DOCSLIB.ORG

Automated Malware Analysis Report for Commerce

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automated Malware Analysis Report for Commerce ID: 288231 Sample Name: commerce - 09.21.2020.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 19:48:34 Date: 21/09/2020 Version: 30.0.0 Red Diamond Table of Contents Table of Contents 2 Analysis Report commerce -09.21.2020.doc 4 Overview 4 General Information 4 Detection 4 Signatures 4 Classification 4 Startup 4 Malware Configuration 4 Yara Overview 4 Sigma Overview 4 System Summary: 4 Signature Overview 4 AV Detection: 5 Software Vulnerabilities: 5 System Summary: 5 Hooking and other Techniques for Hiding and Protection: 5 Mitre Att&ck Matrix 5 Behavior Graph 6 Screenshots 6 Thumbnails 6 Antivirus, Machine Learning and Genetic Malware Detection 7 Initial Sample 7 Dropped Files 7 Unpacked PE Files 7 Domains 7 URLs 7 Domains and IPs 9 Contacted Domains 9 Contacted URLs 9 URLs from Memory and Binaries 9 Contacted IPs 13 Public 13 General Information 13 Simulations 14 Behavior and APIs 14 Joe Sandbox View / Context 15 IPs 15 Domains 15 ASN 15 JA3 Fingerprints 15 Dropped Files 15 Created / dropped Files 15 Static File Info 22 General 22 File Icon 22 Static OLE Info 22 General 22 OLE File "/opt/package/joesandbox/database/analysis/288231/sample/commerce -09.21.2020.doc" 22 Indicators 22 Summary 22 Document Summary 23 Streams with VBA 23 VBA File Name: ThisDocument.cls, Stream Size: 1127 23 General 23 VBA Code Keywords 23 VBA Code 23 VBA File Name: ad2db.bas, Stream Size: 10325 23 Copyright null 2020 Page 2 of 49 General 23 VBA Code Keywords 24 VBA Code 29 VBA File Name: dd953.bas, Stream Size: 6897 29 General 29 VBA Code Keywords 29 VBA Code 32 VBA File Name: f99c5.cls, Stream Size: 11477 32 General 32 VBA Code Keywords 33 VBA Code 39 Streams 39 Stream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 461 39 General 39 Stream Path: PROJECTwm, File Type: data, Stream Size: 95 39 General 39 Stream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 3458 39 General 40 Stream Path: VBA/__SRP_0, File Type: data, Stream Size: 1918 40 General 40 Stream Path: VBA/__SRP_1, File Type: data, Stream Size: 198 40 General 40 Stream Path: VBA/__SRP_2, File Type: data, Stream Size: 348 40 General 40 Stream Path: VBA/__SRP_3, File Type: data, Stream Size: 106 40 General 40 Stream Path: VBA/dir, File Type: data, Stream Size: 741 41 General 41 Network Behavior 41 Network Port Distribution 41 TCP Packets 41 UDP Packets 41 DNS Queries 42 DNS Answers 43 HTTP Request Dependency Graph 43 HTTP Packets 43 Code Manipulations 43 Statistics 43 Behavior 43 System Behavior 44 Analysis Process: WINWORD.EXE PID: 7144 Parent PID: 804 44 General 44 File Activities 44 File Created 44 File Deleted 44 File Written 44 File Read 45 Registry Activities 45 Key Created 45 Key Value Created 46 Key Value Modified 47 Analysis Process: regsvr32.exe PID: 1612 Parent PID: 7144 49 General 49 File Activities 49 File Read 49 Disassembly 49 Code Analysis 49 Copyright null 2020 Page 3 of 49 Analysis Report commerce -09.21.2020.doc Overview General Information Detection Signatures Classification Sample commerce - Name: 09.21.2020.doc Muullltttiii AAVV SSccaannnneerrr ddeettteecctttiiioonn fffoorrr ssuubbm… Analysis ID: 288231 OMffuffffiilictcie eA ddVoo cScuucmaneennettt rttt rrrdiiieesst e tttocot iccooonnn fvvoiiinrn csceue b vvmiii… MD5: cb29335b00b0a2… COCrrfrefeiacaetttee dss o aacnnuddm ooeppneet nntrssi e aas ffftaaokk eceo ddnoovccinuucmee evnnittt… SHA1: 6aeb42b7e0d7ab… DCDoroeccauutmesee nanttnt cdcoo onnptttaaeiiinnss aa nnfa eekme bbdeeoddcdudemedde VnVBtB… SHA256: 2d2f0a3e263c64c… DDooccuumeennttt ccoonntttaaiiinnss aann eembbeeddddeedd VVBB… Tags: doc IcedID macros shath Ransomware ak TA551 DDooccuumeennttt ccoonntttaaiiinnss aann eembbeeddddeedd VVBB… Miner Spreading Most interesting Screenshot: mmaallliiiccciiioouusss DDooccuumeennttt ccoonntttaaiiinnss aann eembbeeddddeedd VVBB… malicious Evader Phishing sssuusssppiiiccciiioouusss suspicious DDooccuumeennttt ecexoxpnplltloaoiiittnt dsde eatttenec cetttemeddb ((e(ppdrrrodocecedes sVss…B cccllleeaann clean MDoaaccuhhmiiinnee n LLte eeaaxrrrpnnliioinnigtg d ddeeettteteeccctttetiiioodnn ( pfffoorrorr csseaasmspp… Exploiter Banker SMSiiigagmchaain ddeee Lttteeccatttreenddin::: gM diiiccerrrotoesscootfiffottt nO ffffoffiiicrc ees a PPmrrr…p Score: 88 Spyware Trojan / Bot DSDoiogccmuuma edenentt e cccootnentdtaa:i inMnssi c aarnon s eeomftb bOeefddfiddceed dP VVrBB Range: 0 - 100 DDooccuumeennttt ccoonntttaaiiinnss aann eembbeeddddeedd VVBB… Adware Whitelisted: false DDooccuumeennttt ccoonntttaaiiinnss eaemn bebemeddbddeeedddd VeVdBB AVA B … Confidence: 100% DDooccuumeennttt ccoonntttaaiiinnss nenomo ObeLLdEEd sesttdtrrre eVaaBmA … DDooccuumeennttt hchaoasns t aaninn usu nnkkonn oOowwLnEn aasptprppelllaiiiccmaatt tiii… PDPoottcteeunnmtttiiiaeallnl ddt oohccauusm aeennn uttt neekxxnppollloowiiitttn dd aeepttteepcclittcteeaddt…i Startup PPoottteenntttiiiaalll ddooccuumeennttt eexxpplllooiiittt ddeettteeccttteedd… PPoottteenntttiiiaalll ddooccuumeennttt eexxpplllooiiittt ddeettteeccttteedd System is w10x64 PPoottteenntttiiiaalll ddooccuumeennttt eexxpplllooiiittt ddeettteeccttteedd… WINWORD.EXE (PID: 7144 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\WINTPTWrroriiieteOessnR tttoDoia l.lloE odaaXoddEc mu' /miAiisseussnitiinontg mge DxaDptLLiloLoLnsist -dEemtebceteddding MD5: 0B9AB9B9C4DE429473D6450D4297A123) regsvr32.exe (PID: 1612 cmdline: regsvr32 c:\programdata\b467e.pdf MD5: 426E7499F6A7346F0410DEAD0805586B) UTUrssieess atao k klnonoaowdw nmn wiwsesebibn bgbr rrDoowLwLsseserrr uusseerrr aaggee… cleanup UUsseess aa kknnoowwnn wweebb bbrroowwsseerr uusseerr aaggee… Uses a known web browser user age Malware Configuration No configs have been found Yara Overview No yara matches Sigma Overview System Summary: Sigma detected: Microsoft Office Product Spawning Windows Shell Signature Overview Copyright null 2020 Page 4 of 49 • AV Detection • Software Vulnerabilities • Networking • System Summary • Hooking and other Techniques for Hiding and Protection Click to jump to signature section AV Detection: Multi AV Scanner detection for submitted file Machine Learning detection for sample Software Vulnerabilities: Document exploit detected (process start blacklist hit) System Summary: Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) Document contains an embedded VBA macro which may execute processes Document contains an embedded VBA macro with suspicious strings Document contains an embedded VBA with functions possibly related to ADO stream file operations Document contains an embedded VBA with functions possibly related to HTTP operations Hooking and other Techniques for Hiding and Protection: Creates and opens a fake document (probably a fake document to hide exploiting) Mitre Att&ck Matrix Remote Initial Privilege Defense Credential Lateral Command and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Valid Scripting 4 2 DLL Side- Process Masquerading 1 OS File and Remote Data from Exfiltration Non-Application Eavesdrop on Remotely Accounts Loading 1 Injection 1 Credential Directory Services Local Over Other Layer Protocol 2 Insecure Track Device Dumping Discovery 1 System Network Network Without Medium Communication Authorization Default Exploitation for Boot or DLL Side- Disable or Modify LSASS System Remote Data from Exfiltration Application Layer Exploit SS7 to Remotely Accounts Client Logon Loading 1 Tools 1 Memory Information Desktop Removable Over Protocol 1 1 2 Redirect Phone Wipe Data Execution 2 3 Initialization Discovery 2 Protocol Media Bluetooth Calls/SMS Without Scripts Authorization Domain At (Linux) Logon Script Logon Process Security Query SMB/Windows Data from Automated Ingress Tool Exploit SS7 to Obtain Accounts (Windows) Script Injection 1 Account Registry Admin Shares Network Exfiltration Transfer 1 Track Device Device (Windows) Manager Shared Location Cloud Drive Backups Local At (Windows) Logon Script Logon Scripting 4 2 NTDS System Distributed Input Scheduled Protocol SIM Card Accounts (Mac) Script Network Component Capture Transfer Impersonation Swap (Mac) Configuration Object Model Discovery Copyright null 2020 Page 5 of 49 Remote Initial Privilege Defense Credential Lateral Command and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Cloud Cron Network Network DLL Side- LSA Remote SSH Keylogging Data Fallback Manipulate Accounts Logon Script Logon Loading 1 Secrets System Transfer Channels Device Script Discovery Size Limits Communication Behavior Graph Hide Legend Behavior Graph Legend: ID: 288231 Process Sample: commerce -09.21.2020.doc Startdate: 21/09/2020 Signature Architecture: WINDOWS Created File Score: 88 DNS/IP Info Is Dropped Office document tries Is Windows Process to convince victim to Multi AV Scanner detection Machine Learning detection disable security protection 5 other signatures started for submitted file for sample Number of created Registry Values (e.g. to enable ActiveX or Macros) Number of created Files Visual Basic Delphi WINWORD.EXE Java .Net C# or VB.NET 60 69 C, C++ or other language Is malicious dsb5vd.com Internet 185.159.129.44, 49722, 80 ITOS-ASRU Russian Federation started Creates and opens a Document exploit detected fake document (probably (process start blacklist a fake document to hide hit) exploiting) regsvr32.exe Screenshots Thumbnails This section contains all screenshots as thumbnails,
Load more

Recommended publications
  • B Rig H to N E X P Lo Re Rs C Lu B
    The Brighton Explorers Club (Est 1967) www.brightonexplorers.org email: [email protected] BEC SAFETY GUIDELINES CONTENTS Page 1 BEC SPORTS ACTIVITIES IN GENERAL 2 1.1 Introduction 2 1.2 Personal Details 2 1.3 Incident Book 2 1.4 Club Equipment 2 1.5 Group Size and Solo Activity 3 1.6 Looking Out For One Another 3 1.7 Mobile Phones 3 1.7.1 ‘ICE’: A Message from the Ambulance Service 1.7.2 Emergency Number 112 2 OUTDOOR ACTIVITIES 4 2.1 General Points 4 2.2 Natural Hazards 4 2.2.1 Dogs and cattle 2.2.2 Insects 2.2.3 Ticks and Lyme Disease 3 LEADING BEC ACTIVITIES 6 4 CAVING GUIDELINES 7 5 CLIMBING GUIDELINES 8 6 COASTEERING GUIDELINES 10 7 CYCLING GUIDELINES 12 7.1 Guidance Notes for Leading Cycle Rides 13 8 KAYAKING GUIDELINES 15 9 SURFING GUIDELINES 18 10 WALKING GUIDELINES 21 11 WINDSURFING GUIDELINES 24 APPENDIX 1: BASIC FIRST AID KIT 26 Brighton Explorers Club Last updated: 11th Jan 15 The Brighton Explorers Club is a UK registered charity. Charity no. 1156361 Page 1 of 26 BEC SAFETY GUIDELINES 1. BEC SPORTS ACTIVITIES IN GENERAL 1.1 Introduction Brighton Explorers Club (BEC) exists to encourage members to enjoy a variety of sporting pursuits; BEC is a club and not an activity centre, where the activities promoted by BEC can be dangerous if undertaken without consideration for the appropriate safety requirements. BEC is committed to maintaining high standards of safety. This document defines reasonable precautions to ensure that activities are carried out under safe conditions; to encourage all members to participate in club activities in a safe manner.
    [Show full text]
  • 1ST HINCHLEY WOOD SCOUT TROOP - EQUIPMENT LIST You Will Need to Provide Personal Equipment for Camping, Outdoor Activities Etc
    1ST HINCHLEY WOOD SCOUT TROOP - EQUIPMENT LIST You will need to provide personal equipment for camping, outdoor activities etc. as listed below. We are happy to advise on equipment selection and suppliers etc. Most offer discounts to Scouts, do not be afraid to ask! Loss of or damage to personal property of Group members (only) when on Scout activities is covered by an insurance policy held by the Group. Cover is to a maximum of £400 per individual (£200 max each item, excess £15) and is subject to exclusions (details on request). We sometimes do have some second hand items (eg hike boots) for loan, please ask! Please mark everything possible (especially uniform) with your name in a visible place! NORMAL CAMP KIT ------------------------------- CANOEING/KAYAKING KIT---------------------- Rucsac, Kit Bag or holdall to contain your kit (please do not bring your kit in bin liners!) T-Shirt Sweatshirt Day Sac (useful for travelling & activities off Swimming Shorts site). Bring one with two shoulder straps. Waterproof Top (Cagoule) Normal Scout Uniform Waterproof Overtrousers (for canoeing) Wire Coat Hanger (to hang uniform in tent) Canvas Shoes/old Trainers/wet suit shoes Plenty of warm clothes: Towel & change of clothes inc shoes Underclothes, Handkerchiefs Carrier bag for wet kit T-Shirts, Sweatshirts/Jumpers, Fleece HIKING KIT -------------------------------------------- Shorts, Trousers, Jeans Shoes &/or Trainers Day Sac – a comfortable one big enough for what you have to carry but not huge! Bring one with two shoulder Sleeping mat (optional
    [Show full text]
  • Sandringham School, St. Albans Uniform Price List 2020 Stevensons 131-135 Victoria Street,St Albans,Hertfordshire,AL1 3XS Custom
    Sandringham School, St. Albans Uniform Price List 2020 Stevensons 131-135 Victoria Street,St Albans,Hertfordshire,AL1 3XS [email protected] 01727 815700 www.stevensons.co.uk Sandringham School, St. Albans Senior - Girl Schoolwear SANDRINGHAM GIRLS BLAZER (022292) BLACK Size(s) 28,30,32,34,36 £35.50 Size 38 £42.50 WHITE BLOUSES LONG SLEEVE (000042) WHITE Twin pack Size(s) 28",30",32",34" £14.00 Size(s) 36",38",40",42",44" £17.50 WHITE BLOUSES SHORT SLEEVE (000043) WHITE Twin pack Size(s) 28",30",32",34" £14.00 Size(s) 36",38",40",42",44" £17.50 SANDRINGHAM V-NECK (012654) BLACK Size(s) 9\10,11\12,13 £17.75 Size(s) S,M £20.00 Size L £22.00 BLACK STITCHPLEAT (000249) BLACK No shorter than top of the knee Size(s) 22,24,26,28 £26.00 Size(s) 30,32,34,36,38 £31.50 STRAIGHT LEG GIRLS TROUSER BLACK (011422) BLACK Size 22" in S,R,L £20.00 Size 24" in S,R,L £20.00 Size 26" in S,R,L £20.00 Size 28" in S,R,L £20.00 Size 30" in S,R,L £25.25 Size 32" in S,R,L £25.25 Size 34" in S,R £25.25 Size 36" in S,R £25.25 Prices correct at time of printing 02/06/2020 Page 2 Sandringham School, St. Albans Senior - Girl SANDRINGHAM GIRLS TROUSERS (020443) BLACK Size 22 in S,R,L £22.75 Size 24 in S,R,L £22.75 Size 26 in S,R,L £22.75 Size 28 in S,R,L £22.75 Size 30 in S,R,L £28.75 Size 32 in S,R,L £28.75 Size 34 in S,R,L £28.75 SANDRINGHAM HOUSE TIE (024323) BLUE,GREEN,ORANGE,PINK,PURPLE,RED,SILVER,YELLOW Green - Austen Purple - Elgar Yellow - Fawcett Blue - Johnson Orange - Newton Silver - Shakespeare Red - Turing Pink Hepworth Size --- £8.00 CAGOULE BLACK (000177) BLACK Size 11\12 £12.00 Size(s) 32,34 £13.50 Size(s) S,M,L £19.00 5 PACK WHITE ANKLE SOCKS (013054) WHITE Size(s) 9\12,12\3½,4\7 £6.25 Size 7\11 £7.50 70 DENIER TIGHTS BLACK T/P (015533) BLACK Size(s) 11\13,TEENS £5.50 Size S\M £7.25 Size L\XL £7.75 40 DENIER TIGHTS BLACK T/P (000413) BLACK Size(s) S\M,M\L £6.50 DUO TIP LAUNDRY MARKER (004905) BLACK £2.50 72 WOVEN NAME TAPES (006955) ASSORTED £6.50 A card will be sent with an online code for you to order online direct with the supplier.
    [Show full text]
  • LPW Uniform List
    Lancing College Preparatory School at Worthing Uniform List September 2021 Lancing College Prep at Worthing School Uniform Introduction Lancing College has its own uniform shop on the College campus, where all items of Lancing Prep Worthing uniform can be bought. In normal times, all parents would be able to make an appointment to visit the shop to make their purchases. However due to the current Government Covid-19 guidelines, the shop needs to operate in a slightly different way. • These guidelines will apply to new and existing pupils. • All parents and guardians are encouraged to order online and arrange a suitable time for collection over the course of the summer holidays. • There will be some fitting appointments, but are limited one parent and one child per appointment (plus extra siblings purchasing uniform) • The online school shop can be accessed from the link below. Orders placed can be collected from the School Shop, by a pre-arranged appointment only Parents are asked to help the shop by aiming to place orders throughout the summer holidays. All Prep uniform orders must be made by 20 August 2021, orders made after this date will be delivered to the Prep School at the beginning of term. If you have any enquiries/questions please contact Mrs Karen Ford on 01273 465928 or email [email protected] At Lancing College Prep at Worthing, we believe pupils should maintain a smart appearance at all times. To this end we would ask you to read and adhere closely to the clothing list that is contained within this booklet.
    [Show full text]
  • General Brochure 2019-08-27 the Reference in Surface Treatment
    www.istsurface.com THE REFERENCE IN SURFACE TREATMENT RESPIRATORY PROTECTION T he airline respirator Series offer comfortable, reliable respiratory protection for abrasive blasters and painters. Our systems are NIOSH approved as Type C or CE Continuous Flow Class Respirator (Approval No. TC-19C-293). Basically, there are three types of air feeding system to supply your air fed protective hood: Option A - Air purifying system: A Radex filtration system using a carbon filter and activated alumina will remove 98% of particles down to 0,5 micron size. Does not remove carbon monoxide or other gases from airlines. Option B - Grade “D”* Air Supply with carbon monoxide detector: A Radex filtration system combined with a 4-step filtration system will efficiently remove oil, dust, odors, organic vapors, water and other contaminants, and provide Grade “D” Air according to OSHA. This system is also equipped with a carbon monoxide detector and warning signal. Option C- Ambient Air Supply: A breathing air system using a room air pump model EDP-10 to supply ambient air to the hood. The pump is activated by an electric motor with a power of 3/4 hp and 10 cubic feet @ 10 lb / pc. These three assemblies are provided with pressure regulator for controlling supplied air to blasting hood and are considered the safest means to provide quality breathing air to the operator. * Compressed breathing air shall meet at least the requirements for Grade D breathing air described in ANSI/Compressed Gas Association Commodity Specification for Air, G-7.1-1989 AIR
    [Show full text]
  • The Complete Costume Dictionary
    The Complete Costume Dictionary Elizabeth J. Lewandowski The Scarecrow Press, Inc. Lanham • Toronto • Plymouth, UK 2011 Published by Scarecrow Press, Inc. A wholly owned subsidiary of The Rowman & Littlefield Publishing Group, Inc. 4501 Forbes Boulevard, Suite 200, Lanham, Maryland 20706 http://www.scarecrowpress.com Estover Road, Plymouth PL6 7PY, United Kingdom Copyright © 2011 by Elizabeth J. Lewandowski Unless otherwise noted, all illustrations created by Elizabeth and Dan Lewandowski. All rights reserved. No part of this book may be reproduced in any form or by any electronic or mechanical means, including information storage and retrieval systems, without written permission from the publisher, except by a reviewer who may quote passages in a review. British Library Cataloguing in Publication Information Available Library of Congress Cataloging-in-Publication Data Lewandowski, Elizabeth J., 1960– The complete costume dictionary / Elizabeth J. Lewandowski ; illustrations by Dan Lewandowski. p. cm. Includes bibliographical references. ISBN 978-0-8108-4004-1 (cloth : alk. paper) — ISBN 978-0-8108-7785-6 (ebook) 1. Clothing and dress—Dictionaries. I. Title. GT507.L49 2011 391.003—dc22 2010051944 ϱ ™ The paper used in this publication meets the minimum requirements of American National Standard for Information Sciences—Permanence of Paper for Printed Library Materials, ANSI/NISO Z39.48-1992. Printed in the United States of America For Dan. Without him, I would be a lesser person. It is the fate of those who toil at the lower employments of life, to be rather driven by the fear of evil, than attracted by the prospect of good; to be exposed to censure, without hope of praise; to be disgraced by miscarriage or punished for neglect, where success would have been without applause and diligence without reward.
    [Show full text]
  • Parents Guide to Bowles
    Parents Guide to Bowles ABOUT BOWLES. Bowles is a purpose-built residential centre situated in a stunning natural environment on the Kent and Sussex border. It is built around a natural sandstone outcrop which is one of the main rock climbing venues in the South East. On site provision includes residential accommodation for up to 170, meeting and training facilities, two artificial ski slopes, a heated indoor swimming pool, a choice of three ropes courses and numerous problem solving activities, orienteering courses and archery plus many more. Please see www.bowles.rocks and click on the Schools and Colleges option for the full list of activities. ACTIVITIES We run three activities each day on our classic courses (The Winter Explorer course has two activity sessions a day). Selection of which activities are included in your child’s trip will be made by the teacher organising the programme. To give you a guide a typical programme may include skiing, canoeing, orienteering, swimming, raft-building, ropes courses and climbing. Activity sessions are structured to provide progression and success for all abilities, ensuring that children gain a solid grounding in the activity, instilling confidence and a true sense of achievement. If your son or daughter doesn’t come back completely exhausted and exhilarated then we haven’t done our job properly! OUR INSTRUCTORS Our instructors are fully qualified and experienced in all the activities they teach; many of them have been working at Bowles for several years. Many of our instructors hold very high level qualifications that go above and beyond the training that other centres can offer and we also employ a number of qualified teachers too.
    [Show full text]
  • Monday 21St June NUMBER 35
    News Summer 2020/21 W/C: Monday 21st June NUMBER 35 Thank you to everyone with their ongoing support for Mon • Bags 2 school drop off all day our Friends PTA events. You raised an amazing amount at the Village Hall of money with our Smarties collection! All the chil- dren will receive a ‘golden time’ free choice session Tues • Zoom Parents Evening 3.30— over the next few weeks to say thank you. Please see 5.30 pm the message from our wonderful PTA on page 3. Don’t Wed • Zoom Parents Evening 3.30— forget that you can drop bags to school at the old vil- 7.30 pm lage hall on Monday… I have lots of bags ready at home to clear some space and raise some money! By Thurs • N/A now you will have received your appointment times for parents evening next week. The teachers are really looking forwards to sharing your children's progress Fri • Ice cream (£1) & Ice lollies (50p) with you, although it is a real shame this needs to run PTA sale remotely. We have been working really hard to plan • Non Uniform Day PTA Fundrais- the remaining events for this school year. Guidance er £1 has kept changing since Monday’s announcement but we now have a clear plan in place, see todays letter. Things are not where we would like them to be but Friday Ice-Cream keeping everyone safe and in school is our biggest pri- Sales ority. On Friday again, the Have a great weekend, PTA will be selling Mr Gromski and the team ice creams and ice lollies, at the end of Waterproof Coat the school day every Friday.
    [Show full text]
  • UNSTITCHING the 1950S FILM Á COSTUMES: HIDDEN
    1 UNSTITCHING THE 1950s FILM Á COSTUMES: HIDDEN DESIGNERS, HIDDEN MEANINGS Volume I of II Submitted by Jennie Cousins, to the University of Exeter as a thesis for the degree of Doctor of Philosophy in Film Studies, October 2008. This thesis is available for library use on the understanding that it is copyright material and that no quotation from the thesis may be published without proper acknowledgement. I certify that all material in this thesis which is not my own work has been identified and that no material has previously been submitted and approved for the award of a degree by this or any other University. …………………………………. 2 Abstract This thesis showcases the work of four costume designers working within the genre of costume drama during the 1950s in France, namely Georges Annenkov, Rosine Delamare, Marcel Escoffier, and Antoine Mayo. In unstitching the cinematic wardrobes of these four designers, the ideological impact of the costumes that underpin this prolific yet undervalued genre are explored. Each designer’s costume is undressed through the identification of and subsequent methodological focus on their signature garment and/or design trademark. Thus the sartorial and cinematic significance of the corset, the crinoline, and accessories, is explored in order to determine an ideological pattern (based in each costumier’s individual design methodology) from which the fabric of this thesis may then be cut. In so doing, the way in which film costume speaks as an independent producer of cinematic meaning may then be uncovered. By viewing costume design as an autonomous ideological system, rather than a part of mise-en- scène subordinate to narrative, this fabric-centric enquiry consolidates Stella Bruzzi’s insightful exploration of film costume in Undressing Cinema, Clothing and Identity in the Movies (1997).
    [Show full text]
  • School-Uniform-Booklet.Pdf
    School Uniform September 2021 Jordanhill School This booklet contains details of the standard school uniform. The neat, tidy turnout of our pupils is a credit to parents and is an important factor in the school’s reputation in the community. It would be greatly appreciated if parents would ensure that pupils wear the appropriate uniform at all times. Correct school uniform must be worn not only in school, but whenever travelling to and from school, when on study leave but visiting the School, and whenever representing the school. Exceptions to this will be for specific activities and participating pupils will be advised. • Only those items specified on the uniform list will be permitted. • Pupils must be neat and tidy in appearance. • Shirts must be tucked in, and have collar and cuff buttons fastened. T- shirts worn under shirts must be plain white. • Ties must be worn correctly. • Hairstyles must be appropriate, as must hair fasteners / accessories. Extremes of hairstyle, hair colour and hair length are unacceptable • School shoes should be plain black, waterproof and contain no logos. (Training, canvas and sports shoes should be worn only for PE and when accessing the all-weather pitch). • Pupils are allowed to wear black boots to and from school in inclement weather but should change into shoes during school hours. • Pupils are permitted to wear a jacket, preferably in school colours, over their blazer during inclement weather. Pupils should remove this when they enter the school building along with hats and scarves. • Blazers must be worn when travelling to and from school, and at all times when moving around the school.
    [Show full text]
  • Vêtements Lexique Français-Anglais Introduction Les Entrées Sont
    Vêtements Lexique français-anglais Introduction Les entrées sont classées selon l’ordre alphabétique strict des mots. Les expressions ou termes en anglais sont présentés en italique. Il y a lieu de noter que la liste des équivalents n’est pas exhaustive. Il existe d’autres équivalents corrects. Dans certains cas, les équivalents diffèrent d’une province à l’autre et d’un domaine juridique à l’autre. Il existe aussi des régionalismes qui sont propres à un territoire ou à une seule province. L’Institut Joseph-Dubuc tient à remercier les nombreux juristes et spécialistes qui lui ont transmis leurs commentaires et proposé des ajouts ou des corrections concernant ces lexiques. - 1 - Vêtements Lexique français-anglais - A - accessoire de mode fashion accessory à la mode fashionable ample loose fitting angora angora anorak anorak attache fastener - B - babouche babouche; Turkish slipper bain de soleil halter bandeau bandeau bandeau absorbant headband; sweatband bas sock; stocking bas-culotte pantyhose bas de nylon nylon stocking bas de pantalon pant bottoms; trouser bottoms bas de soie silk stocking bas élastique support hose bas extra-fins sheer stockings bas-genoux knee socks bas-jarretière stay-up hose bas résille fishnet stocking béret beret bermuda Bermuda shorts bikini bikini bleu de travail coveralls blouse blouse blouse de chirurgien operating surgical gown blouse de travail sack coat blouson blouson-style jacket; jacket blouson d’aviateur bomber jacket; flight jacket blouson style aviateur bomber jacket; flight jacket - 2 - Vêtements
    [Show full text]
  • Dual-Range High-Voltage Non-Contact Tester Low Range: 50V to 1.5Kv Ac High Range: 1.5Kv to 132Kv Ac
    ENGLISH HVNCVT1 INSTRUCTION MANUAL Dual-Range High-Voltage Non-Contact Tester Low Range: 50V to 1.5kV AC High Range: 1.5kV to 132kV AC Español pg. 13 Français pg. 25 HVNCVT1-1390107ART.indd 1 7/20/2015 3:25:11 PM Dwg Name: HVNCVT-1-1390107ART Dwg No: 1390107 ECO No: 19485 Pkg Dwg Ref: 1290179 Rev: A Color Reference: CEN-PACK-003-A ENGLISH GENERAL SPECIFICATIONS The Dual-Range High-Voltage Non-Contact Tester (HVNCVT1) checks for the presence of AC voltage without making any disconnection in cables, wall sockets, fuses, circuit breakers, junction boxes, etc. No current flow is needed for correct operation. The tester warns against dangerous voltage from low to high voltage applications up to 132kV without contacting the energized conductor. The low- range setting should be used for detecting 50V AC to 1.5kV AC. It may be used as a hand-held device ONLY when checking for low voltage. The high-range setting should be used for detecting 1.5kV AC to 132kV AC. It should ONLY be used with a hot stick when checking for high voltage. Always follow approved work safety practices and clearances per OSHA Sub-parts R & V and all company work rules. For Minimum Approach Distances (MAD), see OSHA Tables R-6 and R-7 (pages 8 & 9) in this manual. • Operating Temperature: 32° to 122°F (0° to 50°C) @ 85% relative humidity • Storage Temperature: 14° to 122°F (-10° to 50°C) @ 85% relative humidity • Dimensions: Tester: 13" x 3.15" x 2.64" (330 x 80 x 67mm) Case: 14" x 8" x 3.5" (356 x 203 x 89 mm) • Weight: 8 oz.
    [Show full text]