Describe the bug
The execute-assembly command supports -M option, which patches ETW. However, it does not actually patch ETW for the forked process.

To Reproduce
Steps to reproduce the behavior:

1. In a session, execute execute-assembly -M -E -p gpupdate.exe sharpup.exe audit
2. Open Process Hacker, select the new child process gpupdate.exe
3. Click .NET assmeblies tab, still can see sharpup

Expected behavior
In .NET assemblies tab, the output should be Unable to start the event tracing session: This operation returned beacause the timeout period expired.

Screenshots

[server] sliver (WIDE_HURRY) > execute-assembly -M -E -p gpupdate.exe  /opt/red/sharpup.exe audit

[*] Output:

=== SharpUp: Running Privilege Escalation Checks ===

[*] Already in high integrity, no need to privesc!

[*] Audit mode: running an additional 13 check(s).
[*] Note: Running audit mode in high integrity will yield a large number of false positives.

=== Modifiable Folders in %PATH% ===
        C:\Program Files\Scripts\
        C:\Program Files\
        C:\Windows\system32
        C:\Windows
        C:\Windows\System32\Wbem
        C:\Windows\System32\WindowsPowerShell\v1.0\
        C:\Windows\System32\OpenSSH\
............

Desktop (please complete the following information):

• OS: Kali Linux 2022
• Version v 1.5.33

Additional context
If use in-process execute-assembly, the issue does not exist.