I would still check with a Sucuri site scan on one of the sites (as so many files are affected) so that you can be certain that this is not a hack.
Next, in the Wordfence scan section you can compare the files you have installed with the files stored in the Wordpress repository. It would be worth checking some of these to see the changes that have been identified.