<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<events>
...
<event id="396" type="FunctionCall" timestamp="128210458657140000" processName="msnmsgr.exe" processId="4416" threadId="5152">
<name>Secur32.dll::EncryptMessage</name>
<backtrace>
<entry moduleName="WININET.dll">0x77716569</entry>
<entry moduleName="WININET.dll">0x77716422</entry>
<entry moduleName="WININET.dll">0x777163d1</entry>
<entry moduleName="WININET.dll">0x776dee2f</entry>
<entry moduleName="WININET.dll">0x776dfeea</entry>
<entry moduleName="WININET.dll">0x77715979</entry>
<entry moduleName="WININET.dll">0x776e28af</entry>
<entry moduleName="kernel32.dll">0x76ab3ade</entry>
</backtrace>
<cpuContext direction="in">
<register name="eax" value="0x763e12f8" />
<register name="ebx" value="0x2" />
<register name="ecx" value="0" />
<register name="edx" value="0x52f0419" />
<register name="edi" value="0x52f01e0" />
<register name="esi" value="0x234" />
<register name="ebp" value="0x1c8fcec" />
<register name="esp" value="0x1c8fc70" />
</cpuContext>
<arguments direction="in">
<argument name="phContext">
<value type="UInt32" value="0x5386380" />
</argument>
<argument name="fQOP">
<value type="UInt32" value="0" />
</argument>
<argument name="pMessage">
<value type="SecBufferDescPtr" value="0x01C8FCDC">
<value type="Struct" subType="SecBufferDesc">
<field name="ulVersion">
<value type="UInt32" value="0" />
</field>
<field name="cBuffers">
<value type="UInt32" value="3" />
</field>
<field name="pBuffers">
<value type="Pointer" value="0x01C8FCA4">
<value type="Array" elementType="SecBuffer" elementCount="3">
<value type="Struct" subType="SecBuffer">
<field name="cbBuffer">
<value type="UInt32" value="5" />
</field>
<field name="BufferType">
<value type="Enum" subType="SecBufferType" value="SECBUFFER_TOKEN" />
</field>
<field name="pvBuffer">
<value type="Pointer" value="0x052F01E0">
<value type="ByteArray" size="5">WLUwBWg=</value>
</value>
</field>
</value>
<value type="Struct" subType="SecBuffer">
<field name="cbBuffer">
<value type="UInt32" value="564" />
</field>
<field name="BufferType">
<value type="Enum" subType="SecBufferType" value="SECBUFFER_DATA" />
</field>
<field name="pvBuffer">
<value type="Pointer" value="0x052F01E5">
<value type="ByteArray" size="564">UE9TVCAvUlNULnNyZiBIVFRQLzEuMQ0KQWNjZXB0OiB0ZXh0LyoNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDYuMDsgV2luZG93cyBOVCA2LjA7IFNMQ0MxOyAuTkVUIENMUiAyLjAuNTA3Mjc7IE1lZGlhIENlbnRlciBQQyA1LjA7IC5ORVQgQ0xSIDMuMC4wNDUwNjsgSW5mb1BhdGguMjsgSURDUkwgNC4xMDAuMzEzLjE7IElEQ1JMLWNmZyA0LjAuNTYzMy4wOyBBcHAgbXNubXNnci5leGUsIDguMS4xNzguMCwgezcxMDhFNzFBLTk5MjYtNEZDQi1CQ0M5LTlBOUQzRjMyRTQyM30pDQpIb3N0OiBsb2dpbi5saXZlLmNvbQ0KQ29udGVudC1MZW5ndGg6IDM1MjYNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb29raWU6IEFOT049QT04QUI3NUI0OEE1RUUxQzU5QzU2NEQ2RTlGRkZGRkZGRiZFPTU1YSZXPTQ7IE5BUD1WPTEuNSZFPTUwMCZDPUt5Zmx0T2F1ZXNGTk0tWktIamlXS0xRN3hVcnpnRmE4anpGRy1mVmxPS2pOa1NPd2dSeXRodyZXPWI7IE1VSUQ9NDcxRDVCRjRCMkQxNDY5M0JGMEYzM0Q4M0MyQUFEQjcNCg0K</value>
</value>
</field>
</value>
<value type="Struct" subType="SecBuffer">
<field name="cbBuffer">
<value type="UInt32" value="16" />
</field>
<field name="BufferType">
<value type="Enum" subType="SecBufferType" value="SECBUFFER_TOKEN" />
</field>
<field name="pvBuffer">
<value type="Pointer" value="0x052F0419">
<value type="ByteArray" size="16">AAAAAAAAAAAAAAAAAAAAAA==</value>
</value>
</field>
</value>
</value>
</value>
</field>
</value>
</value>
</argument>
<argument name="MessageSeqNo">
<value type="UInt32" value="0" />
</argument>
</arguments>
<cpuContext direction="out">
<register name="eax" value="0" />
<register name="ebx" value="0x2" />
<register name="ecx" value="0xc0000408" />
<register name="edx" value="0xb9" />
<register name="edi" value="0x52f01e0" />
<register name="esi" value="0x234" />
<register name="ebp" value="0x1c8fcec" />
<register name="esp" value="0x1c8fc90" />
</cpuContext>
<arguments direction="out">
<argument name="pMessage">
<value type="SecBufferDescPtr" value="0x01C8FCDC">
<value type="Struct" subType="SecBufferDesc">
<field name="ulVersion">
<value type="UInt32" value="0" />
</field>
<field name="cBuffers">
<value type="UInt32" value="3" />
</field>
<field name="pBuffers">
<value type="Pointer" value="0x01C8FCA4">
<value type="Array" elementType="SecBuffer" elementCount="3">
<value type="Struct" subType="SecBuffer">
<field name="cbBuffer">
<value type="UInt32" value="5" />
</field>
<field name="BufferType">
<value type="Enum" subType="SecBufferType" value="SECBUFFER_TOKEN" />
</field>
<field name="pvBuffer">
<value type="Pointer" value="0x052F01E0">
<value type="ByteArray" size="5">FwMBAkQ=</value>
</value>
</field>
</value>
<value type="Struct" subType="SecBuffer">
<field name="cbBuffer">
<value type="UInt32" value="564" />
</field>
<field name="BufferType">
<value type="Enum" subType="SecBufferType" value="SECBUFFER_DATA" />
</field>
<field name="pvBuffer">
<value type="Pointer" value="0x052F01E5">
<value type="ByteArray" size="564">NpiA0Q0/o2b86As0r6BCAAt/x7/fkAQbveHYWT0Tg8ACjOeIgqAxFYM9pBnun3mn2mdGLGtrYetf69F4xjdepcSgmFT55umBvWw4AJwRDxQ0Kq14m5gCaK653cULsBaggRIi521oq3x65KjwRMKQH6lmGNN/hige00JfkCyE4v+W6MpT2Ov4GfZnV/y2y0pq7Q4S41+PErMhlF3QekPd/+foZDx/uBk6uR+zQSlUnm0JEsXwQ3fmGe34KOCPvZj2HBRMDB7rcbkYwg/qDjU3zIjxVabVPFetLwzIQ/wca8bVVF8fbOYwzcjFlBvNtW1QDnEfLwHM535vDBEbGU4H9W2Zrwpv5jg2cgCAMDoNPCNTV6/1cgnL19Tg1QaGRgTx8uGEPbQDcaa1vmuk+9ZgRSEMfj3dq/o6BEhwlXp39sIJlRygrBH+eFwK4mXA8BgjK6vK4NRPCAND7GLkxO2xOxaT3apFO+707J3m2tTobSLKAc0EcvEpCBtcm7cKxa7EfR1eH++rZYGZJXr7vo/SXHuQMmqO6Dxi6FMFovwZzUfqsgT/UsvaOWJVHhJgWoj6M4x/P4bMR+9iHl6xfz0NlT5tQgmW2Ef7oR7bvKN6z3/ysa6ITBleTbmz18A/fqNFgfw56WtAn/tJMEI6yVIvfKdqzFgmu7hvRA81wk+SIy34nnFQW0HVEp1lkCHzfbFU8dd4jA3zYKWJG1GHcR5RsNxKJ/kfv48sjEfxaXvxAy2TKSnk</value>
</value>
</field>
</value>
<value type="Struct" subType="SecBuffer">
<field name="cbBuffer">
<value type="UInt32" value="16" />
</field>
<field name="BufferType">
<value type="Enum" subType="SecBufferType" value="SECBUFFER_TOKEN" />
</field>
<field name="pvBuffer">
<value type="Pointer" value="0x052F0419">
<value type="ByteArray" size="16">Fzeo5xf/RGyih13CM3xoaA==</value>
</value>
</field>
</value>
</value>
</value>
</field>
</value>
</value>
</argument>
</arguments>
<returnValue>
<value type="Int32" value="0" />
</returnValue>
</event>
...
<event id="426" type="FunctionCall" timestamp="128210458659990000" processName="msnmsgr.exe" processId="4416" threadId="5152">
<name>Secur32.dll::DecryptMessage</name>
<backtrace>
<entry moduleName="WININET.dll">0x77716bd6</entry>
<entry moduleName="WININET.dll">0x777167f6</entry>
<entry moduleName="WININET.dll">0x776d4507</entry>
<entry moduleName="WININET.dll">0x7771674a</entry>
<entry moduleName="WININET.dll">0x776dee2f</entry>
<entry moduleName="WININET.dll">0x776def93</entry>
<entry moduleName="ntdll.dll">0x77cbfe3d</entry>
<entry moduleName="ntdll.dll">0x77cea2b8</entry>
</backtrace>
<cpuContext direction="in">
<register name="eax" value="0x763e12f8" />
<register name="ebx" value="0" />
<register name="ecx" value="0" />
<register name="edx" value="0x5388278" />
<register name="edi" value="0x53862c0" />
<register name="esi" value="0x4" />
<register name="ebp" value="0x1c8fd7c" />
<register name="esp" value="0x1c8fd00" />
</cpuContext>
<arguments direction="in">
<argument name="phContext">
<value type="UInt32" value="0x5386380" />
</argument>
<argument name="pMessage">
<value type="SecBufferDescPtr" value="0x01C8FD64">
<value type="Struct" subType="SecBufferDesc">
<field name="ulVersion">
<value type="UInt32" value="0" />
</field>
<field name="cBuffers">
<value type="UInt32" value="4" />
</field>
<field name="pBuffers">
<value type="Pointer" value="0x01C8FD34">
<value type="Array" elementType="SecBuffer" elementCount="4">
<value type="Struct" subType="SecBuffer">
<field name="cbBuffer">
<value type="UInt32" value="46" />
</field>
<field name="BufferType">
<value type="Enum" subType="SecBufferType" value="SECBUFFER_DATA" />
</field>
<field name="pvBuffer">
<value type="Pointer" value="0x05388278">
<value type="ByteArray" size="46">FwMBACligy6piBNrVL0OpTN0dw1hsiyqRsGsLK6bw1+KFCwFFWviffK/XRrffg==</value>
</value>
</field>
</value>
<value type="Struct" subType="SecBuffer">
<field name="cbBuffer">
<value type="UInt32" value="0" />
</field>
<field name="BufferType">
<value type="Enum" subType="SecBufferType" value="SECBUFFER_EMPTY" />
</field>
<field name="pvBuffer">
<value type="Pointer" value="NULL" />
</field>
</value>
<value type="Struct" subType="SecBuffer">
<field name="cbBuffer">
<value type="UInt32" value="0" />
</field>
<field name="BufferType">
<value type="Enum" subType="SecBufferType" value="SECBUFFER_EMPTY" />
</field>
<field name="pvBuffer">
<value type="Pointer" value="NULL" />
</field>
</value>
<value type="Struct" subType="SecBuffer">
<field name="cbBuffer">
<value type="UInt32" value="0" />
</field>
<field name="BufferType">
<value type="Enum" subType="SecBufferType" value="SECBUFFER_EMPTY" />
</field>
<field name="pvBuffer">
<value type="Pointer" value="NULL" />
</field>
</value>
</value>
</value>
</field>
</value>
</value>
</argument>
<argument name="MessageSeqNo">
<value type="UInt32" value="0" />
</argument>
<argument name="pfQOP">
<value type="Pointer" value="NULL" />
</argument>
</arguments>
<cpuContext direction="out">
<register name="eax" value="0" />
<register name="ebx" value="0" />
<register name="ecx" value="0xc0000408" />
<register name="edx" value="0" />
<register name="edi" value="0x53862c0" />
<register name="esi" value="0x4" />
<register name="ebp" value="0x1c8fd7c" />
<register name="esp" value="0x1c8fd20" />
</cpuContext>
<arguments direction="out">
<argument name="pMessage">
<value type="SecBufferDescPtr" value="0x01C8FD64">
<value type="Struct" subType="SecBufferDesc">
<field name="ulVersion">
<value type="UInt32" value="0" />
</field>
<field name="cBuffers">
<value type="UInt32" value="4" />
</field>
<field name="pBuffers">
<value type="Pointer" value="0x01C8FD34">
<value type="Array" elementType="SecBuffer" elementCount="4">
<value type="Struct" subType="SecBuffer">
<field name="cbBuffer">
<value type="UInt32" value="5" />
</field>
<field name="BufferType">
<value type="Enum" subType="SecBufferType" value="SECBUFFER_STREAM_HEADER" />
</field>
<field name="pvBuffer">
<value type="Pointer" value="0x05388278">
<value type="ByteArray" size="5">FwMBACk=</value>
</value>
</field>
</value>
<value type="Struct" subType="SecBuffer">
<field name="cbBuffer">
<value type="UInt32" value="25" />
</field>
<field name="BufferType">
<value type="Enum" subType="SecBufferType" value="SECBUFFER_DATA" />
</field>
<field name="pvBuffer">
<value type="Pointer" value="0x0538827D">
<value type="ByteArray" size="25">SFRUUC8xLjEgMTAwIENvbnRpbnVlDQoNCg==</value>
</value>
</field>
</value>
<value type="Struct" subType="SecBuffer">
<field name="cbBuffer">
<value type="UInt32" value="16" />
</field>
<field name="BufferType">
<value type="Enum" subType="SecBufferType" value="SECBUFFER_STREAM_TRAILER" />
</field>
<field name="pvBuffer">
<value type="Pointer" value="0x05388296">
<value type="ByteArray" size="16">QM5Rq44fKpGfOKfjhtIkPg==</value>
</value>
</field>
</value>
<value type="Struct" subType="SecBuffer">
<field name="cbBuffer">
<value type="UInt32" value="0" />
</field>
<field name="BufferType">
<value type="Enum" subType="SecBufferType" value="SECBUFFER_EMPTY" />
</field>
<field name="pvBuffer">
<value type="Pointer" value="NULL" />
</field>
</value>
</value>
</value>
</field>
</value>
</value>
</argument>
<argument name="pfQOP">
<value type="Pointer" value="NULL" />
</argument>
</arguments>
<returnValue>
<value type="Int32" value="0" />
</returnValue>
</event>
...
</events>