Back to DashboardBack to All Questions

Question Analysis

On Windows, review recent registry changes to detect when the MSC file association was hijacked by a reg add operation. What executable file was configured as the default command under HKCU\Software\Classes\mscfile\shell\open\command?

02124c37-767e-4b76-9383-c9fc366d9d4c
Question ID
1/16
Models Correct
1
Valid Answer
6%
Success Rate
Reference Answer

Human-validated correct answer for this question

calc.exe
Model Performance Comparison

See how different AI models performed on this question

ModelAnswerKQL QueryStatusAttemptsTimeCost
gemini-2.5-flash-preview-04-17
No answer provided
No query generated
Incorrect
5
0.00s
0.0303
gpt-35-turbo
No answer provided
No query generated
Incorrect
5
0.00s
0.0116
gpt-4-turbo-2024-04-09
No answer provided
No query generated
Incorrect
5
0.00s
0.2355
gpt-4.1
c:\windows\System32\calc.exe
DeviceRegistryEvents | where tolower(RegistryKey) has "mscfile\\shell\\open\\command" | where (tolower(RegistryKey) startswith "hkey_current_user" or tolower(RegistryKey) startswith "hkcu") | where ActionType =~ "RegistryValueSet" | project TimeGenerated, DeviceName, InitiatingProcessAccountName, InitiatingProcessFileName, InitiatingProcessCommandLine, RegistryKey, RegistryValueName, RegistryValueData | order by TimeGenerated desc
Correct
3
12.97s
0.0271
gpt-4.1-finetuned
No answer provided
No query generated
Incorrect
5
0.00s
0.1119
gpt-4.1-mini
No answer provided
No query generated
Incorrect
5
0.00s
0.0064
gpt-4.1-nano
No answer provided
No query generated
Incorrect
5
0.00s
0.0015
gpt-4o
No answer provided
No query generated
Incorrect
5
0.00s
0.0537
grok-3-beta
No answer provided
No query generated
Incorrect
5
0.00s
0.0881
grok-3-mini-beta
No answer provided
No query generated
Incorrect
5
0.00s
0.0075
o1-high
No answer provided
No query generated
Incorrect
5
0.00s
0.6550
o1-low
No answer provided
No query generated
Incorrect
5
0.00s
0.8208
o3-mini-high
No answer provided
No query generated
Incorrect
5
0.00s
0.0419
o3-mini-low
No answer provided
No query generated
Incorrect
5
0.00s
0.0449
o4-mini-high
No answer provided
No query generated
Incorrect
5
0.00s
0.0431
o4-mini-low
No answer provided
No query generated
Incorrect
5
0.00s
0.0492