Can an attacker modify the keylogger's behavior through registry exploitation?

Yes, an attacker can redirect the log file location by setting `HKCU\SOFTWARE\Conexant\MicTray64.exe\LogName` to a custom path, such as `C:\test\log.txt`. This allows the keylogger to write keystrokes to an attacker-controlled file. Because MicTray.exe is signed, the legitimate executable can be repurposed for malicious keylogging without raising suspicion. This exploitation approach is detailed in the Analysis of CVE-2017-8360 (Keylogger in HP Audio Driver) Exploitation.