We are presented with three files:
Looking at the title of the last picture and the picture itself, we can guess that the password is TOM.
So, we have an MD5 string of '020e60c6a84db8c5d4c2d56a4e4fe082'. Let's throw it into Crack Station and see what happens.
So, the MD5 converts to 'leonardo'. Let's examine the monalisa.jpg file next with strings. The final two entries of that strings output are what we need:
and running strings against Plans.jpg, we get https://www.youtube.com/watch?v=jc1Nfx4c5LQ
Now we know there are 2 files inside of the Mona Lisa, let's binwalk it. Sure enough, there's more than meets the eye.
This pops out the famous.zip file. Unzip it with the leonardo password and we are met with Mona Lisa with duckface and a cell phone (commentary on the current socio-political climate?). Let's extract anything using steghide on the new Mona.jpg and it asks for a password. TOM and leonardo didn't work, so let's try the name of that YouTube video: 'Guernica'. Success! Base64 Decode and we're done!
With those Base64 Decodes finished, so is this challenge. Onwards and Upwards!