Hi itman,
The breach seems to be in the Jboss application (web service from Red Hat). It is a dependency that is embedded in (and installed automatically together with) one of our systems (TOTVS ECM) installed in this server.
Last night I killed all odd cmd commands and disabled our firewall rule (physical one) that allowed external/remote access to the aforementioned system; since then, I haven't seen the odd cmd commands running so far.
It seems the problem is solved (a workaround) as long as I don't re-enable, in our firewall, the external access to that Jboss port of this server.
Regarding the odd powershell scripts, they apparently stopped showing up since last week right after I updated all JAVA and MySql server components.
I'll let you guys know if something strange happens again.
Thank you both for your support and attention. Without your help I wouldn't be able to troubleshoot it.