Process Doppelg..nging attack takes advantage of built-in Windows function, i.e., NTFS Transactions, and an outdated implementation of Windows process loader. It works on all modern versions of Microsoft Windows OS, including Windows 10. The new variant of SynAck, employing this technique to evade its malicious actions, targets users in the United States, Kuwait, Germany, and Iran. The ransomware even clears the event logs stored by the system to avoid forensic analysis of an infected machine.
Source: https://thehackernews.com/2018/05/synack-process-doppelganging.html