This data was generated using the Microsoft Base Cryptographic Provider. Your session key length and salt length may be different, but the basic process should be the same.
Assume that an application has a password ("1134-kelp") that it wants to derive a session key from. It would first hash the password with the CryptHashData function, in this case specifying the MD5 hash algorithm. The following hash value is generated and held internal to the CSP:
0x00000000 73 40 e6 e2 74 b8 ea 39 s@..t..9
0x00000008 93 95 aa 29 d6 38 b5 2a ...).8.*
The application would then call the CryptDeriveKey function in order to create a session key, in this case an RC4 stream cipher key. The CSP uses the first five bytes of the previous hash value as the key itself:
0x00000000 73 40 e6 e2 74 s@..t
Because the CRYPT_CREATE_SALT flag was not specified, the key is given a salt value of zero.
If the session key is used to encrypt the following plaintext buffer:
0x00000000 00 01 02 03 04 05 06 07 ........
0x00000008 08 09 0a 0b 0c 0d 0e 0f ........
0x00000010 10 11 12 13 14 15 16 17 ........
0x00000018 18 19 1a 1b 1c 1d 1e 1f ........
The following ciphertext data is generated:
0x00000000 26 59 de 24 44 fa 36 9c &Y.$D.6.
0x00000008 11 0c bb 9d b6 a2 bd 24 .......$
0x00000010 04 2e e3 ba 72 76 f3 27 ....rv.'
0x00000018 8d d5 b4 2f 56 cf f8 c9 .../V...
If the application does specify the CRYPT_CREATE_SALT flag during the CryptDeriveKey function call, then the key is given the following 11-byte salt value:
0x00000000 b8 ea 39 93 95 aa 29 d6 ..9...).
0x00000008 38 b5 2a 8.*
In this case, the following ciphertext data is generated when the previous plaintext buffer is encrypted:
0x00000000 47 f4 5d e2 cc 3b 87 1b G.]..;..
0x00000008 95 bc fc 39 fb 86 d3 05 ...9....
0x00000010 da a2 91 fb 80 f1 2a 22 ......*"
0x00000018 c3 b9 ec 91 dd 9f af 50 .......P