Hi OliPicard,
Yes we must look for some mining backdoor malware variant, like Bitminer or Graybird like suspicious riskware, because of this Virginia Ashburn IP, also known from W32/BitCoinMiner.A, namely IP 50.19.81.238 that you also mention...
polonus