The soluton says like this:
“If you start Process Hacker 2 as an administrator, you will also be able to see the memory location of amsi.dll having read, write and execute rights (this is not a default behavior, it was caused by the AMSI bypass code).”
Where can I find the fact that amsi.dll having read, write and execute rights?
I checked the properties of the amsi.dll, which has just “Read & Execute” and “Read”, not “Write”.
Best,