stix_schema_spy 1.3 → 1.3.2

data/config/1.2/stix/cybox/objects/Win_Registry_Key_Object.xsd

@@ -1,290 +1,290 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinRegistryKeyObj="http://cybox.mitre.org/objects#WinRegistryKeyObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" xmlns:WinHandleObj="http://cybox.mitre.org/objects#WinHandleObject-2" targetNamespace="http://cybox.mitre.org/objects#WinRegistryKeyObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.1">
-	<xs:annotation>
-		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
-		<xs:appinfo>
-			<schema>Win_Registry_Key_Object</schema>
-			<version>2.1</version>
-			<date>01/22/2014</date>			
-			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
-			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
-		</xs:appinfo>
-	</xs:annotation>
-	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
-	<xs:import namespace="http://cybox.mitre.org/objects#WinHandleObject-2" schemaLocation="Win_Handle_Object.xsd"/>
-	<xs:element name="Windows_Registry_Key" type="WinRegistryKeyObj:WindowsRegistryKeyObjectType">
-		<xs:annotation>
-			<xs:documentation>Windows_Registry_Key object characterizes windows registry objects, including Keys and Key/Value pairs. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms724871(v=vs.85).aspx.</xs:documentation>
-		</xs:annotation>
-	</xs:element>
-	<xs:complexType name="WindowsRegistryKeyObjectType" mixed="false">
-		<xs:annotation>
-			<xs:documentation>The WindowsRegistryObjectType type is intended to characterize Windows registry objects, including Keys and Key/Value pairs.</xs:documentation>
-		</xs:annotation>
-		<xs:complexContent>
-			<xs:extension base="cyboxCommon:ObjectPropertiesType">
-				<xs:sequence>
-					<xs:element name="Key" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>The Key field specifies the full key to the Windows registry object, not including the hive.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Hive" type="WinRegistryKeyObj:RegistryHiveType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>The Hive field specifies the Windows registry hive to which the registry object belongs to.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Number_Values" type="cyboxCommon:UnsignedIntegerObjectPropertyType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>The Number_Values field specifies the number of values found in the registry key.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Values" type="WinRegistryKeyObj:RegistryValuesType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>The Values field specifies the values (with their name/data pairs) held within the registry key.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Modified_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>The Modified_Time field specifies the last date/time that the registry object was modified.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Creator_Username" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
-						<xs:annotation>
-							<xs:documentation>The Creator_Username field specifies the name of the user who created the registry object.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Handle_List" type="WinHandleObj:WindowsHandleListType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>The Handle_List field specifies a list of open Handles for this registry object.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Number_Subkeys" type="cyboxCommon:UnsignedIntegerObjectPropertyType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>The Number_Subkeys field specifies the number of subkeys contained under the registry key.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Subkeys" type="WinRegistryKeyObj:RegistrySubkeysType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>The Subkeys field specifies the set of subkeys contained under the registry key.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-					<xs:element name="Byte_Runs" type="cyboxCommon:ByteRunsType" minOccurs="0">
-						<xs:annotation>
-							<xs:documentation>The Byte_Runs field contains a list of byte runs from the raw registry.</xs:documentation>
-						</xs:annotation>
-					</xs:element>
-				</xs:sequence>
-			</xs:extension>
-		</xs:complexContent>
-	</xs:complexType>
-	<xs:complexType name="RegistryValueType">
-		<xs:annotation>
-			<xs:documentation>The RegistryValueType type is intended to characterize Windows registry Value name/data pairs.</xs:documentation>
-		</xs:annotation>
-		<xs:sequence>
-			<xs:element name="Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The Name field specifies the name of the registry value. For specifying the default value in a registry key, an empty string should be used. </xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="Data" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The Data field specifies the data contained in the registry value.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="Datatype" type="WinRegistryKeyObj:RegistryDatatypeType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The Datatype field specifies the registry (REG_*) datatype used in the registry value.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-			<xs:element name="Byte_Runs" type="cyboxCommon:ByteRunsType" minOccurs="0">
-				<xs:annotation>
-					<xs:documentation>The Byte_Runs field contains a list of byte runs from the raw registry key entry.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-		</xs:sequence>
-	</xs:complexType>
-	<xs:complexType name="RegistryDatatypeType">
-		<xs:annotation>
-			<xs:documentation>Registry_Datatype specifies Windows registry datatypes via a union of the RegistryDataTypesEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
-		</xs:annotation>
-		<xs:simpleContent>
-			<xs:restriction base="cyboxCommon:BaseObjectPropertyType">
-				<xs:simpleType>
-					<xs:union memberTypes="WinRegistryKeyObj:RegistryDataTypesEnum xs:string"/>
-				</xs:simpleType>
-				<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
-					<xs:annotation>
-						<xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
-					</xs:annotation>
-				</xs:attribute>
-			</xs:restriction>
-		</xs:simpleContent>
-	</xs:complexType>
-	<xs:complexType name="RegistryHiveType">
-		<xs:annotation>
-			<xs:documentation>RegistryHiveType specifies Windows registry hive types via a union of the RegistryHiveEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
-		</xs:annotation>
-		<xs:simpleContent>
-			<xs:restriction base="cyboxCommon:BaseObjectPropertyType">
-				<xs:simpleType>
-					<xs:union memberTypes="WinRegistryKeyObj:RegistryHiveEnum xs:string"/>
-				</xs:simpleType>
-				<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
-					<xs:annotation>
-						<xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
-					</xs:annotation>
-				</xs:attribute>
-			</xs:restriction>
-		</xs:simpleContent>
-	</xs:complexType>
-	<xs:simpleType name="RegistryDataTypesEnum">
-		<xs:annotation>
-			<xs:documentation>The RegistryDataTypesEnum type is an enumeration of Windows registry datatypes (REG_*). See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms724884(v=vs.85).aspx See also: http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=361.</xs:documentation>
-		</xs:annotation>
-		<xs:restriction base="xs:string">
-			<xs:enumeration value="REG_NONE">
-				<xs:annotation>
-					<xs:documentation>No defined value type.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="REG_SZ">
-				<xs:annotation>
-					<xs:documentation>A null-terminated string. This will be either a Unicode or an ANSI string, depending on whether you use the Unicode or ANSI functions.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="REG_EXPAND_SZ">
-				<xs:annotation>
-					<xs:documentation>A null-terminated string that contains unexpanded references to environment variables (for example, "%PATH%"). It will be a Unicode or ANSI string depending on whether you use the Unicode or ANSI functions.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="REG_BINARY">
-				<xs:annotation>
-					<xs:documentation>Binary data in any form.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="REG_DWORD">
-				<xs:annotation>
-					<xs:documentation>A 32-bit number.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="REG_DWORD_BIG_ENDIAN">
-				<xs:annotation>
-					<xs:documentation>A 32-bit number in big-endian format. Some UNIX systems support big-endian architectures.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="REG_LINK">
-				<xs:annotation>
-					<xs:documentation>A null-terminated Unicode string that contains the target path of a symbolic link.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="REG_MULTI_SZ">
-				<xs:annotation>
-					<xs:documentation>A sequence of null-terminated strings, terminated by an empty string (\0).</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="REG_RESOURCE_LIST">
-				<xs:annotation>
-					<xs:documentation>A series of nested arrays designed to store a resource list used by a hardware device driver or one of the physical devices it controls. This data is detected and written into the ResourceMap tree by the system and is displayed in Registry Editor in hexadecimal format as a Binary Value.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="REG_FULL_RESOURCE_DESCRIPTOR">
-				<xs:annotation>
-					<xs:documentation>A series of nested arrays designed to store a resource list used by a physical hardware device. This data is detected and written into the HardwareDescription tree by the system and is displayed in Registry Editor in hexadecimal format as a Binary Value.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="REG_RESOURCE_REQUIREMENTS_LIST">
-				<xs:annotation>
-					<xs:documentation>Device driver list of hardware resource requirements in Resource Map tree. See http://www.mdgx.com/reg.htm.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="REG_QWORD">
-				<xs:annotation>
-					<xs:documentation>A 64-bit number.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="REG_INVALID_TYPE">
-				<xs:annotation>
-					<xs:documentation>Specifies an invalid key.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-		</xs:restriction>
-	</xs:simpleType>
-	<xs:simpleType name="RegistryHiveEnum">
-		<xs:annotation>
-			<xs:documentation>The RegistryHiveEnum type is an enumeration of Windows registry hives (HKEY_*). See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms724836(v=vs.85).aspx.</xs:documentation>
-		</xs:annotation>
-		<xs:restriction base="xs:string">
-			<xs:enumeration value="HKEY_CLASSES_ROOT">
-				<xs:annotation>
-					<xs:documentation>Registry entries subordinate to this key define types (or classes) of documents and the properties associated with those types. Shell and COM applications use the information stored under this key.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="HKEY_CURRENT_CONFIG">
-				<xs:annotation>
-					<xs:documentation>Contains information about the current hardware profile of the local computer system. The information under HKEY_CURRENT_CONFIG describes only the differences between the current hardware configuration and the standard configuration.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="HKEY_CURRENT_USER">
-				<xs:annotation>
-					<xs:documentation>Registry entries subordinate to this key define the preferences of the current user. These preferences include the settings of environment variables, data about program groups, colors, printers, network connections, and application preferences. This key makes it easier to establish the current user's settings; the key maps to the current user's branch in HKEY_USERS.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="HKEY_LOCAL_MACHINE">
-				<xs:annotation>
-					<xs:documentation>Registry entries subordinate to this key define the physical state of the computer, including data about the bus type, system memory, and installed hardware and software.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="HKEY_USERS">
-				<xs:annotation>
-					<xs:documentation>Registry entries subordinate to this key define the default user configuration for new users on the local computer and the user configuration for the current user.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="HKEY_CURRENT_USER_LOCAL_SETTINGS">
-				<xs:annotation>
-					<xs:documentation>Registry entries subordinate to this key define preferences of the current user that are local to the machine. These entries are not included in the per-user registry portion of a roaming user profile.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="HKEY_PERFORMANCE_DATA">
-				<xs:annotation>
-					<xs:documentation>Registry entries subordinate to this key allow you to access performance data. The data is not actually stored in the registry; the registry functions cause the system to collect the data from its source.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="HKEY_PERFORMANCE_NLSTEXT">
-				<xs:annotation>
-					<xs:documentation>Registry entries subordinate to this key reference the text strings that describe counters in the local language of the area in which the computer system is running. These entries are not available to Regedit.exe and Regedt32.exe.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-			<xs:enumeration value="HKEY_PERFORMANCE_TEXT">
-				<xs:annotation>
-					<xs:documentation>Registry entries subordinate to this key reference the text strings that describe counters in US English. These entries are not available to Regedit.exe and Regedt32.exe.</xs:documentation>
-				</xs:annotation>
-			</xs:enumeration>
-		</xs:restriction>
-	</xs:simpleType>
-	<xs:complexType name="RegistryValuesType">
-		<xs:annotation>
-			<xs:documentation>The RegistryValuesType type specifies the values (with their name/data pairs) held within the registry key.</xs:documentation>
-		</xs:annotation>
-		<xs:sequence>
-			<xs:element name="Value" type="WinRegistryKeyObj:RegistryValueType" maxOccurs="unbounded">
-				<xs:annotation>
-					<xs:documentation>The Value field specifies the value (with name/data pair) held within the registry key.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-		</xs:sequence>
-	</xs:complexType>
-	<xs:complexType name="RegistrySubkeysType">
-		<xs:annotation>
-			<xs:documentation>The RegistrySubkeysType specifies the set of subkeys contained under the registry key.</xs:documentation>
-		</xs:annotation>
-		<xs:sequence>
-			<xs:element name="Subkey" type="WinRegistryKeyObj:WindowsRegistryKeyObjectType" maxOccurs="unbounded">
-				<xs:annotation>
-					<xs:documentation>The Subkey field specifies a single subkey contained under the registry key.</xs:documentation>
-				</xs:annotation>
-			</xs:element>
-		</xs:sequence>
-	</xs:complexType>
-</xs:schema>
+<?xml version='1.0' encoding='UTF-8'?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:WinRegistryKeyObj="http://cybox.mitre.org/objects#WinRegistryKeyObject-2" xmlns:cyboxCommon="http://cybox.mitre.org/common-2" xmlns:WinHandleObj="http://cybox.mitre.org/objects#WinHandleObject-2" targetNamespace="http://cybox.mitre.org/objects#WinRegistryKeyObject-2" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.1">
+	<xs:annotation>
+		<xs:documentation>This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.</xs:documentation>
+		<xs:appinfo>
+			<schema>Win_Registry_Key_Object</schema>
+			<version>2.1</version>
+			<date>01/22/2014</date>			
+			<short_description>The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. </short_description>
+			<terms_of_use>Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.</terms_of_use>
+		</xs:appinfo>
+	</xs:annotation>
+	<xs:import namespace="http://cybox.mitre.org/common-2" schemaLocation="../cybox_common.xsd"/>
+	<xs:import namespace="http://cybox.mitre.org/objects#WinHandleObject-2" schemaLocation="Win_Handle_Object.xsd"/>
+	<xs:element name="Windows_Registry_Key" type="WinRegistryKeyObj:WindowsRegistryKeyObjectType">
+		<xs:annotation>
+			<xs:documentation>Windows_Registry_Key object characterizes windows registry objects, including Keys and Key/Value pairs. See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms724871(v=vs.85).aspx.</xs:documentation>
+		</xs:annotation>
+	</xs:element>
+	<xs:complexType name="WindowsRegistryKeyObjectType" mixed="false">
+		<xs:annotation>
+			<xs:documentation>The WindowsRegistryObjectType type is intended to characterize Windows registry objects, including Keys and Key/Value pairs.</xs:documentation>
+		</xs:annotation>
+		<xs:complexContent>
+			<xs:extension base="cyboxCommon:ObjectPropertiesType">
+				<xs:sequence>
+					<xs:element name="Key" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Key field specifies the full key to the Windows registry object, not including the hive.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Hive" type="WinRegistryKeyObj:RegistryHiveType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Hive field specifies the Windows registry hive to which the registry object belongs to.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Number_Values" type="cyboxCommon:UnsignedIntegerObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Number_Values field specifies the number of values found in the registry key.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Values" type="WinRegistryKeyObj:RegistryValuesType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Values field specifies the values (with their name/data pairs) held within the registry key.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Modified_Time" type="cyboxCommon:DateTimeObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Modified_Time field specifies the last date/time that the registry object was modified.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Creator_Username" type="cyboxCommon:StringObjectPropertyType" minOccurs="0" maxOccurs="1">
+						<xs:annotation>
+							<xs:documentation>The Creator_Username field specifies the name of the user who created the registry object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Handle_List" type="WinHandleObj:WindowsHandleListType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Handle_List field specifies a list of open Handles for this registry object.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Number_Subkeys" type="cyboxCommon:UnsignedIntegerObjectPropertyType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Number_Subkeys field specifies the number of subkeys contained under the registry key.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Subkeys" type="WinRegistryKeyObj:RegistrySubkeysType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Subkeys field specifies the set of subkeys contained under the registry key.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+					<xs:element name="Byte_Runs" type="cyboxCommon:ByteRunsType" minOccurs="0">
+						<xs:annotation>
+							<xs:documentation>The Byte_Runs field contains a list of byte runs from the raw registry.</xs:documentation>
+						</xs:annotation>
+					</xs:element>
+				</xs:sequence>
+			</xs:extension>
+		</xs:complexContent>
+	</xs:complexType>
+	<xs:complexType name="RegistryValueType">
+		<xs:annotation>
+			<xs:documentation>The RegistryValueType type is intended to characterize Windows registry Value name/data pairs.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Name" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Name field specifies the name of the registry value. For specifying the default value in a registry key, an empty string should be used. </xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Data" type="cyboxCommon:StringObjectPropertyType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Data field specifies the data contained in the registry value.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Datatype" type="WinRegistryKeyObj:RegistryDatatypeType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Datatype field specifies the registry (REG_*) datatype used in the registry value.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Byte_Runs" type="cyboxCommon:ByteRunsType" minOccurs="0">
+				<xs:annotation>
+					<xs:documentation>The Byte_Runs field contains a list of byte runs from the raw registry key entry.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="RegistryDatatypeType">
+		<xs:annotation>
+			<xs:documentation>Registry_Datatype specifies Windows registry datatypes via a union of the RegistryDataTypesEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
+		</xs:annotation>
+		<xs:simpleContent>
+			<xs:restriction base="cyboxCommon:BaseObjectPropertyType">
+				<xs:simpleType>
+					<xs:union memberTypes="WinRegistryKeyObj:RegistryDataTypesEnum xs:string"/>
+				</xs:simpleType>
+				<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
+					<xs:annotation>
+						<xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:restriction>
+		</xs:simpleContent>
+	</xs:complexType>
+	<xs:complexType name="RegistryHiveType">
+		<xs:annotation>
+			<xs:documentation>RegistryHiveType specifies Windows registry hive types via a union of the RegistryHiveEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.</xs:documentation>
+		</xs:annotation>
+		<xs:simpleContent>
+			<xs:restriction base="cyboxCommon:BaseObjectPropertyType">
+				<xs:simpleType>
+					<xs:union memberTypes="WinRegistryKeyObj:RegistryHiveEnum xs:string"/>
+				</xs:simpleType>
+				<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" fixed="string">
+					<xs:annotation>
+						<xs:documentation>This attribute is optional and specifies the expected type for the value of the specified property.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
+			</xs:restriction>
+		</xs:simpleContent>
+	</xs:complexType>
+	<xs:simpleType name="RegistryDataTypesEnum">
+		<xs:annotation>
+			<xs:documentation>The RegistryDataTypesEnum type is an enumeration of Windows registry datatypes (REG_*). See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms724884(v=vs.85).aspx See also: http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=361.</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="REG_NONE">
+				<xs:annotation>
+					<xs:documentation>No defined value type.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_SZ">
+				<xs:annotation>
+					<xs:documentation>A null-terminated string. This will be either a Unicode or an ANSI string, depending on whether you use the Unicode or ANSI functions.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_EXPAND_SZ">
+				<xs:annotation>
+					<xs:documentation>A null-terminated string that contains unexpanded references to environment variables (for example, "%PATH%"). It will be a Unicode or ANSI string depending on whether you use the Unicode or ANSI functions.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_BINARY">
+				<xs:annotation>
+					<xs:documentation>Binary data in any form.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_DWORD">
+				<xs:annotation>
+					<xs:documentation>A 32-bit number.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_DWORD_BIG_ENDIAN">
+				<xs:annotation>
+					<xs:documentation>A 32-bit number in big-endian format. Some UNIX systems support big-endian architectures.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_LINK">
+				<xs:annotation>
+					<xs:documentation>A null-terminated Unicode string that contains the target path of a symbolic link.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_MULTI_SZ">
+				<xs:annotation>
+					<xs:documentation>A sequence of null-terminated strings, terminated by an empty string (\0).</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_RESOURCE_LIST">
+				<xs:annotation>
+					<xs:documentation>A series of nested arrays designed to store a resource list used by a hardware device driver or one of the physical devices it controls. This data is detected and written into the ResourceMap tree by the system and is displayed in Registry Editor in hexadecimal format as a Binary Value.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_FULL_RESOURCE_DESCRIPTOR">
+				<xs:annotation>
+					<xs:documentation>A series of nested arrays designed to store a resource list used by a physical hardware device. This data is detected and written into the HardwareDescription tree by the system and is displayed in Registry Editor in hexadecimal format as a Binary Value.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_RESOURCE_REQUIREMENTS_LIST">
+				<xs:annotation>
+					<xs:documentation>Device driver list of hardware resource requirements in Resource Map tree. See http://www.mdgx.com/reg.htm.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_QWORD">
+				<xs:annotation>
+					<xs:documentation>A 64-bit number.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="REG_INVALID_TYPE">
+				<xs:annotation>
+					<xs:documentation>Specifies an invalid key.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:simpleType name="RegistryHiveEnum">
+		<xs:annotation>
+			<xs:documentation>The RegistryHiveEnum type is an enumeration of Windows registry hives (HKEY_*). See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms724836(v=vs.85).aspx.</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="HKEY_CLASSES_ROOT">
+				<xs:annotation>
+					<xs:documentation>Registry entries subordinate to this key define types (or classes) of documents and the properties associated with those types. Shell and COM applications use the information stored under this key.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="HKEY_CURRENT_CONFIG">
+				<xs:annotation>
+					<xs:documentation>Contains information about the current hardware profile of the local computer system. The information under HKEY_CURRENT_CONFIG describes only the differences between the current hardware configuration and the standard configuration.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="HKEY_CURRENT_USER">
+				<xs:annotation>
+					<xs:documentation>Registry entries subordinate to this key define the preferences of the current user. These preferences include the settings of environment variables, data about program groups, colors, printers, network connections, and application preferences. This key makes it easier to establish the current user's settings; the key maps to the current user's branch in HKEY_USERS.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="HKEY_LOCAL_MACHINE">
+				<xs:annotation>
+					<xs:documentation>Registry entries subordinate to this key define the physical state of the computer, including data about the bus type, system memory, and installed hardware and software.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="HKEY_USERS">
+				<xs:annotation>
+					<xs:documentation>Registry entries subordinate to this key define the default user configuration for new users on the local computer and the user configuration for the current user.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="HKEY_CURRENT_USER_LOCAL_SETTINGS">
+				<xs:annotation>
+					<xs:documentation>Registry entries subordinate to this key define preferences of the current user that are local to the machine. These entries are not included in the per-user registry portion of a roaming user profile.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="HKEY_PERFORMANCE_DATA">
+				<xs:annotation>
+					<xs:documentation>Registry entries subordinate to this key allow you to access performance data. The data is not actually stored in the registry; the registry functions cause the system to collect the data from its source.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="HKEY_PERFORMANCE_NLSTEXT">
+				<xs:annotation>
+					<xs:documentation>Registry entries subordinate to this key reference the text strings that describe counters in the local language of the area in which the computer system is running. These entries are not available to Regedit.exe and Regedt32.exe.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+			<xs:enumeration value="HKEY_PERFORMANCE_TEXT">
+				<xs:annotation>
+					<xs:documentation>Registry entries subordinate to this key reference the text strings that describe counters in US English. These entries are not available to Regedit.exe and Regedt32.exe.</xs:documentation>
+				</xs:annotation>
+			</xs:enumeration>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:complexType name="RegistryValuesType">
+		<xs:annotation>
+			<xs:documentation>The RegistryValuesType type specifies the values (with their name/data pairs) held within the registry key.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Value" type="WinRegistryKeyObj:RegistryValueType" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>The Value field specifies the value (with name/data pair) held within the registry key.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+	<xs:complexType name="RegistrySubkeysType">
+		<xs:annotation>
+			<xs:documentation>The RegistrySubkeysType specifies the set of subkeys contained under the registry key.</xs:documentation>
+		</xs:annotation>
+		<xs:sequence>
+			<xs:element name="Subkey" type="WinRegistryKeyObj:WindowsRegistryKeyObjectType" maxOccurs="unbounded">
+				<xs:annotation>
+					<xs:documentation>The Subkey field specifies a single subkey contained under the registry key.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+	</xs:complexType>
+</xs:schema>