Question Analysis
Investigate Windows registry events to identify any newly set ProxyServer entry under the user Internet Settings hive. What proxy server address was configured?
d88a3d3b-d016-4939-a745-03638aafd21b
Question ID
10/16
Models Correct
1
Valid Answer
63%
Success Rate
Reference Answer
Human-validated correct answer for this question
proxy.atomic-test.com:8080
Model Performance Comparison
See how different AI models performed on this question
| Model | Answer | KQL Query | Status | Attempts | Time | Cost |
|---|---|---|---|---|---|---|
| gemini-2.5-flash-preview-04-17 | proxy.atomic-test.com:8080 | DeviceRegistryEvents
| where ActionType == 'RegistryValueSet'
| where RegistryValueName == 'ProxyServer'
| where RegistryKey contains @'Software\Microsoft\Windows\CurrentVersion\Internet Settings'
| project Timestamp, DeviceName, InitiatingProcessAccountName, RegistryKey, RegistryValueName, RegistryValueData | Correct | 2 | 16.34s | 0.0073 |
| gpt-35-turbo | No answer provided | No query generated | Incorrect | 5 | 0.00s | 0.0111 |
| gpt-4-turbo-2024-04-09 | proxy.atomic-test.com:8080 | DeviceRegistryEvents
| where ActionType == 'RegistryValueSet'
| where RegistryKey contains 'Internet Settings' and RegistryValueName == 'ProxyServer'
| project DeviceId, DeviceName, TimeGenerated, RegistryKey, RegistryValueName, RegistryValueData | Correct | 2 | 14.30s | 0.0956 |
| gpt-4.1 | No answer provided | No query generated | Incorrect | 5 | 0.00s | 0.0387 |
| gpt-4.1-finetuned | No answer provided | No query generated | Incorrect | 5 | 0.00s | 0.0344 |
| gpt-4.1-mini | No answer provided | No query generated | Incorrect | 5 | 0.00s | 0.0062 |
| gpt-4.1-nano | No answer provided | No query generated | Incorrect | 5 | 0.00s | 0.0012 |
| gpt-4o | proxy.atomic-test.com:8080 | DeviceRegistryEvents
| where RegistryKey contains "Internet Settings" and RegistryValueName == "ProxyServer"
| project TimeGenerated, DeviceName, DeviceId, RegistryKey, RegistryValueName, RegistryValueData | Correct | 1 | 23.75s | 0.0145 |
| grok-3-beta | No answer provided | No query generated | Incorrect | 5 | 0.00s | 0.0872 |
| grok-3-mini-beta | proxy.atomic-test.com:8080 | DeviceRegistryEvents
| where ActionType has "RegistryValueSet"
| where RegistryKey has "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
| where RegistryValueName == "ProxyServer"
| project Timestamp, DeviceName, RegistryKey, RegistryValueName, RegistryValueData
| order by Timestamp desc | Correct | 2 | 23.72s | 0.0029 |
| o1-high | proxy.atomic-test.com:8080 | DeviceRegistryEvents
| where ActionType == "RegistryValueSet" or ActionType == "RegistryValueModified"
| where RegistryValueName == "ProxyServer"
| where RegistryKey has_any ("HKEY_USERS", "HKEY_CURRENT_USER", "HKCU", "HKU")
| where RegistryKey has "Internet Settings"
| project TimeGenerated,
DeviceName,
InitiatingProcessAccountDomain,
InitiatingProcessAccountName,
ActionType,
RegistryKey,
RegistryValueName,
RegistryValueData
| order by TimeGenerated desc | Correct | 2 | 45.54s | 0.3401 |
| o1-low | proxy.atomic-test.com:8080 | DeviceRegistryEvents
| where ActionType in ("RegistryValueSet", "RegistryValueCreated")
| where RegistryKey has "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
| where RegistryValueName == "ProxyServer"
| project TimeGenerated, DeviceName, InitiatingProcessAccountName, RegistryValueData
| order by TimeGenerated desc | Correct | 1 | 23.40s | 0.1545 |
| o3-mini-high | proxy.atomic-test.com:8080 | DeviceRegistryEvents
| where RegistryValueName =~ "ProxyServer"
| where RegistryKey has "Internet Settings"
| project TimeGenerated, DeviceName, RegistryKey, RegistryValueData, InitiatingProcessAccountName, ActionType
| order by TimeGenerated desc | Correct | 1 | 27.95s | 0.0079 |
| o3-mini-low | proxy.atomic-test.com:8080 | DeviceRegistryEvents
| where RegistryKey contains "Internet Settings"
| where RegistryValueName =~ "ProxyServer"
| where ActionType in ("SetValue", "RegValueSet", "RegistryValueSet")
| project TimeGenerated, DeviceName, RegistryKey, RegistryValueName, RegistryValueData
| order by TimeGenerated desc | Correct | 2 | 29.08s | 0.0157 |
| o4-mini-high | proxy.atomic-test.com:8080 | DeviceRegistryEvents
| where RegistryKey has @"\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
| where RegistryValueName == "ProxyServer"
| where ActionType == "RegistryValueSet"
| project TimeGenerated, DeviceName, InitiatingProcessAccountName, RegistryKey, RegistryValueName, ProxyServer = RegistryValueData, InitiatingProcessFileName, InitiatingProcessCommandLine
| sort by TimeGenerated desc | Correct | 1 | 34.93s | 0.0127 |
| o4-mini-low | proxy.atomic-test.com:8080 | DeviceRegistryEvents
| where ActionType == "RegistryValueSet"
| where RegistryKey has "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"
| where RegistryValueName == "ProxyServer"
// Only show new or changed values
| where isnull(PreviousRegistryValueData) or PreviousRegistryValueData != RegistryValueData
| project TimeGenerated, DeviceName, InitiatingProcessAccountName, RegistryKey, RegistryValueData
| sort by TimeGenerated desc | Correct | 2 | 68.99s | 0.0251 |