Running PerunsFart tech, to patch the hooked ntdll with a ntdll read from a suspended process, thus unhooking ur syscalls. Reference: sektor7 @dosxuz hellsgate