This is a simple ransonware with a xor
How it works :
when you launch the script that will encrypt the PATH you put earlier then the file we delete itselft you just have to run the decrypt part to decrypt your data
NB : in reality if you launch twice the encrypt part that will encrypt and decrypt (coz it is just a xor ) but in the script for a more realistic attack when the encrypt is launch it delete itself so you need a decrypt part.