmin logs.

## Collection Method

This collector gathers log files from the AMMYY ProgramData directory containing connection history and activity records.

## Forensic Value

AmmyAdmin logs are important for investigations as the software has been used by scammers and threat actors for unauthorized access. Logs reveal remote connection attempts, session times, and can identify malicious use of the tool.