Hollowing detected by Crowdstrike

[kosztyua]

Heads up here, Crowdstrike gave a medium risk flag with "Defense Evasion via Process Hollowing". However, it seems simply by using different hollow_bin it still can be bypassed. Did they really set the detection rule against mobsync.exe :D By the way, amazing tool, almost nothing worked out-of-the-box with defender bypass using meterpreter payload, Alaris did.