This detection rule aims to identify PowerShell scripts that are used by adversaries to determine whether they are executing in a virtualized environment. Such checks are important for attackers because they might alter their behavior if they detect they are running in a sandbox or virtual machine setup, which could lead to ineffective attacks. This rule specifically detects the use of certain WMI queries through PowerShell that are commonly used to assess hardware and system environment information, including the presence of virtualization artifacts. For proper functionality, Script Block Logging must be enabled in the Windows environment, allowing the detection of the specified ScriptBlockText contents. The combination of detecting both action indicators via 'Get-WmiObject' and analysis modules related to system temperature and hardware configuration establishes a robust identification mechanism for potential adversarial behavior. This rule can also generate false positives under unknown conditions, requiring careful evaluation of alerts generated.