As indicated above, there are endpoints (GET /api/upload/files) that will give users the ability to find a list of uploaded files. The endpoints will only work if they’re enabled in Strapi’s Admin >> Settings >> Roles (/admin/settings/users-permissions/roles).
Otherwise, unless your web hosting/setup has directory listing enabled like Apache’s Directory Listings then the raw files will not be easily found. Brute force is possible, but with the hash at the start of the filenames, it will become an excessively long time before a single file is found let alone more.