Question Analysis
Windows process creation logs show a cmd.exe launch that retrieved the system’s locale code page. Which exact command was executed to discover the system language?
d91473ca-944e-477a-b484-0e80217cd789
Question ID
14/16
Models Correct
1
Valid Answer
88%
Success Rate
Reference Answer
Human-validated correct answer for this question
chcp
Model Performance Comparison
See how different AI models performed on this question
| Model | Answer | KQL Query | Status | Attempts | Time | Cost |
|---|---|---|---|---|---|---|
| gemini-2.5-flash-preview-04-17 | chcp | DeviceProcessEvents
| where FileName =~ "cmd.exe"
| where ProcessCommandLine has "chcp"
| project Timestamp, DeviceName, ProcessCommandLine | Correct | 1 | 8.98s | 0.0024 |
| gpt-35-turbo | chcp | DeviceProcessEvents | where FileName == 'cmd.exe' and ProcessCommandLine contains 'chcp' | Correct | 1 | 2.78s | 0.0029 |
| gpt-4-turbo-2024-04-09 | chcp | DeviceProcessEvents
| where FileName == 'cmd.exe' and (ProcessCommandLine contains 'systeminfo' or ProcessCommandLine contains 'chcp')
| project DeviceName, AccountName, ProcessCommandLine, TimeGenerated | Correct | 2 | 12.63s | 0.0932 |
| gpt-4.1 | wmic /node:localhost os get Locale,OSLanguage,MUILanguages /format:table | DeviceProcessEvents
| where FileName =~ "cmd.exe"
| where ProcessCommandLine has_any ("chcp", "Get-WinSystemLocale", "systeminfo", "locale")
| project TimeGenerated, DeviceName, AccountName, ProcessCommandLine | Incorrect | 1 | 4.61s | 0.0115 |
| gpt-4.1-finetuned | cmd.exe /c chcp | DeviceProcessEvents
| where (InitiatingProcessFileName =~ "cmd.exe" and InitiatingProcessCommandLine has "chcp")
or (InitiatingProcessFileName =~ "powershell.exe" and InitiatingProcessCommandLine has "chcp.exe")
| project InitiatingProcessCommandLine
| summarize make_set(InitiatingProcessCommandLine) | Correct | 2 | 11.63s | 0.0122 |
| gpt-4.1-mini | cmd.exe /c chcp | DeviceProcessEvents
| where FileName == "cmd.exe"
| where ProcessCommandLine contains "chcp"
| project TimeGenerated, DeviceName, AccountName, ProcessCommandLine
| sort by TimeGenerated desc | Correct | 1 | 3.68s | 0.0021 |
| gpt-4.1-nano | No answer provided | No query generated | Incorrect | 5 | 0.00s | 0.0018 |
| gpt-4o | "cmd.exe" /c chcp | DeviceProcessEvents
| where FileName == "cmd.exe"
| where ProcessCommandLine has "chcp"
| project TimeGenerated, DeviceName, InitiatingProcessCommandLine, ProcessCommandLine | Correct | 1 | 16.59s | 0.0147 |
| grok-3-beta | chcp | DeviceProcessEvents
| where FileName contains 'cmd.exe'
| where ProcessCommandLine contains 'chcp' or ProcessCommandLine contains 'locale' or ProcessCommandLine contains 'language'
| project DeviceName, AccountName, ProcessCommandLine, TimeGenerated
| order by TimeGenerated desc | Correct | 1 | 7.45s | 0.0205 |
| grok-3-mini-beta | "cmd.exe" /c chcp | DeviceProcessEvents
| where FileName == 'cmd.exe'
| where ProcessCommandLine contains 'chcp'
| project ProcessCommandLine, TimeGenerated, DeviceName
| order by TimeGenerated desc
| limit 10 | Correct | 1 | 10.89s | 0.0016 |
| o1-high | chcp | DeviceProcessEvents
| where ActionType == "ProcessCreated"
| where FileName == "cmd.exe"
| where ProcessCommandLine has "chcp"
| project TimeGenerated, DeviceName, AccountName, ProcessCommandLine, InitiatingProcessCommandLine, SHA256, ReportId
| order by TimeGenerated desc | Correct | 1 | 28.64s | 0.2240 |
| o1-low | chcp | DeviceProcessEvents
| where ActionType =~ "CreateProcess" or ActionType =~ "ProcessCreated"
| where FileName =~ "cmd.exe"
| where ProcessCommandLine has "chcp"
| project TimeGenerated, DeviceName, FolderPath, ProcessCommandLine
| order by TimeGenerated desc | Correct | 1 | 24.58s | 0.1842 |
| o3-mini-high | chcp | DeviceProcessEvents
| where FileName =~ "cmd.exe"
| where ProcessCommandLine has "chcp"
| project TimeGenerated, DeviceName, ProcessCommandLine
| order by TimeGenerated desc | Correct | 1 | 32.20s | 0.0078 |
| o3-mini-low | chcp | DeviceProcessEvents
| where FileName =~ "cmd.exe"
| where tolower(ProcessCommandLine) contains "chcp"
| project TimeGenerated, DeviceName, FileName, ProcessCommandLine
| limit 10 | Correct | 1 | 9.47s | 0.0075 |
| o4-mini-high | chcp | DeviceProcessEvents
| where FileName == "cmd.exe"
| where ProcessCommandLine has "chcp"
| project TimeGenerated, DeviceName, InitiatingProcessAccountName, ProcessCommandLine
| sort by TimeGenerated desc | Correct | 1 | 30.89s | 0.0126 |
| o4-mini-low | chcp | DeviceProcessEvents
| where FileName == "cmd.exe"
| where ProcessCommandLine contains "chcp"
| project ProcessCreationTime, DeviceName, AccountName, ProcessCommandLine | Correct | 1 | 28.08s | 0.0082 |