How does the HP audio driver keylogger record keystrokes?

The keylogger uses two methods: it writes keystrokes to a log file at `C:\Users\Public\MicTray.log`, and it outputs keystroke data via the Windows API `OutputDebugString()`, which can be read by tools like DbgView. Both methods require specific registry keys to be set; the OutputDebugString method activates only when the `HKCU\SOFTWARE\Conexant` key is absent and other HKLM keys are configured. Details on triggering these methods are covered in the Analysis of CVE-2017-8360 (Keylogger in HP Audio Driver) Exploitation.