Unity True Facials [v0.58b Pro] [HenryTaiwan]

[APBP108]

It's back. Posture is difficult, but if you know where to move it will be easier.

 

[Doodleri]

 

[Punisher1970]

Hello
Story n.36 is out! Here's the link to my main post. Enjoy.
https://f95zone.to/threads/true-facials-v0-54-henrytaiwan.35192/post-16516119

IMPORTANT NOTE: this is still a ver0.56 story, like some others I am creating, I can't guarantee they will work in the 0.57 version.
If you are interested in my stories, I suggest to still keep your 0.56 version to view them

FYI.
When going to your GoFile account, it says no items to display. Not sure if you moved or deleted them, so it's just a heads up.

 

[Sparowe]

I don't know what's going on but I cannot open the menu and I can't change characters.

 

[Rathma]

DO NOT RUN THIS GAME THROUGH TrueFacials.exe IT CONTAINS AN INFO STEALING MALWARE / VIRUS

The genuine executable for the game is bin.exe, while the fake TrueFacials.exe is a malicious file intentionally renamed to appear legitimate and trick users into running it. In reality, it is an info-stealing malware that extracts and executes a batch script in your temporary folder with elevated permissions, patches your default browser with a fake updater (updater.exe), and steals sensitive personal data.

This malware was first seen in the wild on 2021-08-27 13:21:44 UTC, and remains active in the distributed build. If you ran it and your antivirus did not block the payload, assume your information has been compromised.

I personally tested the executable in an isolated virtual machine to verify the earlier analysis by user poopybutt77 and can confirm with 100% certainty that it is an info stealer.

Do not try to reproduce this on a real host machine, only test in an isolated VM or sandbox. Run it on your main system and you'll get your shit rocked and your data looted.

Key evidence I observed inside an isolated VM

• Two files observed:
  You must be registered to see the links
  (legitimate Unity executable) and
  You must be registered to see the links
  (malicious impersonator).
• Malicious behavior reproduced in a VM: extraction of a .bat into the temporary folder and execution via cmd.exe.
• The malware attempts to download / place updater.exe in a path that impersonates a browser updater (e.g. C:\Program Files (x86)\Google...\updater.exe) and launch it.
• Registry modifications observed targeting persistence and service manipulation:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run (adds startup entry).
  • HKLM\SYSTEM\CurrentControlSet\Services (modifies/creates service entries).
  • HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE (modified).
  • etc... all files created and accessed can be seen at the
    You must be registered to see the links
• Network activity: connections to numerous external IPs consistent with C2 behavior.
• Spawns additional processes/services and creates multiple .tmp files and batch scripts in %LOCALAPPDATA%\Temp.
• Associated file hashes/parents noted in analysis indicate affiliation with keygens and random archives (IOCs that increase suspicion).
• Earliest seen timestamp in the wild (per the provided analysis): 2021-08-27 13:21:44 UTC indicates this malicious build has been available for years.

Sample batch content observed (exact snippet reproduced from legit TrueFacials.bat launcher):

Echo off
cd ntleas\x64
ntleas.exe ../../bin.exe "L1041"
cls

This is what the legitimate launcher should do. Instead, TrueFacials.exe extracts and runs a malicious batch that patches the browser and runs updater.exe


Why “false positive” claims are wrong

• This is not a heuristic alert with no side effects. The binary actively modifies registry keys, creates & executes batch files, spawns processes/services, and downloads/places a payload that impersonates a browser updater. Those are explicit malicious behaviors, not a heuristics mistake.
• Behavior reproducible in an isolated VM.

Here is a video of the analysis with a guide on how to verify it yourself.

View attachment 5363357

Original analysis by:

Version 0.58 pro only has the Truefacial.exe and doesn't include a bin.exe.

the included exe was compiled in unity as per this dudes video, so you should be good.

Doesn't hurt to be cautious, but from what I've seen so far this build is clean.

 

[PaganPin]

I downloaded the voice mod and loaded this pose with Eve in first person and the way she looks into your eyes and you can see the reflection of the player character made me lose a lot of time just staring at her. Wow. Is this how love feels like guys?

No, real sex with a real person that you have a loving relationship with is way better.

 

[Depesonalization]

we are so back...

 

[Hobocop Harrier du bois]

Say do you need a beefy pc to run this game?

 

[Valecordia]

Say do you need a beefy pc to run this game?

My specs are an i7 3770, 16 gigs of ram with a 1050ti and it runs....well...not smooth but definitely playable on low graphic settings.
If your specs are higher than mine; expect for it to run more smoothly than mine.
But be warned it will stutter a lot the more characters you added into the scene.
Mine maxed out at 13 total.

Edit:
Forgot to mention that the map scenes is also a factor for performance of the game.
Empty fields like the island map will run smooth like butter so your experience may vary depends on the map itself.

Have fun.

 

[Hellpnotme]

Anyone else having noticeably improved performance this new update? I loaded up a scene with 4 characters in the bedroom and hooo it runs waay better than the previous version.

Also as a reminder, you can add the old characters by copy and pasting the mods folder to your current version (mine was 0.57 to 0.58, and i skipped overwriting, worked just fine for me).

 

[Kinkerguy5]

oh my good god this is so well done. downloaded it yesterday and lost a couple hours just enjoying everything. the fluids and character models are so nicely done and the animations are quite nice too, although sometimes it is a little jank with the way mainly the characters hands snap to places and make weird bends but that's only a small nitpick at best and is easy enough to work around. definitely looking forward to the future of this one and will enjoy it a lot in the meantime

 

[lebrun82]

crash on startup, grey screen and freeze forever, version 0.58 pro

 

[Dark_Templar]

DO NOT RUN THIS GAME THROUGH TrueFacials.exe IT CONTAINS AN INFO STEALING MALWARE / VIRUS

The genuine executable for the game is bin.exe, while the fake TrueFacials.exe is a malicious file intentionally renamed to appear legitimate and trick users into running it. In reality, it is an info-stealing malware that extracts and executes a batch script in your temporary folder with elevated permissions, patches your default browser with a fake updater (updater.exe), and steals sensitive personal data.

This malware was first seen in the wild on 2021-08-27 13:21:44 UTC, and remains active in the distributed build. If you ran it and your antivirus did not block the payload, assume your information has been compromised.

I personally tested the executable in an isolated virtual machine to verify the earlier analysis by user poopybutt77 and can confirm with 100% certainty that it is an info stealer.

Do not try to reproduce this on a real host machine, only test in an isolated VM or sandbox. Run it on your main system and you'll get your shit rocked and your data looted.

Key evidence I observed inside an isolated VM

• Two files observed:
  You must be registered to see the links
  (legitimate Unity executable) and
  You must be registered to see the links
  (malicious impersonator).
• Malicious behavior reproduced in a VM: extraction of a .bat into the temporary folder and execution via cmd.exe.
• The malware attempts to download / place updater.exe in a path that impersonates a browser updater (e.g. C:\Program Files (x86)\Google...\updater.exe) and launch it.
• Registry modifications observed targeting persistence and service manipulation:
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run (adds startup entry).
  • HKLM\SYSTEM\CurrentControlSet\Services (modifies/creates service entries).
  • HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE (modified).
  • etc... all files created and accessed can be seen at the
    You must be registered to see the links
• Network activity: connections to numerous external IPs consistent with C2 behavior.
• Spawns additional processes/services and creates multiple .tmp files and batch scripts in %LOCALAPPDATA%\Temp.
• Associated file hashes/parents noted in analysis indicate affiliation with keygens and random archives (IOCs that increase suspicion).
• Earliest seen timestamp in the wild (per the provided analysis): 2021-08-27 13:21:44 UTC indicates this malicious build has been available for years.

Sample batch content observed (exact snippet reproduced from legit TrueFacials.bat launcher):

Echo off
cd ntleas\x64
ntleas.exe ../../bin.exe "L1041"
cls

This is what the legitimate launcher should do. Instead, TrueFacials.exe extracts and runs a malicious batch that patches the browser and runs updater.exe


Why “false positive” claims are wrong

• This is not a heuristic alert with no side effects. The binary actively modifies registry keys, creates & executes batch files, spawns processes/services, and downloads/places a payload that impersonates a browser updater. Those are explicit malicious behaviors, not a heuristics mistake.
• Behavior reproducible in an isolated VM.

Here is a video of the analysis with a guide on how to verify it yourself.

View attachment 5363357

Original analysis by:

My god, for the one millionth time there is no virus, it's NTLEAS that triggers some AV's, if you or anyone would like to know why then I suggest googling it, this has been explained on here before so many times I have lost count.

Seriously stop fearmongering, I don't even care about the game personally but when you spread BS and talk like you know something about this (clearly you have no fucking idea) then it just makes you look like a fool or worse. So for those worried, don't be, this goofball has no idea what he talking about.

 

[Kitsune78]

just saw that this was updated. my dissapointment is non-existant and my day is made, great work by the devs and modders

 

[ssbbssc]

nah, this game is past its prime. only thing that changes - heads, all body models are same, posing is stupid and retarded

 

[IKagamiY]

So just to be clear. There is no virus in this version currently right ?
Never played true facials before. And i did get hit by a looting virus a year back so it would be very unwise of me to click on that exe without getting actual confirmation.

 

[Tomatojuice000]

At the risk of sounding greedy, other than the character mods on the OP, there's no other characters, right?

 

[D0v4hk1n]

View attachment 5414439 View attachment 5414440

I downloaded the voice mod and loaded this pose with Eve in first person and the way she looks into your eyes and you can see the reflection of the player character made me lose a lot of time just staring at her. Wow. Is this how love feels like guys?

It's back. Posture is difficult, but if you know where to move it will be easier.

View attachment 5415128

BRO WHAT HAVE YOU DONE TO MY EVE? IS THIS HOW NTR FEELS LIKE GUYS?

 

[Eldorf1992]

change resolution it happens to me on 4k but on 2k works fine, i guess it's a bug

how do i do that? there is no way to do it in game from what i can finde

 

[D0v4hk1n]

So just to be clear. There is no virus in this version currently right ?
Never played true facials before. And i did get hit by a looting virus a year back so it would be very unwise of me to click on that exe without getting actual confirmation.

There's a Virus but you have to download it. See below:

I got UnityExplorer working again trough Melon loader

Just extract in the game folder (yes, some files will go in the mods folder).
Than run the game normally, give it time to setup, the rest will be as before.