The criminals used a malicious URL link that appeared to open a PDF document, which would then open the Edge browser (msedge.exe) in Internet Explorer mode.