diff --git a/1/reversing/flag b/1/reversing/flag
new file mode 100644
index 0000000..c642622
--- /dev/null
+++ b/1/reversing/flag
@@ -0,0 +1,71 @@
+ strace ./client 209.97.142.217 32526
+execve("./client", ["./client", "209.97.142.217", "32526"], 0x7ffc4e4c8a00 /*
+56 vars */) = 0
+brk(NULL)                               = 0x55ce61a03000
+arch_prctl(0x3001 /* ARCH_??? */, 0x7ffce65714a0) = -1 EINVAL (Invalid
+argument)
+access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
+openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
+newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=164116, ...}, AT_EMPTY_PATH) =
+0
+mmap(NULL, 164116, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fbbc02d0000
+close(3)                                = 0
+openat(AT_FDCWD, "/usr/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
+read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`|\2\0\0\0\0\0"..., 832)
+= 832
+pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"...,
+784, 64) = 784
+pread64(3, "\4\0\0\0@\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0"...,
+80, 848) = 80
+pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0K@g7\5w\10\300\344\306B4Zp<G"..., 68,
+928) = 68
+newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=2150424, ...}, AT_EMPTY_PATH)
+= 0
+mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
+0x7fbbc02ce000
+pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"...,
+784, 64) = 784
+mmap(NULL, 1880536, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
+0x7fbbc0102000
+mmap(0x7fbbc0128000, 1355776, PROT_READ|PROT_EXEC,
+MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26000) = 0x7fbbc0128000
+mmap(0x7fbbc0273000, 311296, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3,
+0x171000) = 0x7fbbc0273000
+mmap(0x7fbbc02bf000, 24576, PROT_READ|PROT_WRITE,
+MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1bc000) = 0x7fbbc02bf000
+mmap(0x7fbbc02c5000, 33240, PROT_READ|PROT_WRITE,
+MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fbbc02c5000
+close(3)                                = 0
+mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
+0x7fbbc0100000
+arch_prctl(ARCH_SET_FS, 0x7fbbc02cf580) = 0
+mprotect(0x7fbbc02bf000, 12288, PROT_READ) = 0
+mprotect(0x55ce611b1000, 4096, PROT_READ) = 0
+mprotect(0x7fbbc0327000, 8192, PROT_READ) = 0
+munmap(0x7fbbc02d0000, 164116)          = 0
+socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
+connect(3, {sa_family=AF_INET, sin_port=htons(32526),
+sin_addr=inet_addr("209.97.142.217")}, 16) = 0
+recvfrom(3,
+"\377\320\5\355\203\314\322\252\322\314\203\35I\274\27)\340\347]\17\234\31\377\316\20V*y*\24[]",
+32, 0, NULL, NULL) = 32
+sendto(3,
+"][\24*y*V\20\316\377\31\234\17]\347\340)\27\274I\35\203\314\322\252\322\314\203\355\5\320\377",
+32, 0, NULL, 0) = 32
+recvfrom(3,
+"\330|a?\7\212j\321\256C\37\33:\31\215x\325\327p\3528\202N\361V:\207\r\275\255+=",
+32, 0, NULL, NULL) = 32
+sendto(3,
+"\205'u\25~\240<\301`\274\6\2075Dj\230\374\300\314\243%\1\202#\374\350K\216P\250\373\302",
+32, 0, NULL, 0) = 32
+recvfrom(3, "\0", 1, 0, NULL, NULL)     = 1
+recvfrom(3, "HTB{n0t_qu1t3_s0_0p4qu3}", 1024, 0, NULL, NULL) = 24
+newfstatat(1, "", {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0), ...},
+AT_EMPTY_PATH) = 0
+brk(NULL)                               = 0x55ce61a03000
+brk(0x55ce61a24000)                     = 0x55ce61a24000
+write(1, "[!] Untrusted Client Location - "..., 53[!] Untrusted Client Location
+- Enabling Opaque Mode
+) = 53
+exit_group(0)                           = ?
++++ exited with 0 +++
diff --git a/1/reversing/ghidra/htb-day1-reversing.gpr b/1/reversing/ghidra/htb-day1-reversing.gpr
new file mode 100644
index 0000000..e69de29
diff --git a/1/reversing/ghidra/htb-day1-reversing.rep/idata/00/00000000.prp b/1/reversing/ghidra/htb-day1-reversing.rep/idata/00/00000000.prp
new file mode 100644
index 0000000..087d45b
--- /dev/null
+++ b/1/reversing/ghidra/htb-day1-reversing.rep/idata/00/00000000.prp
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FILE_INFO>
+    <BASIC_INFO>
+        <STATE NAME="CONTENT_TYPE" TYPE="string" VALUE="Program" />
+        <STATE NAME="PARENT" TYPE="string" VALUE="/" />
+        <STATE NAME="FILE_ID" TYPE="string" VALUE="a01e7ae811396306324344" />
+        <STATE NAME="FILE_TYPE" TYPE="int" VALUE="0" />
+        <STATE NAME="READ_ONLY" TYPE="boolean" VALUE="false" />
+        <STATE NAME="NAME" TYPE="string" VALUE="client" />
+    </BASIC_INFO>
+</FILE_INFO>
diff --git a/1/reversing/ghidra/htb-day1-reversing.rep/idata/00/~00000000.db/db.3.gbf b/1/reversing/ghidra/htb-day1-reversing.rep/idata/00/~00000000.db/db.3.gbf
new file mode 100644
index 0000000..03fdce4
Binary files /dev/null and b/1/reversing/ghidra/htb-day1-reversing.rep/idata/00/~00000000.db/db.3.gbf differ
diff --git a/1/reversing/ghidra/htb-day1-reversing.rep/idata/~index.bak b/1/reversing/ghidra/htb-day1-reversing.rep/idata/~index.bak
new file mode 100644
index 0000000..b1e697f
--- /dev/null
+++ b/1/reversing/ghidra/htb-day1-reversing.rep/idata/~index.bak
@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/1/reversing/ghidra/htb-day1-reversing.rep/idata/~index.dat b/1/reversing/ghidra/htb-day1-reversing.rep/idata/~index.dat
new file mode 100644
index 0000000..ab4e117
--- /dev/null
+++ b/1/reversing/ghidra/htb-day1-reversing.rep/idata/~index.dat
@@ -0,0 +1,5 @@
+VERSION=1
+/
+  00000000:client:a01e7ae811396306324344
+NEXT-ID:1
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/1/reversing/ghidra/htb-day1-reversing.rep/idata/~journal.bak b/1/reversing/ghidra/htb-day1-reversing.rep/idata/~journal.bak
new file mode 100644
index 0000000..56ab40b
--- /dev/null
+++ b/1/reversing/ghidra/htb-day1-reversing.rep/idata/~journal.bak
@@ -0,0 +1,2 @@
+IADD:00000000:/client
+IDSET:/client:a01e7ae811396306324344
diff --git a/1/reversing/ghidra/htb-day1-reversing.rep/project.prp b/1/reversing/ghidra/htb-day1-reversing.rep/project.prp
new file mode 100644
index 0000000..61089bb
--- /dev/null
+++ b/1/reversing/ghidra/htb-day1-reversing.rep/project.prp
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FILE_INFO>
+    <BASIC_INFO>
+        <STATE NAME="OWNER" TYPE="string" VALUE="aaron" />
+    </BASIC_INFO>
+</FILE_INFO>
diff --git a/1/reversing/ghidra/htb-day1-reversing.rep/projectState b/1/reversing/ghidra/htb-day1-reversing.rep/projectState
new file mode 100644
index 0000000..ef919a7
--- /dev/null
+++ b/1/reversing/ghidra/htb-day1-reversing.rep/projectState
@@ -0,0 +1,2484 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PROJECT>
+    <PROJECT_DATA_XML_NAME NAME="DISPLAY_DATA">
+        <SAVE_STATE>
+            <ARRAY NAME="EXPANDED_PATHS" TYPE="string">
+                <A VALUE="htb-day1-reversing:" />
+            </ARRAY>
+            <STATE NAME="SHOW_TABLE" TYPE="boolean" VALUE="false" />
+        </SAVE_STATE>
+    </PROJECT_DATA_XML_NAME>
+    <TOOL_MANAGER ACTIVE_WORKSPACE="Workspace">
+        <WORKSPACE NAME="Workspace" ACTIVE="true">
+            <RUNNING_TOOL TOOL_NAME="CodeBrowser">
+                <ROOT_NODE X_POS="20" Y_POS="23" WIDTH="1880" HEIGHT="1037" EX_STATE="0">
+                    <SPLIT_NODE WIDTH="100" HEIGHT="100" DIVIDER_LOCATION="0" ORIENTATION="VERTICAL">
+                        <SPLIT_NODE WIDTH="1621" HEIGHT="816" DIVIDER_LOCATION="148" ORIENTATION="VERTICAL">
+                            <COMPONENT_NODE TOP_INFO="0">
+                                <COMPONENT_INFO NAME="Entropy" OWNER="EntropyPlugin" TITLE="Entropy" ACTIVE="false" GROUP="Header" INSTANCE_ID="3207819926581772885" />
+                                <COMPONENT_INFO NAME="Overview" OWNER="OverviewPlugin" TITLE="Overview" ACTIVE="false" GROUP="Header" INSTANCE_ID="3207819926581772883" />
+                            </COMPONENT_NODE>
+                            <SPLIT_NODE WIDTH="1878" HEIGHT="934" DIVIDER_LOCATION="143" ORIENTATION="HORIZONTAL">
+                                <SPLIT_NODE WIDTH="268" HEIGHT="934" DIVIDER_LOCATION="640" ORIENTATION="VERTICAL">
+                                    <SPLIT_NODE WIDTH="268" HEIGHT="595" DIVIDER_LOCATION="502" ORIENTATION="VERTICAL">
+                                        <COMPONENT_NODE TOP_INFO="0">
+                                            <COMPONENT_INFO NAME="Program Tree" OWNER="ProgramTreePlugin" TITLE="Program Trees" ACTIVE="true" GROUP="Default" INSTANCE_ID="3435969278807505320" />
+                                        </COMPONENT_NODE>
+                                        <COMPONENT_NODE TOP_INFO="0">
+                                            <COMPONENT_INFO NAME="Symbol Tree" OWNER="SymbolTreePlugin" TITLE="Symbol Tree" ACTIVE="true" GROUP="Default" INSTANCE_ID="3435969278807505324" />
+                                        </COMPONENT_NODE>
+                                    </SPLIT_NODE>
+                                    <COMPONENT_NODE TOP_INFO="0">
+                                        <COMPONENT_INFO NAME="DataTypes Provider" OWNER="DataTypeManagerPlugin" TITLE="Data Type Manager" ACTIVE="true" GROUP="Default" INSTANCE_ID="3435969278807505326" />
+                                    </COMPONENT_NODE>
+                                </SPLIT_NODE>
+                                <SPLIT_NODE WIDTH="1606" HEIGHT="934" DIVIDER_LOCATION="785" ORIENTATION="VERTICAL">
+                                    <SPLIT_NODE WIDTH="1386" HEIGHT="638" DIVIDER_LOCATION="705" ORIENTATION="VERTICAL">
+                                        <SPLIT_NODE WIDTH="1606" HEIGHT="730" DIVIDER_LOCATION="569" ORIENTATION="HORIZONTAL">
+                                            <COMPONENT_NODE TOP_INFO="0">
+                                                <COMPONENT_INFO NAME="Listing" OWNER="CodeBrowserPlugin" TITLE="Listing:  client" ACTIVE="true" GROUP="Core" INSTANCE_ID="3435969128171174335" />
+                                            </COMPONENT_NODE>
+                                            <COMPONENT_NODE TOP_INFO="0">
+                                                <COMPONENT_INFO NAME="Decompiler" OWNER="DecompilePlugin" TITLE="Decompile: FUN_001012f0" ACTIVE="true" GROUP="Default" INSTANCE_ID="3435969278807505314" />
+                                                <COMPONENT_INFO NAME="Bytes" OWNER="ByteViewerPlugin" TITLE="Bytes: client" ACTIVE="true" GROUP="Default" INSTANCE_ID="3435969128171174332" />
+                                                <COMPONENT_INFO NAME="Data Window" OWNER="DataWindowPlugin" TITLE="Defined Data" ACTIVE="false" GROUP="Default" INSTANCE_ID="3435969279201769908" />
+                                                <COMPONENT_INFO NAME="Defined Strings" OWNER="ViewStringsPlugin" TITLE="Defined Strings" ACTIVE="false" GROUP="Default" INSTANCE_ID="3435969279201769904" />
+                                                <COMPONENT_INFO NAME="Equates Table" OWNER="EquateTablePlugin" TITLE="Equates Table" ACTIVE="false" GROUP="Default" INSTANCE_ID="3435969278807505316" />
+                                                <COMPONENT_INFO NAME="External Programs" OWNER="ReferencesPlugin" TITLE="External Programs" ACTIVE="false" GROUP="Default" INSTANCE_ID="3435969278807505321" />
+                                                <COMPONENT_INFO NAME="Functions Window" OWNER="FunctionWindowPlugin" TITLE="Functions" ACTIVE="false" GROUP="Default" INSTANCE_ID="3435969279201769900" />
+                                                <COMPONENT_INFO NAME="Relocation Table" OWNER="RelocationTablePlugin" TITLE="Relocation Table" ACTIVE="false" GROUP="Default" INSTANCE_ID="3435969279201769903" />
+                                            </COMPONENT_NODE>
+                                        </SPLIT_NODE>
+                                        <SPLIT_NODE WIDTH="1386" HEIGHT="189" DIVIDER_LOCATION="495" ORIENTATION="HORIZONTAL">
+                                            <COMPONENT_NODE TOP_INFO="0">
+                                                <COMPONENT_INFO NAME="Data Type Preview" OWNER="DataTypePreviewPlugin" TITLE="Data Type Preview" ACTIVE="false" GROUP="Default" INSTANCE_ID="3435969279201769899" />
+                                            </COMPONENT_NODE>
+                                            <COMPONENT_NODE TOP_INFO="0">
+                                                <COMPONENT_INFO NAME="Virtual Disassembler - Current Instruction" OWNER="DisassembledViewPlugin" TITLE="Disassembled View" ACTIVE="false" GROUP="Default" INSTANCE_ID="3435969278807505315" />
+                                            </COMPONENT_NODE>
+                                        </SPLIT_NODE>
+                                    </SPLIT_NODE>
+                                    <COMPONENT_NODE TOP_INFO="0">
+                                        <COMPONENT_INFO NAME="Console" OWNER="ConsolePlugin" TITLE="Console" ACTIVE="true" GROUP="Default" INSTANCE_ID="3435969278807505312" />
+                                        <COMPONENT_INFO NAME="Bookmarks" OWNER="BookmarkPlugin" TITLE="Bookmarks" ACTIVE="false" GROUP="Core.Bookmarks" INSTANCE_ID="3435969128171174331" />
+                                    </COMPONENT_NODE>
+                                </SPLIT_NODE>
+                            </SPLIT_NODE>
+                        </SPLIT_NODE>
+                        <COMPONENT_NODE TOP_INFO="0">
+                            <COMPONENT_INFO NAME="Function Call Trees" OWNER="CallTreePlugin" TITLE="Function Call Trees" ACTIVE="false" GROUP="Default" INSTANCE_ID="3435969128171174333" />
+                        </COMPONENT_NODE>
+                    </SPLIT_NODE>
+                    <WINDOW_NODE X_POS="426" Y_POS="178" WIDTH="1033" HEIGHT="689">
+                        <COMPONENT_NODE TOP_INFO="0">
+                            <COMPONENT_INFO NAME="Script Manager" OWNER="GhidraScriptMgrPlugin" TITLE="Script Manager" ACTIVE="false" GROUP="Script Group" INSTANCE_ID="3435969278807505322" />
+                        </COMPONENT_NODE>
+                    </WINDOW_NODE>
+                    <WINDOW_NODE X_POS="423" Y_POS="144" WIDTH="927" HEIGHT="370">
+                        <COMPONENT_NODE TOP_INFO="0">
+                            <COMPONENT_INFO NAME="Memory Map" OWNER="MemoryMapPlugin" TITLE="Memory Map" ACTIVE="false" GROUP="Default" INSTANCE_ID="3435969278807505319" />
+                        </COMPONENT_NODE>
+                    </WINDOW_NODE>
+                    <WINDOW_NODE X_POS="383" Y_POS="7" WIDTH="1020" HEIGHT="1038">
+                        <COMPONENT_NODE TOP_INFO="0">
+                            <COMPONENT_INFO NAME="Function Graph" OWNER="FunctionGraphPlugin" TITLE="Function Graph" ACTIVE="false" GROUP="Function Graph" INSTANCE_ID="3435969279201769909" />
+                        </COMPONENT_NODE>
+                    </WINDOW_NODE>
+                    <WINDOW_NODE X_POS="550" Y_POS="206" WIDTH="655" HEIGHT="509">
+                        <COMPONENT_NODE TOP_INFO="0">
+                            <COMPONENT_INFO NAME="Register Manager" OWNER="RegisterPlugin" TITLE="Register Manager" ACTIVE="false" GROUP="Default" INSTANCE_ID="3435969279201769901" />
+                        </COMPONENT_NODE>
+                    </WINDOW_NODE>
+                    <WINDOW_NODE X_POS="287" Y_POS="186" WIDTH="1424" HEIGHT="666">
+                        <SPLIT_NODE WIDTH="1408" HEIGHT="559" DIVIDER_LOCATION="573" ORIENTATION="HORIZONTAL">
+                            <COMPONENT_NODE TOP_INFO="0">
+                                <COMPONENT_INFO NAME="Symbol Table" OWNER="SymbolTablePlugin" TITLE="Symbol Table" ACTIVE="false" GROUP="symbolTable" INSTANCE_ID="3435969279201769905" />
+                            </COMPONENT_NODE>
+                            <COMPONENT_NODE TOP_INFO="0">
+                                <COMPONENT_INFO NAME="Symbol References" OWNER="SymbolTablePlugin" TITLE="Symbol References" ACTIVE="false" GROUP="symbolTable" INSTANCE_ID="3435969279201769906" />
+                            </COMPONENT_NODE>
+                        </SPLIT_NODE>
+                    </WINDOW_NODE>
+                    <WINDOW_NODE X_POS="-1" Y_POS="-1" WIDTH="0" HEIGHT="0">
+                        <COMPONENT_NODE TOP_INFO="0">
+                            <COMPONENT_INFO NAME="Checksum Generator" OWNER="ComputeChecksumsPlugin" TITLE="Checksum Generator" ACTIVE="false" GROUP="Default" INSTANCE_ID="3435969128171174334" />
+                        </COMPONENT_NODE>
+                    </WINDOW_NODE>
+                    <WINDOW_NODE X_POS="-1" Y_POS="-1" WIDTH="0" HEIGHT="0">
+                        <COMPONENT_NODE TOP_INFO="0">
+                            <COMPONENT_INFO NAME="Function Tags" OWNER="FunctionTagPlugin" TITLE="Function Tags" ACTIVE="false" GROUP="Default" INSTANCE_ID="3435969278807505318" />
+                        </COMPONENT_NODE>
+                    </WINDOW_NODE>
+                    <WINDOW_NODE X_POS="-1" Y_POS="-1" WIDTH="0" HEIGHT="0">
+                        <COMPONENT_NODE TOP_INFO="0">
+                            <COMPONENT_INFO NAME="Comment Window" OWNER="CommentWindowPlugin" TITLE="Comments" ACTIVE="false" GROUP="Default" INSTANCE_ID="3435969279201769907" />
+                        </COMPONENT_NODE>
+                    </WINDOW_NODE>
+                    <WINDOW_NODE X_POS="-1" Y_POS="-1" WIDTH="0" HEIGHT="0">
+                        <COMPONENT_NODE TOP_INFO="0">
+                            <COMPONENT_INFO NAME="Python" OWNER="InterpreterPanelPlugin" TITLE="Python" ACTIVE="false" GROUP="Default" INSTANCE_ID="3435969279201769902" />
+                        </COMPONENT_NODE>
+                    </WINDOW_NODE>
+                    <WINDOW_NODE X_POS="0" Y_POS="0" WIDTH="0" HEIGHT="0">
+                        <COMPONENT_NODE TOP_INFO="0">
+                            <COMPONENT_INFO NAME="BundleManager" OWNER="GhidraScriptMgrPlugin" TITLE="Bundle Manager" ACTIVE="false" GROUP="Default" INSTANCE_ID="3435969278807505323" />
+                        </COMPONENT_NODE>
+                    </WINDOW_NODE>
+                    <WINDOW_NODE X_POS="0" Y_POS="0" WIDTH="0" HEIGHT="0">
+                        <COMPONENT_NODE TOP_INFO="0">
+                            <COMPONENT_INFO NAME="Function Call Graph" OWNER="FunctionCallGraphPlugin" TITLE="Function Call Graph" ACTIVE="false" GROUP="Function Call Graph" INSTANCE_ID="3435969278807505325" />
+                        </COMPONENT_NODE>
+                    </WINDOW_NODE>
+                </ROOT_NODE>
+                <DATA_STATE>
+                    <PLUGIN NAME="ByteViewerPlugin">
+                        <STATE NAME="X Offset" TYPE="int" VALUE="0" />
+                        <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                        <STATE NAME="Block Column" TYPE="int" VALUE="0" />
+                        <STATE NAME="Y Offset" TYPE="int" VALUE="-1" />
+                        <STATE NAME="Num Disconnected" TYPE="int" VALUE="0" />
+                        <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                        <STATE NAME="Index" TYPE="int" VALUE="164" />
+                        <STATE NAME="Block Offset" TYPE="string" VALUE="544" />
+                    </PLUGIN>
+                    <PLUGIN NAME="CodeBrowserPlugin">
+                        <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001012f0" />
+                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="001012f0" />
+                        <STATE NAME="Num Disconnected" TYPE="int" VALUE="0" />
+                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined __stdcall FUN_001012f0(int param_1)" />
+                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001012f0" />
+                        <STATE NAME="INDEX" TYPE="int" VALUE="1280" />
+                        <STATE NAME="Y_OFFSET" TYPE="int" VALUE="-85" />
+                    </PLUGIN>
+                    <PLUGIN NAME="DecompilePlugin">
+                        <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001012f0" />
+                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="001012f0" />
+                        <STATE NAME="Num Disconnected" TYPE="int" VALUE="0" />
+                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_001012f0(int param_1)" />
+                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001012f0" />
+                        <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                        <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                    </PLUGIN>
+                    <PLUGIN NAME="FunctionGraphPlugin">
+                        <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969279201769909" />
+                        <ENUM NAME="EDGE_HOVER_HIGHLIGHT" TYPE="enum" CLASS="ghidra.app.plugin.core.functiongraph.EdgeDisplayType" VALUE="ScopedFlowsFromVertex" />
+                        <STATE NAME="DISPLAY_SATELLITE" TYPE="boolean" VALUE="true" />
+                        <STATE NAME="Disconnected Count" TYPE="int" VALUE="0" />
+                        <STATE NAME="LAYOUT_NAME" TYPE="string" VALUE="ghidra.app.plugin.core.functiongraph.graph.layout.DecompilerNestedLayoutProvider" />
+                        <STATE NAME="DISPLAY_POPUPS" TYPE="boolean" VALUE="true" />
+                        <ENUM NAME="EDGE_SELECTION_HIGHLIGHT" TYPE="enum" CLASS="ghidra.app.plugin.core.functiongraph.EdgeDisplayType" VALUE="AllCycles" />
+                        <STATE NAME="DOCK_SATELLITE" TYPE="boolean" VALUE="true" />
+                    </PLUGIN>
+                    <PLUGIN NAME="NavigationHistoryPlugin">
+                        <XML NAME="HISTORY_LIST_0">
+                            <SAVE_STATE>
+                                <XML NAME="MEMENTO_DATA2">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="int" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="155" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101020()" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="int" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="int __stdcall FUN_001010d0(int param_1, undefined8 * param_2)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="int FUN_001010d0(int param_1, undefined8 * param_2)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001010d0" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <STATE NAME="NAV_ID" TYPE="long" VALUE="-1" />
+                                <XML NAME="MEMENTO_DATA3">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_LINE_NUM" TYPE="int" VALUE="22" />
+                                        <STATE NAME="_TOKEN_TEXT" TYPE="string" VALUE="{" />
+                                        <STATE NAME="_CHAR_POS" TYPE="int" VALUE="16" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101137" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101137" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="155" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="103" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101137" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_LINE_NUM" TYPE="int" VALUE="22" />
+                                                <STATE NAME="_TOKEN_TEXT" TYPE="string" VALUE="{" />
+                                                <STATE NAME="_CHAR_POS" TYPE="int" VALUE="16" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101137" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_FUNCTION_ENTRY" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.decompiler.DecompilerLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101137" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="16" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="-8" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.AddressFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101137" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101137" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="_ADDR_REP" TYPE="string" VALUE="00101137" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_FUNCTION_ENTRY" TYPE="string" VALUE="001010d0" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.decompiler.DecompilerLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="FOCUSED_NAV" TYPE="long" VALUE="3435969278807505314" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101137" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA0">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00105008" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00105008" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="26" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00105008" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="341" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="8" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00105008" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001014e0" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001014e0" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="_REF_ADDRESS" TYPE="string" VALUE="00101695" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_VARIABLE_OFFSET" TYPE="long" VALUE="6" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.VariableXRefFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="2" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_IS_PARAMETER" TYPE="boolean" VALUE="false" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001014e0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ORDINAL_FIRST_USE_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00105008" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00105008" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="thunk undefined _ITM_deregisterTMCloneTable()" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionThunkFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00105008" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined _ITM_deregisterTMCloneTable()" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00105008" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA1">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101020" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="13" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="155" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101020" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101020()" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101020()" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101020()" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101020" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA6">
+                                    <SAVE_STATE>
+                                        <ARRAY NAME="_COMMENT" TYPE="string" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="155" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <ARRAY NAME="_COMMENT" TYPE="string" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_COMMENT_ROW" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.PlateFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="62" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="2" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="_TYPE" TYPE="int" VALUE="3" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="9" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <ARRAY NAME="_COMMENT" TYPE="string" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="323" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_COMMENT_ROW" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.PlateFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="62" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="2" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="_TYPE" TYPE="int" VALUE="3" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_COMMENT_ROW" TYPE="int" VALUE="-1" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.PlateFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="62" />
+                                        <STATE NAME="FOCUSED_NAV" TYPE="long" VALUE="3435969128171174335" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="2" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001010d0" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                        <STATE NAME="_TYPE" TYPE="int" VALUE="3" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA7">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101220" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="155" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="336" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101220" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101220(void)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined __stdcall FUN_00101220(void)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101220(void)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101220" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA4">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101020" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="13" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="155" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101020" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101020()" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101020()" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101020()" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101020" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA5">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="int" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="155" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101020()" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="int" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="int __stdcall FUN_001010d0(int param_1, undefined8 * param_2)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="int FUN_001010d0(int param_1, undefined8 * param_2)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001010d0" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA8">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101250" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="155" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="384" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101250" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101250(void)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined __stdcall FUN_00101250(void)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101250(void)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101250" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA9">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="164" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="544" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_001012f0(int param_1)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined __stdcall FUN_001012f0(int param_1)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_001012f0(int param_1)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001012f0" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <STATE NAME="CURRENT_LOC_INDEX" TYPE="int" VALUE="29" />
+                                <XML NAME="MEMENTO_DATA19">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101350" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="207" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="640" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101350" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101350(long param_1, int param_2)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined __stdcall FUN_00101350(long param_1, int param_2)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101350(long param_1, int param_2)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101350" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA18">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_LINE_NUM" TYPE="int" VALUE="10" />
+                                        <STATE NAME="_TOKEN_TEXT" TYPE="string" VALUE=";" />
+                                        <STATE NAME="_CHAR_POS" TYPE="int" VALUE="11" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101390" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101390" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="211" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="704" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101390" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_LINE_NUM" TYPE="int" VALUE="10" />
+                                                <STATE NAME="_TOKEN_TEXT" TYPE="string" VALUE=";" />
+                                                <STATE NAME="_CHAR_POS" TYPE="int" VALUE="11" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101390" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_FUNCTION_ENTRY" TYPE="string" VALUE="00101390" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.decompiler.DecompilerLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101390" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="64" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="-8" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.AddressFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101390" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101390" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="_ADDR_REP" TYPE="string" VALUE="00101390" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_FUNCTION_ENTRY" TYPE="string" VALUE="00101390" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.decompiler.DecompilerLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="FOCUSED_NAV" TYPE="long" VALUE="3435969128171174335" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101390" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA17">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101390" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101390" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101390" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="211" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="704" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101390" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001014e0" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="int" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001014e0" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="int FUN_001014e0(int param_1)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001014e0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="40" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="-8" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101390" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101390" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined __stdcall FUN_00101390(long param_1, long param_2, uint param_3)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101390" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101390(long param_1, long param_2, uint param_3)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101390" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA16">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001014e0" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="int" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001014e0" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001014e0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="232" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="1040" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="001014e0" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001014e0" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="int" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001014e0" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="int FUN_001014e0(int param_1)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001014e0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="40" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="-8" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001014e0" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="int" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001014e0" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="int __stdcall FUN_001014e0(int param_1)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001014e0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="int FUN_001014e0(int param_1)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001014e0" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA15">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101740" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101740" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101740" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="242" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="1648" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101740" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101740" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101740" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101740(int param_1)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101740" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101740" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101740" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined __stdcall FUN_00101740(int param_1)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101740" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101740(int param_1)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101740" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA14">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101760" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101760" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101760" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="242" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="1680" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101760" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101760" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101760" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101760(undefined4 param_1, undefined8 param_2, undefined8 param_3)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101760" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101760" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101760" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined __stdcall FUN_00101760(undefined4 param_1, undefined8 param_2, undefined8 param_3)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101760" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101760(undefined4 param_1, undefined8 param_2, undefined8 param_3)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101760" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA13">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001017d0" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001017d0" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001017d0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="242" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="1792" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="001017d0" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001017d0" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001017d0" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_001017d0(void)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001017d0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001017d0" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001017d0" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined __stdcall FUN_001017d0(void)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001017d0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_001017d0(void)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001017d0" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA12">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_LINE_NUM" TYPE="int" VALUE="21" />
+                                        <STATE NAME="_TOKEN_TEXT" TYPE="string" VALUE="local_38" />
+                                        <STATE NAME="_CHAR_POS" TYPE="int" VALUE="29" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101125" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101125" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="167" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="85" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101125" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_LINE_NUM" TYPE="int" VALUE="21" />
+                                                <STATE NAME="_TOKEN_TEXT" TYPE="string" VALUE="local_38" />
+                                                <STATE NAME="_CHAR_POS" TYPE="int" VALUE="29" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101125" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_FUNCTION_ENTRY" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.decompiler.DecompilerLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101125" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="13" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="-8" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.AddressFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101125" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101125" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="_ADDR_REP" TYPE="string" VALUE="00101125" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="272" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_FUNCTION_ENTRY" TYPE="string" VALUE="001010d0" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.decompiler.DecompilerLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="FOCUSED_NAV" TYPE="long" VALUE="3435969278807505314" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101125" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA11">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="int" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="167" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="int" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="int FUN_001010d0(int param_1, undefined8 * param_2)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="int" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="int __stdcall FUN_001010d0(int param_1, undefined8 * param_2)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001010d0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="int FUN_001010d0(int param_1, undefined8 * param_2)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001010d0" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA10">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101350" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="170" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="640" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101350" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101350(long param_1, int param_2)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined __stdcall FUN_00101350(long param_1, int param_2)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101350(long param_1, int param_2)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101350" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <STATE NAME="MEMENTO_CLASS7" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS6" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS9" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS8" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS3" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS2" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS5" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS4" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS23" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS22" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS1" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS21" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS0" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS20" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS27" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS26" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS25" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS24" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <XML NAME="MEMENTO_DATA29">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="164" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="544" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101020()" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined __stdcall FUN_001012f0(int param_1)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_001012f0(int param_1)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001012f0" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA28">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101020" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="13" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="155" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101020" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101020()" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101020()" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101020" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101020()" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101020" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA27">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101220" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="188" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="336" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101220" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101220(void)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined __stdcall FUN_00101220(void)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101220(void)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101220" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <STATE NAME="MEMENTO_CLASS29" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <XML NAME="MEMENTO_DATA26">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101250" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="188" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="384" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101250" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101250(void)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined __stdcall FUN_00101250(void)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101250(void)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101250" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <STATE NAME="MEMENTO_CLASS28" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <XML NAME="MEMENTO_DATA25">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101220" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="188" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="336" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101220" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101220(void)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined __stdcall FUN_00101220(void)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101220" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101220(void)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101220" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA24">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101250" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="191" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="384" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101250" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101250(void)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined __stdcall FUN_00101250(void)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101250" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101250(void)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101250" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA23">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_LINE_NUM" TYPE="int" VALUE="6" />
+                                        <STATE NAME="_TOKEN_TEXT" TYPE="string" VALUE="{" />
+                                        <STATE NAME="_CHAR_POS" TYPE="int" VALUE="1" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00105000" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="26" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00105000" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="341" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00105000" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_LINE_NUM" TYPE="int" VALUE="6" />
+                                                <STATE NAME="_TOKEN_TEXT" TYPE="string" VALUE="{" />
+                                                <STATE NAME="_CHAR_POS" TYPE="int" VALUE="1" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00105000" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_FUNCTION_ENTRY" TYPE="string" VALUE="00105000" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.decompiler.DecompilerLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00105000" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00105000" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.AddressFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00105000" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <ARRAY NAME="_COMP_PATH" TYPE="int" />
+                                                <STATE NAME="_ADDR_REP" TYPE="string" VALUE="00105000" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_FUNCTION_ENTRY" TYPE="string" VALUE="00105000" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.decompiler.DecompilerLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="FOCUSED_NAV" TYPE="long" VALUE="3435969278807505314" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00105000" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA22">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00105000" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="ssize_t" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00105000" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="26" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00105000" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="341" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="-1" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00105000" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00105000" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="ssize_t" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00105000" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="ssize_t recv(int __fd, void * __buf, size_t __n, int __flags)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00105000" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00105000" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00105000" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="thunk ssize_t recv(int __fd, void * __buf, size_t __n, int __flags)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionThunkFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00105000" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="ssize_t recv(int __fd, void * __buf, size_t __n, int __flags)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="FOCUSED_NAV" TYPE="long" VALUE="3435969278807505314" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00105000" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA21">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_LINE_NUM" TYPE="int" VALUE="9" />
+                                        <STATE NAME="_TOKEN_TEXT" TYPE="string" VALUE="recv" />
+                                        <STATE NAME="_CHAR_POS" TYPE="int" VALUE="3" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101314" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101314" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="201" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="580" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101314" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_LINE_NUM" TYPE="int" VALUE="9" />
+                                                <STATE NAME="_TOKEN_TEXT" TYPE="string" VALUE="recv" />
+                                                <STATE NAME="_CHAR_POS" TYPE="int" VALUE="3" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101314" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_FUNCTION_ENTRY" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.decompiler.DecompilerLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101314" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.AddressFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101314" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101314" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="_ADDR_REP" TYPE="string" VALUE="00101314" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_FUNCTION_ENTRY" TYPE="string" VALUE="001012f0" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.decompiler.DecompilerLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="FOCUSED_NAV" TYPE="long" VALUE="3435969278807505314" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101314" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <XML NAME="MEMENTO_DATA20">
+                                    <SAVE_STATE>
+                                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                        <XML NAME="MEMENTO1">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174332" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="Block Num" TYPE="int" VALUE="14" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.app.plugin.core.byteviewer.ByteViewerProgramLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="201" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Block Offset" TYPE="string" VALUE="544" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                        <XML NAME="MEMENTO2">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969278807505314" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.decompile.DecompilerLocationMemento" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_00101350(long param_1, int param_2)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="00101350" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                                <STATE NAME="INDEX" TYPE="int" VALUE="0" />
+                                                <STATE NAME="X_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="Y_OFFSET" TYPE="int" VALUE="0" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <XML NAME="MEMENTO0">
+                                            <SAVE_STATE>
+                                                <STATE NAME="NAV_ID" TYPE="long" VALUE="3435969128171174335" />
+                                                <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                                                <STATE NAME="_ADDRESS" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.codebrowser.CodeViewerLocationMemento" />
+                                                <STATE NAME="CURSOR_OFFSET" TYPE="int" VALUE="340" />
+                                                <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                                <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined __stdcall FUN_001012f0(int param_1)" />
+                                                <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                                <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                                <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001012f0" />
+                                                <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                            </SAVE_STATE>
+                                        </XML>
+                                        <STATE NAME="MEMENTO_CLASS" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                        <STATE NAME="PROGRAM_ID" TYPE="long" VALUE="3435969032494905787" />
+                                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_001012f0(int param_1)" />
+                                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001012f0" />
+                                        <STATE NAME="NUM_MEMENTOS" TYPE="int" VALUE="3" />
+                                        <STATE NAME="PROGRAM_PATH_" TYPE="string" VALUE="htb-day1-reversing:/client" />
+                                    </SAVE_STATE>
+                                </XML>
+                                <STATE NAME="MEMENTO_CLASS12" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS11" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="LOCATION_COUNT" TYPE="int" VALUE="30" />
+                                <STATE NAME="MEMENTO_CLASS10" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS16" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS15" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS14" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS13" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS19" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS18" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                                <STATE NAME="MEMENTO_CLASS17" TYPE="string" VALUE="ghidra.app.plugin.core.gotoquery.DefaultNavigatableLocationMemento" />
+                            </SAVE_STATE>
+                        </XML>
+                        <STATE NAME="LIST_COUNT" TYPE="int" VALUE="1" />
+                    </PLUGIN>
+                    <PLUGIN NAME="ProgramManagerPlugin">
+                        <STATE NAME="_FUNC_ADDRESS" TYPE="string" VALUE="001012f0" />
+                        <STATE NAME="_RETURN_TYPE" TYPE="string" VALUE="undefined" />
+                        <STATE NAME="_ADDRESS" TYPE="string" VALUE="001012f0" />
+                        <STATE NAME="PATHNAME_0" TYPE="string" VALUE="/client" />
+                        <STATE NAME="CURRENT_FILE" TYPE="string" VALUE="client" />
+                        <STATE NAME="PROJECT_NAME_0" TYPE="string" VALUE="htb-day1-reversing" />
+                        <STATE NAME="NUM_PROGRAMS" TYPE="int" VALUE="1" />
+                        <STATE NAME="_SIGNATURE" TYPE="string" VALUE="undefined FUN_001012f0(int param_1)" />
+                        <STATE NAME="VERSION_0" TYPE="int" VALUE="-1" />
+                        <STATE NAME="_CLASSNAME" TYPE="string" VALUE="ghidra.program.util.FunctionReturnTypeFieldLocation" />
+                        <STATE NAME="_COLUMN" TYPE="int" VALUE="0" />
+                        <STATE NAME="_CHAR_OFFSET" TYPE="int" VALUE="0" />
+                        <STATE NAME="LOCATION_0" TYPE="string" VALUE="/home/aaron/git/htb-santa-ctf/1/reversing/ghidra" />
+                        <STATE NAME="_ROW" TYPE="int" VALUE="0" />
+                        <STATE NAME="_BYTE_ADDR" TYPE="string" VALUE="001012f0" />
+                    </PLUGIN>
+                    <PLUGIN NAME="ProgramTreePlugin">
+                        <STATE NAME="NavigationToggleState" TYPE="boolean" VALUE="false" />
+                        <ARRAY NAME="GroupNameProgram Tree0" TYPE="string">
+                            <A VALUE="client" />
+                        </ARRAY>
+                        <STATE NAME="Current Viewname" TYPE="string" VALUE="Program Tree" />
+                        <STATE NAME="NumberOfViews" TYPE="int" VALUE="1" />
+                        <STATE NAME="NumberOfGroupsProgram Tree" TYPE="int" VALUE="1" />
+                        <STATE NAME="TreeName-0" TYPE="string" VALUE="Program Tree" />
+                    </PLUGIN>
+                </DATA_STATE>
+            </RUNNING_TOOL>
+        </WORKSPACE>
+    </TOOL_MANAGER>
+</PROJECT>
+
diff --git a/1/reversing/ghidra/htb-day1-reversing.rep/user/~index.dat b/1/reversing/ghidra/htb-day1-reversing.rep/user/~index.dat
new file mode 100644
index 0000000..b1e697f
--- /dev/null
+++ b/1/reversing/ghidra/htb-day1-reversing.rep/user/~index.dat
@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/1/reversing/ghidra/htb-day1-reversing.rep/versioned/~index.bak b/1/reversing/ghidra/htb-day1-reversing.rep/versioned/~index.bak
new file mode 100644
index 0000000..b1e697f
--- /dev/null
+++ b/1/reversing/ghidra/htb-day1-reversing.rep/versioned/~index.bak
@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/1/reversing/ghidra/htb-day1-reversing.rep/versioned/~index.dat b/1/reversing/ghidra/htb-day1-reversing.rep/versioned/~index.dat
new file mode 100644
index 0000000..b1e697f
--- /dev/null
+++ b/1/reversing/ghidra/htb-day1-reversing.rep/versioned/~index.dat
@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e