Update TEMPLATE.md

TEMPLATE.md

@@ -36,6 +36,8 @@ To tell the parser to encode a string use the following pattern `{[your data]}`.
 
 If you are using keyword that are not supported by the parser add the following line `[use:varname]` at the beginning of your VBA code.
 
+Keep in mind that encoded string need to be decoded. There is a VBA function for that simply add `encoder`into the evasion array to include the `decode` function. Since the `[use:decode]` is already defined inside of encoder.vba the decode function will be obfuscated as expected.
+
 #User defined variables
 Want to add specific variable like a URL. Simply define it in the template like this `[URL]`
 
@@ -46,7 +48,7 @@ Function myfunction(var1 As String) As String
   Dim var2 As String
   Dim int1 As String
   int1 = [smallint1]
-  var2 = "[URL]"
+  var2 = decode("[URL]")
   If (var2 = var1) Then
     myfunction = "cond1"
   End If
@@ -56,7 +58,17 @@ End Function
 Once it will be parsed by the Python script the variable will be replace by the value defined in the config file
 
 ```
-"encodedvars":  {
-                "URL": "https://ringzer0team.com"
-                },
+{
+	"description": "Command exec payload using WMI Win32_Process class\nEvasion technique set to domain check",
+	"template": "templates/payloads/wmi-cmd-evasion-template.vba",
+	"varcount": 150,
+	"encodingoffset": 4,
+	"chunksize": 200,
+	"encodedvars":  {
+        	        "URL": "https://ringzer0team.com"
+                	},
+	"vars": 	[],
+	"evasion": 	["encoder"],
+	"payload": "cmd.exe /c whoami"
+}
 ```