Are you seeing weird file names randomly pop up in your C: drive?
You most likely have SentielOne and are utilizing the Enhanced Ransom Detection feature.
The Agent drops decoy files with open read/write permissions, which are used for detection purposes. Before Agent version 21.6, the decoy files were created in folders %user%\Documents\afterSentDocuments and %user%\Appdata\Local\afterSentDocuments).
From Agent version 21.6, the Agent generates decoy files in new decoy folders, under C:\, C:\Users, and shared folders. The names of the new decoy folders begin with the $ character and are followed by 32 random hex characters.