Trojan.FakeAV.20417

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SafePCClientSetup' = 'c:\clientsetup.exe'
[<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'SafePCClientSetup' = 'c:\clientsetup.exe'
[<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'SafeWnd' = '%WINDIR%\NICS\SafeWnd.exe'

Creates or modifies the following files

<SYSTEM32>\tasks\nicsrecoverytask
<SYSTEM32>\tasks\nicsservicestartchecktask

Creates the following services

[<HKLM>\System\CurrentControlSet\Services\MSUpdateAgentService] 'Start' = '00000002'
[<HKLM>\System\CurrentControlSet\Services\MSUpdateAgentService] 'ImagePath' = '%WINDIR%\MSUpdateAgentSvc.exe'

Changes the following executable system files

%WINDIR%\syswow64\mfc100.dll
%WINDIR%\syswow64\mfc100u.dll
%WINDIR%\syswow64\msvcp100.dll
%WINDIR%\syswow64\msvcr100.dll

Malicious functions

To bypass firewall, removes or modifies the following registry keys

[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\MSUpdateAgent.exe' = '%WINDIR%\Nics\MSUpdateAgent.exe:*...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\FdWipeFile.exe' = '%WINDIR%\Nics\FdWipeFile.exe:*:Enabl...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\FdWipeFile.exe' = '%WINDIR%\Nics\FdWipeFile.exe:*:E...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\FdWipeFile.exe' = '%WINDIR%\Nics\FdWipeFile.exe:*:Ena...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\Update.exe' = '%WINDIR%\Nics\Update.exe:*:Enabled:Updat...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\Update.exe' = '%WINDIR%\Nics\Update.exe:*:Enabled:U...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\Update.exe' = '%WINDIR%\Nics\Update.exe:*:Enabled:Upd...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\Patch.exe' = '%WINDIR%\Nics\Patch.exe:*:Enabled:Patch'
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\Patch.exe' = '%WINDIR%\Nics\Patch.exe:*:Enabled:Pat...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\Patch.exe' = '%WINDIR%\Nics\Patch.exe:*:Enabled:Patch...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\PCZiggy.exe' = '%WINDIR%\Nics\PCZiggy.exe:*:Enabled:PCZ...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\PCZiggy.exe' = '%WINDIR%\Nics\PCZiggy.exe:*:Enabled...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\PCZiggy.exe' = '%WINDIR%\Nics\PCZiggy.exe:*:Enabled:P...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\PZServiceNt.exe' = '%WINDIR%\Nics\PZServiceNt.exe:*:Ena...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\PZServiceNt.exe' = '%WINDIR%\Nics\PZServiceNt.exe:*...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\PZServiceNt.exe' = '%WINDIR%\Nics\PZServiceNt.exe:*:E...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\SafeUsrMgr.exe' = '%WINDIR%\Nics\SafeUsrMgr.exe:*:Enabl...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\SafeUsrMgr.exe' = '%WINDIR%\Nics\SafeUsrMgr.exe:*:E...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\SafeUsrMgr.exe' = '%WINDIR%\Nics\SafeUsrMgr.exe:*:Ena...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\SafePrivacy\SafePsMsg.exe' = '%WINDIR%\Nics\SafePrivacy...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\SafePrivacy\SafePsMsg.exe' = '%WINDIR%\Nics\SafePri...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\SafePrivacy\SafePsMsg.exe' = '%WINDIR%\Nics\SafePriva...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\SafePrivacy\Safefs.exe' = '%WINDIR%\Nics\SafePrivacy\Sa...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\SafePrivacy\Safefs.exe' = '%WINDIR%\Nics\SafePrivac...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\SafePrivacy\Safefs.exe' = '%WINDIR%\Nics\SafePrivacy\...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\speproxy\SPEProxy.exe' = '%WINDIR%\Nics\speproxy\SPEPro...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\sfilter.exe' = '%WINDIR%\Nics\sfilter.exe:*:Enabled:s...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\speproxy\SPEProxy.exe' = '%WINDIR%\Nics\speproxy\SP...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\sfilter.exe' = '%WINDIR%\Nics\sfilter.exe:*:Enabled...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\csrss.exe' = '%WINDIR%\Nics\csrss.exe:*:Enabled:csrss...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\MSUpdateAgent.exe' = '%WINDIR%\Nics\MSUpdateAgent.e...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\MSUpdateAgent.exe' = '%WINDIR%\Nics\MSUpdateAgent.exe...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\MSUpdateAgentSvc.exe' = '%WINDIR%\MSUpdateAgentSvc.exe:*:Ena...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\MSUpdateAgentSvc.exe' = '%WINDIR%\MSUpdateAgentSvc.exe:*...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\MSUpdateAgentSvc.exe' = '%WINDIR%\MSUpdateAgentSvc.exe:*:E...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\MSUpdateAgentSvc.exe' = '%WINDIR%\Nics\MSUpdateAgentSvc...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\MSUpdateAgentSvc.exe' = '%WINDIR%\Nics\MSUpdateAgen...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\MSUpdateAgentSvc.exe' = '%WINDIR%\Nics\MSUpdateAgentS...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\SMSS.exe' = '%WINDIR%\Nics\SMSS.exe:*:Enabled:SMSS'
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\SMSS.exe' = '%WINDIR%\Nics\SMSS.exe:*:Enabled:SMSS'
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\SMSS.exe' = '%WINDIR%\Nics\SMSS.exe:*:Enabled:SMSS'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\AutoClientUpdate.exe' = '%WINDIR%\Nics\AutoClientUpdate...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\AutoClientUpdate.exe' = '%WINDIR%\Nics\AutoClientUp...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\AutoClientUpdate.exe' = '%WINDIR%\Nics\AutoClientUpda...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\RCSDeamon.exe' = '%WINDIR%\Nics\RCSDeamon.exe:*:Enabled...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\RCSDeamon.exe' = '%WINDIR%\Nics\RCSDeamon.exe:*:Ena...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\RCSDeamon.exe' = '%WINDIR%\Nics\RCSDeamon.exe:*:Enabl...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\Client.exe' = '%WINDIR%\Nics\Client.exe:*:Enabled:Clien...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\Client.exe' = '%WINDIR%\Nics\Client.exe:*:Enabled:C...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\Client.exe' = '%WINDIR%\Nics\Client.exe:*:Enabled:Cli...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\SClient.exe' = '%WINDIR%\Nics\SClient.exe:*:Enabled:SCl...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\SClient.exe' = '%WINDIR%\Nics\SClient.exe:*:Enabled...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\SClient.exe' = '%WINDIR%\Nics\SClient.exe:*:Enabled:S...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\csrss.exe' = '%WINDIR%\Nics\csrss.exe:*:Enabled:csrss'
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\csrss.exe' = '%WINDIR%\Nics\csrss.exe:*:Enabled:csr...
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\sfilter.exe' = '%WINDIR%\Nics\sfilter.exe:*:Enabled:sfi...
[<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\] '%WINDIR%\Nics\speproxy\SPEProxy.exe' = '%WINDIR%\Nics\speproxy\SPEP...

Modifies settings of Windows Internet Explorer

[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.exe'

Modifies file system

Creates the following files

%TEMP%\sfpacker0076000\_tmpclientsetup.zip
%TEMP%\sfpacker0076000\$modules\$common\$windir\system32\sflsetag.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\system32\ssleay32.dll
%WINDIR%\msupdateagentsvc.exe
%WINDIR%\nics\fwcontrol.exe
%WINDIR%\nics\mfc42.dll
%WINDIR%\nics\msvcp60.dll
%WINDIR%\nics\msvcrt.dll
%WINDIR%\nics\msxml3kor.msi
%WINDIR%\nics\safewnd.exe
%WINDIR%\nics\safewndeng.dll
%WINDIR%\nics\sfpmleng.ini
%WINDIR%\nics\sfpmlkor.ini
%WINDIR%\nics\spintro.dll
%WINDIR%\nics\suser.exe
%WINDIR%\ssl_opt.ini
%WINDIR%\syswow64\dk_ssl.dll
%WINDIR%\syswow64\klib.dll
%WINDIR%\syswow64\libeay32.dll
%WINDIR%\syswow64\msxml4.dll
%WINDIR%\syswow64\msxml4a.dll
%WINDIR%\syswow64\msxml4r.dll
%WINDIR%\syswow64\sfcodec.dll
%WINDIR%\syswow64\sfdfag.dll
%WINDIR%\syswow64\sfinfo.dll
%WINDIR%\syswow64\sflset.sys
%WINDIR%\syswow64\sflsetag.dll
%WINDIR%\syswow64\ssleay32.dll
%WINDIR%\nics\log\setupagent.log
%WINDIR%\nics\log\sfsetup.log
%TEMP%\sfpacker0076000\$modules\$common\$windir\system32\sflset.sys
%PROGRAMDATA%\nicstech\log\safewnd.log
%TEMP%\sfpacker0076000\$modules\$common\$windir\system32\sfinfo.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\system32\sfcodec.dll
%TEMP%\sfpacker0076000\$modules\office.bat
%TEMP%\sfpacker0076000\$modules\office.reg
%TEMP%\sfpacker0076000\$modules\sfsetup.ini
%TEMP%\sfpacker0076000\$modules\spintro.dll
%TEMP%\sfpacker0076000\$modules\uninst.exe
C:\clientsetup.exe
%TEMP%\sfpacker0076000\$modules\$common\$windir\msupdateagentsvc.exe
%TEMP%\sfpacker0076000\$modules\$common\$windir\ssl_opt.ini
%TEMP%\sfpacker0076000\$modules\$common\$windir\nics\fwcontrol.exe
%TEMP%\sfpacker0076000\$modules\$common\$windir\nics\mfc42.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\nics\msvcp60.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\nics\msvcrt.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\nics\msxml3kor.msi
%TEMP%\sfpacker0076000\$modules\$common\$windir\nics\safewnd.exe
%TEMP%\sfpacker0076000\$modules\$common\$windir\nics\safewndeng.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\nics\sfpmleng.ini
%TEMP%\sfpacker0076000\$modules\$common\$windir\nics\sfpmlkor.ini
%TEMP%\sfpacker0076000\$modules\$common\$windir\nics\spintro.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\nics\suser.exe
%TEMP%\sfpacker0076000\$modules\$common\$windir\system32\dk_ssl.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\system32\klib.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\system32\libeay32.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\system32\mfc100.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\system32\mfc100u.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\system32\msvcp100.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\system32\msvcr100.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\system32\msxml4.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\system32\msxml4a.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\system32\msxml4r.dll
%TEMP%\sfpacker0076000\$modules\$common\$windir\system32\sfdfag.dll
%WINDIR%\nics\local_auth.log

Miscellaneous

Searches for the following windows

ClassName: 'RegEdit_RegEdit' WindowName: ''

Creates and executes the following

'%WINDIR%\nics\safewnd.exe'
'%WINDIR%\msupdateagentsvc.exe'
'%WINDIR%\nics\safewnd.exe' ' (with hidden window)
'%WINDIR%\syswow64\schtasks.exe' /Query /TN NicsRecoveryTask' (with hidden window)
'%WINDIR%\syswow64\schtasks.exe' /Create /F /RU SYSTEM /RL HIGHEST /SC ONLOGON /TN NicsRecoveryTask /TR "%WINDIR%\MSUpdateAgentSvc.exe /RegServiceAndRun"' (with hidden window)
'%WINDIR%\syswow64\schtasks.exe' /Create /F /RU SYSTEM /RL HIGHEST /SC ONLOGON /TN NicsServiceStartCheckTask /TR "%WINDIR%\MSUpdateAgentSvc.exe /ServiceStartCheck"' (with hidden window)

Executes the following

'%WINDIR%\syswow64\cmd.exe' /c %TEMP%\SFPacker0076000\$MODULES\office.bat
'%WINDIR%\syswow64\regedit.exe' /s office.reg
'%WINDIR%\syswow64\schtasks.exe' /Query /TN NicsRecoveryTask
'%WINDIR%\syswow64\schtasks.exe' /Create /F /RU SYSTEM /RL HIGHEST /SC ONLOGON /TN NicsRecoveryTask /TR "%WINDIR%\MSUpdateAgentSvc.exe /RegServiceAndRun"
'%WINDIR%\syswow64\schtasks.exe' /Create /F /RU SYSTEM /RL HIGHEST /SC ONLOGON /TN NicsServiceStartCheckTask /TR "%WINDIR%\MSUpdateAgentSvc.exe /ServiceStartCheck"

Technologies

Terminology

Training and education

Myths

Technical Information

Curing recommendations

Free trial