Update T1564.004.yaml (#2521)

Include a test to test twitter.com/pfiatde/status/1681977680688738305
It creates a directory that you can only access by specifying '::$index_allocation' even if not shown in the name of the folder. It then create a file called 'secrets.txt' to hide information/payloads

atomics/T1564.004/T1564.004.yaml

@@ -115,3 +115,28 @@ atomic_tests:
     cleanup_command: |
       Remove-Item -Path #{file_name} -ErrorAction Ignore
     name: powershell
+
+- name: Create Hidden Directory via $index_allocation 
+  auto_generated_guid: 3e6791e7-232c-481c-a680-a52f86b83fdf
+  description: |
+    Create an Alternate Data Stream Directory and File with the command prompt. Write access is required. Upon execution, 
+    run "dir /A /Q /R" in the %temp% folder to view that the alternate data stream folder exists. To view the data in the  
+    alternate data stream, run "type %temp%\...$.......::$index_allocation\secrets.txt"
+  supported_platforms:
+  - windows
+  input_arguments:
+    folder_name:
+      description: File name of file to create inside the folder.
+      type: string
+      default: '%temp%\...$.......::$index_allocation'
+    hidden_filename:
+      description: Name of the files containing the hidden information
+      type: string
+      default: secrets.txt
+  executor:
+    command: |
+      md #{folder_name}
+      echo too many secrets > #{folder_name}\#{hidden_filename}
+    cleanup_command: |
+      rmdir /S /Q #{folder_name} >nul 2>&1
+    name: command_prompt