This really looks like Updox just uploaded the temp files that the ransomware used while encrypting the files in your Updox Central auto-upload folders. One file for the fax upload folder and one for the general upload folder.
So a result of the infection, not likely the source.
Not to say Updox couldn't be an avenue for an infected file, since it seems to accept any file type...
Correct.
