How does misc::memssp differ from SSP registration for credential extraction?

`misc::memssp` directly modifies the lsass process memory to inject code that captures credentials, rather than registering a legitimate SSP. This in-memory patching approach avoids file writes to disk and registry changes, generating a log at `mimilsa.log`. It is comparable to techniques used in Password Filter DLL but operates purely in memory, making it harder to detect.