Another Friday, another riddle.

The Riddle:

• The malicious Portable Executable (PE) file has been executed by another process immediately after all *.pf files have been removed from the %SystemRoot%\Prefetch folder; Prefetching is on, yet the Prefetch file associated with the malicious file cannot be found; why?

Answer here