The FIENDCRY component is a memory scraper based on MemPDump that scans through process memory looking for regular expressions. Its stage 1 component scans all processes, and its stage 2 component targets a specific process of interest.   
|Enterprise||T1560||.003||Archive Collected Data: Archive via Custom Method|
|Enterprise||T1543||.003||Create or Modify System Process: Windows Service|
|Enterprise||T1005||Data from Local System|
|Enterprise||T1074||.001||Data Staged: Local Data Staging|
|Enterprise||T1036||.004||Masquerading: Masquerade Task or Service||
New services created by RawPOS are made to appear like legitimate Windows services, with names such as "Windows Management Help Service", "Microsoft Support", and "Windows Advanced Task Manager".