After penetrating the company’s network, these criminals begin to collect credentials using common tools and TTP (tactics, methods and procedures). They use compromised credentials and the PsExec utility to move around the network and execute processes on other systems.