Other options:
If http://localhost:8200 says “No scheduled tasks”, you can try 8300 and on up, especially if you allow user logins on the server and there are multiple user profiles. Duplicati processes can appear in pairs due to the autoupdater. [SOLVED] Is it ok that I see 5 processes of Duplicati in Windows Task manager? bottom three would be a typical Windows service install as SYSTEM. Top two would be if a Duplicati.GUI.TrayIcon.exe is used by someone to keep an eye on the server (icon color change, etc.).
People can also start a TrayIcon to do personal Duplicati backups using the server inside the TrayIcon.
If there is actually a Duplicati running on the system when QNAP gets files, it can also be tracked down using Sysinternals Process Monitor (Run as Administrator) to see what’s using files ending in .sqlite