DOCSLIB.ORG

Taint Analysis for Automatic Malware Detection and Analysis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Taint Analysis for Automatic Malware Detection and Analysis Whole-system Fine-grained Taint Analysis for Automatic Malware Detection and Analysis Heng Yin Dawn Song [email protected] [email protected] College of William and Mary Carnegie Mellon University Abstract or bundled-ware containing spyware or adware. More surprisingly, even software provided by reputable ven- As malware is becoming increasingly sophisticated and dors could contain code that performs undesired actions stealthy, effective techniques for malware detection and such as leaking users’ private data. For example, Google analysis are imperative. Previous detection mechanisms Desktop, a popular local file system search tool, has are insufficient. Signature-based detection cannot detect been reported to send users’ private information back to new malware, and watch-point based behavioral detec- Google’s servers [15]. In another example, SONY Me- tion can be evaded by stealthier design. Most previous dia Player has been reported to send users’ listening be- analysis mechanisms are too coarse-grained to capture havior such as which songs the user has listened to back malware behavior and fail to address kernel-level attacks. to SONY [35]. Thus, as users and computers cannot We propose whole-system fine-grained taint analysis for live in isolation from the rest of the Internet and for- automatic malware detection and analysis, and build a eign code gets downloaded and installed unknowingly or prototype called TaintQemu. By tainting data from hard- knowingly to the local system all the time, the users and ware inputs and monitoring its propagation, TaintQemu computers are completely oblivious to what code is ac- generate taint graphs. The taint graph represents how in- tually installed on the local system and whether they will formation propagates during the system execution. We have malicious or undesired behavior or consequences. demonstrate that such whole-system fine-grained taint When a piece of code is installed and executed, how can analysis can capture the intrinsic properties of many dif- we detect whether it will have certain malicious or unde- ferent classes of malware and thus offer effective meth- sired behavior such as violating user’s privacy? This is ods for automatic malware detection and analysis. Our an important open research question. evaluation using a wide spectrum of real-world malware demonstrates that our system is effective in detecting Traditional methods are insufficient in addressing this many different classes of malware including keyloggers, problem. First, previous approaches on sandboxing or backdoor, etc., and offer indispensable assistance to sys- access control do not apply well in this scenario. For ex- tem administrators and analyzers for better understand- ample, system utility programs such as Google Desktop ing of the behavior and consequences of malware. also need to access user’s files and may need to communicate used to automatically detect a wide spectrum of malware, back to Google servers for updates, etc. Users’ privacy by checking the violations from the normal patterns in is only violated when users’ private information is sent taint graph. back to Google. Thus, the traditional sandboxing or ac- cess control model is too rigid for this scenario to be able to detect the undesired behavior and at the same time al- 1 Introduction low Google Desktop to perform its alleged functions. Second, previous malware detection mechanisms are Malicious software (i.e., Malware) is becoming increas- insufficient. Previous malware detection mechanisms ingly prevalent and sophisticated. They creep into users’ mostly fall into two categories: signature-based detec- computer systems in ever more creative ways: They tion and watch-point based behavioral detection. The could be mistakenly installed when a user clicks on an at- first category, signature-based detection suffers from the tachment containing a virus, or visits a malicious website drawback that it cannot detect new malware since it which installs malicious software in the background, or needs to know the signature first, and it can be defeated unknowingly installed when the user installs a free-ware by polymorphic and metamorphic malware variants. 1 The second category, watch-point based behavioral gers capture keystrokes belonging to other processes, and detection monitors specific points in the computer sys- packet sniffers monitor or intercept all incoming and out- tem and detects malicious code based on certain heuris- going packets; (2) Access the information in an eccentric tics. An example is Microsoft’s Strider Gatekeeper [38], way, to circumvent security mechanisms enforced on the which monitors auto-start extensibility points to deter- system. For example, to circumvent the firewall, a back- mine surreptitious restart-surviving behavior. A main door may access incoming packets at a lower layer of the drawback for this approach, however, is that it needs network stack. Thus, by monitoring taint tracking in a to know what detection points should be watched and fine-grained manner, we enable automatic detection and what behavior at that detection point should be moni- analysis of a wide-spectrum of malware based on these tored. Malware authors keep exploring innovative tech- insights. niques to achieve their malicious intent and also conceal In particular, we monitor system execution and en- their presence without going through the previously iden- able taint tracking at the instruction level. The result tified detection points, and thus render the existing detec- from taint tracking forms a taint graph. The taint graph tion points useless. For example, early malware detec- represents how information gets propagated. We then tion monitors userland APIs and system calls to detect show that the taint graph can be used in three ways malware behavior that go through these APIs and sys- for automatic malware detection and analysis. First, we tem calls. To evade detection, more sophisticated mal- can build a policy engine to enforce invariants/properties ware moves into the operating system kernel such as on the taint graph—taint flow violates these invari- kernel rootkit. When detection also moves to the ker- ants/properties would indicate an attack. Second, by nel to identify malicious activities, such as detecting ker- observing the taint graph over time, we can learn about nel hooks [6] and kernel data object manipulation [31], normal patterns/profiles in the taint graph. These pro- much stealthier malware design has recently been in- files can then be used for anomaly detection, thus we can vented to circumvent the detection mechanisms [33]. even detect attacks that we do not have specified policies Its demonstration, a stealthy backdoor called deepdoor for. Finally, the taint graph gives us the causal relation- achieves the backdoor functionality by only modifying a ship which allows us to conduct diagnosis and analysis of few DWORDs in NDIS data block, (which is supposed malware behavior. Given a detection point or a malicious to be modified), and eventually evades all the existing action, we can trace back to see how it happened, where detection tools. Another recent study shows the viabil- the malware came from, and how it was installed, and we ity of building malware completely out of the victim op- can also trace forward to see the subsequent actions that erating system, leveraging the technique of virtual ma- the malware has performed. chines [22]. Thus, the history of the arms race between Note that even though information flow tracking has the malware writers’ innovations and the watch-point been proposed previously for intrusion analysis [21], based behavioral detection mechanisms demonstrate that these previous approaches such as Backtracker [21] suf- we need a holistic approach to prevent the malware to fer from several drawbacks: first, they are at process evade monitoring and once-for-all put such an arms race level which is often too coarse grained for malware de- to an end. tection and analysis; second, they do not apply to ker- To address the above issues, we propose a new ap- nel attacks such as rootkit because they monitor program proach for automatic malware detection and analysis: execution through system calls and do not monitor op- whole-system fine-grained taint tracking. By monitor- erating system behavior. By doing whole-system fine ing the whole system (including the operating system), grained taint tracking, our method provides much higher malware cannot evade our detection by avoiding previ- accuracy than previous work and we can handle kernel ously identified detection points as in the watch-point attacks as well such as rootkit. based behavioral detection methods. Moreover, by an- To examine this approach, we further design and im- alyzing the common traits of malware, we identify a uni- plement a prototype called TaintQemu to analyze and de- fied approach that enables the detection and analysis of tect a wide spectrum of malware in Windows, because a wide spectrum of malware: fine-grained taint tracking. the majority of malware aims for Windows platforms. One fundamental trait of malware lies in its data access. Hence, the following discussion assumes Windows sys- While benign software usually accesses the data of its tem, in particular, Windows 2000 and above versions, own interest, malware is inclined to monitor, intercept, although the fundamental technique can be adapted to and modify the data belonging to other programs and the other operating systems. Through extensive exper- even the operating system. Such malware
Load more

Recommended publications
  • La Sécurité Informatique Edition Livres Pour Tous (
    La sécurité informatique Edition Livres pour tous (www.livrespourtous.com) PDF générés en utilisant l’atelier en source ouvert « mwlib ». Voir http://code.pediapress.com/ pour plus d’informations. PDF generated at: Sat, 13 Jul 2013 18:26:11 UTC Contenus Articles 1-Principes généraux 1 Sécurité de l'information 1 Sécurité des systèmes d'information 2 Insécurité du système d'information 12 Politique de sécurité du système d'information 17 Vulnérabilité (informatique) 21 Identité numérique (Internet) 24 2-Attaque, fraude, analyse et cryptanalyse 31 2.1-Application 32 Exploit (informatique) 32 Dépassement de tampon 34 Rétroingénierie 40 Shellcode 44 2.2-Réseau 47 Attaque de l'homme du milieu 47 Attaque de Mitnick 50 Attaque par rebond 54 Balayage de port 55 Attaque par déni de service 57 Empoisonnement du cache DNS 66 Pharming 69 Prise d'empreinte de la pile TCP/IP 70 Usurpation d'adresse IP 71 Wardriving 73 2.3-Système 74 Écran bleu de la mort 74 Fork bomb 82 2.4-Mot de passe 85 Attaque par dictionnaire 85 Attaque par force brute 87 2.5-Site web 90 Cross-site scripting 90 Défacement 93 2.6-Spam/Fishing 95 Bombardement Google 95 Fraude 4-1-9 99 Hameçonnage 102 2.7-Cloud Computing 106 Sécurité du cloud 106 3-Logiciel malveillant 114 Logiciel malveillant 114 Virus informatique 120 Ver informatique 125 Cheval de Troie (informatique) 129 Hacktool 131 Logiciel espion 132 Rootkit 134 Porte dérobée 145 Composeur (logiciel) 149 Charge utile 150 Fichier de test Eicar 151 Virus de boot 152 4-Concepts et mécanismes de sécurité 153 Authentification forte
    [Show full text]
  • A Toolkit for Detecting and Analyzing Malicious Software
    A Toolkit for Detecting and Analyzing Malicious Software Michael Weber, Matthew Schmid & Michael Schatz David Geyer Cigital, Inc. [email protected] Dulles, VA 20166 g fmweber, mschmid, mschatz @cigital.com Abstract the virus or Trojan horse performs malicious actions unbe- knownst to the user. These programs often propagate while In this paper we present PEAT: The Portable Executable attached to games or other enticing executables. Analysis Toolkit. It is a software prototype designed to pro- Malicious programmers have demonstrated their cre- vide a selection of tools that an analyst may use in order ativity by developing a great number of techniques through to examine structural aspects of a Windows Portable Ex- which malware can be attached to a benign host. Several ecutable (PE) file, with the goal of determining whether insertion methods are common, including appending new malicious code has been inserted into an application af- sections to an executable, appending the malicious code ter compilation. These tools rely on structural features of to the last section of the host, or finding an unused region executables that are likely to indicate the presence of in- of bytes within the host and writing the malicious content serted malicious code. The underlying premise is that typi- there. A less elegant but effective insertion method is to cal application programs are compiled into one binary, ho- simply overwrite parts of the host application. mogeneous from beginning to end with respect to certain Given the myriad ways malicious software can attach to structural features; any disruption of this homogeneity is a benign host it is often a time-consuming process to even a strong indicator that the binary has been tampered with.
    [Show full text]
  • Regrun? Regrun Is an Excellent Tool Kit for Protecting Your Computer Against Viruses Or Trojans/Spyware/ Adware Parasites Or Rootkits
    What is RegRun? RegRun is an excellent tool kit for protecting your computer against viruses or Trojans/Spyware/ Adware parasites or Rootkits. The RegRun uses the newest technology in the world. Fight with the bad guys by the most powerful weapon. What you should know about RegRun? RegRun is not an antivirus in a common sense. It does not scan your disk and detect/cure using signature database. There are a lot of antiviral programs that you can choose. RegRun checks all Windows startup holes and it can detect and remove any UNKNOWN virus. The modern viruses spreads to the millions computers in the world for a pair days. First, a virus kills an antivirus and disables a way to update the antiviral databases. RegRun prevents a virus auto start. Later you can clean your computer by antivirus to remove virus according files and registry records. RegRun resolves three main tasks: 1. Makes backups of the registry and important files. Restores a computer even if it does not boot. 2. Detects a virus in your computer. 3. Removes a virus from your computer. Hope you enjoy it! Who needs RegRun? If you are a user who is exposed to sources of viruses and Trojans (e.g. you are an Internet surfer, E-mail recipient, one who buys "safe" software on CD's, or one who receives data on floppy disks), or if you are an experienced user who needs to adjust your startup configuration as a function of testing and debugging new software, you need RegRun. RegRun is the best choice for users who wants to get maximum security, for power users and computer professionals.
    [Show full text]
  • Hacking Windows95/98 Andme
    Color profile: GenericHacking CMYK/ Hackingprinter profile Exposed: Network Security Secrets & Solutions / McClure, Scambray, Kurtz / 222742-7 / Chapter 4 Composite Default screen CHAPTER 4 Hacking Windows 95/98 and Me 129 P:\010Comp\Hacking\742-7\ch04.vp Thursday, January 30, 2003 10:32:23 AM Color profile: GenericHacking CMYK/ Hackingprinter profile Exposed: Network Security Secrets & Solutions / McClure, Scambray, Kurtz / 222742-7 / Chapter 4 Composite Default screen 130 Hacking Exposed: Network Security Secrets & Solutions he most important thing for a network administrator or end user to realize about Windows 95/95B/98/98SE and their updated counterpart Windows Millennium TEdition (hereafter Win9x/Me, or the “DOS Family”) is that their architecture was not designed to incorporate security from the ground up like Microsoft’s other Windows lineage, the Windows NT Family. Throughout this book, we use the phrase “NT Family” to refer to all systems based on Microsoft’s New Technology (NT) platform, including Win NT 3.x–4.x, Windows 2000, Windows XP, and Windows .NET Server (see Chapter 5). Where necessary, we will differentiate between desktop and server versions. In contrast, we will refer to the Microsoft DOS/Windows 1.x/3.x/9x/Me lineage as the “DOS Family.” In fact, it seems that Microsoft went out of its way in many instances to sacrifice secu- rity for ease of use when planning the architecture of Win9x/Me. This becomes double jeopardy for administrators and security-unaware end users. Not only is Win9x/Me easy to configure, but the people most likely to be configuring it are also unlikely to take proper precautions (such as good password selection).
    [Show full text]
  • Back Orifice Download Hacker
    Back Orifice Download Hacker 1 / 4 Back Orifice Download Hacker 2 / 4 3 / 4 Surely you've heard the news already: Back Orifice 2000 (BO2K) is floating ... never download software from unknown vendors or software authors; don't let .... The program BO2K was written by DilDog of the hacking and phreaking group Cult of the Dead Cow and was based on the previous BO codes of SirDystic released in August '98 (also a cDc member). They provide this program absolutely free to download at their website www.bo2k.com.. Download: R.A.T, Crypter, Binder, Source Code, Botnet.... Back Orifice 2000 is a new version of the famous Back Orifice backdoor trojan (hacker's remote access tool). It was created by the Cult of Dead Cow hackers .... 1999-0660 "A hacker utility or Trojan Horse installed on a system… ... An intruder can download files from a Back Orifice system by sending a.. "Back Orifice" is a hacker's dream, and a Netizen's nightmare. ... It has reportedly been downloaded by well over 100,000 people since then.. Some hackers download files and steal passwords. ... Several RATs are frequently found in the wild, including Back Orifice, NetBus, Subseven, and DeepThroat.. Back Orifice - Windows Remote Administration Tool, by the cDc. ... The controversial Windows Remote Administration/Hacking Tool/Trojan has been ported ... tags | trojan: MD5 | 83e687476c2db91023c227524a676781: Download | Favorite .... I also downloaded the code of Back Orifice 2000. Even though these codes are called the Hacker Tool, it is very interesting to me about Internet code like socket, .... ... Thomas Cook's currency exchange site Microsoft: Back-door hack no threat to ..
    [Show full text]
  • Certified Ethical Hacker Version 8 Study Guide
    ffirs.indd 2 22-07-2014 17:23:44 CEHv8 Certified Ethical Hacker Version 8 Study Guide ffirs.indd 1 22-07-2014 17:23:44 ffirs.indd 2 22-07-2014 17:23:44 CEHv8 Certified Ethical Hacker Version 8 Study Guide Sean-Philip Oriyano ffirs.indd 3 22-07-2014 17:23:44 Senior Acquisitions Editor: Jeff Kellum Development Editor: Richard Mateosian Technical Editors: Albert Whale and Robert Burke Production Editor: Dassi Zeidel Copy Editors: Liz Welch and Tiffany Taylor Editorial Manager: Pete Gaughan Vice President and Executive Group Publisher: Richard Swadley Associate Publisher: Chris Webb Media Project Manager I: Laura Moss-Hollister Media Associate Producer: Marilyn Hummel Media Quality Assurance: Doug Kuhn Book Designer: Judy Fung Proofreader: Sarah Kaikini, Word One New York Indexer: Ted Laux Project Coordinator, Cover: Patrick Redmond Cover Designer: Wiley Cover Image: ©Getty Images Inc./Jeremy Woodhouse Copyright © 2014 by John Wiley & Sons, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-1-118-64767-7 ISBN: 978-1-118-76332-2 (ebk.) ISBN: 978-1-118-98928-9 (ebk.) No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
    [Show full text]
  • Chapter 10 Phase 4: Maintaining Access
    Chapter 10 Phase 4: Maintaining Access Trojan Horses ♦ Software program containing a concealed malicious capability but appears to be benign, useful, or attractive to users Backdoor ♦ Software that allows an attacker to access a machine using an alternative entry method ♦ Installed by attackers after a machine has been compromised ♦ May Permit attacker to access a computer without needing to provide account names and passwords ♦ Used in movie “War Games” ♦ Can be sshd listening to a port other than 22 ♦ Can be setup using Netcat Netcat as a Backdoor ♦ A popular backdoor tool ♦ Netcat must be compiled with “GAPING_SECURITY_HOLE” option ♦ On victim machine, run Netcat in listener mode with –e flag to execute a specific program such as a command shell ♦ On attacker’s machine run Netcat in client mode to connect to backdoor on victim Running Netcat as a Backdoor on Unix Note: on attacker’s machine, run “nc victim 12345” Running Netcat as a Backdoor on WinNT/2000 Trojan Horse Backdoors ♦ Programs that combine features of backdoors and Trojan horses – Not all backdoors are Trojan horses – Not all Trojan horses are backdoors ♦ Programs that seem useful but allows an attacker to access a system and bypass security controls Categories of Trojan Horse Backdoors ♦ Application-level Trojan Horse Backdoor – A separate application runs on the system that provides backdoor access to attacker ♦ Traditional RootKits – Critical operating system executables are replaced by attacker to create backdoors and facilitate hiding ♦ Kernel-level RootKits – Operating
    [Show full text]
  • Security Power Tools.Pdf
    www.dbebooks.com - Free Books & magazines SECURITY POWER TOOLS ® Other computer security resources from O’Reilly Related titles Security Warrior SSH, The Secure Shell: The Snort Cookbook™ Definitive Guide Practical Unix and Internet TCP/IP Network Security Administration Essential System Network Security Hacks™ Administration Security Books security.oreilly.com is a complete catalog of O’Reilly’s books on Resource Center security and related technologies, including sample chapters and code examples. oreillynet.com is the essential portal for developers interested in open and emerging technologies, including new platforms, pro- gramming languages, and operating systems. Conferences O’Reilly brings diverse innovators together to nurture the ideas that spark revolutionary industries. We specialize in document- ing the latest tools and systems, translating the innovator’s knowledge into useful skills for those in the trenches. Visit con- ferences.oreilly.com for our upcoming events. Safari Bookshelf (safari.oreilly.com) is the premier online refer- ence library for programmers and IT professionals. Conduct searches across more than 1,000 books. Subscribers can zero in on answers to time-critical questions in a matter of seconds. Read the books on your Bookshelf from cover to cover or sim- ply flip to the page you need. Try it today for free. SECURITY POWER TOOLS ® Bryan Burns, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch, Dave Killion, Nicolas Beauchesne, Eric Moret, Julien Sobrier, Michael Lynn, Eric Markham, Chris Iezzoni, and Philippe Biondi Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo Security Power Tools® by Bryan Burns, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch, Dave Killion, Nicolas Beauchesne, Eric Moret, Julien Sobrier, Michael Lynn, Eric Markham, Chris Iezzoni, and Philippe Biondi Copyright © 2007 O’Reilly Media, Inc.
    [Show full text]
  • The Gateway Trojan
    THE GATEWAY TROJAN Volume 1, Version 1 TABLE OF CONTENTS About This Report ....................................................................................................................................1 Why This Malware?..................................................................................................................................2 The Basic Questions About RATs..........................................................................................................2 Different Breeds of RATs ........................................................................................................................5 Symantec’s Haley Subcategories of RATs .........................................................................................6 Dissecting a RAT .......................................................................................................................................7 Category II: Common RATs ....................................................................................................................9 Back Orifice ...........................................................................................................................................9 Bifrost ................................................................................................................................................. 10 Blackshades ....................................................................................................................................... 11 DarkTrack .........................................................................................................................................
    [Show full text]
  • Remote Administration Software Attacks on Systems Using Public Key Security with and Without Smart Cards
    Remote administration software attacks on systems using public key security with and without smart cards I. INTRODUCTION user more control of the remote Windows system than the person at the keyboard of that machine.” Public key technology is increasingly used to protect (Back Orifice web site, www.cultdeadcow.com/ against a wide range of potential security attacks on tools). The most satisfying, or the most frightening, data and data transmissions and to prevent identity thing about these claims is that they are absolutely theft. At the same time, remote administration tools true. are becoming increasingly popular for centralized administration and troubleshooting. Remote Using Back Orifice or other remote control programs administration tools offer both considerable savings as administration or trouble-shooting tools is ideal. for enterprises as well as considerable potential for They allow an administrator to take complete control bypassing security systems such as public key- of a computer. The flip side of full control is that an enabled systems. improperly motivated individual can do essentially anything that the legitimate user can do. This has a This white paper investigates the potential security serious impact on security that we will address in impacts on public key enhanced security systems by the remainder of this paper. remote administration tools. The general product class name was used, rather than specific vendor Back Orifice also advertises that it can get detailed names, because the issues investigated are related to system information, including: the technology and not to any particular vendor’s implementation. The evaluation of the interaction • Current user of these two technologies was done using several • CPU type remote administration applications, principally Back •Windows version Orifice, and an application from a PKI solutions • Memory usage provider.
    [Show full text]
  • This Is a Plain-Text List of Port Numbers, Names, and Descriptions. 'The List Should Be Kept in Ascending Numeric Sequence
    'This is a plain-text list of port numbers, names, and descriptions. 'The list should be kept in ascending numeric sequence. 'At present, the maximum number of entries is 8192. One line/port. 'Format: portnumber TAB portname TAB description ' portnumber: required. Range is 0 to 65535 ' TAB: a tab character (X'09'). The tabs are required even when ' fields between them are omitted. They are the delimiters. ' portname: optional. Common ports have standardized uses/names, ' but most other ports do not have names. Try to keep the ' names short, as they appear within the 'port' columns of ' the Events List. ' description: optional. This is a list of legitimate and/or malware. ' Legitimate use(s) come first, immediately following the TAB. ' These are the normal, non-threatening uses of the port. When ' a port has several uses, separate them with vertical bars. ' Spaces on either side of the bars make the list more readable. ' Malware (Worms, viruses, Trojans, etc.) appear after the ' legitimate uses. The Malware list begins with a Tilde (~). ' When there are several malwares, separate them with vertical ' bars. 'Look at some of the existing entries for examples. 'Lines beginning with an apostrophe, and blank lines, are ignored. 'Please send updates and corrections to [email protected] 0 ~REx 1 tcpmux TCP Port Service Multiplexer~Sockets des Troie 2 compressnet Compression Process~Death 3 compressnet compressnet 4 echo Appletalk echo Protocol 5 rje Remote Job Entry~yoyo 7 echo echo 8 ~Ping Attack 9 discard sink null 11 systat Active Users~Skun
    [Show full text]
  • List of New Applications Added in ARL #2576
    List of New Applications Added in ARL #2576 Application Name Publisher NetCmdlets 4.0 /n software NetCmdlets 3.1 /n software SecureBlackbox.NET 8.0 /n software NetCmdlets 3.0 /n software EldoS SFTP Net Drive 1.0 /n software Tenup 20190117 1010data Tendo 20151112 1010data Tendo 20160205 1010data Tendo 20190905 1010data Tendo 20170723 1010data Tendo 20161207 1010data 1042-S Pro 2016 Professional 1099 Pro Manager (10ZiG Manager) 3.0 10ZIG Technology DataParser 7.5 17a-4 1E Agent 7.2 1E SyncBackSE 8.2 2BrightSparks 2c8 Modeling Tool 4.2 2conciliate Business Solutions TaxACT 2017 2nd Story Software TaxACT 2018 2nd Story Software Complete Anatomy 5.0 3D4Medical Clean-Trace Hygiene Management 1.3 3M Core Grouping Software 2019 3M Core Grouping Software Client 2019 3M DWG DXF Converter 1.1 3nity Softwares Studio 3T 2020.9 3T Software Labs MongoChef 4.5 3T Software Labs MP4 to MP3 Converter 6.8 4Media Software Studio SendLater 3.4 4Team Disk Dril 3.7 508 Software Disk Dril 1.0 508 Software Disk Dril 3.5 508 Software Disk Dril 3.6 508 Software DoublePane 1.7 5am Code 7-PDF Maker 1.5 7-PDF Network Utility 2.2 8x8 Virtual Office Desktop 6.1 8x8 Virtual Office Desktop 6.4 8x8 Virtual Office Desktop 5.6 8x8 Virtual Office Desktop 6.7 8x8 ASAP Utilities 7.8 A Must in Every Office SafeSign 3.5 A.E.T. Europe BestSRQ Services 2015 A.M. Best Company BestESP Services Workstation 2012 A.M. Best Company BestESP Services Workstation A.M.
    [Show full text]