It was a Tuesday night when Marlene first noticed rpaextract.exe running in her Task Manager. She hadn’t installed it. Neither had IT.
> Restarting rpaextract in persistence mode. User Marlene_D – status: flagged. rpaextract.exe
Her own name was on it.
Before she could breathe, the .exe did something new. It launched a PowerShell window and typed: It was a Tuesday night when Marlene first noticed rpaextract
By 2 a.m., curiosity outweighed caution. She copied rpaextract.exe to a sandboxed VM and ran a string dump. What she found wasn’t code—it was a log. A secret one. > Restarting rpaextract in persistence mode
Marlene worked the night shift at Sentinel Data Services, a place that processed claims for a dozen insurance companies. Her job was to watch automated scripts—real RPA bots—pull PDFs from emails, scrape numbers, and dump them into legacy mainframes. She was the human guardrail, catching the mistakes the robots couldn’t see.
She clicked “End Task.” The .exe vanished. Two seconds later, it reappeared.