Question Analysis
On a Windows host, someone appears to have run a built-in network shell utility to list saved wireless network profiles and their passwords in clear text. Review the process creation logs to discover the exact command that was executed.
53cf1903-0fa7-4177-ab14-f358ae809eec
Question ID
14/16
Models Correct
1
Valid Answer
88%
Success Rate
Reference Answer
Human-validated correct answer for this question
netsh wlan show profile * key=clear
Model Performance Comparison
See how different AI models performed on this question
| Model | Answer | KQL Query | Status | Attempts | Time | Cost |
|---|---|---|---|---|---|---|
| gemini-2.5-flash-preview-04-17 | "cmd.exe" /c netsh wlan show profile * key=clear | DeviceProcessEvents | where ProcessCommandLine has "netsh wlan" | Correct | 2 | 13.01s | 0.0040 |
| gpt-35-turbo | netsh wlan show profile * key=clear | DeviceProcessEvents
| where ActionType == 'ProcessCreated'
| where FileName contains 'netsh.exe'
| project ProcessCreationTime, InitiatingProcessCommandLine | Correct | 1 | 4.09s | 0.0026 |
| gpt-4-turbo-2024-04-09 | netsh wlan show profile * key=clear | DeviceProcessEvents
| where ProcessCommandLine has 'netsh' and ProcessCommandLine has 'wlan' and (ProcessCommandLine has 'show' and ProcessCommandLine has 'profile')
| project DeviceName, AccountName, InitiatingProcessCommandLine, ProcessCommandLine, TimeGenerated, InitiatingProcessCreationTime | Correct | 1 | 12.54s | 0.0533 |
| gpt-4.1 | netsh wlan show profile * key=clear | DeviceProcessEvents
| where FileName =~ "netsh.exe"
| where ProcessCommandLine has_all ("wlan", "show", "profile") and ProcessCommandLine has "key=clear"
| project TimeGenerated, DeviceName, AccountName, FolderPath, FileName, ProcessCommandLine, InitiatingProcessAccountName, InitiatingProcessCommandLine | Correct | 1 | 4.63s | 0.0113 |
| gpt-4.1-finetuned | netsh wlan show profile * key=clear | DeviceProcessEvents
| where InitiatingProcessCommandLine contains "Show" and InitiatingProcessCommandLine contains "clear" and InitiatingProcessFileName =~ "cmd.exe"
| project TimeGenerated, InitiatingProcessCommandLine, DeviceName
| sort by TimeGenerated desc
| take 100 | Correct | 3 | 15.89s | 0.0226 |
| gpt-4.1-mini | netsh wlan show profile * key=clear | DeviceProcessEvents
| where ProcessCommandLine has "netsh wlan show profile" and ProcessCommandLine has "key=clear"
| project TimeGenerated, DeviceName, InitiatingProcessAccountName, FileName, ProcessCommandLine | Correct | 1 | 3.18s | 0.0022 |
| gpt-4.1-nano | No answer provided | No query generated | Incorrect | 5 | 0.00s | 0.0012 |
| gpt-4o | No answer provided | No query generated | Incorrect | 5 | 0.00s | 0.0583 |
| grok-3-beta | netsh | DeviceProcessEvents
| where ProcessCommandLine matches regex '(?i)netsh.*wlan.*show.*profile.*key.*clear'
| project Timestamp, DeviceName, AccountName, ProcessCommandLine, ProcessCreationTime, InitiatingProcessFileName, InitiatingProcessAccountName, ProcessId, InitiatingProcessId
| order by Timestamp desc | Correct | 3 | 31.57s | 0.0551 |
| grok-3-mini-beta | netsh wlan show profile * key=clear | DeviceProcessEvents
| where FileName == 'netsh.exe'
| where ProcessCommandLine contains 'wlan' and ProcessCommandLine contains 'show profile' and ProcessCommandLine contains 'key=clear'
| project TimeGenerated, DeviceName, AccountName, ProcessCommandLine
| order by TimeGenerated desc
| limit 100 | Correct | 1 | 18.24s | 0.0016 |
| o1-high | netsh_wlan_show_profile_*_key=clear | DeviceProcessEvents
| where ActionType == "ProcessCreated"
| where FileName =~ "netsh.exe"
| where ProcessCommandLine has_all ("wlan", "show", "profile", "key=clear")
| project TimeGenerated, DeviceName, AccountName, FolderPath, FileName, ProcessCommandLine
| order by TimeGenerated desc | Correct | 1 | 35.71s | 0.2467 |
| o1-low | netsh wlan show profile * key=clear | DeviceProcessEvents
| where FileName =~ "netsh.exe" or InitiatingProcessFileName =~ "netsh.exe" or ProcessCommandLine has "netsh" or InitiatingProcessCommandLine has "netsh"
| where (ProcessCommandLine has_all ("wlan", "show", "profile") or InitiatingProcessCommandLine has_all ("wlan", "show", "profile"))
| project TimeGenerated, DeviceName, AccountName, FileName, FolderPath, ProcessCommandLine, InitiatingProcessCommandLine
| order by TimeGenerated desc | Correct | 1 | 41.56s | 0.2477 |
| o3-mini-high | netsh wlan show profile * key=clear | DeviceProcessEvents
| where FileName has "netsh.exe"
| where ProcessCommandLine contains "wlan show profile" and ProcessCommandLine contains "key=clear"
| project TimeGenerated, DeviceName, AccountName, ProcessCommandLine, ProcessCreationTime | Correct | 1 | 13.32s | 0.0095 |
| o3-mini-low | netsh | DeviceProcessEvents
| where InitiatingProcessCommandLine has "netsh"
and InitiatingProcessCommandLine has "wlan"
and InitiatingProcessCommandLine has "key=clear"
| project TimeGenerated, DeviceName, AccountName, InitiatingProcessCommandLine, ProcessId
| order by TimeGenerated desc | Correct | 1 | 11.79s | 0.0116 |
| o4-mini-high | netsh wlan show profile * key=clear | DeviceProcessEvents
| where FileName == "netsh.exe"
| where ProcessCommandLine has "wlan" and ProcessCommandLine has "show" and ProcessCommandLine has "profile"
| where ProcessCommandLine has "key=clear"
| project TimeGenerated, DeviceName, InitiatingProcessFileName, ProcessId, ProcessCommandLine
| sort by TimeGenerated desc | Correct | 1 | 39.72s | 0.0149 |
| o4-mini-low | netsh wlan show profile * key=clear | DeviceProcessEvents
| where tolower(FileName) == "netsh.exe"
| where tolower(ProcessCommandLine) contains "wlan show profile"
and tolower(ProcessCommandLine) contains "key=clear"
| project ProcessCreationTime, DeviceName, InitiatingProcessAccountName, ProcessCommandLine | Correct | 1 | 30.85s | 0.0094 |