diff --git a/cpp/ql/src/experimental/campaigns/nccoe-pqc-migration/QuantumVulnerableDiscovery/WinCng/WindowsCng.qll b/cpp/ql/src/experimental/campaigns/nccoe-pqc-migration/QuantumVulnerableDiscovery/WinCng/WindowsCng.qll
index 4c426dd38b1..ba400e9ed4c 100644
--- a/cpp/ql/src/experimental/campaigns/nccoe-pqc-migration/QuantumVulnerableDiscovery/WinCng/WindowsCng.qll
+++ b/cpp/ql/src/experimental/campaigns/nccoe-pqc-migration/QuantumVulnerableDiscovery/WinCng/WindowsCng.qll
@@ -95,6 +95,22 @@ class NCryptEncryptArgumentSink extends BCryptOpenAlgorithmProviderSink {
  }
 }
 
+
+/**
+ * Argument at index 1 of call to NCryptEncrypt:
+ *     _Inout_ NCRYPT_KEY_HANDLE  hKey,
+ */
+class SslEncryptPacketArgumentSink extends BCryptOpenAlgorithmProviderSink {
+ int index;
+ string funcName;
+
+ SslEncryptPacketArgumentSink() {
+   index = 1 and
+   funcName = "SslEncryptPacket" and
+   isCallArgument(funcName, this.asExpr(), index)
+ }
+}
+
 // ----------------- Default SOURCES -----------------------
 /**
  * A string identifier of known PQC vulnerable algorithms.