Aris ran the GUID through a hash reverse lookup. Nothing in public databases. But her kernel debugger had a live pipe to the machine. She decided to peek at the actual state data being returned.
Her screen filled with one last line, printed in the debugger’s monospaced font: ntquerywnfstatedata ntdll.dll
{4D5A9B12-C3E8-4F1A-9B7E-2A6D8F1C0E4B}