This toy ransomware/encryptor is programmed to only operate on a file named "flag.txt" in a directory named "ctf_sandbox".  It uses weak methods to derive the key.

If you plan on patching or changing the encryptor or decryptor in any way I suggest you do it in a VM.