Possible Malware: Unable to track starting point

For past couple of days I have been observing weird processes in one of our server. Most of the time I see multiple instances of executable 10 and sometimes 4 and takes a lot of cpu resources. When examined this I have been seeing the process is started by cron right after starting a process with executable cpu_hu. Which is apparently foreign to my system and simple search did not resolve to anything. Then examined the cpu_hu process, examined exe location then removed accordingly (location in the image points to a venv for a small project our team is working on) even though I removed the binary, after reboot it appeared in a different location and the executables 10, 4 started from memory (no physical executable location) I deleted cpu_hu binary from all the locations of the system stopped the process and rebooted, but after some time cpu_hu binary appears elsewhere. For now i have stopped crond and killed the respective processes. Which seemed to have stopped the process from starting again. At this point I am pretty sure its malicious. How can I get rid of this or rather find the starting point of this malware to prevent it from starting.