First of all, we should mount the img file using image mounter or mount command in linux.
There is a directory named `secretfiles` and it contains an encrypted file "workbook1.xlsx.gpg".
We should decrypt the file using the private key, and it was our next job to find the private key.
Based on the clue, there was someone using a web browser, so we have to find the browser history.
In the ~/.mozilla directory, we can find a browser history. In the places.sqlite that contains browser history, there is https://github.com/rc3club/supersecret, just open the link and we can find the private key there.
Import the private key, decrypt the encrypted file using gpg command.
We tried to open the file, but it was asking for password. If we look back to the secrectfiles directory, there is a file named document.txt contains the password for the document, open it again using the password and look at the sheet2 there is the flag on the formula bar.