stix_schema_spy 1.3 → 1.3.2

data/config/1.2/stix/cybox/objects/Win_Prefetch_Object.xsd

@@ -1,113 +1,113 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinPrefetchObj="http://cybox.mitre.org/objects#WinPrefetchObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" xmlns:DeviceObj="http://cybox.mitre.org/objects#DeviceObject-2" xmlns:WinVolumeObj="http://cybox.mitre.org/objects#WinVolumeObject-2" targetNamespace="http://cybox.mitre.org/objects#WinPrefetchObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.1">
-	<xs:annotation>
-		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
-		<xs:appinfo>
-			<schema>Win_Prefetch_Object</schema>
-			<version>2.1</version>
-			<date>01/22/2014</date>			
-			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
-			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
-		</xs:appinfo>
-	</xs:annotation>
-	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
-	<xs:import namespace="http://cybox.mitre.org/objects#WinVolumeObject-2" schemaLocation="Win_Volume_Object.xsd"/>
-	<xs:import namespace="http://cybox.mitre.org/objects#DeviceObject-2" schemaLocation="Device_Object.xsd"/>
-	<xs:element name="Windows_Prefetch_Entry" type="WinPrefetchObj:WindowsPrefetchObjectType">
-		<xs:annotation>
-			<xs:documentation>The Windows_Prefetch_Entry object is intended to characterize entries in the Windows prefetch files. Starting with Windows XP, prefetching was introduced to speed up application startup. The prefetch object draws upon the descriptions and XML sample at http://www.forensicswiki.org/wiki/Prefetch_XML.</xs:documentation>
-		</xs:annotation>
-	</xs:element>
-	<xs:complexType name="WindowsPrefetchObjectType">
-		<xs:annotation>
-			<xs:documentation>The WindowsPrefetchObjectType type is intended to characterize entries in the Windows prefetch files. Starting with Windows XP, prefetching was introduced to speed up application startup. The prefetch object draws upon the descriptions and XML sample at http://www.forensicswiki.org/wiki/Prefetch_XML.</xs:documentation>
-		</xs:annotation>
-		<xs:complexContent>
-			<xs:extension base="cyboxCommon:ObjectPropertiesType">
-				<xs:sequence>
-					<xs:element name="Application_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>Name of the executable of the prefetch file.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Prefetch_Hash" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>An eight character hash of the location from which the application was run.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Times_Executed" type="cyboxCommon:LongObjectPropertyType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>The number of times the prefetch application has executed.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="First_Run" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>Timestamp of when the prefetch application was first run.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Last_Run" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>Timestamp of when the prefetch application was last run.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Volume" type="WinPrefetchObj:VolumeType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>The volume from which the prefetch application was run. If the applicatin was run from multiple volumes, there will be a separate prefetch file for each.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Accessed_File_List" type="WinPrefetchObj:AccessedFileListType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>Files (e.g., DLLs and other support files) used by the application during startup.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Accessed_Directory_List" type="WinPrefetchObj:AccessedDirectoryListType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>Directories accessed by the prefetch application during startup.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-				</xs:sequence>
-			</xs:extension>
-		</xs:complexContent>
-	</xs:complexType>
-	<xs:complexType name="AccessedFileListType">
-		<xs:annotation>
-			<xs:documentation>The AccessedFileListType specifies a list of files accessed by a prefetch application.</xs:documentation>
-		</xs:annotation>
-		<xs:sequence>
-			<xs:element name="Accessed_Filename" type="cyboxCommon:StringObjectPropertyType" minOccurs="1" maxOccurs="unbounded">
-				<xs:annotation>
-					<xs:documentation>Specifies the filename of the accessed file.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-		</xs:sequence>
-	</xs:complexType>
-	<xs:complexType name="AccessedDirectoryListType">
-		<xs:annotation>
-			<xs:documentation>The AccessedDirectoryListType specifies a list of directories accessed by a prefetch application.</xs:documentation>
-		</xs:annotation>
-		<xs:sequence>
-			<xs:element name="Accessed_Directory" type="cyboxCommon:StringObjectPropertyType" minOccurs="1" maxOccurs="unbounded">
-				<xs:annotation>
-					<xs:documentation>Specifies the pathname of the accessed directory.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-		</xs:sequence>
-	</xs:complexType>
-	<xs:complexType name="VolumeType">
-		<xs:annotation>
-			<xs:documentation>VolumeType characterizes the volume information in the Windows prefetch file.</xs:documentation>
-		</xs:annotation>
-		<xs:sequence>
-			<xs:element name="VolumeItem" type="WinVolumeObj:WindowsVolumeObjectType" minOccurs="0" maxOccurs="unbounded">
-				<xs:annotation>
-					<xs:documentation>The volume that the prefetch application was run from. The only item in the prefecth file is the volume name.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="DeviceItem" type="DeviceObj:DeviceObjectType" minOccurs="0" maxOccurs="unbounded">
-				<xs:annotation>
-					<xs:documentation>The device that the prefetch application was run from. The only item in the prefetch file is the device serial number.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-		</xs:sequence>
-	</xs:complexType>
-</xs:schema>
+<?xml version='1.0' encoding='UTF-8'?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinPrefetchObj="http://cybox.mitre.org/objects#WinPrefetchObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" xmlns:DeviceObj="http://cybox.mitre.org/objects#DeviceObject-2" xmlns:WinVolumeObj="http://cybox.mitre.org/objects#WinVolumeObject-2" targetNamespace="http://cybox.mitre.org/objects#WinPrefetchObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.1">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Prefetch_Object</schema>
+			<version>2.1</version>
+			<date>01/22/2014</date>			
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/objects#WinVolumeObject-2" schemaLocation="Win_Volume_Object.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/objects#DeviceObject-2" schemaLocation="Device_Object.xsd"/>
+	<xs:element name="Windows_Prefetch_Entry" type="WinPrefetchObj:WindowsPrefetchObjectType">
+		<xs:annotation>
+			<xs:documentation>The Windows_Prefetch_Entry object is intended to characterize entries in the Windows prefetch files. Starting with Windows XP, prefetching was introduced to speed up application startup. The prefetch object draws upon the descriptions and XML sample at http://www.forensicswiki.org/wiki/Prefetch_XML.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsPrefetchObjectType">
+		<xs:annotation>
+			<xs:documentation>The WindowsPrefetchObjectType type is intended to characterize entries in the Windows prefetch files. Starting with Windows XP, prefetching was introduced to speed up application startup. The prefetch object draws upon the descriptions and XML sample at http://www.forensicswiki.org/wiki/Prefetch_XML.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="cyboxCommon:ObjectPropertiesType">
+				<xs:sequence>
+					<xs:element name="Application_File_Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>Name of the executable of the prefetch file.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Prefetch_Hash" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>An eight character hash of the location from which the application was run.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Times_Executed" type="cyboxCommon:LongObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The number of times the prefetch application has executed.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="First_Run" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>Timestamp of when the prefetch application was first run.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Last_Run" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>Timestamp of when the prefetch application was last run.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Volume" type="WinPrefetchObj:VolumeType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The volume from which the prefetch application was run. If the applicatin was run from multiple volumes, there will be a separate prefetch file for each.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Accessed_File_List" type="WinPrefetchObj:AccessedFileListType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>Files (e.g., DLLs and other support files) used by the application during startup.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Accessed_Directory_List" type="WinPrefetchObj:AccessedDirectoryListType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>Directories accessed by the prefetch application during startup.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="AccessedFileListType">
+		<xs:annotation>
+			<xs:documentation>The AccessedFileListType specifies a list of files accessed by a prefetch application.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Accessed_Filename" type="cyboxCommon:StringObjectPropertyType" minOccurs="1" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>Specifies the filename of the accessed file.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="AccessedDirectoryListType">
+		<xs:annotation>
+			<xs:documentation>The AccessedDirectoryListType specifies a list of directories accessed by a prefetch application.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Accessed_Directory" type="cyboxCommon:StringObjectPropertyType" minOccurs="1" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>Specifies the pathname of the accessed directory.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="VolumeType">
+		<xs:annotation>
+			<xs:documentation>VolumeType characterizes the volume information in the Windows prefetch file.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="VolumeItem" type="WinVolumeObj:WindowsVolumeObjectType" minOccurs="0" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>The volume that the prefetch application was run from. The only item in the prefecth file is the volume name.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="DeviceItem" type="DeviceObj:DeviceObjectType" minOccurs="0" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>The device that the prefetch application was run from. The only item in the prefetch file is the device serial number.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+</xs:schema>

data/config/1.2/stix/cybox/objects/Win_Process_Object.xsd

@@ -1,174 +1,174 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinProcessObj="http://cybox.mitre.org/objects#WinProcessObject-2" xmlns:WinThreadObj="http://cybox.mitre.org/objects#WinThreadObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" xmlns:MemoryObj="http://cybox.mitre.org/objects#MemoryObject-2" xmlns:WinHandleObj="http://cybox.mitre.org/objects#WinHandleObject-2" xmlns:ProcessObj="http://cybox.mitre.org/objects#ProcessObject-2" targetNamespace="http://cybox.mitre.org/objects#WinProcessObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.1">
-	<xs:annotation>
-		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
-		<xs:appinfo>
-			<schema>Win_Process_Object</schema>
-			<version>2.1</version>
-			<date>01/22/2014</date>			
-			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
-			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
-		</xs:appinfo>
-	</xs:annotation>
-	<xs:import namespace="http://cybox.mitre.org/objects#WinHandleObject-2" schemaLocation="Win_Handle_Object.xsd"/>
-	<xs:import namespace="http://cybox.mitre.org/objects#MemoryObject-2" schemaLocation="Memory_Object.xsd"/>
-	<xs:import namespace="http://cybox.mitre.org/objects#ProcessObject-2" schemaLocation="Process_Object.xsd"/>
-	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
-	<xs:import namespace="http://cybox.mitre.org/objects#WinThreadObject-2" schemaLocation="Win_Thread_Object.xsd"/>
-	<xs:element name="Windows_Process" type="WinProcessObj:WindowsProcessObjectType">
-
-		<xs:annotation>
-			<xs:documentation>Windows_Process object is intended to characterize Windows processes.</xs:documentation>
-		</xs:annotation>
-	</xs:element>
-	<xs:complexType name="WindowsProcessObjectType" mixed="false">
-		<xs:annotation>
-			<xs:documentation>The WindowsProcessObjectType type is intended to characterize Windows processes.</xs:documentation>
-		</xs:annotation>
-		<xs:complexContent>
-			<xs:extension base="ProcessObj:ProcessObjectType">
-				<xs:sequence>
-					<xs:element name="Handle_List" type="WinHandleObj:WindowsHandleListType" minOccurs="0" maxOccurs="1">
-						<xs:annotation>
-							<xs:documentation>The Handle_List field specifies a list of Windows Handles opened or used by the process.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Priority" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>The Priority field specifies the current priority of the process in Windows.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Section_List" type="WinProcessObj:MemorySectionListType" minOccurs="0" maxOccurs="1">
-						<xs:annotation>
-							<xs:documentation>The Section_List field specifies the memory sections used by the process.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Security_ID" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
-						<xs:annotation>
-							<xs:documentation>The Security_ID field specifies the Security ID (SID) value assigned to the process.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Startup_Info" type="WinProcessObj:StartupInfoType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>The Startup_Info field specifies the STARTUP_INFO struct used by the process.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Security_Type" type="cyboxCommon:SIDType" minOccurs="0" maxOccurs="1">
-						<xs:annotation>
-							<xs:documentation>The Security_Type field specifies the type of Security ID (SID) assigned to the process.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Window_Title" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>The Window_Title field specifies the title of the main window of the process.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Thread" maxOccurs="unbounded" minOccurs="0" type="WinThreadObj:WindowsThreadObjectType">
-						<xs:annotation>
-							<xs:documentation>The Thread field specifies a single thread created to execute within the virtual address space of the process.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-				</xs:sequence>
-				<xs:attribute name="aslr_enabled" type="xs:boolean">
-					<xs:annotation>
-						<xs:documentation>The aslr_enabled field specifies whether Address Space Layout Randomization (ASLR) is enabled for the process.</xs:documentation>
-					</xs:annotation>
-				</xs:attribute>
-				<xs:attribute name="dep_enabled" type="xs:boolean">
-					<xs:annotation>
-						<xs:documentation>The dep_enabled field specifies whether Data Execution Prevention (DEP) is enabled for the process.</xs:documentation>
-					</xs:annotation>
-				</xs:attribute>
-			</xs:extension>
-		</xs:complexContent>
-	</xs:complexType>
-	<xs:complexType name="MemorySectionListType">
-		<xs:annotation>
-			<xs:documentation>The MemorySectionListType type specifies a list of memory sections used by the process.</xs:documentation>
-		</xs:annotation>
-		<xs:sequence>
-			<xs:element name="Memory_Section" type="MemoryObj:MemoryObjectType" minOccurs="1" maxOccurs="unbounded">
-				<xs:annotation>
-					<xs:documentation>The Memory_Section field specifies a memory section used by the process. It imports and uses the MemoryObjectType from the CybOX Memory Object.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-		</xs:sequence>
-	</xs:complexType>
-	<xs:complexType name="StartupInfoType">
-		<xs:annotation>
-			<xs:documentation>The StartupInfoType type encapsulates the information contained in the STARTUPINFO struct for the process.</xs:documentation>
-		</xs:annotation>
-		<xs:sequence>
-			<xs:element name="lpDesktop" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The lpDesktop field specifies the name of the desktop, or the name of both the desktop and window station for this process.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="lpTitle" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The lpTitle field specifies the title displayed in the title bar if a new console window is created.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="dwX" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The dwX field specifies the x offset of the upper left corner of a window if a new window is created, in pixels.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="dwY" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The dwY field specifies the y offset of the upper left corner of a window if a new window is created, in pixels.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="dwXSize" type="cyboxCommon:PositiveIntegerObjectPropertyType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The dwXSize field specifies the width of the window if a new window is created, in pixels.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="dwYSize" type="cyboxCommon:PositiveIntegerObjectPropertyType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The dwYSize field specifies the height of the window if a new window is created, in pixels.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="dwXCountChars" type="cyboxCommon:PositiveIntegerObjectPropertyType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The dwXCountChars field specifies the screen buffer width, in character columns.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="dwYCountChars" type="cyboxCommon:PositiveIntegerObjectPropertyType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The dwYCountChars field specifies the screen buffer height, in character rows.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="dwFillAttribute" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The dwFillAttribute field specifies the initial text and background colors if a new console window is created in a console application.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="dwFlags" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The dwFlags field specifies a bitfield that determines whether certain STARTUPINFO members are used when the process creates a window.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="wShowWindow" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The wShowWindow field specifies STARTF_USESHOWWINDOW, this member can be any of the values that can be specified in the nCmdShow parameter for the ShowWindow function, except for SW_SHOWDEFAULT.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="hStdInput" type="WinHandleObj:WindowsHandleObjectType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The hStdInput field specifies the standard input handle for the process.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="hStdOutput" type="WinHandleObj:WindowsHandleObjectType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The hStdOutput field specifies the standard output handle for the process.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="hStdError" type="WinHandleObj:WindowsHandleObjectType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The hStdError field specifies the standard error handle for the process.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-		</xs:sequence>
-	</xs:complexType>
-</xs:schema>
+<?xml version='1.0' encoding='UTF-8'?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinProcessObj="http://cybox.mitre.org/objects#WinProcessObject-2" xmlns:WinThreadObj="http://cybox.mitre.org/objects#WinThreadObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" xmlns:MemoryObj="http://cybox.mitre.org/objects#MemoryObject-2" xmlns:WinHandleObj="http://cybox.mitre.org/objects#WinHandleObject-2" xmlns:ProcessObj="http://cybox.mitre.org/objects#ProcessObject-2" targetNamespace="http://cybox.mitre.org/objects#WinProcessObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.1">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Process_Object</schema>
+			<version>2.1</version>
+			<date>01/22/2014</date>			
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/objects#WinHandleObject-2" schemaLocation="Win_Handle_Object.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/objects#MemoryObject-2" schemaLocation="Memory_Object.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/objects#ProcessObject-2" schemaLocation="Process_Object.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/objects#WinThreadObject-2" schemaLocation="Win_Thread_Object.xsd"/>
+	<xs:element name="Windows_Process" type="WinProcessObj:WindowsProcessObjectType">
+
+		<xs:annotation>
+			<xs:documentation>Windows_Process object is intended to characterize Windows processes.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsProcessObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsProcessObjectType type is intended to characterize Windows processes.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="ProcessObj:ProcessObjectType">
+				<xs:sequence>
+					<xs:element name="Handle_List" type="WinHandleObj:WindowsHandleListType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Handle_List field specifies a list of Windows Handles opened or used by the process.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Priority" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Priority field specifies the current priority of the process in Windows.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Section_List" type="WinProcessObj:MemorySectionListType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Section_List field specifies the memory sections used by the process.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Security_ID" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Security_ID field specifies the Security ID (SID) value assigned to the process.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Startup_Info" type="WinProcessObj:StartupInfoType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Startup_Info field specifies the STARTUP_INFO struct used by the process.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Security_Type" type="cyboxCommon:SIDType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Security_Type field specifies the type of Security ID (SID) assigned to the process.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Window_Title" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Window_Title field specifies the title of the main window of the process.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Thread" maxOccurs="unbounded" minOccurs="0" type="WinThreadObj:WindowsThreadObjectType">
+						<xs:annotation>
+							<xs:documentation>The Thread field specifies a single thread created to execute within the virtual address space of the process.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+				<xs:attribute name="aslr_enabled" type="xs:boolean">
+					<xs:annotation>
+						<xs:documentation>The aslr_enabled field specifies whether Address Space Layout Randomization (ASLR) is enabled for the process.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+				<xs:attribute name="dep_enabled" type="xs:boolean">
+					<xs:annotation>
+						<xs:documentation>The dep_enabled field specifies whether Data Execution Prevention (DEP) is enabled for the process.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="MemorySectionListType">
+		<xs:annotation>
+			<xs:documentation>The MemorySectionListType type specifies a list of memory sections used by the process.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Memory_Section" type="MemoryObj:MemoryObjectType" minOccurs="1" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>The Memory_Section field specifies a memory section used by the process. It imports and uses the MemoryObjectType from the CybOX Memory Object.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="StartupInfoType">
+		<xs:annotation>
+			<xs:documentation>The StartupInfoType type encapsulates the information contained in the STARTUPINFO struct for the process.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="lpDesktop" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The lpDesktop field specifies the name of the desktop, or the name of both the desktop and window station for this process.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="lpTitle" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The lpTitle field specifies the title displayed in the title bar if a new console window is created.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="dwX" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The dwX field specifies the x offset of the upper left corner of a window if a new window is created, in pixels.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="dwY" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The dwY field specifies the y offset of the upper left corner of a window if a new window is created, in pixels.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="dwXSize" type="cyboxCommon:PositiveIntegerObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The dwXSize field specifies the width of the window if a new window is created, in pixels.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="dwYSize" type="cyboxCommon:PositiveIntegerObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The dwYSize field specifies the height of the window if a new window is created, in pixels.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="dwXCountChars" type="cyboxCommon:PositiveIntegerObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The dwXCountChars field specifies the screen buffer width, in character columns.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="dwYCountChars" type="cyboxCommon:PositiveIntegerObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The dwYCountChars field specifies the screen buffer height, in character rows.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="dwFillAttribute" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The dwFillAttribute field specifies the initial text and background colors if a new console window is created in a console application.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="dwFlags" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The dwFlags field specifies a bitfield that determines whether certain STARTUPINFO members are used when the process creates a window.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="wShowWindow" type="cyboxCommon:IntegerObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The wShowWindow field specifies STARTF_USESHOWWINDOW, this member can be any of the values that can be specified in the nCmdShow parameter for the ShowWindow function, except for SW_SHOWDEFAULT.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="hStdInput" type="WinHandleObj:WindowsHandleObjectType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The hStdInput field specifies the standard input handle for the process.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="hStdOutput" type="WinHandleObj:WindowsHandleObjectType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The hStdOutput field specifies the standard output handle for the process.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="hStdError" type="WinHandleObj:WindowsHandleObjectType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The hStdError field specifies the standard error handle for the process.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+</xs:schema>