Also interesting "politically charged" Windows Registry keys and password changes:
"For example, a sample [VirusTotal] installed by BleepingComputer adds the HKLM\SOFTWARE\Wow6432Node\BlackLivesMatter key to store configuration information from the attack.
Advanced Intel's Vitali Kremez told BleepingComputer that another sample is configuring the device to launch REvil Safe Mode with a default password of 'DTrump4ever.'"