On auto scan Wordfence security plugin pointed out a hacked file. From cloudways help they were saying about such file that is taking server resources, maybe this is the file after hackers attacked the site continuously and making the server CPU usage high for last few weeks.
Screenshots given below:
