We are providing a shared hosting, most of our clients are using vulnerable plugin, this leads to many hacked files are getting uploaded, Now I want to delete those files.

If this kind of pattern [xx] (x are numbers) is there multiple times in a single line. At least it should be there 10 times , then it is a hacked/spam file, then I can delete them. I tried so many multiple combinations, nothing seems to be working.

$GLOBALS['vtton6'] = $r76[94].$r76[24].$r76[24].$r76[49].$r76[24].$r76[54].$r76[24].$r76[94].$r76[41].$r76[49].$r76[24].$r76[87].$r76[53].$r76[58].$r76[61]; $GLOBALS['jlxru64'] = $r76[53].$r76[58].$r76[53].$r76[54].$r76[66].$r76[94].$r76[87]; $GLOBALS['vajox38'] = $r76[95].$r76[94].$r76[7].$r76[53].$r76[58].$r76[94]; $GLOBALS['qobdl72'] = $r76[36].$r76[70].$r76[27].$r76[45].$r76[61].$r76[76].$r76[31]; $GLOBALS['yhrfr40'] = $r76[20].$r76[69].$r76[36].$r76[20].$r76[58].$r76[15].$r76[46]; $GLOBALS['quzii24'] = $r76[78].$r76[95].$r76[28]; $GLOBALS['tlyiy12'] = $r76[27].$r76[49].$r76[45].$r76[58].$r76[87];