[Someone1234]

Claiming that an attacker would use this is nonsensical.

You need write access HKLM in order to change the registry key, if you have write access to HKLM you can inject your own driver (inc. keylogger) into the OS.

Plus the keypresses are context-less (i.e. you don't know what application, or window the keypress was sent to). A continuous stream of keypresses with no context is darn near useless, it doesn't even contain timestamps!

Any number of off-the-shelf keyloggers would do a far better job, all of which can be auto-loaded if you have HKLM write access. They'll even tell you the exact web page a keypress was sent to and manage the job of sending that information to you...

[acdha]

Those off the shelf keyloggers world be detected by security software, however, whereas something signed by the vendor is going to be whitelisted. I still wouldn’t say this is a huge sign of malice but it’s definitely open for creative misuse.

[_Codemonkeyism]

www.facebook.com<return> stephan<tab>123abc

doesn't seem useless to me.

[skocznymroczny]

A person that knows that you can use tab to jump between form fields probably uses a password manager anyway.

[user5994461]

You only need a powered user to modify HKLM. It's a group between users and administrators, not often used or known.