How does the article address bypassing ETW (Event Tracing for Windows) when using in-memory assembly loading?

To hide the .NET assembly name and avoid ETW telemetry, the article introduces code from the TamperETW project (reference: https://github.com/outflanknl/TamperETW/). It includes an assembly file (`Syscalls.asm`) that defines syscalls for `ZwProtectVirtualMemory`, `ZwWriteVirtualMemory`, and `ZwReadVirtualMemory` across different Windows versions. These syscalls are used to patch ETW in memory, preventing the runtime from logging assembly load events. This technique complements the execute-assembly loading method described in the article.