A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
Under /etc/cron.d folder we find a bunch of scripts. Notice the cronjob_bandit22.
I cat the contents of cronjob_bandit22.sh. We see that it is executing a script /usr/bin/cronjob_bandit22.
Looking at the contents of said script, we see that it is writing the contents of bandit_pass/bandit22 to a file under tmp.
I cat the contents of the file in temp. We now have the password for the next level.