Scheduled Tasks

Check if there is an scheduled task running. Try to get a reverse shell by writing in that file.

#You can even try querying the tasks. However there is no easy method to query custom tasks that belong to other users
#CMD
schtasks /query /fo LIST /v

#POWERSHELL
Get-ScheduledTask | where {$_.TaskPath -notlike  "\Microsoft*"} | ft TaskName,TaskPath,State