hacksysteam/token_stealing_2.raw

## token_stealing_2.raw
kd> !process 8570b5e8 1
PROCESS 8570b5e8  SessionId: 1  Cid: 025c    Peb: 7ffdf000  ParentCid: 0704
    DirBase: 3eea5340  ObjectTable: 953b8570  HandleCount:  21.
    Image: cmd.exe
    VadRoot 8553ba60 Vads 37 Clone 0 Private 135. Modified 0. Locked 0.
    DeviceMap 92b1bc80
    Token                             953b6030
    ElapsedTime                       00:02:53.332
    UserTime                          00:00:00.000
. . .
	kd> !process 8570b5e8 1
	PROCESS 8570b5e8 SessionId: 1 Cid: 025c Peb: 7ffdf000 ParentCid: 0704
	DirBase: 3eea5340 ObjectTable: 953b8570 HandleCount: 21.
	Image: cmd.exe
	VadRoot 8553ba60 Vads 37 Clone 0 Private 135. Modified 0. Locked 0.
	DeviceMap 92b1bc80
	Token 953b6030
	ElapsedTime 00:02:53.332
	UserTime 00:00:00.000
	. . .