mimikatz.exe_: self delete #1089
Description
Function: 0x45B8DB
What it does: The function calls GetProcAddress for DeleteProcThreadAttributeList and CreateProcess.
Why it matched: capa matched the regex del on the API string DeleteProcThread.... The function creates a process with a specified parent (PID Spoofing), it does not delete itself.