Hackers often use scheduled task for persistence.With "Task Scheduler", scheduled tasks can be listed.
Or you can use the “schtasks” command via cmd.
If you want to access the logs associated with the task scheduler, you can access it from "Applications and Services Logs-Microsoft-Windows-TaskScheduler%4Operational.evtx" on the Event viewer.
Or you can follow “Security” logs like:
Event ID 4698 - A scheduled task was created
Event ID 4702 - A scheduled task was updated