The adversary was using crypto-jacking software to mine cryptocurrencies on Windows systems they maintained and updated regularly. Despite efforts to advocate for removal, the business owners decided to allow the activity with additional monitoring.