Check Point Research conducted a forensic analysis of a ClickFix campaign that deployed multiple tools, including a Rust Loader, PureHVNC RAT, and the Sliver command-and-control framework. The analysis provided comprehensive insights into PureHVNC RAT, including its commands and plugins. The investigation revealed connections to GitHub accounts linked to the developer of Pure malware families, PureCoder. Analysis of these accounts indicated a timezone of operation (UTC+0300) and potential countries of residence. The research also uncovered a PureRAT builder, offering insights into the RAT's capabilities and features related to PureCrypter, another tool by PureCoder. This investigation enhances understanding of the Pure malware ecosystem and provides actionable intelligence for cybersecurity professionals.