Usually (at least for cpanel) every account created, has a 'domain mail' which is just their username - this might from time to time receive emails (e.g. if catch-all is enabled).
Since many spam emails contain things like trojans etc, it might very likely just be this.
You can cat the file (Don't know how to do that on windows ), see which email it was sent to, and from, it should contain the headers.
This is very strange to me because I don't use mail on that domain.
Why is there a mail folder if I have not configured an email?
Why are there lots of files in the mail folder if I don't use mail?
The default behavior of every webserver control panel I have used is to create empty mail folders and support for mail on each new account.
The mailbox is full of crap because the account is not configured to reject email for non-existent users. Every address a spammer guesses at is accepted. You should configure the account to reject email for non-existent addresses.
██ Skeptic Hosting
██ Promoting a reality-based lifestyle choice
██ Hosting by invitation only, nothing for sale
We actually wipe the cPanel username 'mail folder' daily network wide because people aren't aware it exists and, as such, never check it or empty it.
The first time we did this - we saw disk usage drop by several hundred gigabytes network wide. All cruft that nobody missed because nobody uses the 'default' mail account.
The very few that have complained - we've advised them how to configure the 'default' email address for the account so that the messages are directed to an actual email account they check/monitor/maintain.
If you want to see what's there - log into webmail using your cPanel username and password .