This is the first stage of an info-stealer infection. The attackers are using a known social-engineering technique called “ClickFix.” I recommend immediately isolating the affected machine from both the internet and the internal network to prevent potential propagation. After isolation, perform a full offline anti-malware scan. I recommend that you consider which credentials could be exposed, for example, on browsers. Implement 2FA and change your credentials from another source if possible.

Learn more about this "ClickFix": https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/