Adding T1497.001 Test 4 (#1706)

This test is a second method of detecting virtualization within Windows by querying the WMI manufacturer/model.

atomics/T1497.001/T1497.001.yaml

@@ -40,3 +40,15 @@ atomic_tests:
     elevation_required: false 
     command: | 
       if (ioreg -l | grep -e Manufacturer -e 'Vendor Name' | grep -iE 'Oracle|VirtualBox|VMWare|Parallels') then echo 'Virtualization Environment detected'; fi;
+- name: Detect Virtualization Environment via WMI Manufacturer/Model Listing (Windows)
+  description: |
+    Windows Management Instrumentation(WMI) objects contain system information which helps to detect virtualization. This test will get the model and manufacturer of the machine to determine if it is a virtual machine, such as through VMware or VirtualBox. 
+  supported_platforms:
+    - windows
+  executor:
+    name: powershell
+    elevation_required: false 
+    command: | 
+      $Manufacturer = Get-WmiObject -Class Win32_ComputerSystem | select-object -expandproperty "Manufacturer"
+      $Model = Get-WmiObject -Class Win32_ComputerSystem | select-object -expandproperty "Model"
+      if((($Manufacturer.ToLower() -eq "microsoft corporation") -and ($Model.ToLower().contains("virtual"))) -or ($Manufacturer.ToLower().contains("vmware")) -or ($Model.ToLower() -eq "virtualbox")) {write-host "Virtualization environment detected!"} else {write-host "No virtualization environment detected!"}