a random dir /a on a VM that seemed to be struggling produced a list of unexpected files:
07/09/2023 09:28 PM 20,000 ZZZZZ2852017353.doc
07/21/2023 10:10 PM 50,240 !!!!!2729304900.doc
07/21/2023 09:34 PM 3,000,000 XORXOR2654977376.doc
07/21/2023 09:53 PM 1,024 smTlX4069337007.txt
07/09/2023 09:22 PM 2,024 ZZZZZ2452917832.docx
07/17/2023 08:59 PM 4,048 !!!!!910538317.pem
06/27/2023 08:58 PM 10,000 XORXOR2801197100.jpg
07/21/2023 08:27 PM 20,000 smTlX1631532574.png
07/21/2023 08:42 PM 25,000 ZZZZZ2426080075.bmp
07/21/2023 08:44 PM 30,000 !!!!!503919568.eml
07/09/2023 08:58 PM 100,000 XORXOR2564426092.xls
06/27/2023 08:53 PM 150,000 smTlX2350243133.xlsx
07/17/2023 09:41 PM 175,000 ZZZZZ3070700973.mdb
07/21/2023 09:53 PM 200,000 !!!!!533403438.ppt
07/21/2023 09:04 PM 225,000 XORXOR395504056.pps
07/09/2023 08:50 PM 250,000 smTlX634944309.pptx
07/09/2023 09:13 PM 275,000 ZZZZZ2775334046.pdf
06/27/2023 08:26 PM 300,000 !!!!!3608986092.avi
06/27/2023 08:56 PM 350,000 XORXOR189161240.db
06/27/2023 09:53 PM 350,000 smTlX416169661.pst
06/27/2023 09:54 PM 400,000 ZZZZZ2740091908.sql
Notes:
- The files aren't showing up in file explorer (even if I enable hidden and system files)
- Cortex XDR shows nothing unusual and no recent alerts

- Cortex also shows 545 files scanned in the directory while dir /a /s - over a thousand...
Will open a case with Palo Alto; meanwhile, questions:
- anyone seen these types of files and if so, any hint what this could mean?
- best way to unhide these files so it's easier to, say, zip them, move them around, submit for investigation?
- is there a good place to upload one of these for quick analysis?
Thanks!